Stop Panicking Over Patching: CHERI Morello Memory Safety
Mo Javadi
S4x24 - ICS Security Conference · Day 2 · Main Stage
In this insightful talk at S4, Mo Javadi presented a compelling case for a paradigm shift in operational technology (OT) cybersecurity, moving away from the perpetual cycle of reactive patching towards a more proactive, hardware-rooted security posture. Titled "Stop Panicking Over Patching: CHERI Morello Memory Safety," the presentation introduced **CHERI (Capability Hardware Enhanced RISC Instructions)** implemented on ARM's **Morello** chip as a transformative technology designed to fundamentally address the pervasive issue of memory-related vulnerabilities. Javadi likened the current state of OT cybersecurity to the myth of Sisyphus, where every patch applied is quickly followed by the discovery of new vulnerabilities, forcing organizations back to square one.
AI review
Mo Javadi's presentation on CHERI Morello is a groundbreaking exposition of a hardware-rooted solution to the pervasive issue of memory safety vulnerabilities, which constitute approximately 70% of all software flaws. The talk expertly navigates from the systemic problem of reactive patching in OT to the elegant architectural answer offered by CHERI's fat pointers and hardware-enforced capabilities. This technology represents a fundamental shift from perpetual vulnerability management to a proactive, silicon-level defense, promising to drastically reduce the attack surface for critical…