This area is complete and will have no future activity.
The Digital Security by Design (DSbD) challenge funds business and researchers to update the foundation of the insecure digital computing infrastructure by creating a new, more secure hardware and software ecosystem.
The Digital Security by Design (DSbD) programme, managed by UKRI, focused on bolstering the security of the UK’s digital computing infrastructure. Its scope encompassed several key areas:
Cybersecurity is a major UK government strategic priority. The World Economic Forum risks report 2018 lists data fraud or theft and cyber-attacks as a key global risk. Through collaboration between academia, industry and government, these new capabilities have paved the way that business and people can use and trust technology.
DSbD has enabled a more trustworthy digital environment, in which only expected access to data and operations are permitted while limiting the impact of vulnerabilities. DSbD has promoted a mindset change around cyber security, giving the freedom to learn, trade, play, automate and collaborate safely.
Cybersecurity as it currently exists, the constant arms race of monitoring and patching of vulnerabilities against exploitation, is unsustainable. For that reason, the challenge existed to ensure the digital world is secure by default and by design including at the hardware level.
The UK’s national cyber strategy recognised this need and therefore included a technology pillar to focus on more secure hardware with a significant part dedicated to UKRI’s DSbD programme.
The government also referenced this approach as part of the national semiconductor strategy with a push towards expanding international outreach to ensure the challenge of supporting new technology to adoption was supported globally.
Delivered by Digital Catapult, this programme was designed for developers and organisations across the UK to experiment with DSbD technologies to block cyber vulnerabilities. This included Arm’s Morello Board and the University of Cambridge’s secure computer architecture, capability hardware enhanced RISC instructions.
The programme gave participating organisations an opportunity to access this early-stage software and prototype hardware technology. This allowed them to investigate in their own research and development teams and validate the core capabilities and benefits.
Find out more on the DSbD Technology Access Programme.
The CHERI Programme (Capability Hardware Enhanced RISC Instructions) at Cambridge University is a collaborative research project aimed at enhancing system security by revisiting fundamental hardware and software design choices.
It introduces new architectural features to enable fine-grained memory protection and scalable software compartmentalisation. This approach helps mitigate vulnerabilities in historically memory-unsafe programming languages like C and C++.
The CHERI technology is now more accessible to developers through the innovative virtual laboratory. The virtual lab offers automated code execution through GitHb actions on Morello Boards under CHERIBSD. Developers can write, test and refine code in secure, isolated containers, quickly without delays, reducing the risk of compromise and enabling teams to scale according to their testing needs.
The lab will be expanding to support even more concurrent users by improving multithreading on CHERIBSD, Together, these capabilities provide developers with an essential tool for catching unsafe code earlier in the software development lifecycle, creating more resilient applications.
As a DSbD funded activity, Arm developed the Morello prototype board. This board is a significant advancement in processor design, incorporating the Capability Hardware Enhanced RISC Instructions (CHERI) architecture. The Morello board aimed to enhance built-in security by fundamentally changing how processors handle memory and execute instructions.
Arm designed this prototype system-on-chip (SoC) to integrate CHERI concepts to improve security at the hardware level. Throughout the DSbD challenge, Arm distributed Morello Boards to industry and academic partners to test and evaluate the new architecture in real-world scenarios and worked closely with the University of Cambridge and SRI International to adapt and implement CHERI in the Morello architecture.
Find out more on the Morello Program – Arm.
The CHERI Alliance is a collaborative, industry-led initiative focused on promoting and standardising the Capability Hardware Enhanced RISC Instructions (CHERI) technology. This technology aims to enhance system security by providing fine-grained memory protection and software compartmentalisation.
The Alliance works to drive the global adoption of CHERI technology across various computing platforms and unites industry leaders, system developers, researchers, and security experts to create a secure ecosystem.
Find out more on the CHERI Alliance – Industry-led security technology.
Read the Digital Security by Design Mid Term Report (2023).
The Sunburst project improved the security of embedded devices by increasing the adoption of secure hardware.
LowRisc produced two types of development boards featuring capability-enhanced processors based on the CHERIoT (capability hardware extension to RISC-V for internet of things) technology, with the goal of getting this technology into the hands of engineers.
