The CHERIoT Platform is a co-designed hardware/software system that provides non-bypassable, object-granularity, spatial and temporal memory safety that can be used as a building block for fine-grained compartmentalisation. The overhead of splitting a component into two compartments is on the order of tens of bytes, making it possible to implement the principle of least privilege in tiny embedded devices. With only 256 KiB of total memory for code and data, the platform can run networked applications with strong isolation - yet sub-object sharing - between an on-device firewall, the TCP/IP stack, TLS layer, and each protocol layer, as well as isolating individual TLS flows from each other and allowing multiple compartments for the device's business logic.

On top of this foundation, CHERIoT provides fine-grained auditing to understand the rights of every compartment, allowing untrusted or semi-trusted third-party components to be run without the ability to impact the overall system in case of compromise.

In this talk, we will show how we can isolate failures, transparently restarting crashed compartments without impacting the overall system, and how we can enforce properties on legacy C/C++ libraries that may be called from higher-level languages with stronger compile-time safety properties.