CHERI Alliance launched

Author: EIS Release Date: Nov 21, 2024


 The CHERI Alliance CIC (Community Interest Company) has launched  with Chevin Technology (UK), Critical Technologies (USA), the Defence Science and Technology Laboratory (DSTL, UK), Google (USA), Light Momentum Technology Corporation (Taiwan), National Cyber Security Centre(NCSC, a part of GCHQ, UK), Parvat Infotech (India), SRI International(USA), TechWorks (UK), Trusted Computer Center of Excellence(USA), the University of Birmingham (UK), and the University of Glasgow (UK) as founding members.

Founded to unite hardware security leaders and system developers, the CHERI Alliance aims to establish CHERI (Capability Hardware Enhanced RISC Instructions) as the new standard for memory safety and scalable software compartmentalization.


Previously announced founding members of the CHERI Alliance include Capabilities Limited, Codasip, CyNam, the FreeBSD Foundation, lowRISC, OpenHW Group, SCI Semiconductor, Swansea University, and the University of Cambridge.


Following its initial formation in June 2024, the CHERI Alliance’s new additions reinforce the collaborative effort to protect against memory-related vulnerabilities, a critical security challenge that constitutes approximately 70% of the vulnerabilities exploited in cyberattacks.

IMG_0462-1024x414.png

“We are now well-positioned to advance our mission of delivering scalable, hardware-based security solutions that address critical vulnerabilities,” says CHERI director Prof Robert Watson.

Feryal Clark, Minister for AI and Digital Government, said: ‘It’s great to see our national security community and some of the leading lights in tech backing this work – ensuring a joined-up approach which will keep our digital economy and the services we rely on daily safe, secure, and alert to the growing range of online threats that we face.”

CHERI technology, developed starting in 2010 through a collaboration between the University of Cambridge and SRI International, offers  protection against memory safety issues such as buffer overflows and heap use-after-free vulnerabilities. The technology’s ability to enable high-performance, scalable compartmentalization significantly reduces the risk of both known and future unknown vulnerabilities.

With a broader range of companies, open-source organizations, and research institutions on board, the CHERI Alliance is poised to strengthen its efforts in standardisation, technical alignment, and educational outreach to promote CHERI’s adoption as an industry-standard security measure.

 “We recognise the potential of CHERI in significantly enhancing system security by mitigating common software vulnerabilities. CHERI offers fine-grained compartmentalisation, which isolates sensitive data into secure compartments, and deterministic memory safety,” says Ben Laurie, lead security researcher at Google, ‘in security-critical systems that handle sensitive information and personal data, such as those found in generative AI applications, CHERI helps protect against breaches and ensures robust protection against malicious attacks.”