top | item 38125994

(no title)

CHERI vs MTE is a bit of a nuanced topic. At least one part of the limiting factor for MTE is that you get a finite number of tag “color codes” which opens the opportunity for some form of probabilistic attacks. Of course this helps with defense in depth as it’s yet another layer of security, but it isn’t as strong of a prevention as a CHERI capability for example.

This page explains it pretty well: https://msrc.microsoft.com/blog/2022/01/an_armful_of_cheris/

discuss

fuklief|2 years ago

This survey by the same author also provides a good comparison https://saaramar.github.io/memory_safety_blogpost_2022/