Developing a software ecosystem for a more secure digital future

Male IT technician running a maintenance programme on a laptop

£7.9 million will go to 10 projects that will enrich and expand the digital security by design (DSbD) software ecosystem.

A new, more secure processor architecture has been developed in the prototype Morello hardware board.

Development of this ecosystem will ensure security benefits of the prototype will enable the broader market adoption once the technology is commercially available.

The projects will be based at institutions and companies across the UK.

New age of digital security

They will usher in a new age of digital security by designing software and hardware from the bottom up to be more resistant to attacks.

UK Research and Innovation’s DSbD challenge Director John Goodacre said:

Cyber security breaches cost the UK economy billions of pounds, yet instead of addressing the root causes of vulnerabilities, we find ourselves locked in a never-ending arms race of attack and patch.

The aim of the digital security by design challenge is to break free of this arms race by ensuring secure design is baked in from the beginning, preventing the exploitation of vulnerabilities in the software by adding more security in the hardware.

Building a software ecosystem before commercialisation of the Morello board concepts is key to their success.

It will ensure DSbD becomes the norm when developing both hardware and software.

Correcting a market failure

Realising DSbD is fundamentally constrained by the way processors execute software, something which has remained the same for decades.

The sheer scale of computing means that, unless a new chip will have software to run, it won’t be built.

Likewise, those that write software will target the chips that are already built.

This is a clear market failure that has meant any changes seen so far in a processor architecture are ‘in-addition’ or ‘around’ the fundamental approach to how it runs software.

Accelerating software availability

Through this £7.9 million of funding, the programme seeks to accelerate the availability of software using the recently available hardware prototype and break this market failure.

The projects and organisations funded through this competition will expand and enrich the software ecosystem, that will ultimately enable the use of this technology in a broad variety of scenarios.

Digital security by design

Last year, 46% of UK businesses reported cyber-attacks or breaches.

Cyber-attacks cost small and nano businesses £175 million last year in Greater Manchester alone; 56,000 small businesses were attacked, of which 12,000 were attacked weekly.

The DSbD programme is working with industry, academia and government to implement a step change in digital security.

Re-thinking how computers run software

It is re-thinking how computers run software and built to be inherently more secure from cyber-attacks.

This could save the British economy billions.

Through the DSbD programme, Arm, working with the University of Cambridge, has created a new technology platform prototype known as the Morello board.

This new hardware technology is expected to prevent around 70% of ongoing vulnerabilities from exploitation, while providing new capabilities for software to deliver a much safer and more secure digital world.

‘Journey to a more secure future’ roadshow

The DSbD ‘journey to a more secure future’ roadshow is coming to the four nations in February and March through a series of in-person and livestreamed events.

The roadshow will explore the developments in computing across the decades, to modern day and fast forward to a safer and more secure future.

The first event on 21 February at the National Museum of Computing at Bletchley Park looked at the history of computers. If you missed the event, watch the recording on YouTube.

There is still time to sign up to the remaining three events in person and livestreaming across the UK:

Further information

Competition winners

Complementing capabilities: introducing pointer-safe programming to DSBD tech

Lead: University of Kent

The project will expand DSbD technologies by developing a tool chain for Rust language support and integrating it into an open-source operating system.

Secure networking by design (SNbD)

Lead: nquiringminds Ltd

The project will enrich the evolving DSbD Morello stacks by developing and evaluating new network essential components with improved tool chain support.

Developing and evaluating an open-source desktop for Arm Morello

Lead: Capabilities Ltd

The project will develop a full-scale open-source DSbD-enabled desktop environment suitable for use on the Morello hardware board.

It will demonstrate its hardware protection features with a software corpus exceeding 60 million lines of code.

Cloud attestables on Morello boards (CAMB)

Lead: University of Cambridge

The project will expand DSbD technologies by developing secure execution environments called ‘attestables’.

They will be suited to exfiltration sensitive applications without relying on the long-term burden of trust on the hardware manufacturer.

FlexCap: exploring hardware capabilities in unikernels and flexible isolation OSes

Lead: The University of Manchester

The project will extend the security features of DSbD technologies in two operating systems:

  • Unikraft
  • FlexOS.

It  will evaluate the performance of flexible compartmentalisation on Morello against other platforms and mechanisms.

MOJO: a robust Java virtual machine for Morello

Lead: The Hut Group Holdings PLC

The project will prototype and develop a robust and mature version of the Java virtual machine (JVM).

JVM is critical to many software ecosystems by harnessing the security features of DSbD technologies.

CHERI WebAssembly Micro Runtime

Lead: Verifoxx Ltd

The project aims to enrich the DSbD software ecosystem by developing a DSbD-aware runtime for WebAssembly (WASM) software modules embeddable into compartmentalised applications to enable and evaluate a double sandboxed model.

Morello-HAT: Morello high-level API and tooling

Lead: University of Glasgow

The project aims to develop and evaluate a common Application Programming Interface (API).

An API that can be used by compiler developers and software programmers of higher-level languages to leverage DSbD’s security features into their language and programs.

Chrompartments: hybrid compartmentalisation for web browsers

Lead: King’s College London

The project aims to enhance the security of modern web-browsers, focusing on Google Chrome, by developing and evaluating DSbD enabled finer-grained compartmentalisation.

Capabilities for coders

Lead: University of Glasgow

The project will develop an online, open-access, interactive textbook called ‘capabilities for coders’ to support developers who are targeting the Morello platform.

This one-stop shop online resource will focus on providing developer-friendly resources in simple and direct writing style.

Top image:  Credit: gorodenkoff, Getty Images

This is the website for UKRI: our seven research councils, Research England and Innovate UK. Let us know if you have feedback or would like to help improve our online products and services.