Pytilia

Demonstrator for Secure, High Performance Packet Processing

Overview

Pytilia were one of ten UK-wide winners of the 2021 Digital Security by Design (DSbD) Software Ecosystem competition. During the resulting project, Pytilia were able to successfully demonstrate that using DSbD technology for critical networking infrastructure is both relevant and feasible.

Their project was completed in collaboration with the Centre for Secure Information Technologies (CSIT) based at Queen’s University Belfast and benefited from UKRI/DSbD funding. This funding for collaborative research and development projects enabled companies across the UK, like Pytilia, to begin developing a software ecosystem, encouraging serious adoption of Digital Security by Design Technologies ahead of hardware availability.

“It bodes well for the security of our digital world that Pytilia have been able to show that DSbD technologies are able to block software vulnerabilities from exploitation in highly complex, high-performance applications such as packet processing” – Prof. John Goodacre, Director DSbD, UK

Project Details

Drawing on Pytilia’s experience in the enterprise IT space, their project looked at the elimination of a key performance vs security tradeoff currently found in low latency applications such as packet processing.

What is Packet Processing?

Packet Processing is a core networking concept that is widely used in firewalls, network monitoring, and storage back-up. Packets are received from the network and forwarded for classification, filtering or other processing.

What’s the problem?

Developers currently face a choice between prioritising performance or security:

  • a distributed/multi-process approach provides isolation and controlled interactions but with a performance overhead and the complexity of inter-process communications;
  • a monolithic/single process approach using Data Plane Development Kit (DPDK) or similar improves performance but introduces insecurity associated with a shared address space. This is particularly acute in a plugin-based architecture where some packet consumers are potentially untrusted 3rd-party plugins.

Pytilia’s goal was to demonstrate that porting the DPDK to the DSbD environment delivers a “best of both” solution thanks to DSbD’s compartmentalisation thereby satisfying both performance & security requirements.

 

Pytilia block diagram

 

Project Progress

Using the DPDK (Data Plane Development Kit) library, which is used to accelerate packet processing workloads, Pytilia assessed the impact of CHERI (Capability Hardware Enhanced RISC Instructions) technology on the protocol stack. This included measuring the increase in performance by applying the CHERI memory model to improve performance using DSbD hardware-based capabilities instead of classic memory pointers requiring manual checks.

Outcomes

  • The Pytilia team successfully completed the Software Ecosystem Project enjoying strong, positive feedback from Innovate UK including that the “project was very professional and successful” and that the “use case and applicability were very strong”.
  • Participating in Digital Security by Design offered Pytilia a funded learning experience and the opportunity to explore & gain expertise with a new digital security technology. It also allowed them to showcase their commitment to cybersecurity – something that has already been recognised as a positive by a number of their key customers.
  • Thanks to DSbD, Pytilia have established new connections and strengthened existing relationships including with CSIT at Queen’s University in Belfast, with UKRI and with DSbD programme director Prof. John Goodacre.
  • Enrolling in the programme has helped raise Pytilia’s profile within the Northern Ireland technology ecosystem offering an advantage in attracting new customers and talent.

Morello Board

Pytilia’s project was completed ahead of hardware availability using the Fixed Virtualisation Platform (FVP). With the launch of the Technology Access Programme, ARM developed and produced Morello hardware is now available from dsbd.tech.

Looking Forward

Looking forward, Pytilia see the DSbD programme as an opportunity to uniquely position the company and establish themselves as a trusted technical advisor alongside product development companies. They would love to see DSbD technologies gaining more widespread adoption leading to a more secure future for us all.

“We’re delighted to have had the opportunity to participate in the DSbD programme and are pleased we were able to successfully showcase this example application of DSbD technologies.
We’d like to thank the teams in CSIT and DSbD for their contribution and are looking forward to building on this success to continue on the journey to a more secure future with DSbD” – Tim Silversides, Co-founder, Pytilia

 

About Pytilia

Pytilia is a new, fast-growing software company based out of Belfast, Northern Ireland. They provide a full stack enterprise capability from UI/UX design through to OS kernel/driver developments.
Pytilia have an established pedigree in delivering mission critical capabilities for their customer base which spans the financial services/insure tech, healthcare and IT infrastructure domains.

https://www.pytilia.io

Delivered by Digital Catapult, funded by UKRI through the Digital Security by Design programme.