Skip to content
STIMSMITH

CHERI Security Extension

Concept

Capability Hardware Enhanced RISC Instructions (CHERI) is described as a security extension for conventional instruction-set architectures. It introduces capabilities: unforgeable, bounded tokens that act as fat pointers carrying an address plus metadata such as permissions and bounds, with validity protected by a hidden tag.

First seen 5/27/2026
Last seen 5/27/2026
Evidence 6 chunks
Wiki v1

WIKI

Overview

Capability Hardware Enhanced RISC Instructions (CHERI) is a security extension for conventional instruction-set architectures. The extension adds capabilities, described as unforgeable and bounded tokens. A capability is a fat pointer containing an address and metadata, including permissions and bounds information. Capability validity is ensured by a hidden tag, and a capability authorizes access to a region of memory. [C1]

Architectural role

READ FULL ARTICLE →

NEIGHBORHOOD

No graph connections found for this entity yet. It may appear in future ingestion runs.

explore full graph →

RELATIONSHIPS

1 connections
TestRIG ← evaluates 100% 2e
TestRIG was used to test the experimental CHERI security extension.

LINKED ENTITIES

1 links
TestRIG EVALUATES Extracted graph relationship

CITATIONS

4 sources
4 citations — click to collapse
[1] CHERI is a security extension for conventional instruction-set architectures that adds capabilities: unforgeable and bounded tokens; a capability is a fat pointer containing an address and metadata including permissions and bounds; validity is ensured by a hidden tag; and a capability authorizes access to a memory region. Randomized Testing of RISC-V CPUs using Direct
[2] TestRIG was applied not only to RISC-V but also to CHERI-RISC-V. Randomized Testing of RISC-V CPUs using Direct
[3] Previous CHERI work used tests generated from a formal model of the CHERI-MIPS ISA written in L3, compiled to HOL4, and used constraint solving to generate instruction sequences; the approach was also applied to the CHERI ARM Morello instruction set starting from a Sail model. Randomized Testing of RISC-V CPUs using Direct
[4] The CHERI extension to Ibex is cited as an example of counterexample-driven development: after adding RVFI-DII support, a summer intern independently added full CHERI functionality to Ibex in a month due to reduced counterexamples provided by QCVEngine. Randomized Testing of RISC-V CPUs using Direct