RealVNC: case study
Testing a new way of reducing C++ vulnerabilities through Digital Security by Design
RealVNC uses C++ to build the desktop clients that form part of their VNC Connect secure remote access solution. As part of the Digital Security by Design (DSbD) Technology Access Programme, they have been experimenting with the CHERI Morello board and software.
As a SaaS business using desktop, mobile software, and cloud infrastructure, RealVNC faces a wide range of security issues, including bugs in others’ code and external threats. The C++ codebase has, in the past, faced security issues catalogued by the CVE Program, such as potentially exploitable buffer overflows and elevation of privilege exposure. Increasing cyber security through a change in hardware enables the prevention of memory-related cyber-attacks, which is where around 70% of exploits take place.
Compiling, running, and testing their software on the Morello platform should allow the RealVNC team to spot more obvious logic errors that have the potential to affect security.
Digital Catapult is running the DSbD Technology Access Programme (TAP), and is supporting RealVNC throughout this project.
The benefits of the Morello Board implementation
The CHERI based Morello evaluation board is a prototype System on Chip (SoC) and development board. Developed by UK-based Arm, the Morello board is a real-world test platform for Arm’s Morello prototype architecture, which is based on the University of Cambridge Computer Lab’s CHERI protection model. It is the first hardware implementation of DSbD technology.
CHERI extends conventional hardware instruction-set architectures (ISAs) with new architectural features to enable fine-grained memory protection and highly scalable software compartmentalisation. This architecture, when deployed, could do away with whole classes of possible exploits, with a far lower chance of zero-day vulnerabilities being exploited. This would significantly reduce the ability of bad actors to capture user data, take over machines, or shut down critical systems – problems affecting most industries today.
DSbD] has enabled us to bolster our security focus further, specifically with a novel means of proving our software is secure. It has also been a useful and interesting way into finding out more about other organisations who share our concerns and focus on security issues.Dominic Parkes Lead Software Engineer RealVNC
The story so far
RealVNC has ported its core codebase and all desktop applications to run on the Morello device using the CHERI ABI/pure capability mode (as far as possible within the current limitations of the environment). The company has begun performance and security testing: evaluating the pixel throughput of their remote desktop software with the new pure capability mode, and aiming to identify previously undetected programming errors. RealVNC is also evaluating whether CHERI would have effectively detected those legacy bugs catalogued previously by the CVE Program.
As a result of the programme, the company team now understands the CHERI architecture itself – the capabilities encoded into 128-bit pointers – and the implications this has for porting existing software. They also have a better understanding of what can be done in terms of mitigating diverse types of security error, and have learned more about FreeBSD as a platform.
RealVNC will continue to evaluate the architecture against known security issues, as well as attempting to break their software on the platform to see what can be improved in the codebase. They are also looking at more of the CHERI-specific mechanisms to see where they could be best used within their software.
About Digital Security by Design
Digital Security by Design (DSbD) is a government led initiative to enable hardware and software developers to make their products more robust and resilient to cyber-attacks. Digital Catapult is running the Technology Access Programme on behalf of UKRI to facilitate experimentation and early adoption by UK companies. This includes implementing updated hardware architecture, developing the software and system development tools that will run on it, and demonstrating its application and value within different industry sectors.
Interested in getting involved? Learn more about Digital Security by Design.
SONIC Labs first outdoor Open RAN testing site launches with Ofcom, Cellnex UK, and Capgemini
SONIC Labs Cohort 2 Insights report discusses the technical journey and the lessons learned of Cohort #2. This report provides…
SONIC Labs establishes new partnerships with leading Taiwanese innovators to drive Open RAN innovation and investment forward
Seven organisations will test their products in lab and real-world indoor mobile network settings.
SONIC Labs Cohort 1 Insights report discusses the technical journey and the lessons learned of Cohort #1. This report provides…
Learn how Cambridge Consultants, part of Capgemini Invent, has been testing the Arm Morello board to enhance cyber security.
Learn how CAN-PHANTOM is exploring new ways to increase automotive cyber-security with CHERI based technologies.
Discover how SONIC Labs has successfully contributed to the ongoing development of UK technical expertise and building the UK’s reputation…