Digital Catapult, the UK authority on advanced digital technology, welcomed a further 14 companies to its Digital Security by Design (DSbD) Technology Access Programme. They will be joining the 10 companies onboarded earlier this year to experiment with prototype cybersecurity technology that, if fully implemented, could revolutionise the cybersecurity landscape for good.
The vast majority of cyber attacks exploit conventional hardware and software memory vulnerabilities. To overcome this issue, University of Cambridge researchers with colleagues at SRI International developed CHERI (Capability Hardware Enhanced RISC Instructions), a novel instruction set architecture that could stop two thirds of cyber attacks.
As part of the project, Arm designed and built a prototype system on a chip (SoC) and demonstrator board, the Arm Morello board, which was made available to UK businesses for industrial evaluation earlier in 2022. The DSbD Technology Access Programme, managed by Digital Catapult, allows companies to experiment with the Morello board.
Companies already involved in the programme so far have been able to add their own software stacks to the Morello board and catch vulnerabilities in their code, highlighting areas that need to be enhanced.
Participating companies range from large organisations serving a multitude of sectors to vibrant small and medium-sized enterprises spanning the automotive, fintech and telecom sectors including cyber security consultancies specialising in Internet of Things (IoT), blockchain technology and cyber security. Companies will use DSbD technologies to address a wide range of security issues such as improving resilience of a Wi-Fi supplicant to over the air attack or strengthening digital security of devices permanently connected to the Internet within safety-critical systems such as vehicles.
In March 2023 select participating companies will be invited to share their use cases at a showcase event at Digital Catapult’s London office.
Prof. John Goodacre, Challenge Director, Digital Security by Design, UK Research and Innovation, said:
“As we move into the second half of the Digital Security by Design programme, it’s encouraging to see the rapidly increasing interest in the Arm Morello prototype board.
The breadth of companies taking part in this programme is key to enabling this fundamental step-change in computing and provides businesses the early visibility to differentiate and deliver security-first products across industry and society.”
Katy Ho, Head of Innovation Practice, Digital Catapult said:
“Digital Catapult is delighted to welcome more companies through the Technology Access Programme. The ambition of the DSbD programme to enable and catalyse a paradigm shift in how secure products and services are built can only be realised through effecting change in every part of the ecosystem.
The companies experimenting with the Morello board will play a pivotal role through testing and validating the use cases and propositions of DSbD technologies and providing invaluable feedback to the ecosystem.”
Participating company Oxon Tech has been involved with DSbD from inception, having evaluated the CHERI technology before the hardware release. Chris Murrey from Oxon Tech said:
“In 2021 we evaluated the CHERI technology using the Fixed Virtual Platform for a project developed for the UK’s Fire and Rescue Services including embedded and mobile software. From the start it was clear this technology would go a massive way towards the security of the code we write by eliminating one of the most common vulnerabilities – memory errors.
The DSbD Technology Access Program is an exciting next step for us as it’s our first chance to get our hands on the hardware itself. This gives us a great chance to build on our first development and apply it to more real-world scenarios.”
For more information about the CHERI project visit https://www.cam.ac.uk/stories/improving-computer-security
For more information about the Arm Morello Program visit https://www.arm.com/architecture/cpu/morello
Complete list of participants below:
L3 Harris TRL Technology Ltd Hampshire
From 15 UK sites, L3 Harris Technologies deliver unique capabilities across air, land, sea, space and cyber for military, security and commercial customers, worldwide.
Aim: Focus on shortening their certification process by being secure by design.
Tot Ei Ltd Cambridge
Cambridge based consultancy Tot Ei is trusted by some of the world’s biggest brands to evolve wireless communications ambitions into reality.
Aim: Focus their main area of investigation around the resilience of a Wi-Fi supplicant to over the air attack.
Dynamic Devices Liverpool
Dynamic Devices provide a range of embedded and Internet of Things (IoT) integration services, supporting their clients from concept and prototyping to post-sale platform support.
Aim: Work with the existing Morello build support and integrate this to the greatest extent possible into the Yocto Embedded Linux build system.
Oxfordshire based IT specialists providing SME IT support as well as development and innovative R&D projects.
Aim: Investigate the use of DSbD within a tracking and situational awareness platform designed for the UK’s Fire and Rescue sector as well as defence/security.
DONAA deliver a powerful tool to detect defects in real-time during high value 3D printing, enabling their customers to save costs and protect the environment.
Aim: Leverage the expertise, hardware and software provided by DSbD Technology Access Programme to enable error-free 3D printing.
Cambridge Consultants Cambridge
World leading product development and technology consulting firm providing business consultancy in technology-critical issues to clients worldwide.
Aim: Explore the potential for CHERI-based platforms to deliver improved security for their clients’ products. Understand how readily existing designs can be ported to and make use of the security features of the new architecture.
Cedyr Labs Manchester
Supplier of robust and secure battery power systems, smart regulators, and communication modules.
Aim: Secure the IEC 61850 protocol for electrical sub-stations.
Katlas Technology London
Developers and vendors of the Katlas Open Source blockchain platform, written from the ground up to be secure, sharable and scalable.
Aim: Port their platform to the Morello/CHERI environment and explore ways in which blockchain can be used to securely connect networked Morello boards within the DSbD Technology Access Programme.
Manufacturer and supplier of an advanced aftermarket vehicle security system, the CAN-PHANTOM vehicle immobiliser.
Aim: Prototype an advanced vehicle security and tracking system. With more devices becoming permanently connected to the Internet, such as safety-critical systems on vehicles, they are focusing on the digital security of such devices.
MBDA UK Ltd
Integrated defence company providing missiles and missile systems for each branch of the armed forces (air, sea, land) part of a multinational group working across France, Germany, Italy, Spain and the United Kingdom.
Aim: Study how the CHERI architecture could impact software design philosophies, and how it could support their need to meet required safety standards. For example, by enabling compartmentalisation of the different processes running on a device.
Swansea University Wales
Swansea University is a research-led university funded in 1920. Working with partners and collaborators across the globe their research delivers significant and valuable economic and societal impact in Wales, UK and internationally.
Aim: Evaluate the feasibility of the DSbD technologies for connected vehicles. The study aims to validate whether these technologies help to secure the telematics units without sacrificing their performance functionalities.
Leo CybSec Ltd London
Leo Cybsec help businesses realise and mitigate cyber security challenges by extending their consulting services and solutions.
Aim: Utilise the latest cutting edge technologies and models to develop a solution with maximum protection enabled at both application and hardware level.
Metrarc use novel technology for deriving secure encryption keys from the properties of digital systems, addressing a major area in the security domain.
Aim: Develop a practical implementation of their Trusted Ring Security product on the capability hardware prototype and evaluate the practical opportunity for the adoption of the Morello technology.
Pytilia is a new, fast-growing software company based out of Belfast, Northern Ireland. They provide a full stack enterprise capability from UI/UX design through to OS kernel/driver developments.
Aim: Explore the application of DSbD to technology infrastructure (storage, networking and virtualised compute) to better understand any measurable performance cost incurred in the use of CHERI.