• Publications
  • Influence
The CHERI capability model: Revisiting RISC in an age of risk
TLDR
CHERI, a hybrid capability model that extends the 64-bit MIPS ISA with byte-granularity memory protection, is presented, demonstrating that it enables language memory model enforcement and fault isolation in hardware rather than software, and that the CHERI mechanisms are easily adopted by existing programs for efficient in-program memory safety. Expand
Ignoring the Great Firewall of China
TLDR
The so-called “Great Firewall of China” operates, in part, by inspecting TCP packets for keywords that are to be blocked, but if the endpoints completely ignore the firewall's resets, then the connection will proceed unhindered. Expand
CHERI: A Hybrid Capability-System Architecture for Scalable Software Compartmentalization
TLDR
This work demonstrates multiple orders-of-magnitude improvement in scalability, simplified programmability, and resulting tangible security benefits as compared to compartmentalization based on pure Memory-Management Unit (MMU) designs. Expand
Firmament: Fast, Centralized Cluster Scheduling at Scale
TLDR
Firmament is described, a centralized scheduler that scales to over ten thousand machines at sub-second placement latency even though it continuously reschedules all tasks via a min-cost max-flow (MCMF) optimization, and exceeds the placement quality of four widely-used centralized and distributed schedulers on a real-world cluster. Expand
Queues Don't Matter When You Can JUMP Them!
TLDR
It is shown that QJUMP achieves bounded latency and reduces in-network interference by up to 300×, outperforming Ethernet Flow Control (802.3x), ECN (WRED) and DCTCP and pFabric. Expand
Capability Hardware Enhanced RISC Instructions: CHERI Instruction-set architecture
TLDR
This document describes the rapidly maturing design for the Capability Hardware Enhanced RISC Instructions (CHERI) Instruction-Set Architecture (ISA), and provides reference documentation for the CHERI instruction-set architecture and potential memory models, along with their requirements. Expand
Capsicum: Practical Capabilities for UNIX
TLDR
This work demonstrates the approach by adapting core FreeBSD utilities and Google's Chromium web browser to use Capsicum primitives, and compares the complexity and robustness of Capsicum with other sandboxing techniques. Expand
Metrics for Security and Performance in Low-Latency Anonymity Systems
TLDR
This paper demonstrates the counter-intuitive result that Tor's current path selection scheme, designed for performance, both performs well and is good for anonymity in the presence of a botnet-based adversary. Expand
Clean Application Compartmentalization with SOAAP
TLDR
This work presents a new conceptual framework embodied in an LLVM-based tool: the Security-Oriented Analysis of Application Programs (SOAAP) that allows programmers to reason about compartmentalization using source-code annotations (compartmentalization hypotheses). Expand
Beyond the PDP-11: Architectural Support for a Memory-Safe C Abstract Machine
TLDR
A new memory-safe interpretation of the C abstract machine that provides stronger protection to benefit security and debugging, and refine the CHERI ISA and abstract model for C, by combining elements of theCHERI capability model and fat pointers. Expand
...
1
2
3
4
5
...