Microsoft opened Extractions related to the project cheriot (Capability Hardware Exteence to RISC-V For Internet of Things), aimed at blocking security problems in the existing code in C and C ++ languages. Cheriot offers a solution that allows you to protect existing code bases on C/C ++ without the need to process them. Protection is implemented through the use of a modified compiler using a special expanded set of processor instructions (ISA), at the level of hardware monitoring access in memory that check the correctness of the work with pointers and ensure insulation of code blocks.
The project was created with the eye that the low -level nature of the language C becomes a source of errors when working with memory, leading to problems such as the overwhelming of the buffer, appeal to already released memory, the searches of pointers or double the release of memory. Practice shows that even large corporations, such as Google and Microsoft, having a rigid policy of reviewing changes and applying modern development methods and static analysis tools, cannot guarantee the absence of memory errors (for example, about 70% of vulnerabilities in software products microsoft and Google are caused by insecure memory work) .
The problem can be solved by the use of programming languages that guarantee safe work with memory, or bindings with additional checks, for example, the use instead of ordinary signs of the type MIRACLEPTR (raw_ptr), performing additional checks to the released memory areas. But such methods are more suitable for a new code, and already existing projects on C/C ++ is quite problematic, especially if they are designed to execute in environmental resources, such as built-in systems and Internet-wide devices.
Cheriot hardware components are decorated in the form of a microcontroller based on the RISC-V architecture, which implements the secure processor architectuu cheri (capability hardware to risc- V), which provides a controlled access to memory based on “ capability