CheriBSD features

CheriBSD extends FreeBSD with added CHERI-enabled features, such as kernel and userspace memory safety. Some of these features are in the main CheriBSD branch; other experimental features remain on development branches.

Kernel compilation modes

The CheriBSD kernel can be compiled either as hybrid or pure-capability code:

  • The hybrid kernel enables capaility use in userspace while making relatively little use of capabilities in the kernel's own implementation.
  • The pure-capability kernel implements strong referential and spatial memory protection internally in the kernel, protecting against memory-safety vulnerabilities in components such as the network stack and system-call layer.

Userspace process environments

The CheriBSD userspace likewise supports two different execution environments, hybrid processes and CheriABI (pure-capability) processes:

  • Hybrid processes provide strong binary compatibility with the non-CHERI version of the same architecture -- for example, aarch64 on Morello.
  • CheriABI processes implement strong referential and spatial memory protection through the system-call interface, dynamic linker, language runtime including heap memory allocators, and compiler-generated code. This protects against memory memory-safety vulnerabilities in both system services and applications. CheriABI is described in an ASPLOS 2019 paper.

Both environments can be used over either of the hybrid or pure-capability kernels.

Pre-compiled third-party software applications (packages) are provided for both ABIs, although CheriABI packages are currently considered experimental. This is discussed further in the chapter on packages.

Userspace heap temporal memory safety (experimental)

CheriBSD implements, on an experimental development branch, support for the Cornucopia heap temporal safety algorithm, as well as successor algorithms based on load-side-barrier features present in the Morello prototype architecture and processor design. Cornucopia is described in an IEEE SSP 2020 paper.

Software compartmentalization (experimental)

CheriBSD implements, on experimental development branches, two different CHERI-enabled software compartmentalization models:

  • Colocated processes (co-processes) compartmentalization accelerates UNIX Inter-Process Communication (IPC) and context switching by colocating multiple processes in the same address space, separating them using CHERI capabilities.
  • Dynamic-linker-based compartmentalization isolates shared libraries within a process using CHERI capabilities limiting the access of attackers who have achieved arbitrary code execution within a library.

Virtualization (experimental)

CheriBSD implements, on an experimental development branch, CHERI extensions to FreeBSD's bhyve Type 2 hypervisor on the Morello architecture. This allows bhyve to host CHERI-enabled virtual machines, including those running CheriBSD.