DSbD Desktop Project - UKRI Digital Security by Design
Capabilities Limited is currently working on a research and development desktop project for UK Research and Innovation as part of the Digital Security by Design programme. The Digital Security by Design (DSbD) challenge is investing in projects that help the UK digital computing infrastructure to become more secure.
This project's aim is to develop a viable, memory-safe, and compartmentalised prototype desktop software stack for the Arm Morello board. Our starting point was the current open-source desktop software running on conventional, non-CHERI hardware.
The project builds on open-source outputs from the Arm/Cambridge Innovate DSbD Platform Prototype project, Cambridge EPSRC CHaOS project, and a completed Innovate pilot project at Capabilities Limited. The Cambridge and Capabilities Limited projects are independently funded but closely coordinated.
While our work is being performed on CheriBSD, the (high-level) aim is for outcomes of this project to also work with Arm’s Morello Linux adaptation as it achieves greater CHERI enablement. To achieve this, we are developing and evaluating a full-scale open-source desktop software environment for the Morello board, making novel use of CHERI’s fine-grained memory safety and scalable software compartmentalisation features to mitigate estimated three-quarters of past software vulnerabilities in that stack.