CAPcelerate: Capabilities for Heterogeneous Accelerators

Lead Research Organisation: University of Cambridge
Department Name: Computer Laboratory


This project seeks to extend the capability hardware security provided by the CHERI computer processor architecture to cover 'accelerators' - hardware designed for speeding up particular specialised tasks. Today accelerators are constructed in a different way to general-purpose processors and increasingly they can be plugged into computers as needed (for instance via a Thunderbolt connection). We wish to architect new ways in which accelerators may communicate with computer systems safely, considering if the accelerator or its software were designed by an untrustworthy agent, or malicious software were loaded on to it. Such protection would provide whole-system security to most current computing systems which depend on accelerators for performant operation. It would also enable users to add accelerators to their system safe in the knowledge that they are not opening themselves up to security vulnerabilities.

As part of this project we will build software and hardware models of accelerators and evaluate potential protections for security and performance, aiming to design efficient and secure protection mechanisms.

Planned Impact

This research is useful to:
1. Users of computer systems, who will be able to use their computers without threat of compromise from malicious software running on accelerators
2. Businesses, who depend on accelerators for their line of business, for example for cryptography or data analysis, and reduce costs of dealing with security breaches
3. Vendors of computer systems, who will be able to sell secure products
4. Society, who are more able to trust computer hardware
5. Researchers, who will be able to use the artifacts and models that we create in further research, opening up a previously understudied area

The research focuses on building more secure architectures for 'accelerators' that aren't part of the main processor of a computer system. In concert with the existing CHERI capability model, this will enable construction of whole systems that use such security protections. Providing a holistic model across the full system prevents a number of security threats by which accelerators may be used to bypass the security protections provided by the CHERI model.

The research will open up a previously understudied area that is critical to the construction of modern computing devices. It will put forward designs for security architecture(s) that allow such devices to be constructed in a more secure manner, mitigating the threats of malicious software (for example, bad code running on an accelerator) and hardware (for example, a malicious external graphics card or display that a user might plug in to their laptop).

Successful transition of these full-system security architectures into products will substantially improve the trustworthiness of computing platforms that consumers and businesses rely on.


10 25 50