Three paths, SPARC Application Data Integrity (ADI)
https://docs.oracle.com/en/operating-systems/solaris/oracle-...
Although I do conceed, most folks aren't keen into picking up anything related to Oracle or Solaris nowadays.
Three paths, SPARC Application Data Integrity (ADI)
https://docs.oracle.com/en/operating-systems/solaris/oracle-...
Although I do conceed, most folks aren't keen into picking up anything related to Oracle or Solaris nowadays.
I haven't come across this specific feature before. From reading about it, it seems closely related to Arm (E)MTE ISA extensions - Memory Tagging Extension?
What's interesting is that approach (software-defined 'random' numbers to associate memory regions and valid pointers) provides only probabilistic memory safety. A malicious actor may find a way to spoof/guess the tag needed to access a particular piece of memory. Given Arm MTE has been breached in the last year, it's hard to argue that it's a good enough security guarantee. EMTE may fix issues (e.g. side-channels) but leaves open the probabilistic pathway (i.e. "guess the tag") which is a hole MTE isn't designed to try to close (so, a software breach on top of a chip with EMTE can't necessarily be argued to be a violation of the hardware's security properties, though it may exploit the architectural security hole).
In contrast, CHERI and OMA (Object Memory Architecture) are both providing hardware-enforced guarantees of memory safety properties - unbreakable even if the attacker has perfect knowledge - backed up by formal proofs of these claims.
CHERI offers referential and spatial safety as hardware guarantees, with temporal being achievable in software. OMA offers referential, spatial and temporal safety as hardware guarantees.
Kind of, with the difference that it has been in production since 2015 on Solaris SPARC systems, granted they aren't as widespread as they once were.
Sometimes the perfect is enemy from good, none of the memory tagging solutions has achieved mainstream widespread adoption outside iDevices.
Google apparently doesn't want to anger Android OEMs demanding it to be required by Android, thus it remains a Pixel only feature.
CHERI and OMA are going to still take years for mainstream adoption if ever comes to it.
I had hopes for whatever Microsoft was doing in CHERIoT to eventually come to Windows in some fashion, but best it has happened seems to be the adoption of Pluton in CoPilot+ PC, which anyway serves a different purpose.
There doesn't seem to be much info about OMA available online. Your thesis linked from https://www.bristol.ac.uk/research/groups/trustworthy-system... which is linked from your home page/timeline is a broken link. Perhaps https://dl.acm.org/doi/fullHtml/10.1145/3450147 is the best in depth info available currently? Looking forward to future developments and success!
Oh dear, I hadn't realised Bristol Uni had broken the link. That paper has some information, as well as my UG thesis: https://ia600408.us.archive.org/22/items/archive_IHGC/Thesis...
Yeah the current closed nature of OMA means there's limited information at present. I am working on publishing more over the next year. It is essential the wider community starts to get access to at least the modified RISC-V ISA, to independently validate the security claims.
Can you please provide sources about Arm EMTE being breached? I couldn’t find any information online.