Funded Projects

The ISCF Digital Security by Design Programme has funded software design company Arm to develop a technology platform prototype which is more resistant to cyber-threats – making it harder to attack technology infrastructure and remotely take control. The project also involves open-source software specialists Linaro and the universities of Cambridge and Edinburgh

Cyberhive, based in Newbury, will develop a demonstrator and supporting framework of development tools to help digital computing infrastructure to become more resistant to attacks, both in the UK and around the world. It will also develop innovative new methods to secure the data being transmitted by applying layered encryption resistant to attack by quantum computers that is thus more resilient to near-term and future cyber-threats - making it harder to attack and infiltrate network infrastructure or endpoints and remotely take control or extract sensitive information.

Beam Connectivity, in Cirencester will demonstrate and review the use of DSbD technologies for cyber critical and safety critical applications in the automotive sector.

ICETOPE based in Rotherham will work with industry standard bodies to address the lack of cooperation between Information Technology (IT) and Operational Technology (OT) to help overcome the cyber-security barrier for implementing effective Edge computing by harnessing the new security compartmentalisation features of the Morello platform.

Scotia Gas are leading a consortium with Deltaflare, University of Strathclyde and Power Networks Demonstrator Center to deliver an Internet of Things demonstrator in the utility industry, which sees the use of DSbD technologies to deliver an enhanced security solution for applicability within SGN critical national infrastructure.

A consortium led by global technology platform company, THG Holdings plc (THG), working with The University of Manchester and the University of Oxford.

Anzen Technology Systems Ltd., London

A feasibility study of a data security software product adopting Digital Security by Design technology.

Glasgow & National Centre for Nuclear Robotics, Glasgow

Enforcing Application Behaviour through Type-Based Constraints is a DSbD funded project led by PI Wim Vanderbauwhede from University of Glasgow in collaboration with the National Centre for Nuclear robotics to review performance/run-time of compilers with the aim to enhance the provision of Digital Security by Design for mission-critical systems-on-chip through capability hardware enabled design-by-specification. The systems-on-chip will have a formal, executable specification and every software component of the system-on-chip will be forced to adhere to this specification.

Kings College London, London and the University of Glasgow, Glasgow

Dr Laurie Tratt of Kings College London and Dr Jeremy Singer of The University of Glasgow are leveraging the DSbD technologies to question critical performance and they aim to improve the security of high-performance programming language VMs using CHERI hardware enforced capabilities.

Capabilities Ltd., Carmarthen and Cambridge

Developing and evaluating an open-source desktop for Arm Morello
The project will develop a full-scale open-source DSbD-enabled desktop environment suitable for use on the Morello hardware board. It will demonstrate its hardware protection features with a software corpus exceeding 60 million lines of code.

Glasgow & National Centre for Nuclear Robotics, Glasgow

This project will develop an online, open-access, interactive textbook called ‘capabilities for coders’ to support developers who are targeting the Morello platform. This one-stop shop online resource will focus on providing developer-friendly resources in simple and direct writing style.

University of Kent, Canterbury

The CapC team led by Dr Mark Batty of The University of Kent have shared their vision to use tools to probe the CHERI architecture and propose to develop a new semantic definition of C that provides safety by default, enabling it to be compatible with the DSBD hardware and hence maximising security capabilities.

 University of Cambridge, Cambridge

CAPcelerate will utilise the DSbD technology to build capability systems for the future. Led by Dr Tim Jones of the University of Cambridge, the project seeks to investigate how capability protection can be applied to systems containing heterogeneous accelerators for applications such as graphics, AI, cryptography and networking.

University of Birmingham, Birmingham

Dr David Oswald from the University of Birmingham will focus on protecting safety and security-critical systems with capability architectures and trusted execution.

University of Cambridge, Cambridge

Dr Robert Watson of the University of Cambridge is developing new hypervisor and operating-system software compartmentalisation models able to use the CHERI / Morello architectural primitives to significantly improve compartmentalisation scalability.

Verifoxx Ltd., London

The project aims to enrich the DSbD software ecosystem by developing a DSbD-aware runtime for WebAssembly (WASM) software modules embeddable into compartmentalised applications to enable and evaluate a double sandboxed model.

