CapableVMs

This EPSRC-funded research project is part of the DSbD ecosystem. We are investigating how programming language virtual machines (VMs) can make use of hardware capabilities, such as those found in CHERI. The project runs from 2020 to 2023 2025, as part of the Digital Security by Design initiative.

Partners

The CapableVMs project is co-hosted at King’s College London and University of Glasgow. For more information, please contact Laurence Tratt or Jeremy Singer.

Projects

• CHERI examples and playground – repo
• Boehm-Demers-Weiser garbage collector port for purecap CHERI [WIP] – repo
• Function splitter - explore compartmentalisation using CHERI sentries [on hold] – repo
• ELF compartments - library for compartmentalising ELF binaries [WIP] – repo
• MicroPython interpreter port for purecap CHERI – repo
• Webkit port for purecap CHERI [WIP] – repo

Academic Publications

• Secure Scripting with CHERIoT MicroPython
  (March, 2024) [doi: 10.1145/3708493.3712694]
  (Small-scale CHERI microcontrollers can now run Python scripts, using our capability-aware MicroPython bytecode interpreter)
• Morello MicroPython: A Python Interpreter for CHERI
  (October, 2023) [doi: 10.1145/3617651.3622991]
  (The C source code of the MicroPython bytecode interpreter needed some tweaking to make it capability-aware, but we did it!)
• CHERI Performance Enhancement for a Bytecode Interpreter
  (October, 2023) [doi: 10.1145/3623507.3623552]
  (Porting systems code to CHERI involves significant performance tuning to minimize the runtime overheads)
• Capable VMs Project Overview (Poster Abstract)
  (October, 2023) [doi: 10.1145/3617651.3624308]
• Towards Secure MicroPython on Morello (WIP)
  (June, 2023) [doi: 10.1145/3589610.3596272]
  (Q: Can we run a Python interpreter on a capability platform? A: Yes!)
• Picking a CHERI Allocator: Security and Performance Considerations
  (March, 2023) [doi: 10.1145/3591195.3595278] [arXiv]
  (CHERI isn’t magic fairy dust - just because a memory allocator runs on CHERI doesn’t necessarily mean it’s secure…)
• Boehm-Demers-Weiser Garbage Collection on Morello
  (November, 2022) [doi: 10.1145/3546918.3560808]
• Capability Boehm: Challenges and Opportunities for Garbage Collection with Capability Hardware
  (February, 2022) [doi: 10.1145/3516807.3516823]
  (World’s first automatic memory manager running on a CHERI platform, with acceptable performance overheads according to our modeling)

Blog posts

• Two stories for “What is CHERI?”
• How Hard is it to Adapt a Memory Allocator to CHERI?

Documentation

Our project documentation is openly available. Check out our documentation repository for details.