Digital Security by Design – Technology Access Programme
Open date: Monday 15 January 2024 Close date: Monday 1 April 2024
Overview
Digital Security by Design – Technology Access Programme
A Digital Security by Design (DSbD) Challenge Call delivered in partnership with Digital Catapult, funded by UKRI
Through the DSbD Technology Access Programme (TAP), qualifying UK-based companies will have exclusive access to an Arm designed Morello evaluation board, with its cutting-edge CPU architecture.
A Morello board is a real-world test platform developed by Arm to implement the Morello architecture, which is itself based on Capability Hardware Enhanced RISC Instructions (CHERI). CHERI is a protection model, like virtual memory that can be integrated into different ISAs, including Arm Morello, CHERI RISC-V, and CHERIoT. This model is a project from the University of Cambridge and SRI International. These technologies can defend against most known memory safety issues in C and C++ and participants will be able to use these technologies to uncover security vulnerabilities in their own systems.
In addition to receiving a Morello evaluation board, participating companies will get access to the CHERI software stack, technical guides, and expert support to get started and trial these new technologies within their systems. The duration of the Technology Access Programme is 6 months. At the end of the trial period, participating companies will be offered to keep the Morello evaluation board.
The TAP is a tiered programme; qualifying companies will receive a £15,000 grant during the experimentation period. The programme is administered by Digital Catapult on behalf of UKRI.
Benefits and support
The programme provides participating companies with access to the Arm designed prototype hardware, CHERI software stack, technical guides, and expert support to get started and trial these new technologies within their systems.
Experiment with prototype, cutting-edge technology and be ahead of the game
Build unique knowledge within your company and stay competitive
Improve your product by identifying cyber security vulnerabilities in your systems/software
Become part of a vibrant community of cyber security pioneers
Receive a £15,000 funding (only companies with less than 250 employees)
Get access to experts at Arm, University of Cambridge, and Digital Catapult
Become part of the TAP Alumni upon successful completion of the experimentation period
Who should apply
The programme is open to UK-based companies that have a company culture of exploring, experimenting and inventing with new technologies, with a view of finding commercial applications. Companies with an R&D department and a strong focus on cyber security are encouraged to apply. Applicants must be registered on Companies House and also have a business bank account.
Companies within the following industries should apply:
- Information Technology and services
- Computer software
- Industrial automation
- Computer hardware
- CPU semiconductors
- Energy
- Automotive
- Telecoms
- Manufacturers of connected consumer / industrial electronics (IoT & IIoT)
Your company would ideally operate within or supply to the following sectors: utilities, healthcare, transportation, telecommunications, automotive, energy & mining, and all other sectors serving the Critical National Infrastructure.
Please also read the Technical Details section on the DSbD dedicated website before applying.
What challenges is the programme looking to solve?
DSbD Challenge
Today’s computer systems can be traced back to the designs developed in the UK during the 1940’s and 50’s. Since the 1970’s academics and industry have documented major issues in system design regarding keeping data safe and secure. This challenge is ongoing.
Around the world, academic and industry researchers continue to seek solutions. Though supply chain demands for legacy software compatibility mean we are continuing to implement solutions designed without modern digital security factored in.
Due to the industry influence and technical capabilities of the Digital Security by Design programme partners, we have a unique opportunity to change this by developing new systems and software implementations designed to address system vulnerabilities in ways not considered possible before.
Key Dates
15 January
Call opens
1 April
Applications close at 12:00
May
Public announcement of successful applicants
w/c 20 May
Programme onboarding
November
End of programme and Showcase day
How to apply
Application process
UK-based companies wishing to apply need to be registered with Companies House. The application process comprises of the following steps:
- UK-based company completes the initial application form.
- The DSbD Team reviews the form and invites you to a screening call to better understand your experience and fit for the programme.
- Once the initial screening is completed, you will receive a full application form, where you will be asked to submit a preliminary project plan.
- The DSbD Team may invite you to an interview to give feedback on the project plan submitted, if required.
- Your application will be then assessed by a panel of DSbD experts from Digital Catapult, UKRI, and other organisations specialising in this technology.
Successful applicants will be informed on the result of their application in May.
Technical Details
Please be aware of the following before applying:
- CHERI (Capability Hardware Enhanced RISC Instructions) technology can be applied to legacy C or C++
- The architecture is currently only supported by CHERI-adapted versions of the open-source Linux/Android/FreeBSD Operating Systems distributed by Arm and the University of Cambridge.
- CHERI-enabled C/C++ (Clang/LLVM) toolchains are currently available. Additional operating system enablement is currently being addressed by a joint development between Arm, University of Cambridge, Microsoft and Google.
- The Morello Platform Model runs on Linux for testing/PoC purposes. QEMU-Morello runs on Linux and macOS. The Morello Instruction Emulator runs on Arm v8.0 Linux.
- This technology it’s not secure ‘out of the box’, there’s work to do in order to turn on security by design features. It’s not enough to just put your code on the board, because security is implemented by following a series of steps.
Programme Tiers and Requirements
TAP is a tiered programme. Tier 1 is for UK-based companies with under 250 employees while Tier 2 is for UK-based companies with more than 250 employees.
Tier 1
- Receive £15,000 in funding during the course of the 6 month programme.
- Gain access to a Morello evaluation board, with possibility to keep it once the project ends.
- Participate in one-to-one check-in sessions, group learning sessions, practical demonstrations and focused activities for the experimentation programme.
- Receive technical guidance and support from the Digital Security by Design programme team and experts at Arm and University of Cambridge.
Tier 2
- Gain access to a Morello evaluation board, with possibility to keep it once the project ends.
- Receive technical guidance and support from the Digital Security by Design programme team and experts at Arm and University of Cambridge.
- Participate in one-to-one check-in sessions, group learning sessions, practical demonstrations and focused activities for the experimentation programme (optional).
Programme requirements
Over the six month period, successful applicants will be expected to:
- Participate in one onboarding day at the start of the programme [Tier 1 & 2]
- Write two technical reports –a short interim report based on progress and findings, and a final report based on your experience within the programme [Tier 1 & 2]
- Participate in monthly online peer-to-peer knowledge sharing sessions [Tier 1]
- Attend monthly online one-to-one progress-update and support sessions with the Digital Security by Design team [Tier 1]
- Participate in the end-of-programme Showcase event and provide a demonstration or presentation on their experimental outcomes or learnings [Tier 1 & 2]
Apply to the Technology Access Programme
Follow this link to apply to the DSbD Technology Access Programme