Capabilities for Coders
Lead Research Organisation:
University of Glasgow
Department Name: School of Computing Science
Abstract
The 'Capabilities for Coders' project involves the creation and curation of a set of freely available Morello coding resources for system developers. Standard developer behaviour involves interactive searching through online forums like StackOverflow and web tutorials like W3Schools. Currently there are no relevant targeted resources available for the Arm Morello system, and very few sites covering CHERI concepts in a developer-friendly style. This project will set up a one-stop shop for Morello programming, in the form of an open-access, online, interactive textbook called 'Capabilities for Coders'. This will be in the best tradition of programming language books - written by coders for coders. The unique appeal of this learning resource will be the inclusion of a large set of open-source code templates and fragments, effectively a library of reusable software samples for Morello applications written in C and C++ with assembler code where necessary.
The textbook and accompanying code samples will serve to enrich understanding of the current and evolving Morello stacks, providing support for existing developers and new arrivals in this domain. Because the learning resources are hosted online, it will be straightforward to keep them up-to-date (unlike hardcopy textbooks). Because the learning resources will be developed using the github platform, any user will be able to submit corrections and change requests. This will ensure the ongoing relevance of the project as the Morello technology evolves over time.
The project outputs will be open-access and freely available online. There will be no registration requirement or paywall. The site will be indexed by all major search engines. The resources will be clear, globally visible and highly accessible. These resources will provide direct, immediate benefit to the Morello ecosystem of developers.
At this stage, it is not possible to give a full table of contents for the online textbook. However, topics broadly covered will include: motivating the need for memory safety in systems code, hardware capabilities for memory safety, motivating compartmentalization in modern systems software, hardware capabilities for compartments, porting legacy applications to Morello, debugging capability-based code, performance engineering for capability-based code, and future directions. Each topic will be accompanied by an extensive range of open-source code examples to illustrate the various concepts. These software samples will be easily reusable by developers in their own code projects.
Additionally, the 'Capabilities for Coders' project will serve the community by posting relevant answers on StackOverflow and producing a podcast series.
The textbook and accompanying code samples will serve to enrich understanding of the current and evolving Morello stacks, providing support for existing developers and new arrivals in this domain. Because the learning resources are hosted online, it will be straightforward to keep them up-to-date (unlike hardcopy textbooks). Because the learning resources will be developed using the github platform, any user will be able to submit corrections and change requests. This will ensure the ongoing relevance of the project as the Morello technology evolves over time.
The project outputs will be open-access and freely available online. There will be no registration requirement or paywall. The site will be indexed by all major search engines. The resources will be clear, globally visible and highly accessible. These resources will provide direct, immediate benefit to the Morello ecosystem of developers.
At this stage, it is not possible to give a full table of contents for the online textbook. However, topics broadly covered will include: motivating the need for memory safety in systems code, hardware capabilities for memory safety, motivating compartmentalization in modern systems software, hardware capabilities for compartments, porting legacy applications to Morello, debugging capability-based code, performance engineering for capability-based code, and future directions. Each topic will be accompanied by an extensive range of open-source code examples to illustrate the various concepts. These software samples will be easily reusable by developers in their own code projects.
Additionally, the 'Capabilities for Coders' project will serve the community by posting relevant answers on StackOverflow and producing a podcast series.
People |
ORCID iD |
Jeremy Singer (Principal Investigator) |
Publications
Bramley J
(2023)
Picking a CHERI Allocator: Security and Performance Considerations
Jacob D
(2022)
Boehm-Demers-Weiser Garbage Collection on Morello
Lowther D
(2023)
CHERI Performance Enhancement for a Bytecode Interpreter
Lowther D
(2023)
Morello MicroPython: A Python Interpreter for CHERI
Lowther D
(2023)
CHERI Performance Enhancement for a Bytecode Interpreter
Description | Capabilities for Coders podcast series |
Form Of Engagement Activity | A broadcast e.g. TV/radio/film/podcast (other than news/press) |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Professional Practitioners |
Results and Impact | The Capabilities for Coders podcast is an interview series, talking about the CHERI / Morello computer systems and the Digital Security by Design initiative. It is aimed at a general audience, giving insight into the importance of Cyber Security and current hardware innovations that improve system security. This is an ongoing series. |
Year(s) Of Engagement Activity | 2023 |
URL | https://capabilitiesforcoders.com/podcasts/ |
Description | Capabilities for Coders website |
Form Of Engagement Activity | Engagement focused website, blog or social media channel |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Professional Practitioners |
Results and Impact | Capabilities for Coders is a documentation and developer engagement project, aiming to generate useful resources for the CHERI and Morello software ecosystem. Basically, this project aims to be 'all you wanted to know about capabilities but were afraid to ask'. |
Year(s) Of Engagement Activity | 2022,2023 |
URL | https://capabilitiesforcoders.com/ |
Description | Computing Education Practices workshop talk on cybersecurity |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Professional Practitioners |
Results and Impact | Facilitated discussion about CHERI and capabilities, in terms of how to explain systems cybersecurity concepts to non-expert audiences using analogies. Generated some useful teaching resources. |
Year(s) Of Engagement Activity | 2023 |
URL | https://www.ease.ws/ |
Description | Digital Security by Design workshop |
Form Of Engagement Activity | Participation in an activity, workshop or similar |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Professional Practitioners |
Results and Impact | Workshop on 'Capabilities for Coders', crowd-sourcing frequently asked questions about CHERI and capabilities from people who are working in the area and people who are new to the area. Lots of questions, which we catalogued and are generating answers to post online. |
Year(s) Of Engagement Activity | 2022 |
URL | https://capabilitiesforcoders.com/ |