On Sat, Jan 03, 2015 at 11:23:13AM -0800, travis+ml-lang...@subspacefield.org wrote: > Peter Neumman gave a long, rambling keynote at Cornerstones of Trust > on a complex, "holistic" (non-point-solution) secure system: > > http://www.csl.sri.com/users/neumann/utah13+x4.pdf > > I was very interested in the details of his work, as it appears he > must have done a great deal of research. Unfortunately as with most > very ambitious projects, it's not clear exactly what the output will > be, and he kept mentioning they had a verilog implementation of a > simple RISC core which I'm sure is an accomplishment but not terribly > useful to me. I got the impression that one might find papers on the > various security aspects forthcoming, or possibly already on his site.
You can find more here: http://www.cl.cam.ac.uk/~rnw24/#cheri CHERI is the RISC implementation. Capsicum is software related to CHERI. Both relate back to hardware for MULTICS (which Neumann was involved with). That hardware used segment registers to isolate processes, something that CHERI has revived using modern hardware design. In short, instead of having processes isolated using memory management, you have hardware that enforces the use of a prefix to memory addresses, effectively segmenting memory, but more flexibly than done with the GE 600 (IIRC). Hope this helps a little, Rik _______________________________________________ langsec-discuss mailing list langsec-discuss@mail.langsec.org https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss
