Spectre mitigation overhead

Posted Sep 24, 2025 22:32 UTC (Wed) by notriddle (subscriber, #130608)
Parent article: CHERI with a Linux on top

> the compartmentalization afforded by CHERI is more interesting to him

Rust treats speculative execution as completely out of scope. That, as far as I'm concerned, is its biggest weakness and the main reason you still need hardware isolation.

A quick Google drops me onto at least one paper <https://www.cl.cam.ac.uk/research/security/ctsrd/pdfs/202...> that claims to address speculative execution in CHERI, but I don't know if that's been incorporated into real cores, if it's long obsoleted by more recent innovation, or if I'm completely barking up the wrong tree.

Are CHERI capabilities able to provide SPECTRE-resistant isolation between mutually distrustful privilege domains within a single address space?

Spectre mitigation overhead

Posted Sep 24, 2025 23:02 UTC (Wed) by wahern (subscriber, #37304) [Link]

> Are CHERI capabilities able to provide SPECTRE-resistant isolation between mutually distrustful privilege domains within a single address space?

Intrinsically, AFAIU, no. But hardware CHERI support, by requiring both bounds and (to varying extents) provenance information to accompany addresses, potentially makes it easier and more natural to avoid side-channels. And maybe more importantly, CHERI provides an opportunity to nail down ISA guarantees before widespread deployment. See Safe Speculation for CHERI, https://www.cl.cam.ac.uk/research/security/ctsrd/pdfs/202...