CapableVMs

This EPSRC-funded research project is part of the DSbD ecosystem. We are investigating how programming language virtual machines (VMs) can utilise hardware capabilities, such as those found in CHERI. The project runs from 2020 to 2023 2025, as part of the Digital Security by Design initiative.

Partners

The CapableVMs project is co-hosted at King’s College London and University of Glasgow. For more information, please contact Laurence Tratt or Jeremy Singer.

Projects

• CHERI examples and playground – repo
• Boehm-Demers-Weiser garbage collector port for purecap CHERI [WIP] – repo
• Function splitter - explore compartmentalisation using CHERI sentries [on hold] – repo
• ELF compartments - library for compartmentalising ELF binaries [WIP] – repo
• Webkit port for purecap CHERI [WIP] – repo

Academic Publications

• Morello MicroPython: A Python Interpreter for CHERI (October, 2023), [doi: 10.1145/3617651.3622991]
• CHERI Performance Enhancement for a Bytecode Interpreter (October, 2023), [doi: 10.1145/3623507.3623552]
• Picking a CHERI Allocator: Security and Performance Considerations (March, 2023), [doi: 10.1145/3591195.3595278] [arXiv]
• Capability Boehm: Challenges and Opportunities for Garbage Collection with Capability Hardware (February, 2022), [doi: 10.1145/3516807.3516823]

Blog posts

• Two stories for “What is CHERI?”
• How Hard is it to Adapt a Memory Allocator to CHERI?

Documentation

Our project documentation is openly available. Check out our documentation repository for details.