Skip to content

Dynamic Devices: case study

Applying DSbD to protect Linux systems from exploitation by hackers

Dynamic Devices has been working in embedded systems and IoT for over twenty years, and for their team, participation in the DSbD programme has been a logical step in staying at the forefront of securing IoT devices.

The Dynamic Devices team attended the Digital Catapult event ‘Is the future for secure computer systems open source?’ in June 2022, where the keynote speaker was Bruce Perens, one of the founders of the open source movement. Through this event, they became involved in the DSbD’s Technology Access Programme (TAP), which is run by Digital Catapult.

Making Linux CHERI support accessible

The Morello evaluation board designed by Arm is a real-world test platform for the CHERI architecture developed by the University of Cambridge. It is the first hardware implementation of DSbD technology, and could eliminate whole classes of possible exploits, significantly reducing the ability of bad actors to capture user data, take over machines, or shut down critical systems.

Participation in the DSbD TAP gives Dynamic Devices the opportunity to work with the CHERI community – upskilling team members as well as contributing to embedded security.

Dynamic Devices has been engaging with the teams from Arm and Cambridge University on building firmware to support CHERI through CheriBSD and Android operating systems. The company has been working on building and supporting embedded Linux using the Yocto meta-distribution toolchain, so that CHERI support can be brought to the wider embedded Linux ecosystem, as well as designing an operating system image that demonstrates how CHERI protects Linux systems against exploitation by hackers.

The aim is to produce a straightforward procedure that enables a new user to build a CHERI image and examples for a Morello board, or run an image on the standard Yocto QEMU emulator if hardware is unavailable.

Many device vendors are using a form of embedded Linux in their embedded and IoT devices. The Dynamic Devices team recognises that having hardware that can protect against a major set of attack vectors, such as memory overflow exploits, can be hugely beneficial. Playing a part in opening up CHERI support to the wider embedded Linux community will help them to secure the embedded space.

dd-logo

About Digital Security by Design

Digital Security by Design (DSbD) is enabling software designers to make their products more robust and resilient to cyber-attacks. Digital Catapult is running the Technology Access Programme on behalf of UKRI to facilitate experimentation and early adoption by UK companies. This includes implementing updated hardware architecture, developing the software and system development tools that will run on it, and demonstrating its application and value in different industry sectors.