On 22 November nine UK companies gathered in London to present the results of their experimentation with the Arm Morello Evaluation Board based on capability hardware enhanced RISC instructions (CHERI) to an audience of cyber-security experts from various parts of the Country.
The event, hosted by Digital Catapult at its headquarters in central London, consisted of a series of presentations by the companies involved with the Digital Security by Design (DSbD) initiative through the Technology Access Programme (TAP), funded by UK Research and Innovation (UKRI).
Technologists, Business Owners, Software Engineers, Product Managers as well as representatives from the government and academia exchanged experiences and views about the outcomes of a six-month experimentation period with DSbD technologies in real-life applications.
Among these there was TELXAI, a supplier of advanced surveillance cameras with secure video transmission and AI-driven video analytics, who successfully used the CHERI powered hardware to add an extra layer of data security to their surveillance cameras – more in the case study.
ScienceScope, a provider of IoT tools, devices and resources across multiple sectors, created a Building Management System (BMS) that is securely linked to their IoT platform, via a CHERI/Morello gateway offering flexibility and integration with data import and export to and from additional third party systems.
rtegrity, a data agility and resilience consultancy based in London, presented their investigation of how library compartmentalisation can be applied to the widely used Storage Performance Development Kit (SPDK) as part of a secured storage stack. Their initial results indicate that library compartmentalisation has the potential to improve the security of the stack.
Finally Sensor IT, a TAP alumnus, ported a bug-ridden software suite, an email server, to the Morello Board/CheriBSD platform, proving that this completely eliminated all critical security bugs that affected the software.
35 UK companies are now involved with DSbD through TAP. In the last 18 months they have ported over 21 million lines of code to the Arm Morello board for continued experimentation and testing. Digital Catapult has hosted over 30 learning and networking events to facilitate experimentation across the ecosystem.
The Technology Access Programme will be accepting applications for the next cohort of experimenting companies on 15 January. UK-based companies with a culture of exploring, experimenting and inventing with new technologies and a strong focus on cyber security are encouraged to apply. The qualifying companies will look to explore how to port applications to the Morello platform, how the CHERI architecture can secure applications against known memory vulnerabilities, and whether it can enhance code by highlighting potential vulnerabilities and coding malpractices during the development phase.
Technology companies who are interested in applying should register their interest to be notified as soon as the application opens. A £15K grant is available for qualifying companies.
Richard Gonzalez, Director of participating company SensorIT said:
“We have managed to port a bug-ridden, security-flawed application into a complete secure software suite, using only off-the-shelf Morello Board/CheriBSD functionality, if this does not sound amazing, I would not know what would!”
Eleanor Wright, CEO TELXAI said:
“The outcomes achieved through the funding and support of DSbD have added significant value to TELXAI’s growth strategy, and a great deal has been learned through the programme.”