Digital Security by Design Technology Access Programme set to revolutionise the computing industry
A further eight leading UK technology companies have joined Digital Catapult’s Digital Security by Design (DSbD) Technology Access Programme (TAP), a UK Government backed initiative set to revolutionise cybersecurity standards in modern-day computing. They join the 27 companies already experimenting with the Arm Morello Board, the prototype cybersecurity technology designed by Arm and based on the CHERI (Capability Hardware Enhanced RISC Instructions) protection model created by the University of Cambridge.
The news comes as companies already involved with the TAP initiative shared their early results after a year of experimentation with the prototype technology. The findings were presented in March at a Demo Day event held at Digital Catapult’s London office and was attended by representatives from the Government as well as the cyber industry.
Digital Catapult, the UK authority on advanced digital technology, was appointed in 2021 by UK Research and Innovation to run the programme, designed to involve UK tech companies in trialling the Arm Morello board. The Arm Morello board is a groundbreaking prototype cybersecurity technology that is ‘secure- by-design’, meaning that it is built with security features that do not rely on software updates or patches to protect against malicious actors.
Onboarded companies will be using the Arm Morello board, powered by a system on a chip (SoC), for six months to learn how to leverage the hardware and software features that are unique to this technology. The cutting-edge technology is also capable of preventing and mitigating memory-related cyber attacks, which currently constitute two thirds of cyber attacks globally. During the trial period, companies will receive both expert support from Arm and the University of Cambridge, as well as funding.
The latest companies joining the programme include Ultra Cyber, which has a decade of experience offering solutions for critical national infrastructure, Goldilock, which specialises in secure management of connected digital assets, and Configured Things, a consultancy with vast expertise in large scale distributed systems management and security.
While applications to join Digital Security by Design through the Technology Access Programme are currently closed, companies interested in taking part can register their interest on the DSbD website and be notified when applications open again.
“Over the last year there has been a large growth in interest in the Digital Security by Design Programme from both Government, industry and academia, demonstrating a mounting desire and need to overcome the threats that face our digital world. The latest cohort of projects join an expanding network that are essential to ensuring the development of the ecosystem and proving the future possibilities for this technology and their businesses.”
Prof. John Goodacre, Challenge Director, Digital Security by Design, UK Research and Innovation
“As Digital Catapult continues to support UKRI in delivering the DSbD TAP we’re delighted to see a growing interest in this technology from a variety of UK businesses specialising in industrial internet of things (IIoT), cloud-based solutions, secure networks and wireless applications.
We are grateful to those pioneering UK companies that in the past twelve months have devoted their time and effort to experiment with the Morello board, validating its effectiveness in mitigating cyber threats and by doing so, inspiring more businesses to participate in the Technology Access Programme.”
Jessica Rushworth, Chief Strategy and Policy Officer, Digital Catapult
“We at Goldilock are delighted to participate in the DSbD TAP, recognising it as a crucial stepping stone as we venture into the development of advanced and future-oriented product architectures. As a start-up specialising in cybersecurity hardware and prioritising the security of the nation’s critical infrastructure, it is incumbent upon us to seek and incorporate the most effective and reliable solutions, thereby enhancing our clients’ trust.
Our interest in this programme was sparked by the opportunity to deeply investigate the CHERI/Morello architecture, a potentially game-changing technology for our sector. The support of DSbD throughout this exploration is invaluable and will undeniably guide the future direction of our product development.
During the course of the programme, we aim to gain a comprehensive understanding of the CHERI/Morello architecture, evaluate its potential applications in our products, and refine our strategies to utilise this advanced technology best. It will not only bolster the security of our offerings but also significantly contribute to the enhancement of national cybersecurity infrastructure.”
Richard Bate, CTO of participating company Goldilock Secure Ltd
Note to Editors
For more information about the CHERI project visit https://www.cam.ac.uk/stories/improving-computer-security
For more information about the Arm Morello Program visit https://www.arm.com/architecture/cpu/morello
Complete list of participants below:
TelWAI delivers video surveillance built on wireless networks with integrated edge AI for targeted detection.
Aim: TelWAI is planning to integrate CHERI, run edge detection algorithms and test data integrity across wireless networks.
Instantly, remotely, physically disconnect or connect anything anywhere. Without using the Internet.
Aim: Goldilock is planning to transition its secure layer-1 network devices from Intel architecture to the ARM Morello/CHERI architecture, enhancing its underlying application codebase’s security. This move will allow for a more secure, scalable, and customisable network device that meets the unique demands of critical infrastructure environments.
SCI Semiconductor Cambridgeshire
Secure Compute Institute (SCI) Semiconductors is a startup looking at how RISC-V and CHERI extensions can impact secure computing at a truly global level. The company goal is to enable widespread adoption of security technologies, and ensure national leadership in critical infrastructure.
Aim: The organisation is interested in helping the industry with mapping and portability of existing RTOS and applications from mainstream platforms, such as ThreadX / Azure RTOS to leverage the CHERI extensions. While RTOS ports have already been achieved there is a significant gap in enabling the broader market to adopt, and adapt, to the new technology.
ScienceScope provides a collection of IoT tools, devices, and resources to users around the world across multiple sectors including Education, Industry and Academic Research.
Aim: The organisation is planning to create a system whereby CheriBSD on Morello boards form the gateway to the BMS system, securely linked to the ScienceScope IoT platform, built on the Azure network. The Morello board will control all aspects of the BMS, supporting data import from external systems and data export to the ScienceScope IoT platform and additional systems requiring integration.
rtegrity’s mission is to deliver data agility and resilience through software development, research, consultancy and training.
Aim: The organisation is planning to investigate the viability and impact of applying library compartmentalisation to an NVMe over Fabrics storage stack based on the Storage Performance Development Kit (SPDK).
Ultra I&C Cyber protects the most critical infrastructures with wired, wireless, and embedded encryption solutions forged by decades of cryptographic engineering accomplishments.
Aim: The organisation is planning to apply CHERI to enhance the assurance of their mission critical software
Configured Things specialises in cross-domain configuration management solutions for managing systems across trust boundaries.
Aim: The organisation will be porting their cross-domain serialisation parsers to take advantage of CHERI’s capability-based memory protections.
Systems Security Consulting, Bury St. Edmunds
Systems Security Consulting provides consulting and R&D services in the areas of systems security, trusted/confidential computing, and embedded systems.
Aim: System Security Consulting is planning to implement pure-cap cloud orchestration support for Intravisor – a intra-process hypervisor that uses capabilities as isolation and sharing technology.