Capability Hardware Enhanced RISC Instructions

Capability Hardware Enhanced RISC Instructions (CHERI) is a technology designed to improve security for reduced instruction set computer (RISC) processors. CHERI aims to address the root cause of the problems caused by lack of memory safety in common implementations of programming languages such as C and C++, which are responsible for around 70% of security vulnerabilities in modern systems.^[1]^[2]

The hardware works by giving each reference to any piece of data or system resource its own access rules. This prevents programs from accessing or changing things they should not. It also makes it hard to trick a part of a program into accessing or changing something that it should be able to access, but at a different time. The same mechanism is used to implement privilege separation, dividing processes into compartments that limit the damage that a bug (security or otherwise) can do.

CHERI can be added to many different instruction set architectures including MIPS, AArch64, and RISC-V, making it usable across a wide range of platforms.

Software must be recompiled to gain fine-grained memory-safety benefits from CHERI, but most software requires few (if any) changes to the source code.^[3] CHERI's importance has been recognised by governments as a way to improve cybersecurity and protect critical systems.^[4] It is under active development by various business and academic organizations.^[5]

^ Cimpanu, Catalin (22 May 2020). "Chrome: 70% of all security bugs are memory safety issues". ZDNET. Retrieved 8 June 2025.
^ Cimpanu, Catalin (11 February 2019). "Microsoft: 70 percent of all security bugs are memory safety issues". ZDNET. Retrieved 8 June 2025.
^ Robert N. M. Watson; Ben Laurie; Alex Richardson (17 September 2021). Assessing the Viability of an Open-Source CHERI Desktop Software Ecosystem (PDF) (Technical report). Capabilities Ltd.
^ "Final ONCD Technical Report" (PDF). White House. Office of the National Cyber Director. February 2024. Archived (PDF) from the original on 21 January 2025. Retrieved 21 January 2025.
^ Manners, David (13 November 2024). "CHERI Alliance launched". Electronics Weekly. Retrieved 20 January 2025.

[1] Cimpanu, Catalin (22 May 2020). "Chrome: 70% of all security bugs are memory safety issues". ZDNET. Retrieved 8 June 2025.

[2] Cimpanu, Catalin (11 February 2019). "Microsoft: 70 percent of all security bugs are memory safety issues". ZDNET. Retrieved 8 June 2025.

[ecosystemviability-3] Robert N. M. Watson; Ben Laurie; Alex Richardson (17 September 2021). Assessing the Viability of an Open-Source CHERI Desktop Software Ecosystem (PDF) (Technical report). Capabilities Ltd.

[ONCDReport-4] "Final ONCD Technical Report" (PDF). White House. Office of the National Cyber Director. February 2024. Archived (PDF) from the original on 21 January 2025. Retrieved 21 January 2025.

[cheri-alliance-launched-5] Manners, David (13 November 2024). "CHERI Alliance launched". Electronics Weekly. Retrieved 20 January 2025.

[1]

[2]

[3]

[4]

[5]