The Digital Security by Design all-hands conference was held last week in Leeds, and it was the opportunity to measure the progress of CHERI and see how much is already available.
The new CHERI Alliance initiative had its own booth, and a number of its members (Codasip, lowRISC, SCI Semiconductor and University of Cambridge) were exhibiting at the show and gathered a lot of visitors eager to learn about the latest CHERI developments and products.
One of the most interesting sections of the conference were the cases studies, where the perspective of end-users was presented, explaining why cyber threats absolutely need to be mitigated for an increasing number of use cases, and highlighting the critical need for memory safety to be built into these systems.
Paul Ceely, Director of Technology Strategy at Digital Catapult, and formerly employed in senior positions at BT (British Telecom) and EE (a major mobile network in UK), demonstrated how telecommunications, which represent 2% of the Gross Value Added of the UK economy, and 200,000 jobs, form a critical backbone of the country. NCSC argues that since the sector supports so many other activities, it is a national dependency, which requires a high level of security.
In this context, built-in robustness, like the memory protection brought by CHERI, becomes necessary, and compartmentalisation (another key benefit of CHERI) is a primary topic, especially since physical equipment now are shared between providers, using virtualisation.
The next case study was presented by Thomas Olsen, CEO of Delta Flare, who showed a case-study focused on IoT for critical infrastructure. In particular, he showed how the energy transition and the development of hydrogen requires installing millions of smart sensors to monitor and control the network, that all need to be remotely accessible in a secure way. The installing a large network of new devices is the best opportunity to build in CHERI security from the start.
This opportunity was also highlighter in another presentation by Robert Cragie, from UK’s Department for Energy Security & Net Zero. The electric grid and its new control systems, including the new smart metering devices, require a high level of security and compartmentalisation. CHERI has been highlighted as one of the technologies that should be used to help secure these devices.
It was really interesting to see that end users are now conscious of the need to design critical infrastructures in a different way, so that security is not an afterthought but is built-in from the inception of the system. CHERI follows this concept of digital security by design and is a solution to the requirement for data and memory protection and mutual isolation of multiple functions in a device, so that any attack on the system would not lead to dramatic consequences.