Computer security is not a new problem. Microsoft has been publishing its annual Microsoft Digital Defense Report since 2005. This year’s edition makes particularly gloomy reading, as it describes how opportunistic cybercriminals have taken advantage of people’s emotional and computing vulnerabilities at this time of global pandemic.
For chief architect at Arm, Richard Grisenthwaite, “Computer security is the greatest problem computing has to address in order to reach its full potential.”
And that problem is one that the University of Cambridge and Arm have been working on together since 2014, through a project called CHERI.
The idea was first hatched in 2010, when researchers Dr Robert Watson and Professor Simon Moore at the University’s Department of Computer Science and Technology asked themselves a fundamental question: “If you were starting from scratch, what would you need to do to both hardware and software to make computers more secure?”
They were asking themselves this question because the computers we use today – and the programmes written for them - are rooted in the technology of the 1970s, a time, according to Professor Peter Sewell, another key player in the CHERI story, “when most people didn’t know how to design more securely and, even if they did, they had no clue that they needed to.” Back in the days of glitter and flares, computing had not yet become an adversarial enterprise.
Fifty years later, the situation could not be more different. Security is a huge challenge for organisations and individuals alike, and it’s a problem which will only be amplified by advances in AI and big data.
"But the hardware we use today has significant limitations," explains Sewell. "It doesn't give us good enough memory protection and it doesn't let us compartmentalise software sufficiently.”
"CHERI," Watson continues, "addresses both of these issues. It allows you both to isolate more programmes, more effectively and to protect and compartmentalise within a programme so that if, say, a virus gets into your mail, it would not be able to wreak havoc across all your accounts, folders, messages and attachments."
"To put this in context," Moore added, "Microsoft’s research of its own vulnerabilities from the last 10 years indicates that 70 per cent of them were memory safety bugs, the majority of which could have been mitigated if CHERI had been deployed.”
"Normally, in computer science," Watson explains, "we experiment by changing one thing at a time, keeping everything else the same and seeing what happens. For software researchers, that generally means sticking to the same hardware and for hardware researchers, sticking to the same software with both trying to limit the changes they have to make to the architecture (or interface) between them.
"The problem with that approach," he continues, "is that you can only make relatively narrow, incremental improvements. CHERI is so revolutionary because we are changing the architecture, hardware and software all at the same time. There are only a handful of research labs in the world with the breadth and depth of expertise to attempt this."
With funding from DARPA, and in close collaboration with Peter Neumann at SRI International (a non-profit research lab based in California), Watson and Moore made good progress with their ambitious plan over the next four years, working together on the architecture while Watson focused principally on the software and Moore on the hardware.
They were later joined in their endeavour by applied semantics expert, Sewell, who was already working with Arm on other aspects of its architecture. His role in CHERI is to ensure that the architecture is mathematically well-defined and that its security properties are mathematically provable.
Like many collaborations, the circumstances in which CHERI came about were to some extent accidental.
By 2014, Watson and Moore were making good progress. From the start, they had thought that Arm would be the perfect commercialisation partner. Watson explains why: "We were proposing a fundamental change to architecture that requires new hardware and transforms the software that runs on it. Bringing new architecture to market is what Arm does."
However, at that stage, the pair felt they weren’t quite ready to make the first approach. Fate intervened, in the form of one of Moore’s PhD students whose next-door neighbour worked at Arm and suggested that he come along and give them an informal talk about his work. Mildly concerned, Moore decided he ought to go along.
This turned out to be a good decision, as the normally reliable student managed to get lost on the way, and Moore had to ad lib until he turned up. Moore explained, “It just so happened that, most unusually, Richard Grisenthwaite was not busy that lunchtime and was sitting at the back of the room. He was really interested in what we had to say.”
That was the start of a powerful collaboration, built on a convergence of mutual interests. For the Cambridge team, the potential scale of implementation was a hugely exciting prospect. The ubiquity of Arm IP means that CHERI, if adopted, will be guaranteed a near universal take-up.
However, Arm can only deploy a technology that is both desirable and beneficial to its ecosystem partners. And, although according to Grisenthwaite, “CHERI has been described by some of Arm's major partners as potentially the most interesting step forward in computer security under consideration” its deployment is not yet a given.
Graeme Barnes, lead architect and distinguished engineer at Arm said, “CHERI is potentially a very big deal but it’s also a big change. We need to prove to people that it brings significant benefits and is deployable.”
An academic prototype, however impressive and well-referenced in the literature is not going to cut it with companies that are being asked to make a significant investment - potentially tens or hundreds of millions of dollars - in this new approach.
Hardware designers in industry need to be convinced that CHERI is buildable. Software developers need to be able to try it out, and get excited about it. CHERI was going to need a proper, industrial quality prototype – and that would take tens of millions of pounds to develop.
An early CHERI prototype developed at the University of Cambridge
An early CHERI prototype developed at the University of Cambridge
Recognising the importance of security to its digital infrastructure, in 2019 the UK government backed a Digital Security by Design Challenge, which awarded £70 million in funding to the prototyping effort, which by now had acquired the name, Morello.
The £70 million was matched by a further £117 million from Arm and other industry partners including Microsoft and Google, enabling Barnes and his team – in close collaboration with Cambridge and the University of Edinburgh - to develop Morello, described by Grisenthwaite as “a ground-breaking and unprecedented industrial-scale prototype of the CHERI concepts in the context of the Arm architecture.”
"It's important to remember Morello has now become a national effort," says Watson. In 2020, £8 million of the Digital Security by Design programme’s funds went to support projects at eight UK universities (including Cambridge) carrying out Morello-related research over the next four years.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。