Funding body: | EPSRC | Funding amount: | £1,306,472 (£837,189 at King's) Expenses |
Start date: | 2020-07-01 | End date: | 2024-02-29 |
Principle investigator(s): | Jeremy Singer, Laurence Tratt | Co-investigator(s): | - |
Collaborator(s): | Arm, Shopify | Research staff: | - |
Other details: | Grants on the Web entry |
Virtual machines (VMs, also known as managed language runtimes) are ubiquitous components in the modern software stack. They power the web, running in client-side browsers, server-side applications, and smartphone apps. In any ranking of popular programming languages, at least half of the top ten languages run on VMs (e.g. Python, Java, C#, Javascript, PHP).
A key problem is that VM security has traditionally been a secondary concern relative to performance. Industrial strength VMs have large, complex code-bases, and large numbers of hand-crafted optimizations. Not only are they beyond any one person's ability to understand, but security has tended to be treated reactively: mature, widely used VMs such as HotSpot (the standard Java VM) regularly have 50-100 CVEs per year.
The CapableVMs project hypothesises that CHERI hardware enforced capabilities are the first realistic technique to make VM security proactive. In order to address this hypothesis, we will have to answer two research questions: can VMs be divided into compartments that capabilities can then enforce? and what is the performance impact of compartmentalisation? These two factors are related: some ways of dividing VMs into compartments may cause worse performance than others. We propose a number of different ways of compartmentalising VMs, starting on small VMs to help us understand the problem, before scaling up to V8 (the industrial strength JavaScript VM inside Chrome).