Morello-HAT: Morello High-Level API and Tooling

The CHERI project has created the infrastructure for hardware capabilities. The Morello project implements these concepts and tools for the Arm architecture. In terms of programming languages, the focus of CHERI and Morello has been primarily on C but considerable work has also been done on C++ and some more preliminary work on Rust. The Morello-HAT project (Morello High-Level API and Tooling) intends to create a common API that can be used by compiler developers as well as programmers of higher-level languages, to allow them to leverage Morello's HW capabilities to improve memory security and type safety, spatial as well as temporal, of their language and programs.
The project consists of three work packages:
1. Develop the API using C++, Rust, Go and Dart as target languages
2. Demonstrate the usability and effectiveness of the API on a series of example applications by ML-based detection of vulnerabilities and assessment of the effectiveness of our API in mitigation of vulnerabilities.
3. Use hardware capabilities to enhance the debug infrastructure.
WP 1 High-Level Capability API
The technical focus of the work will be on higher-level APIs which will use capabilities to harden run-time type checking, dynamic memory management and concurrency.
WP1.1 will start from existing work on C++ to design the API foundations for object type safety and investigate the use of capabilities in managed memory.
1. Develop a C++ API for object type safety
2. Develop a capability-based garbage collector for C/C++
WP1.2 will focus on Rust, Go and Dart, fast-growing programming languages that are representative for many modern programming languages.
1. Building on existing work on use of capabilities in Rust, extend the type safety API from WP1 to languages with a Rust-like type system, and design a concurrency API.
2. Provide capability support for garbage collection and concurrency, using Go as an example of a language with managed memory, first-class concurrency support and structural typing.
3. Dart, set to become the preferred language for Android app development, allows dynamic typing which run-time checks. This task focuses on supporting these checks with capabilities.
WP 2 Machine learning based validation of the high-level API
We will use the High-level API from WP1 and the debug interface built in our EPSRC AppControl project to create an efficient data collection mechanism for collecting unique data features from the Morello architecture, which will be used to train our ML models for detection of anomalies in non-capability as well as capability versions of applications written in C++, Rust, Go and Dart.
WP 2.1 will focus on building data collection mechanism and ML detection models for validation of the high-level API
1. Setup debug interface to create an efficient low-level data collection mechanism.
2. Create benchmark vulnerable testing suites
3. Design data pre-processing and normalisation algorithms for data collection and analysis of data features.
4. Train and validate the abnormality detection ML models
WP 2.2 will focus on validating the API from WP1 using ML based approaches.
1. Develop ML runtime compute API
2. Develop ML inference models
3. Test and validate the high-level API using the ML models
WP 3 Securing the debug infrastructure
WP3 will enhance the traditionally exposed debug infrastructure by creating a ICMetrics secured software API on top of the CHERI software stack for debug and authentication.
WP 3.1 Create high-level API for accessing the debug subsystem and registers
1. Analyse debug mechanism and authentication signals to create high-level API to access debug infrastructure
2. Create ICMetrics secured software API
3. Integrate, test and validate the debug stack
WP 3.2 Carry out trial and evaluation on the enhanced debug management mechanism.
1. Create penetration testing and evaluation program suites
2. Evaluate and analyse the enhanced debug mechanism