Kings College London, London and the University of Glasgow, Glasgow

Chrompartments: hybrid compartmentalisation for web browsers
The project aims to enhance the security of modern web-browsers, focusing on Google Chrome, by developing and evaluating DSbD enabled finer-grained compartmentalisation.

University of Cambridge, Cambridge

The project will expand DSbD technologies by developing secure execution environments called ‘attestables’.
They will be suited to exfiltration sensitive applications without relying on the long-term burden of trust on the hardware manufacturer.

Imperial College London, London

Led by Prof Peter Pietzuchof Imperial College London CloudCAP will explore solutions across trusted execution environments. The project will focus to develop capability-based cloud compartments, a new abstraction that can express policies about the confidentiality and integrity of data, both within, and across, the components of a cloud stack and cloud native applications.

University of Kent, Canterbury

Complementing capabilities: introducing pointer-safe programming to DSBD tech
The project will expand DSbD technologies by developing a tool chain for Rust language support and integrating it into an open-source operating system.

University of Bath, Bath

Consortium led by Professor Adam Joinson, in the University of Bath’s School of Management, the Discribe Hub+ aims to reshape the ways in which social sciences and STEM disciplines work together to address the challenges of digital security by design in the 21st Century.

DRISQ Ltd., Worcestershire

CHERI standards compliance (CHERI Stone).
The adoption of autonomous systems and the use of technologies for Industry 4.0 rest in part on the security and safety assurance of the underlying technologies. This project seeks to understand what evidence from the CHERI project could be used to support compliance to internationally recognised standards such as DO-178C/ED-12C and DO-326A/ED-202A., writing an open report on the implications of the new technology in embedded systems safety and security.

Manchester University, Manchester

FlexCap: exploring hardware capabilities in unikernels and flexible isolation OSes
The project will extend the security features of DSbD technologies in two operating systems: Unikraft, FlexOS. It will evaluate the performance of flexible compartmentalisation on Morello against other platforms and mechanisms.

University of Southampton, Southampton

Prof Michael Butler of University of Southampton is addressing engineering challenges in establishing and formally verifying the relationship between application-level security requirements and secure software implementations running on capability hardware.

IOETEC Ltd., Sheffield

Multi-compartment computation protocol based on DSbD technology.
The aim of this project called SecurIOT, is to investigate the feasibility of incorporating DSbD hardware and software into IoT gateways to allow improved security of the connected sensor devices and their data. This poses significant technical and commercial challenges to see if a commercially viable solution can be achieved

MindHug Ltd., Suffolk

Multi-compartment computation protocol based on DSbD technology.
Through this project, MindHug will contribute to its industry's understanding of how to build a Multi Compartment Computation protocol that provides distribution of a computation across multiple compartments where no individual compartment can see the other compartments data.

Glasgow & National Centre for Nuclear Robotics, Glasgow

Morello-HAT: Morello high-level API and tooling
The project aims to develop and evaluate a common Application Programming Interface (API).
An API that can be used by compiler developers and software programmers of higher-level languages to leverage DSbD’s security features into their language and programs.

The Hut Group Ltd., Manchester

MOJO: a robust Java virtual machine for Morello
The project will prototype and develop a robust and mature version of the Java virtual machine (JVM).
JVM is critical to many software ecosystems by harnessing the security features of DSbD technologies.

nquiringminds Ltd., Oxfordshire

Secure networking by design (SNbD)
The project will enrich the evolving DSbD Morello stacks by developing and evaluating new network essential components with improved tool chain support.

Valid Datum Ltd., London

Quantum-resistant DSbD security leveraging Micro Tokenisation

Manchester University, Manchester

SCorCH will explore the verification of C programmes and apply this to DSbD capabilities. Dr Giles Reger of Manchester University, together with Prof Tom Melham of The  University of Oxford propose a new software verification toolchain for capabilities based on state-of-the-art static and dynamic software verification and theorem proving techniques, to verify the Morello platform is being used correctly.

Verifoxx Ltd., London

A research project on a TEE-aware compartmentalisation framework, to elevate their products security while mitigating vulnerabilities posed by existing solutions on the market.