Digital Security by Design
Open date: Tuesday 5 July 2022 Close date: Thursday 8 September 2022
Overview
Digital Security by Design is a government backed initiative to transform technology and create a resilient, and secure foundation for a safer digital future. Through collaboration between researchers, industry and government, these new capabilities will free the way business and people use and trust technology.
The challenge is supported by a consortium of more than 30 of the world’s leading technology companies, academic institutions and researchers and UK government agencies. The focus is on new ways of designing CPU architecture that will make processors more robust in future and able to prevent the most prevalent security vulnerabilities.
Programme
The Digital Security by Design Technology Access Programme has been developed to build a pipeline and community of developers and technology companies to trial and experiment with the new DSbD technologies, to addresses the cybersecurity challenges faced by embedded product and software companies.
For a six-month period, programme participants will have access to the prototype architecture and hardware, technical guides, funding and industry and technical advisors, to support an experimentation period with the Digital Security by Design technologies within their own organisations.
These technologies include CHERI, a new architecture developed by the University of Cambridge and the Morello Board, a real-world test platform developed by Arm for Morello prototype architecture, based on the CHERI protection model.
Benefits
Developers will get access to a cutting-edge new CPU architecture which puts security first. Programme participants will have a rare opportunity to explore the impact of a new processor architecture on their software stacks before hardware ships. Their findings will influence the design of future computer systems.
CHERI is a new computer architecture that aims to address fundamental security vulnerabilities such as memory-safety issues (spatial and temporal) and confused deputy problems.
Learn more about CHERI here
The Arm Morello processor is a high-performance prototype implementation of the CHERI concepts applied to Arm’s Armv8-A 64-bit architecture used in mobile devices and servers. It has been developed by Arm to enable the adoption of CHERI and provide a platform for industrial evaluation of CHERI ideas. As well as CHERI/Morello hardware, software can also be developed using the flexible Morello Platform Model or QEMU-Morello emulator.
Learn more about the Arm Morello Board here
Organisations participating in the Technology Access Programme can:
Receive £15,000 in funding during the course of the 6 month acceleration programme
Get access to the Arm Morello board for 6 months
Access to CHERI architecture developed by researchers at Cambridge Computer Laboratory, University of Cambridge
Be a part of and collaborate with a UKRI-supported community of companies and universities
Participate in one-to-one check-in sessions, hands-on practical demonstrations and focused activities for the experimentation programme
Receive technical guidance and support from Digital Security by Design programme experts
Explore the performance and security impacts of CHERI in real-world scenarios and to use cases in your organisation
Become part of the early adopter community and contribute to its open-source projects
Influence the global computer industry, contributing to further improving the CHERI and Morello architecture
Access Digital Catapult’s Future Networks Lab with state-of-the art IoT and 5G networks testing facilities, allowing companies to test the impact of Digital Security by Design technologies on other areas of your products and services
Receive brand exposure on all Digital Catapult and Digital Security by Design platforms by being part of the programme
Be visible in industry as a technology organisation innovating in cyber and digital security and working with some of the world’s leading technology companies to do it
Who should apply
The Technology Access Programme has been designed for all types of businesses, from early-stage startups looking to refine business propositions to mature companies seeking early access to revolutionary technology before it is fully ready for commercial deployment. This new architecture has wide appeal and is not restricted to any particular industry.
Participants will need to be experienced software developers able to extend and evaluate their C/C++ products on new architecture, in the context of performance and security. Companies with expertise in compilers/runtimes are also invited to prototype support for CHERI in languages other than C/C++.
The architecture is currently only supported by CHERI-adapted versions of the open-source Linux/Android/FreeBSD Operating Systems distributed by Arm and the University of Cambridge. CHERI-enabled C/C++ (Clang/LLVM) toolchains are currently available. Additional operating system enablement is currently being addressed by a joint development between Arm, University of Cambridge, Microsoft and Google.
The Morello Platform Model runs on Linux for testing/PoC purposes. QEMU-Morello runs on Linux and macOS. The Morello Instruction Emulator runs on Arm v8.0 Linux.
There are two levels of participation available to technology organisations:
Tier 1
Startups, scaleups and mid-size companies that are working to make their products secure from computer security threats and vulnerabilities. This route includes access to the Digital Security by Design prototype technologies, technical guidance and funding.
Tier 2
Companies, including larger organisations, that want to gain access to the Digital Security by Design technologies for experimentation and trialling, but don’t need technical support or funding.
Applications will be judged by a team of technology advisors from the Digital Security by Design programme partners, and an independent judge.
Requirements
Successful applicants will be expected to participate in and deliver the following key commitments over the course of the programme:
- Participate in onboarding days
- Participate in mandatory peer-to-peer knowledge sharing sessions over a period of 6 months
- One-to-one check in sessions with Digital Security by Design experts to update on progress
- Provide a mid-way demonstration
- Programme communication support
- Technical reports –a short interim feedback report and a final report