Making the digital world a safer place

Cambridge and Arm are working together to make everything from our national infrastructure to the phones in our pockets more secure.

The security of our phones and computers affects us all. Every year, in its annual Digital Defense Report, Microsoft reports on the growth of cyber-crime around the world.

Cambridge computer scientists have an ambitious plan to keep us all safer.

Impact at a glance

  • Cambridge researchers and colleagues at US research institute SRI International have redesigned the architecture of a computer’s central processing unit – its brain – to make it less vulnerable to security breaches.
  • According to Microsoft, this new architecture, known as CHERI, could stop around two thirds of hacks, cyber attacks and data breaches.
  • Arm has been working with Cambridge to integrate CHERI into Arm's architecture since 2014 and in January 2022 it launched a prototype ‘system on chip’ and demonstrator board, containing the prototype architecture, known as Morello.
  • These Morello boards are now being tested by key industry players, including Google and Microsoft, and by researchers around the world.
  • This potentially game-changing technology is at the heart of the UK's Digital Security Design programme, backed by more than £200 million industry and government funding to date.

"Our collaboration and co-investment with the University of Cambridge, Google and Microsoft enables us to undertake one of the industry's most ambitious cybersecurity projects to date."
Richard Grisenthwaite, SVP, Chief Architect and Fellow at Arm

Securing the future

Arm is a Cambridge success story. Its technology is used by billions of people around the world in their phones and computers every day. As 5G, the internet of things and AI become part of the fabric of our lives, that number will only get bigger.

However, while these advances promise huge benefits, they also bring with them significant risk – not least, greater exposure to cyber attacks.

And that risk is one that the University of Cambridge and Arm have been working on together since 2014, through the CHERI project.

CHERI was conceived in 2010, with initial funding from DARPA. Professors Robert Watson and Simon Moore at the University’s Department of Computer Science and Technology, along with Dr Peter Neumann from SRI International, were asking themselves a fundamental question: “If you were starting from scratch, what would you need to do to both hardware and software to make computers more secure?”

The problem they needed to address was, as Watson explains, that, "the computers we use today – and the programmes written for them – are rooted in a technological approach unchanged since the 1970s. The underpinnings of software construction are incredibly fragile – and hence exploitable – and successful attacks can rapidly gain control of complete computer systems.”

"CHERI," Watson continues, "addresses both of these issues. It allows you to protect the invisible foundations of software programmes and to compartmentalise within a programme so that if, say, a virus gets into your mail, it would not be able to wreak havoc across all your accounts, folders, messages and attachments."

Watson and Moore were later joined by Professor Peter Sewell and his team, who came on board to ensure that all aspects of CHERI stand up mathematically, providing unprecedented confidence in the approach.

A computing revolution

"Normally, in computer science," says Watson, "we experiment by changing one thing at a time, keeping everything else the same and seeing what happens.

For software researchers, that generally means sticking to the same hardware and for hardware researchers, sticking to the same software. Both try to limit the changes they have to make to the architecture (or interface) between them.

"The problem with that approach," Watson continues, "is that you can only make relatively small, incremental improvements. CHERI is so revolutionary in part because we are changing the architecture, hardware and software all at the same time. There are only a handful of research labs in the world with the breadth and depth of expertise to attempt this."

Turning an idea into a reality

From the outset, Watson and Moore had thought that Arm would be the perfect industry partner. As Watson explains: "We were proposing a fundamental change to architecture that requires new hardware and transforms the software that runs on it. Bringing new architecture to market is what Arm does."

However, in 2014 the pair felt they weren’t quite ready to make the first approach. Fate intervened, in the form of one of Moore’s PhD students whose neighbour worked at Arm and suggested that he come along and give them an informal talk about his work. Mildly concerned, Moore decided he ought to go along too.

This turned out to be a good decision, as the normally reliable student got lost on the way, and Moore had to ad lib until he turned up.

Moore explained: “It just so happened that, most unusually, Arm's chief architect, Richard Grisenthwaite was not busy that lunchtime and was sitting at the back of the room. He was really interested in what we had to say.”

That was the start of a powerful collaboration, built on a convergence of mutual interests. For the Cambridge team, the potential scale of implementation was a hugely exciting prospect. The ubiquity of Arm IP means that CHERI, if adopted, would see a near universal take-up.

However, Arm can only deploy a new technology if its partners – the companies making our phones and computers – want it. An academic prototype, however impressive and well-referenced in the literature is not going to convince companies to invest the potentially tens or hundreds of millions of dollars needed to put this new approach into practice.

Graeme Barnes, lead architect and Fellow at Arm, explained, “CHERI is potentially a very big deal but it’s also a big change. We need to prove to people that it brings significant benefits and is deployable.”

“CHERI is potentially a very big deal but it’s also a big change. We need to prove to people that it brings significant benefits and is deployable.”
Graeme Barnes, lead architect and Fellow at Arm

"This is an unbelievably exciting moment for us. It's the result of hundreds of staff years of effort across Cambridge, SRI, Arm, Microsoft, Google and others."
Robert Watson

Industry testing: CHERI blossoms into Morello

To demonstrate the merits of CHERI to its partners, Arm was going to need a proper, industrial quality prototype.

Recognising the importance of security to its digital infrastructure, in 2019 the UK government backed a Digital Security by Design Challenge, which awarded £70 million in funding to the prototyping effort, which by then had been named Morello.

The £70 million was matched by a further £117 million from Arm and other industry partners including Microsoft and Google, enabling Barnes and his team – in close collaboration with Cambridge and the University of Edinburgh - to develop Morello, described by Grisenthwaite as “a ground-breaking and unprecedented industrial-scale prototype of the CHERI concepts in the context of the Arm architecture.”

A system on a chip (SoC) and demonstrator board containing the first example of the Morello prototype architecture was launched in January 2022. Hundreds of these Morello boards are now being shipped to companies, universities and government labs for experimentation and evaluation.

"This is an unbelievably exciting moment for us." says Watson. "It's the result of hundreds of staff years of effort across Cambridge, SRI, Arm, Microsoft, Google and others."

Over the next few years, the CHERI technology will be put through its paces. Recipients of the board will use it to develop new ways to structure their software, adapt existing software stacks and evaluate its effect not only on security but also on performance and energy use.

At the same time, more than a dozen UK universities and two dozen UK companies have been funded by UKRI to explore CHERI's implications for everything from Internet of Things devices to data centres.

"As well as the huge buzz," says Watson, "there's also a bit of trepidation. Our hope, of course, is that this next stage of industry testing goes well and that in a few years we will see those ideas Simon and I began to formulate back in 2010 result in a global improvement to cyber security."

If you are a UK or international registered business or organisation and are interested in testing the new architecture and Morello Board, you can find out how to apply here.

Published 24 May 2022

Infographics by Alison Fair

Photography
Hacker using laptop. Credit: PeopleImagesage
Computer virus on screen (conceptual). Credit: TEK Image/Science Photo Library
Programming code abstract technology background. Credit: monsitj
Morello Demonstrator Board. Credit: Arm

The text in this work is licensed under a Creative Commons Attribution 4.0 International License