The world cannot have perfect software because there is so much software written. People are inherently pushed for time and resources, and often reuse old code; hence mistakes will always actually exist. There are always going to be mistakes as human beings are inherently prone to making errors.

Software by nature is flawed. The amount of software written would require enormous resources to be kept in tip top shape. The reality is that companies are pushed for time and resources and therefore old code, often unsecure, is reused in current software applications exposing people and businesses to constant cyber threats.

We need, at the hardware level, to be saying, if we assume there are going to be mistakes, how can we find them in the field and prevent them from being exploited? These errors are a vulnerability in the software whereby hackers can find a way to stimulate and exploit the error and so, gain a step towards getting access to the computer.

We are dealing with a world of mistakes but against billions of lines of code, there will always be errors. What hardware needs to do, is be resilient in the face of that. The memory safety that you get out of Morello and out of the CHERI technology is a key part of that.

Cyber Security by Design

Digital Security by Design (DSbD) is based on the assumption that software will always be the weakest link in the cyber security chain and proposes to tackle the issue from the chip upwards. The CHERI based Morello evaluation board uses a new ISA (Instruction-Set Architecture) that blocks memory-related exploits by introducing ‘capabilities’ so no matter how flawed the software is, the hardware will be resilient enough to resist those attacks.

Introducing Compartmentalization

The other key innovation introduced by DSbD is compartmentalization. When using fine grain compartmentalization, the amount of damage by someone looking to exploit a mistake is reduced. One exploit does not give you full access, but it only gives you access to a much smaller area. This raises the workload for attackers to be able to achieve any valuable endpoint.

“Seeing a solution to these architectural problems that are 30 years old is probably the most exciting thing I can think of in computing.” 

– Philip Wilson, Director of Research and Development at The Hut Group

Why it matters for IoT / embedded systems

Morello is intended for rich operating systems (BSD, Linux, etc.) and, predictably, CheriBSD has a far larger attack surface owing to the size of the application stacks running on the OS. Prototyping with Sonata eliminates a lot of the risk associated with the above. If contrasting the two, then the overhead of having to re-work an embedded project to fit around Morello is gone. It’s a far more natural, obvious fit for industry to use and experiment with.