Arm has never been shy about its views on cybersecurity: with attack methods evolving constantly, achieving truly robust security for a world of a trillion connected devices requires a radical shift in how technology companies approach cyber-threats.
In turn, that necessitates research into new ways of building inherently more cyber-resilient chip platforms. And this is exactly what is happening now, with a programme initiated by the UK government called ‘Digital Security by Design’.
The project brings Arm together with other global technology leaders including Google and Microsoft to collaborate in securing next generation devices for businesses and the public, from Internet of Things (IoT) products to smartphones and autonomous vehicles.
Earlier in 2019 we talked about the initial project we’ve been working on in collaboration with the University of Cambridge. It brings concepts from the University’s CHERI project into a new Arm prototype architecture. In January, the project received a major boost with £70million of new UK Government funding. In July, the project gained further momentum with the Digital Security by Design partners contributing to take the investment pot to more than £117 million.
Today marks the critical next step in the Digital Security by Design initiative, with Business Secretary Andrea Leadsom announcing Arm’s appointment to develop prototype hardware, the Morello Board. This device will enable industry partners to assess the security benefits of a range of prototype architectural features in real-world scenarios.
Creating the Morello prototype board commits Arm to more than £50 million worth of engineering and research. The ultimate goal is to design a new Arm-based platform that will make it far harder for bad actors to take full control of a compute system—even if they manage to hack it.
Redefining next generation security
Recent research by Matt Miller of Microsoft has shown that 70 percent of vulnerabilities addressed through a security update each year continue to be memory safety issues. The hardware capability technology used in CHERI, and in the Arm prototype architecture, combine the following: references to memory locations (i.e. pointers) with limits as to how the references can be used; the address ranges that they can use to access; and which functionality they can use to access.
This combined information, known as a “capability”, is constructed so it cannot be forged by software. By replacing pointers with capabilities in a program, the memory safety is significantly improved, a critical step for stronger security.
Beyond memory safety, it is also possible to use the capabilities of a building block for more fine-grained compartmentalization, creating software inherently more robust against attacks. In simple language, compartmentalization isolates different parts of critical code in individual ‘walled’ areas, with no access to any other area. The idea is that even if an attacker reaches one piece of the code or data, they will be unable to access any other piece, effectively being ‘trapped’ in one small zone.
Putting this in the context of today’s compute hardware, current architectural approaches do not allow for fine-grained compartments to be constructed in a performance-efficient way. So, in addition to hardware changes, the proposed new security approaches will also need software code to be written and compiled in radical new ways.
For programmers to support this transformation, a commercial-grade hardware platform like the Morello board is vital so they can experiment and prototype for today’s highly complex software workloads.
This is why the commitment from Microsoft and Google to the Digital Security by Design project is essential as their world-class programing teams can create new software capable of taking full advantage of the new architectural features being developed.
The Digital Security by Design project is a massive undertaking requiring significant time and resources from across the industry. A key milestone during the project’s five-year timeline will be completion of the Morello prototype hardware platform within two and a half years. This in turn will provide our ecosystem of software companies, tools developers and leading academic institutions with two and a half years to test, write code and collaboratively provide critical feedback.
As the provider of the processor architecture touching 70 percent of the world’s seven-plus billion people, Arm is uniquely positioned to bring the best and brightest of the industry together to prioritize security in next-generation technologies across all hardware platforms. Our collaboration and co-investment with the University of Cambridge, Google and Microsoft enables us to undertake one of the industry’s most ambitious cybersecurity projects to-date.
All of those involved are incredibly passionate and confident that the success of the Digital Security by Design project will ultimately be viewed as a defining moment in securing the world’s devices.