70% of operating system vulnerabilities are due to memory safety issues

By introducing memory protection and compartmentalisation Digital Security by Design technologies aim to address this

CHERI

The CHERI (Capability Hardware Enhanced RISC Instructions) architecture extensions designed by the University of Cambridge and SRI International extends the CPU instruction set to enable it to access memory using capabilities instead of machine-word pointers. Capabilities provide fine-grained hardware-enforced access protection of objects in memory. A program using capabilities is generally incapable of making out-of-bounds accesses, which means bugs can be caught and fixed instead of exploited. Applied to existing languages that lack memory safety, like C and C++, this technology has the potential to address memory safety issues without the overhead of software runtime checks. 

A key benefit of the CHERI technology is that it can be applied to legacy C or C++ programs with minimal changes – you don’t need to rewrite all of your software in a new language.

CHERI also provides the ability to create distinct compartments within one process which can be used to harden a system against attack. Compartments are a high-performance mechanism to subdivide an application into portions that can interact in a very controlled way. Sensitive subsystems can be segregated from the rest of an application, reducing the potential for exploitation.

Morello

Morello is a research programme led by Arm which focuses on new ways to make processors more robust in future, and be able to deter some types of security breaches.
Arm designed a prototype architecture using the CHERI concepts, and has now developed prototype silicon with this new technology. This prototype System on Chip (SoC) is the heart of the Morello development board.

Sign up to the newsletter

Become a subscriber to Digital Security by Design updates – with regular communications on our news, insights and opportunities, you’ll be the first to know about our work and ways to get involved.

Delivered by Digital Catapult, funded by UKRI through the Digital Security by Design programme.