SensorIT, an Internet of things (IoT) technology provider and manufacturer already involved with the Digital Security by Design (DSbD) Technology Access Programme (TAP) since May 2022, was awarded a £10K grant to continue their experimentation project with DSbD technologies. SensorIT was one of the nine TAP Alumni who submitted a project extension application. The Alumni community is made of 28 companies who are already part of TAP.

The scope of their initial project was to test the Arm Morello platform through porting a bug-ridden software to work on CheriBSD, with the aim to prove the Morello Board/CheriBSD security credentials just out of the box, with no further security enhancements other than those the platform offers as standard. More details can be found in the case study.

The project extension will now look at further work on said software, a complete email suite called eXtremail, to make it fully functional, place it online and experiment with memory compartmentalisation features. To test the new set up, SensorIT will be attacking the newly migrated platform with every tool at their disposal to prove the Morello Board/CheriBSD is capable of preventing serious attacks (for instance remote code execution) just by being the hosting platform. The results are expected by the end of November 2023.

The DSbD Technology Access Programme is funded by UK Research and Innovation (UKRI) and is open to UK technology companies who want to experiment with the Arm Morello board, a prototype SoC (system on chip) based on CHERI (capability hardware enhanced RISC instructions). The programme, managed by Digital Catapult, offers access to hardware, software stack plus technical support and a £15K grant to qualifying companies. More details about the programme can be found here.