Digital Security by Design Monthly Round-Up: September 2022

London has witnessed a noticeable shift in seasons in recent weeks, as temperatures begin to drop, and nights grow incrementally long. Yet, that hasn’t stopped the cybersecurity community from across the country and further afield, gathering at Kensington Olympia for International Cyber Expo (co-located with International Security Expo) on the 27th and 28th of September 2022.

September word
Article type: Blog
company Lara

As doors opened at 9.30am on the humid Tuesday morning, thousands of visitors soon filled the halls, initiating a steady buzz of chatter that would last well into the evening when beers and wine would begin to circulate, and Cyber House Party DJs made their appearance at the turntables for networking drinks.

Nothing quite beats an in-person event, and the ability to speak with curious passers-by about the important work we are doing through the Digital Security by Design (DSbD) programme. Set up on stand H41, we had a prototype of Arm’s Morello Board with CHERI on display, along with the Digital Catapult team on hand to demonstrate how the technology works and answer any questions.

So, how does CHERI work?

Imagine a neat row of houses – this is a computer’s memory, where each home is a set of data stored in a linear fashion. In the same way that we have addresses to locate our homes, so too does memory, albeit as a string of numbers.

For the purposes of this example, the smart key in your hand should point to house no.8 and also enable you to access six houses to its right. If you attempt to access any other house, you should be locked out and sent an error message. However, in most cases where popular coding languages such as C and C++ are used, there are no enforced limitations on what can and cannot be accessed; thus, leaving your doors open and data exposed.

Now, what if these houses were to have physical padlocks installed and an alarm system to inform the homeowners of an attempted entry? This is precisely what CHERI – a new Instruction-Set Architecture (ISA) extension developed by the University of Cambridge – along with the Morello Board intends to do. Granted, this is just one oversimplified illustration of how the technology resolves vulnerabilities in programming languages, but it gives you the idea.

CHERI and the Morello Board are revolutionary because, up until this point, we have had to rely on developers to produce software that is free of flaws, or at least that is constantly implementing fixes. The government-funded project essentially takes the ‘shift left’ approach a step further. While it remains crucial that software vulnerabilities are addressed in the early stages of the development process, CHERI introduces a safeguard in the hardware itself.

Nevertheless, as the Morello Board is still in its infancy stages, we do need organisations to put the technology to the test: assessing how it fits into the development process, identifying any issues that may arise etc. Fortunately, the DSbD Technology Access Programme (TAP) is still accepting registered interest from UK companies to avail of the Arm Morello Board and investigate the DSbD Technology. Register your interest here.

Our very own Professor John Goodacre also had the opportunity to expand on the meaning of ‘security by design’ at Infosecurity’s Autumn Online Summit – EMEA 2022, held on the 27th of September 2022. The concept of ensuring that the networks and technologies used to conduct everyday activities are designed and built securely is a sound one, potentially preventing many threats and vulnerabilities from ever occurring. But how can organisations achieve this in practice when so much of their existing computer hardware and software was developed without security being front of mind? In this session, Professor Goodacre along with a panel of leading industry experts set out how organisations can implement the secure by design principle throughout their systems, and ensure it is prevalent in the digital products and services they use.

It has been a fantastic month, but there’s no rest for the wicked as we’ve got a number of exciting events lined up throughout October as well!

This week, on Wednesday the 5th of October, Professor Goodacre delivered a keynote at the IoT Security Foundation 8th Annual Conference, on ‘Past, Present and Future, the imperative of change’. The speech explored the evolving techniques utilised to secure devices by design and imagine the future of IoT.

During the week commencing on the 10th of October, UKRI will take a delegation of experts to Australia for an international mission to explore the potential for new partnerships and business collaboration across a rapidly evolving cybersecurity environment. The UK delegation will be holding meetings and round-table discussions throughout the week with Australia’s cyber ecosystem, including government departments, businesses, and investment accelerators. DSbD will be represented by Georgios Papadakis, Senior Innovation Lead and joined by DCMS, PETRAS and UK business delegates.

On the 11th of October, Professor Goodacre will once again grace the stage at High Integrity Software conference to deliver a talk on the impact of the Arm Morello Board prototype, and partake in discussions with software engineering practitioners about ongoing challenges and best practices.

On the 19th of October, Nuala Kilmartin, Innovation Lead at DSbD will attend Digital Government 2022 in Belfast to share the role that the DSbD project will play in creating a resilient and secure future.

And finally, if you missed us at International Cyber Expo, make sure to stop by Hardware Pioneers Max (Stand 27) in London on the 25th of October from 9am – 8pm. You’ll have the opportunity to get your hands on the Morello Board and see how it works for yourself!


Sign up to the newsletter

Sign up to the Digital Security by Design newsletter to stay up to date with our events, news, insights and opportunities. Be the first to know about our work and ways to get involved.

UKRI DSbD Councils
Website delivered by Digital Catapult as part of the Technology Access Programme, funded by UKRI through the Digital Security by Design Programme