Implementation of CHERI capabilities in a safety-critical real-time operating system and Type-1 hypervisor for intelligent edge systems
Dmitriy Yeliseyev
Software Architect, Wind River
Cybersecurity threats continue to grow each year, resulting in an ever-increasing number of common vulnerabilities and exposures (CVE). However, many share a common characteristic of exploiting a lack of memory safety or potential weaknesses in the implementation of software runtime environments. We present a case study combining Capability Hardware Enhanced RISC Instructions (CHERI) ISA microprocessor extensions with a CHERI-capability compliant safety-critical real-time operating system and Type-1 Hypervisor to enable its use in an avionics research project.
We consider the design decisions taken and challenges encountered and compare the capabilities of the resulting platform to non-CHERI implementation in terms of robustness and attack surface reduction. We argue this defence-in-depth approach provides increased security resilience and for embedded real-time systems. Finally, we consider areas for potential research, including DO-178C avionics software safety certification.
About Dmitriy Yeliseyev
Dmitriy Yeliseyev is a Software Architect in Professional Services, responsible for researching technologies, practices, and solutions that meet the needs of the market in general and Wind River customers in particular. He works closely with the Technology Office and Engineering teams to develop roadmaps for the enhancement and implementation of new technologies into Wind River products.
At the same time, Dmitriy works closely with Wind River’s customers to coordinate and support the development, deployment, and testing of customer products and their safety certification processes.
He joined the company in 2010 and has worked on numerous customer projects developing products based on Wind River's VxWorks RTOS and Helix Virtualization Platform for the aerospace and defense, medical, telecommunication and industrial robotics areas, including certification to relevant safety standards.
Prior to joining Wind River, he was a senior software engineer at Hermes SoftLab, providing information technology solutions and software engineering services to high-tech vendors and telecommunications service providers. Earlier in his career, he worked at Iskratel as a lead engineer in the telecommunications protocol development department.
He holds a master’s degree from Kharkiv National University of Radio Electronics, specializing in computing and intelligent systems and networks.