I haven't come across this specific feature before. From reading about it, it seems closely related to Arm (E)MTE ISA extensions - Memory Tagging Extension?
What's interesting is that approach (software-defined 'random' numbers to associate memory regions and valid pointers) provides only probabilistic memory safety. A malicious actor may find a way to spoof/guess the tag needed to access a particular piece of memory. Given Arm MTE and EMTE (co-developed with Apple) have both been breached in the last year, it's hard to argue that they're good enough security guarantees.
In contrast, CHERI and OMA (Object Memory Architecture) are both providing hardware-enforced guarantees of memory safety properties - unbreakable even if the attacker has perfect knowledge - backed up by formal proofs of these claims.
CHERI offers referential and spatial safety as hardware guarantees, with temporal being achievable in software. OMA offers referential, spatial and temporal safety as hardware guarantees.
Kind of, with the difference that it has been in production since 2015 on Solaris SPARC systems, granted they aren't as widespread as they once were.
Sometimes the perfect is enemy from good, none of the memory tagging solutions has achieved mainstream widespread adoption outside iDevices.
Google apparently doesn't want to anger Android OEMs demanding it to be required by Android, thus it remains a Pixel only feature.
CHERI and OMA are going to still take years for mainstream adoption if ever comes to it.
I had hopes for whatever Microsoft was doing in CHERIoT to eventually come to Windows in some fashion, but best it has happened seems to be the adoption of Pluton in CoPilot+ PC, which anyway serves a different purpose.
Could we also consider just not connecting critical systems to the internet at large? No reason, for example, for the Jaguar assembly line to depend on an internet connection.
Three paths, SPARC Application Data Integrity (ADI)
https://docs.oracle.com/en/operating-systems/solaris/oracle-...
Although I do conceed, most folks aren't keen into picking up anything related to Oracle or Solaris nowadays.
I haven't come across this specific feature before. From reading about it, it seems closely related to Arm (E)MTE ISA extensions - Memory Tagging Extension?
What's interesting is that approach (software-defined 'random' numbers to associate memory regions and valid pointers) provides only probabilistic memory safety. A malicious actor may find a way to spoof/guess the tag needed to access a particular piece of memory. Given Arm MTE and EMTE (co-developed with Apple) have both been breached in the last year, it's hard to argue that they're good enough security guarantees.
In contrast, CHERI and OMA (Object Memory Architecture) are both providing hardware-enforced guarantees of memory safety properties - unbreakable even if the attacker has perfect knowledge - backed up by formal proofs of these claims.
CHERI offers referential and spatial safety as hardware guarantees, with temporal being achievable in software. OMA offers referential, spatial and temporal safety as hardware guarantees.
Kind of, with the difference that it has been in production since 2015 on Solaris SPARC systems, granted they aren't as widespread as they once were.
Sometimes the perfect is enemy from good, none of the memory tagging solutions has achieved mainstream widespread adoption outside iDevices.
Google apparently doesn't want to anger Android OEMs demanding it to be required by Android, thus it remains a Pixel only feature.
CHERI and OMA are going to still take years for mainstream adoption if ever comes to it.
I had hopes for whatever Microsoft was doing in CHERIoT to eventually come to Windows in some fashion, but best it has happened seems to be the adoption of Pluton in CoPilot+ PC, which anyway serves a different purpose.
Can you please provide sources about Arm EMTE being breached? I couldn’t find any information online.
Could we also consider just not connecting critical systems to the internet at large? No reason, for example, for the Jaguar assembly line to depend on an internet connection.
I suppose we could all do what Asahi have been forced to do and go back to using pens, paper and fax machines: https://www.bbc.co.uk/news/articles/cly64g5y744o
Unlikely that new HW will be the solution.
You can have a memory safe Linux userland today in stock hardware. https://fil-c.org/pizlix
Related discussions:
- CHERI with a Linux on Top https://news.ycombinator.com/item?id=45487629
- Why not object capability languages? https://news.ycombinator.com/item?id=43956095
- Ask HN: Why isn't capability-based security more common? https://news.ycombinator.com/item?id=45261574