At the first CHERI Alliance conference, organised in partnership with Cynam and NCSC, we had a packed out event, with a full hall at Hub8 MX in Cheltenham for the opening keynote from Paul Waller (from the National Cyber Security Centre, NCSC, a part of GCHQ). His talk covered ways to incentivise the adoption of security in computing, covering government led initiatives both inside and outside of the UK with some thoughts on various market factors and the role of policy in influencing them.
Following this, John Goodacre took us through the Digital Security by Design (DSbD) programme — its origins, achievements and current status. He started with the statement ‘Unless security is designed into a system from its inception, there is little chance it can be made secure by retrofit’ — a conclusion first reached by a report written by a branch of the US Air Force in 1972! He went on to highlight the startling cost of cybercrime, predicted at $9.22 trillion in 2024 and rising to $13.82 trillion in 2028, making the economic incentives for adoption CHERI as a “secure by design” practice clear (given CHERI has the field-proven ability to prevent around ⅔ of exploits).
The first round of keynotes was rounded off with an excellent deep dive into CHERI at a (semi!) technical level, delivered by Prof. Robert Watson from Cambridge University, one of the primary researchers behind CHERI technology.
The session breaks gave attendees a chance to explore the exhibition stands and network with a great mix of familiar faces and new people. Whilst we’re waiting on CHERI silicon beyond Morello there’s lots of good work happening with FPGA based systems. Codasip had their FPGA evaluation platform on show and my company, lowRISC, brought along some Sonata boards (a CHERIoT evaluation platform that has been generating significant interest and uptake within the CHERI community). SCI Semi were also present, demonstrating their latest CHERIoT RTOS work on Sonata.
The second round of keynotes opened with Reid Derby from Cynam whose talk took a swerve in an unexpected direction as he posed the question, “If you could be any animal what would you be?” with Reid favouring the Eurasian Beaver! But this was leading up to a serious point, namely: how can we best build an innovation ecosystem around security by design and CHERI? Reid went on to explore some lessons to be learnt both from successful natural and technology ecosystems.
My own keynote was next; I talked about the role of collaborative engineering and how we at lowRISC, a non-profit engineering company, leverage this approach to build open silicon, highlighting as a case study our co-creation of the world’s first commercial-grade open source chip, OpenTitan Earl Grey. This has been developed with a number of industrial and academic partners including Google, and is now the plan of record security chip for Chromebooks. I also covered our work with the UKRI funded Sunburst project — to which we have recently welcomed SCI Semiconductor as partners — to develop Sonata, an evaluation platform for the CHERI derived CHERIoT-Ibex CPU core that has received significant interest and is the primary platform for the latest DSbD cohort. SCI will be using this as a base to accelerate the development of their recently announced Iceni line of CHERIoT microcontrollers.
With the keynotes complete, Mike Eftimakis, a fellow Founding Director, took the stage to officially launch the CHERI Alliance! He discussed why this is such an exciting time for CHERI, with over a decade of research and development now bearing fruit. For example, in addition to Arm’s existing Morello platform, Codasip have announced availability of commercial CHERI enabled IP and SCI aims to release the first members of their Iceni family of CHERIoT-based silicon next year. The Alliance will play a critical role as we enter the first phase of true commercial adoption for CHERI, everyone together to drive standardisation and create a coherent ecosystem around this seminal hardware security technology.
Next, Simon Moore, another of the primary researchers behind CHERI, took us through the latest standardisation efforts, where great strides are currently being made. I’m excited to see the progress towards ratification of the base CHERI architecture within RISC-V. This was followed by Graeme Jenkinson, of Capabilities Ltd, taking us through the steps involved in porting software to CHERI. One of CHERI’s great strengths is this is often a lot easier than people first expect!
Rounding off the day’s talks was first Greg Chadwick from lowRISC. He highlighted the vital role open source silicon design methodologies have played in the development of CHERI and why it’s important to maintain this going forward. For example, the lowRISC Sonata board (and RTL) has been a key enabling factor in some of the latest developments in CHERI, which simply couldn’t have happened without open silicon and collaborative engineering.
Finally, we had Carl Shaw from Codasip, who summarised the current state of the CHERI software ecosystem. A particular highlight he mentioned was the major progress being made in purecap Linux running on RISC-V.
Overall it was a great first event for the Alliance — we had a great range of speakers and exhibitors, really strong attendance and networking, and positive feedback from participants afterwards. It’s clear there is great interest in CHERI and its commercial adoption, and I eagerly look forward to the next CHERI Alliance event!
– Gavin Ferris, CHERI Alliance
The recorded sessions from the ‘Cybersecurity by Design – from Research to Industry’ conference are now available at the CHERI Alliance YouTube channel: https://www.youtube.com/@CHERI-Alliance
