From fa3ec1dbc35bc46be36c9d1877e93181119c9fff Mon Sep 17 00:00:00 2001 From: "Robert N. M. Watson" Date: Mon, 7 Aug 2023 22:02:01 +0100 Subject: [PATCH] Minor abstract edits and simplifications. Still too long for a single page. --- abstract.tex | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/abstract.tex b/abstract.tex index 36abdb8b..63641c30 100644 --- a/abstract.tex +++ b/abstract.tex @@ -14,7 +14,7 @@ \section*{Abstract} CHERI-x86-64. It enables software to efficiently implement fine-grained memory protection and scalable software -compartmentalization, by providing strong, non-probabilistic, efficient +compartmentalization, by providing strong, deterministic, efficient mechanisms to support the principles of least privilege and intentional use in the execution of software at multiple levels of abstraction, preventing and mitigating vulnerabilities. @@ -26,10 +26,9 @@ \section*{Abstract} CHERI blends traditional paged virtual memory with an in-address-space capability model that includes capability values in registers, capability instructions, and tagged memory to enforce capability integrity. -This hybrid approach, inspired by the Capsicum security model, addresses the performance and robustness issues that arise -when trying to express more secure programming models, minimising -privilege, above conventional architectures that provide only -MMU-based protection. +This hybrid approach addresses the performance and robustness issues that arise +when trying to express more secure, privilege minimising programming models, +above conventional architectures that provide only MMU-based protection. CHERI builds on the C-language fat-pointer literature: its capabilities can describe fine-grained regions of memory, and can be substituted for data or code pointers in generated code, protecting data and improving @@ -46,7 +45,7 @@ \section*{Abstract} only controlled interaction. Potential early deployment scenarios include low-level software Trusted Computing Bases (TCBs) such as separation kernels, hypervisors, and operating-system -kernels, userspace TCBs such as language runtimes and web browsers, +kernels, userspace TCBs such as language runtimes and web browsers, and particularly high-risk software libraries such as data compression, protocol parsing, and image processing (which are concentrations of both complex and historically