A UK government program to tackle the inherent security flaws in most of today’s computing infrastructure is funding Arm to the tune of $46 million (UK £36 million) to develop a prototype board using CHERI, a DARPA supported RISC processor ISA update that uses capability-based tokens for fine-grained memory protection and scalable software compartmentalization.

The British government announced it is funding Arm to develop new technologies that are more resistant to cyber threats, as part of its wider ‘Digital Security by Design’ (DSbD) initiative. The latter is also backed by Google and Microsoft. Arm chief architect and Fellow Richard Grisenthwaite commented, “Our first step is to create prototype hardware, the Morello Board, as a real-world test platform for prototype architecture developed by Arm that uses the University of Cambridge’s CHERI protection model. It will enable industry and academic partners to assess the security benefits of foundational new technologies we’re making significant investments in.”

Work on CHERI (capability-system extension to RISC instruction set architectures) was initiated in 2010 by the University of Cambridge and SRI International and supported by DARPA, and was first demonstrated in 2014 as a prototype FPGA-based soft processor core named BERI, based on a 64-bit MIPS processor. Since then, the University of Cambridge led research has been working actively to bring CHERI to the ARMv8-A and RISC-V ecosystems, both supported by DARPA.

The collaboration with Arm started in 2014, to develop an experimental integration of CHERI with 64-bit ARMv8-A. It is creating an experimental superscalar CHERI-ARM processor (based on the Neoverse N1), SoC, and evaluation board (Morello) to be available for academic and industrial research from late 2021. Since 2017 the researchers have also been creating an experimental adaptation of CHERI to the 32-bit and 64-bit RISC-V ISAs, including multiple FPGA prototypes based on Bluespec and MIT BSV-language cores. CHERI ISAv7 includes a fully elaborated version of the CHERI-RISC-V ISA.

CHERI: overcoming market failure in security

So, the question is, why CHERI? Well, the premise is that mainstream computer systems are chronically insecure. Conventional hardware instruction sets and the C/C++ programming languages, dating back to the 1970s, provide only coarse-grained memory protection. This turns many coding errors into exploitable security vulnerabilities.

The development of the Morello board by the Arm consortium is part of a broader UK government program under its Industrial Strategy Challenge Fund (ISCF), to fund research and innovation in various strategic areas. Security is one of these, for which it launched its Digital Security by Design (DSbD) initiative in September 2019, a $244 million (£190 million) research program to explore potential applications of CHERI.

As part of this, UKRI (UK Research and Innovation) and Arm announced that the Arm Morello board will become available from 2021: a prototype 7nm high-end multi-core superscalar ARMv8-A processor (based on Arm’s Neoverse N1), SoC (system on chip), and board implementing experimental CHERI extensions.

In addition, as part of this effort, the UK Engineering and Physical Sciences Research Council (EPSRC) also announced a new $10 million (£8 million) program to fund UK academics to work with Morello. Arm will release its Morello adaptation of the University of Cambridge’s CHERI Clang/LLVM toolchain, and the university will release a full adaptation of its open-source CHERI reference software stack to Morello (including the CheriBSD operating system and application suite) as foundations for research and prototyping on Morello.

The vision for the DSbD initiative is to “overcome the market failures and radically update the foundation of the insecure digital computing infrastructure that underpins the entire economy.” John Goodacre, a key proponent of this program at Arm before he left the company last year, and now the challenge director for the DSbD program, told EE Times of the wider impact. “Though this is RISC-based, the fundamental technology should be available to apply to any processor technology.”

He said the funding programs are about opening up opportunities beyond just the technology — it addresses everyone from those building the chips to the users and those impacted. For this, he said there are three aspects to the program – enable, use, and impact.

On the enable front, this means developing the technology platform prototype, delivering a proven secure-by-default hardware evaluation board and system software. The ‘use’ involves community engagement and collaborative R&D to understand and enable market use, including tooling and processes to utilize the new capabilities. On ‘impact’, this will involve business-led demonstrators for sector-specific adoption, such as for IoT, connected vehicles, or financial services, to showcase real-world impact and move beyond the accepted norm.