New Zealand and its CERT-NZ and NCSC-NZ agencies contributed to the multi-country multi-agency report "Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by Design and -Default”, which proposes CHERI as the secure hardware foundation to enable fine grained memory safety. This talk will review the CHERI hardware/software architecture, a new approach to capability-based memory protection providing robust memory safety and highly efficient compartmentalisation. Building on new hardware structures, highly robust software have be constructed (applications, operating systems, run-time systems, etc.).

Year-on-year, memory safety vulnerabilities account for around 70% of all vulnerabilities. CHERI deterministically mitigates the majority of these vulnerabilities with little to no code change. Moreover, applying compartmentalisation techniques like library compartmentalisation reduces the attack surface, mitigating both known and unknown attacks.

CHERI research started at the University of Cambridge. Through the Innovate UK programme, Digital Security by Design, over 12 UK Universities and 40 companies have explored and advanced the technology including Morello, a 7nm high-performance system-on-chip an evaluation computer from ARM Ltd. Early commercial adoption of CHERI is in sight, and the talk will highlight some of the trials and tribulations of lifting a technology from the University setting into the marketplace.

Web reference: https://www.cisa.gov/sites/default/files/2023-04/principles_approaches_for_security-by-design-default_508_0.pdf Digital security by design: dsbd.tech

Speaker

Simon Moore is a Professor of Computer Engineering at the University of Cambridge Department of Computer Science and Technology in the UK, where he conducts research and teaching in the general area of computer architecture with particular interests in secure and rigorously-engineered processors and subsystems. Simon has lead hardware work on CHERI since inception in 2010.