Read more about the Sunburst project.
The RESAuto project led by Thales UK demonstrated the quantified advantages of CHERI-based solutions in complex interconnected systems with sophisticated supply ecosystems and liability models.
RESAuto uses an Automotive Braking System integrated with a real-time monitoring and compliance system as its exemplar for demonstration.
Read more about RESAuto – AESIN.
The Morello Board, developed by Arm and based on the University of Cambridge’s secure computer architecture, capability hardware enhanced RISC instructions (CHERI), introduced a new approach to block security vulnerabilities in modern computer systems. This made it harder to attack technology infrastructure and remotely take control.
The project also involved open-source software specialists Linaro and the University of Edinburgh.
Read more about Arm’s technology platform prototype.
£13 million funding was allocated through UKRI’s Digital Security by Design Challenge to five collaborative projects which demonstrated the impact of new technologies. These projects used the DSbD technology platform prototype, the Morello Board.
THG tested the benefits of DSbD technology to improve the security of e-commerce and enable the increased productivity and development of future world-leading services and products.
CyberHive developed a demonstrator and supporting framework of development tools to help digital computing infrastructure to become more resistant to attacks, both in the UK and around the world.
It also developed innovative new methods to secure the data being transmitted by applying layered encryption resistant to attack by quantum computers that is thus more resilient to near-term and future cyber-threats.
Beam Connectivity demonstrated and reviewed the use of DSbD technologies for cyber critical and safety critical applications in the automotive sector.
Southern Gas delivered an internet of things demonstrator in the utility industry. This use of DSbD technologies delivered an enhanced security solution for applicability within SGN critical national infrastructure.
ICETOPE worked with industry standard bodies to address the lack of cooperation between information technology and operational technology. The aim was to help overcome the cybersecurity barrier for implementing effective Edge computing by harnessing the new security compartmentalisation features of the Morello platform.
Economic Development Research Council (ESRC) led the Digital Security by Design Social Science Hub+ as part of the DSbD Challenge.
A social science-led research programme, the DiScriBe Hub+, brought together social scientists, economists, computer scientists, and arts and humanities professionals for research, networking and engagement with the wider community.
The DiScriBe Hub+ provided interdisciplinary leadership to realise digital security by design, and addressed challenges by connecting social science to a hardware layer that rarely receives support or engagement from social science.
As a consequence, and a major outcome of the DiScriBE project, a vibrant, new community, with novel insights has been created that continue to apply and develop and implement new security-related developments.
Read more about the Discribe project.
These EPSRC-led research projects have leveraged the DSbD technology hardware prototype (Morello Board) to work on a focused area within a selected and specified software stack or operating system or developer toolchain used by a digital system.
Developed a formal, executable specification that every component of a mission-critical system-on-chip has to follow.
Read more about the AppControl project.
Focused on capability architectures and trusted execution to protect safety and security-critical systems.
Read more about the CAP-TEE project.
Investigated how capability protection can be applied to systems containing heterogeneous accelerators for applications such as graphics, artificial intelligence, cryptography and networking.
Read more about the CAPcelerate project.
Developed capability-based cloud compartments that can express policies about the confidentiality and integrity of data, within and across components of a cloud stack and cloud native applications.
Read more about the CloudCap project.
Developed new hypervisor and operating-system software compartmentalisation models able to use the CHERI or Morello architectural primitives to improve compartmentalisation scalability.
Read more about the ChaOS project.
Improved the security of high-performance programming language virtual machines (VMs) using CHERI hardware enforced capabilities.
Read more about the CapableVMs project.
Developed a new semantic definition of C that provides safety by default, enabling it to be compatible with the DSbD hardware and maximising security.
Read more about the CapC project.
Developed a new software verification toolchain for capabilities to verify the Morello platform is used correctly, based on state-of-the-art static and dynamic software verification and theorem-proving techniques.
Read more about the SCorCH project.
Explored engineering challenges in establishing and formally verifying the relationship between application-level security requirements and secure software implementations running on capability hardware.
Read more about the HD-Sec project.
Last updated: 13 May 2025
