Cambridge Consultants: case study

As part of the Digital Security by Design initiative (DSbD) delivered by Digital Catapult via the Technology Access Programme, Cambridge Consultants, part of Capgemini Invent, has been assessing how capable the Arm Morello evaluation board is for delivering enhanced security for the systems created for its clients.

The Morello evaluation board designed by Arm is a real-world test platform for the CHERI (Capability Hardware Enhanced RISC Instructions) architecture developed by the University of Cambridge. It is the first hardware implementation of DSbD technology, and could eliminate whole classes of possible exploits, significantly reducing the ability of bad actors to capture user data, take over machines, or shut down critical systems.

The project involved porting existing code, then evaluating the ease of porting and the performance and security of the resulting system.

Once the Cambridge Consultants team had got to grips with what the A-Class CPU based Morello board could do, they identified a specific objective: to explore the extent to which it could help secure the operation of a virtualised mobile network infrastructure, particularly the LTE eNodeB (long-term evolution basestation). This is the hardware connected to the mobile phone network that communicates directly and wirelessly with mobile handsets. This work is particularly relevant to critical communications over LTE as UK emergency services, such as police, fire and ambulance, have moved from an airwave system to an LTE based one, with UK and European railway networks expecting to follow suit in the next decade.

Through the DSbD Technology Access Programme delivered by Digital Catapult, the Cambridge Consultants team achieved three key goals. Their first goal was to successfully port the full eNodeB codebase and its dependencies into CHERI C. This involved 750,000 lines of C and C++ code for the core system, as well as over 4 million lines for external software libraries.

Secondly, they were able to evaluate the performance impact of CHERI by sending data packets across a simulated LTE stack. With the Morello board eNodeB at the centre, and varying the network configurations, they were able to take average throughput measurements in both hybrid and pure-capability mode. From this, they concluded that using CHERI capabilities had a negligible impact on the overall performance of the eNodeB.

Thirdly, they were able to demonstrate the potential security value of CHERI, by simulating a possible bug that could end up in a production environment. They did this by introducing a vulnerability that passed all of the eNodeB’s associated unit tests. Although a variety of undefined behaviours occurred in hybrid mode, CHERI immediately and reliably flagged the error when in pure-capability mode.

Sam and his team are of the opinion that many industries with security critical systems, such as banking, could potentially benefit from using CHERI at some point in the development process. Even if not using it in production systems, testing software with CHERI would allow developers to locate and fix any vulnerabilities much more easily, and promote good coding practice. Deploying to a Morello board, or similar CHERI-aware hardware, significantly decreases the likelihood of a memory-based attack going undetected and unhandled.

Digital Security by Design is enabling software designers to make their products more robust and resilient to cyber-attacks. Digital Catapult is running the Technology Access Programme on behalf of UKRI to facilitate experimentation and early adoption by UK companies. This includes implementing updated hardware architecture, developing the software and system development tools that will run on it, and demonstrating its application and value in different industry sectors.