Digital Catapult, the UK authority on advanced digital technology, welcomed a further four companies to its Digital Security by Design (DSbD) Technology Access Programme (TAP). They joined the 24 companies already experimenting with a prototype cybersecurity technology that has the potential to block up to two thirds of all memory related cyber attacks.
The programme involves the use of a prototype system on a chip (SoC) and evaluation board, the Morello board, designed by Arm and based on CHERI (Capability Hardware Enhanced RISC Instructions). CHERI is a novel instruction set architecture developed by University of Cambridge and SRI International at Stanford designed to prevent cyber attacks that exploit conventional hardware and software memory vulnerabilities, which currently constitute the vast majority of cyber attacks globally.
Participating companies are supported by a wide network of professionals from Arm and the University of Cambridge as well as access to a wealth of information through the technical resources available on the dedicated DSbD programme site. For companies with less than 250 employees, a £15,000 grant is also available.
Amongst the latest companies joining the programme is JET Connectivity, which specialises in delivering 5G data transmission in challenging environments such as at sea and is seeking to investigate whether the in-built capabilities of CHERI and Morello could better protect its 5G stack against unsafe data, and secure cloud storage solutions provider Prizsm, which is planning to experiment with CheriBSD as a development environment for its software to mitigate known memory-bound exploits, in order to enhance its applications’ cyber resilience.
Companies already involved in the programme include IT consultancies specialising in Industrial Internet of Things (IIoT), cybersecurity and cloud based services as well as designers of embedded systems and manufacturers of electronic equipment serving industries as diverse as utilities, telecoms, automotive and healthcare.
The next opportunity to apply to Digital Security by Design through the Technology Access Programme is in January 2023 with applications opening on 11 January. Successful companies will be onboarded to the programme by Digital Catapult in Spring 2023.
Prof. John Goodacre, Challenge Director, Digital Security by Design, UK Research and Innovation, said:
“It’s encouraging to see the continued interest in the Morello prototype board. The breadth of companies taking part in this programme is key to enabling this fundamental step-change in computing and provides businesses the early visibility to differentiate and deliver security-first products across industry and society.”
Jessica Rushworth, Chief Strategy and Policy Officer, Digital Catapult said:
“As we approach the end of the year it’s great to see so many companies from a variety of industries including telecoms, utilities and automotive, right across the UK taking part in the DSbD programme since its launch in January. The level of participation and enthusiasm from the industry really highlights how relevant DSbD technology is to cybersecurity”.
“In the past eleven months the Digital Catapult team had the opportunity to learn more about the challenges facing the companies involved as well as the wider ecosystem and we look forward to working with more innovative companies next year.”
Adrian Fern, Founder of participating company Prizsm Technology commented:
“We are delighted to have been selected for the Technology Access Programme. Prizsm Technologies is porting its codebase to the Morello-CHERI instruction-set architecture. This is helping to protect against the accumulation of technical debt and is instilling memory-safety best practices into our ongoing product development activities.
Our multi-cloud data storage solution codebase has been written entirely using C with Classes (C++) which in the past 50 years allowed programmers to introduce certain types of computer memory related bugs. Morello and CHERI’s rigorous engineering techniques increase assurance and prevent these memory safety issues from happening. We believe that building the knowledge and skills required to create Digital Security by Design Capability products now, will provide a huge advantage for Prizsm in the future”.
For more information about the CHERI project visit https://www.cam.ac.uk/stories/improving-computer-security
For more information about the Arm Morello Program visit https://www.arm.com/architecture/cpu/morello
Complete list of participants below:
Greeve Ltd Powys
Greeve is a technology innovation company developing bespoke software and rugged electronic solutions supporting a wide range of applications and industries.
Aim: Enhance the security and stability of an inertial navigation and situational awareness platform for the UK’s Fire and Rescue sector by utilising CheriBSD and Morello as a development environment for memory safety of application code.
JET Connectivity Farnborough
JET provides resilient 5G connectivity at sea driven by a desire to improve environmental and safety impacts of commercial and leisure interactions with the sea.
Aim: Evaluate the feasibility of utilising CHERI capabilities to add a layer of security against raw, unsafe or compromised data to its 5G stack.
Mission Critical Applications Bath
Mission Critical Applications (MCA) provides software development consultancy for safety-critical and high-integrity systems including the safety assurance of data-dependent, interconnected critical systems.
Aim: Experiment with rebuilding the seL4 (security enhanced Linux) operating system to run on Morello, to use all of the enhanced security features available in pure capability mode.
Prizsm Technology Blackwood
Prizsm enables anyone to easily protect and secure their information in the public cloud. Prizsm’s unique multi-cloud distribution approach enables businesses to retain data more safely at all levels of security classification.
Aim: Porting a cloud-based data storage platform to the Morello/CHERI architecture, understanding any performance trade-offs, and investigating their codebase against known memory safety vulnerabilities.