In an age where security breaches and cyberattacks have become increasingly prevalent, the need for robust and comprehensive security mechanisms within embedded real- time systems is paramount. In this paper, we propose a novel solution to enforce fault-detection and increase security assurance: “Security by Default”, specifically combining Capability Hardware Enhanced RISC Instructions (CHERI) ISA microprocessor extensions with a CHERI pure-capability compliant Ada runtime. We present case studies showing how combining memory-safe hardware with memory-safe software results in a mutualistic layered approach to security and increases assurance of embedded real-time systems. We argue that this satisfies regulatory security verification objectives outlined in standards like the “Airworthiness Security Process Specification” (DO-326A/ED-202A[1] [2]).
Security by Default - CHERI ISA Extensions coupled with a security-enhanced Ada runtime
