A new chip security consortium called CHERI Alliance is focused on protecting data stored in hardware memory from cyberattackers.

The alliance backs a protection model that isolates the hardware and software to prevent hackers from injecting code into memory that would allow them to take over systems or steal data.

“Memory issues represent approximately 70% of the routes taken by cyber attackers,” CHERI Alliance said in a statement. The alliance will formally launch in September this year.

The memory issues are usually addressed through software techniques or coarse-grained hardware memory protection, says alliance spokesperson Tora Fridholm.

“These methods either leave holes or are not very practical. What is unique about CHERI is that the technology adds fine-grained memory protection, with the ability to prevent these issues completely without adding a major overhead,” Fridholm says.

The alliance focuses on securing memory in ARM, MIPS and RISC-V architectures, which dominate edge devices.

The backing entities include University of Cambridge, the FreeBSD Foundation, Capabilities Limited, lowRISC, and SCI Semiconductor. While ARM dominates the microcontroller and mobile markets, the company is currently not part of the consortium.

ARM has been victim to many memory-bound vulnerabilities, including one earlier this month that allows hackers to access GPU memory. ARM-based processors also had vulnerabilities related to Meltdown and variants of Spectre, which allowed hackers to take over memory.

Research on Memory Protection

The CHERI (Capability Hardware Enhanced RISC Instructions) program originally started off in 2010 as a research program with University of Cambridge and SRI International, and was funded by DARPA’s CRASH.

As part of the program, researchers developed a CHERI-based hardware with memory protection features. ARM’s prototype Morello board with CHERI extensions was reviewed by Microsoft Security Response Center, which provided recommendations to improve the design. CHERI was described in a research paper published earlier this year as a “hardware-software capability-based system that extends the ISA, toolchain, programming languages, operating systems, and applications in order to provide complete pointer and memory safety.”

CHERI researchers also provide toolkits so C and C++ programmers can add memory protection while code. C++ doesn’t have automatic memory protection mechanisms, unlike newer development tools such as Rust, which leaves space for coders to inject malicious code. Coders need to add specific code to protect memory.

Source

About Author

Dark Reading

See author's posts

Tags:

Related News

Officials worry Salt Typhoon apathy is killing momentum for tougher telecom security rules

March 12, 2026

Securing Airline Public Wi-Fi: Stop Threats With Protective DNS

March 2, 2026

You may have missed

White House executive order purports to limit mail-in voting, mandate federal voter lists 

March 31, 2026

Attack on axios software developer tool threatens widespread compromises

March 31, 2026

Patterns, Pirates, and Provider Action: What We Learned Working with Keitaro

March 31, 2026

Prompt Injection Is Becoming a Data Security and Cyber Defense Problem

March 31, 2026

NIST SP 800-81r3: What’s New?

March 30, 2026

Researchers say credential-stealing campaign used AI to build evasion ‘at every stage’

March 30, 2026
WordPress Appliance - Powered by TurnKey Linux