CHERI vs OMA: Two Hardware Approaches to Memory Safety in Cybersecurity
By
yvdriess
Slow-proofed and worth the wait. Worth its weight in flour.
Summary
This article examines two hardware-level approaches to address the systemic vulnerability of memory safety in computer systems: CHERI (Capability Hardware Enhanced RISC Instructions) and OMA (Object Memory Architecture). Both aim to make memory-unsafe code safe by design but take fundamentally different architectural paths. The piece analyzes their design differences and commercial implications against the backdrop of rising cybercrime costs, with credential abuse and vulnerability exploitation accounting for 42% of breaches according to the Verizon 2025 Data Breach Investigations Report.
Key quotes
· 5 pulledThe last year has been brutal for businesses globally. Taking examples from my home country, the UK, the cost is over £1B and still rising, as well as the loss of at least one life due to cybercrime.
These aren't isolated incidents - they're symptoms of a systemic vulnerability in how we build computer systems.
According to the Verizon 2025 Data Breach Investigations Report, credential abuse and exploitation of vulnerabilities continue to dominate as attack vectors, accounting for 22% and 20% of breaches respectively.
Two architectural approaches have emerged to tackle the trillion-dollar memory safety problem at the hardware level: CHERI (Capability Hardware Enhanced RISC Instructions) and OMA (Object Memory Architecture).
Both aim to make memory-unsafe code safe by design, but they take fundamentally different paths to get there.
You might also wanna read
Physical Attacks Undermine Security of Chip-Based Trusted Execution Environments from Nvidia, AMD, and Intel
The article discusses how physical attacks are undermining the security of trusted execution environments (TEEs) from major chip manufacture
arstechnica.com·7mo ago
Phishing Campaign Targets Signal Users by Stealing Backup Recovery Keys
A new wave of phishing attacks is targeting Signal users by impersonating the app's support team. Hackers send messages inside Signal claimi
cybersecuritynews.com·33m ago
New phishing campaign targets Signal users to steal chat backup recovery keys
Hackers are targeting Signal users in a new phishing campaign that attempts to steal their chat backups. The attackers pose as Signal's supp
techcrunch.com·39m ago
Weekly cybersecurity roundup: FortiClient EMS infostealer, Trend Micro Apex One exploit, and crypto payment security
A weekly roundup of cybersecurity news, featuring an interview with Coinflow's CISO about crypto payment security under AI-driven threats, c
helpnetsecurity.com·2h ago
CISA Adds Palo Alto Networks PAN-OS Authentication Bypass Vulnerability to Known Exploited Vulnerabilities Catalog
CISA has added a new vulnerability (CVE-2026-0257) to its Known Exploited Vulnerabilities (KEV) Catalog, affecting Palo Alto Networks PAN-OS
cisa.gov·5h agoCISA Adds Palo Alto Networks PAN-OS Authentication Bypass Vulnerability to Known Exploited Vulnerabilities Catalog
CISA has added a new vulnerability (CVE-2026-0257) to its Known Exploited Vulnerabilities (KEV) Catalog, affecting Palo Alto Networks PAN-OS
cisa.gov·5h ago