ROBIN Lucian

Abstract: CHERI (Capability Hardware Enhanced RISC Instructions) is a solution for securing the processor against spatial and temporal memory leaks by transforming any pointer into a capability that clearly defines the access limits to the data or instructions addressed. In this thesis, we propose to enrich CHERI and its control-flow integrity capabilities on a RISC-V application processor, by protecting instructions right up to their execution against any type of modification. Secondly, based on authenticated memory encryption, we will study the possibility of using CHERI to define secure enclaves enabling cryptographic isolation between processes. The processor will be modified so that each process is encrypted with its own key and can have a secure life cycle. All keys must be efficiently protected in hardware.