Not quite a piece of CHERI-cake: Are new digital security by design architectures usable?
Maysara Alhindi, Joseph Hallett
TL;DR
This paper investigates the usability of CHERI, a security-by-design architecture, revealing that developers face challenges due to warning displays and insufficient documentation during software porting.
Contribution
It provides empirical insights into developer experiences and usability issues associated with adopting CHERI's security architecture.
Findings
Developers struggle with CHERI's warning and error messages.
Lack of diverse documentation hampers software porting.
Usability challenges impact adoption of security-by-design architectures.
Abstract
A digital security-by-design computer architecture, like CHERI, lets you program without fear of buffer overflows or other memory safety errors, but CHERI also rewrites some of the assumptions about how C works and how fundamental types (such as pointers) are implemented in hardware. We conducted a usability study to examine how developers react to the changes required by CHERI when porting software to run on it. We find that developers struggle with CHERI's display of warnings and errors and a lack of diverse documentation.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSecurity and Verification in Computing · Advanced Malware Detection Techniques · Cryptographic Implementations and Security