Leveraging the Capability Hardware
The competition was set out to utilise the technology, developed earlier in the DSbD programme, based on the Arm AArch64 architecture and adopts the concepts and approaches first investigated by the CHERI program (led by the University of Cambridge).
An interactive workshop was held for potential applicants to discuss the funding objectives and to enable the development of interactions and potential collaborations.
Submitted projects had to be aligned to fit within the overall DSbD vision and objectives for the ISCF Digital Security by Design challenge.
These EPSRC funded projects are managed by academics from across the UK, and each project PI has defined how they will utilise the DSbD to investigate and enhance capability hardware.
The academic research teams will build their solutions on the Arm Morello prototype microprocessor boards while utilising the University of Cambridge’s open-source CHERI reference software stack, (This includes the Cheri BSD operating system and application suite). Through the utilisation of the morello prototype processor and the software research from CHERI these research projects will address specific objectives within the scope of the Digital Security by Design challenge.
Exploring Solutions
Winning applications were derived from Research Organisations across the UK and we are delighted to announce these nine ESPRC funded projects that are all now well underway:
- CapableVMs – is by far a traditional research project. Dr Laurie Tratt of Kings College London and Dr Jeremy Singer of The University of Glasgow are leveraging the DSbD technologies to question critical performance and they aim to improve the security of high-performance programming language VMs using CHERI hardware enforced capabilities.
- CloudCAP – led by Prof Peter Pietzuch of Imperial College London will explore solutions across trusted execution environments. The project will focus to develop capability-based cloud compartments, a new abstraction that can express policies about the confidentiality and integrity of data, both within, and across, the components of a cloud stack and cloud native applications.
- CAP-TEE– Dr David Oswald from the University of Birmingham will focus on protecting safety and security-critical systems with capability architectures and trusted execution.
- CAPcelerate – will utilise the DSbD technology to build capability systems for the future. Led by Dr Tim Jones of the University of Cambridge, the project seeks to investigate how capability protection can be applied to systems containing heterogeneous accelerators for applications such as graphics, AI, cryptography and networking.
- CHaOS – Dr Robert Watson of the University of Cambridge is developing new hypervisor and operating-system software compartmentalisation models able to use the CHERI / Morello architectural primitives to significantly improve compartmentalisation scalability.
- CapC – The CapC team led by Dr Mark Batty of The University of Kent have shared their vision to use tools to probe the CHERI architecture and propose to develop a new semantic definition of C that provides safety by default, enabling it to be compatible with the DSBD hardware and hence maximising security capabilities.
- SCorCH – will explore the verification of C programmes and apply this to DSbD capabilities. Dr Giles Reger of Manchester University, together with Prof Tom Melham of The University of Oxford propose a new software verification toolchain for capabilities based on state-of-the-art static and dynamic software verification and theorem proving techniques, to verify the Morello platform is being used correctly.
- HD-Sec – Prof Michael Butler of University of Southampton is addressing engineering challenges in establishing and formally verifying the relationship between application-level security requirements and secure software implementations running on capability hardware.
- AppControl – are working in collaboration with The National Centre for Nuclear Robotics, and Prof Wim Vanderbau-whede who leads the project from The University of Glasgow will be exploring performance and run times of compilers. The AppControl team aim to enhance the provision of digital security by design, for mission-critical systems-on-chip through capability hardware enabled design-by-specification. The systems-on-chip will have a formal, executable specification and every software component of the system-on-chip will be forced to adhere to this specification.
These DSbD projects are funded until the end of March 2024.
By investing in this research, we are addressing the integrity and resilience of both hardware and software in response to the significant market need for cyber security; and we aim to overcome the market failures and radically update the foundation of the insecure digital computing infrastructure that underpins the entire economy.
We have committed £8 million of our £70 million government budget to drive this research, and these projects are only at an embryonic stage, but we will ensure the projects are delivered to plan, gain the deserved visibility and the findings are accessible to everyone in the global digital security community to support the enablement of more secure platforms.
This is a key phase in the development of the overall Digital Security by Design challenge and the impact of the learning and use cases will strengthen the foundations we have built in the UK to work towards our goal of making the UK the lead in securing digital computing infrastructure.
It’s going to be a fantastic challenge and I feel a real sense of pride in being involved in working with our partners to accelerate the move towards digital transformation of industry and supporting the UK to improve reliability of digital services and advancing global scaling to make us safer online.
The Industrial Strategy Challenge Fund Digital Security by Design Challenge is led by BEIS and delivered by UKRI.
- You can find out more about the Industrial Strategy Challenge Fund here
- Find out more about our diversity and inclusion work here
Author: Nuala Kilmartin – DSbD Innovation Lead