Cambridge Consultants: case study
Identifying a new way to secure MNO (mobile network operator) infrastructure
As part of the Digital Security by Design initiative (DSbD) delivered by Digital Catapult via the Technology Access Programme, Cambridge Consultants, part of Capgemini Invent, has been assessing how capable the Arm Morello evaluation board is for delivering enhanced security for the systems created for its clients.
The Morello evaluation board designed by Arm is a real-world test platform for the CHERI (Capability Hardware Enhanced RISC Instructions) architecture developed by the University of Cambridge. It is the first hardware implementation of DSbD technology, and could eliminate whole classes of possible exploits, significantly reducing the ability of bad actors to capture user data, take over machines, or shut down critical systems.
The project involved porting existing code, then evaluating the ease of porting and the performance and security of the resulting system.
Once the Cambridge Consultants team had got to grips with what the A-Class CPU based Morello board could do, they identified a specific objective: to explore the extent to which it could help secure the operation of a virtualised mobile network infrastructure, particularly the LTE eNodeB (long-term evolution basestation). This is the hardware connected to the mobile phone network that communicates directly and wirelessly with mobile handsets. This work is particularly relevant to critical communications over LTE as UK emergency services, such as police, fire and ambulance, have moved from an airwave system to an LTE based one, with UK and European railway networks expecting to follow suit in the next decade.
Evaluating performance impact and potential security value
Through the DSbD Technology Access Programme delivered by Digital Catapult, the Cambridge Consultants team achieved three key goals. Their first goal was to successfully port the full eNodeB codebase and its dependencies into CHERI C. This involved 750,000 lines of C and C++ code for the core system, as well as over 4 million lines for external software libraries.
Secondly, they were able to evaluate the performance impact of CHERI by sending data packets across a simulated LTE stack. With the Morello board eNodeB at the centre, and varying the network configurations, they were able to take average throughput measurements in both hybrid and pure-capability mode. From this, they concluded that using CHERI capabilities had a negligible impact on the overall performance of the eNodeB.
Thirdly, they were able to demonstrate the potential security value of CHERI, by simulating a possible bug that could end up in a production environment. They did this by introducing a vulnerability that passed all of the eNodeB’s associated unit tests. Although a variety of undefined behaviours occurred in hybrid mode, CHERI immediately and reliably flagged the error when in pure-capability mode.
CHERI is a rapidly developing technology, and we anticipate that it could become widely applicable to our clients’ needs once commercially available CHERI-based hardware is released. We will also be able to use our achievements as a case study to demonstrate our experience with the technology, and spark discussions around the implications of developing with CHERI. In the meantime, we will continue to experiment with CHERI and our Morello board and use it as a way to foster internal conversations about the intricacies of digital security.
Sam Pumphrey Head of Digital Security, Cambridge Consultants
One less-explored area of CHERI that we think could offer significant benefits to a wide range of industries is compartmentalisation. Telecommunications is a good example of this, where you have multiple users being processed by the same device simultaneously, transferring sensitive data. The ability to create low-overhead, securely separated co-processes would be extremely valuable.
David Wood Principal Embedded Software Engineer, Cambridge Consultants
Who could benefit from CHERI in future?
Sam and his team are of the opinion that many industries with security critical systems, such as banking, could potentially benefit from using CHERI at some point in the development process. Even if not using it in production systems, testing software with CHERI would allow developers to locate and fix any vulnerabilities much more easily, and promote good coding practice. Deploying to a Morello board, or similar CHERI-aware hardware, significantly decreases the likelihood of a memory-based attack going undetected and unhandled.
About Digital Security by Design
Digital Security by Design is enabling software designers to make their products more robust and resilient to cyber-attacks. Digital Catapult is running the Technology Access Programme on behalf of UKRI to facilitate experimentation and early adoption by UK companies. This includes implementing updated hardware architecture, developing the software and system development tools that will run on it, and demonstrating its application and value in different industry sectors.
Digital Catapult newsletter
Receive case studies from across UK industry delivered directly to your inbox
Subscribe now