Safely importing and exporting data between different security domains within an organisation or group of organisations is a challenge. There is guidance for how to do this, published by the National Cyber Security Centre (NCSC), but it involves bespoke and expensive hardware that is not a viable investment for many businesses. The team at Configured Things wanted to explore how CHERI’s memory safety paradigm could be used to implement such patterns more cost-effectively, without compromising on efficiency or performance.
The Digital Security by Design (DSbD) Technology Access Programme gives UK-based companies access to the Arm Morello and lowRISC Sonata boards with capability hardware-enhanced RISC instructions (CHERI). The technology, developed jointly by the University of Cambridge and SRI International, enables users to dramatically improve system security, strengthening their own application code against unsafe memory access. Through this innovation programme, Configured Things was able to explore and demonstrate its secure-by-design solution for cross-domain data sharing.
Securing code as well as data to create more cost-effective design patterns
A key part of designing a cross-domain solution is recognising that not only is the data potentially unsafe, but that even the code that examines it needs to be protected from hidden malicious data, or errors within normal payloads. For example, in 2024 the CrowdStrike outage was caused by a software bug that crashed Windows systems worldwide after receiving bad data.
As well as exploring the memory safety benefits of building software to run on CHERI, Configured Things also wanted to look at the improved separation of programs that’s possible on CheriBSD and CHERIoT. The team aimed to use CHERIoT features to implement the core aspects of NCSC patterns within an embedded device running CHERIoT. Following any success they achieved, the team then planned to share examples with the wider community to allow others to build on these foundations.
Exploring CHERIoT’s capability for validating ‘untrusted’ data
The Configured Things team took part in two separate cohorts of Digital Catapult’s innovation and accelerator programme. During the fourth cohort, the team developed a prototype of a cross-domain solution using CheriBSD’s experimental co-location features. Learnings from the programme encouraged the team to then independently experiment with CHERIoT using a software simulator. This enabled them to develop and share a demo that shows how to use CHERIoT compartments and sealing capabilities to implement a safe configuration management system. This system safely handles data coming from the network and only shares it with the parts of the software that are allowed to use it.
Joining the sixth cohort provided Configured Things with the opportunity to extend its demo to run on real hardware (the Sonata board) and add support for digital signing and encryption. The company created and shared a demonstration of how to perform safe and secure configuration management, including porting a lightweight crypto library, LibHydrogen. This enabled them to securely generate and verify encrypted messages between devices, ensuring that critical security features like key storage and random number generation are protected against potential attacks.
The team showed that the features in CHERIoT can be used for implementing trust models within embedded systems, and that the memory safety features eliminate the need for implicit trust in third party libraries and drivers, something that most companies currently rely on, as they often have no choice but to trust that third-party libraries are safe. This is risky because any flaws or vulnerabilities in those libraries can open the entire system to attack, whereas CHERIoT’s approach isolates those risks, dramatically reducing potential damage.