Capable VMs
Lead Research Organisation:
University of Glasgow
Department Name: School of Computing Science
Abstract
Abstracts are not currently available in GtR for all funded research. This is normally because the abstract was not required at the time of proposal submission, but may be because it included sensitive information such as personal details.
Organisations
People |
ORCID iD |
Jeremy Singer (Principal Investigator) |
Description | The concept hardware capabilities does improve cybersecurity for low-level systems software such as runtime memory managers. |
Exploitation Route | Secure systems software will benefit from using capabilities - in particular we provide a secure garbage collection framework based on the Boehm-Demers-Weiser collector. More generally, our experience is that software can be modified for CHERI / Morello with minimal source code updates and generally, without excessive runtime overhead. |
Sectors | Aerospace, Defence and Marine,Digital/Communication/Information Technologies (including Software),Electronics,Security and Diplomacy |
URL | https://capablevms.github.io |
Description | We are still in the middle stage of this Digital Security by Design project. Already, in collaboration with Arm, we are discovering the potential of the CHERI / Morello demonstrator platform for improving the secure execution of programming language virtual machines and language runtime systems. Along with contacts at Arm, we are developing prototype virtual machine code to harness the CHERI memory safety properties. |
First Year Of Impact | 2021 |
Sector | Digital/Communication/Information Technologies (including Software) |
Impact Types | Economic |
Description | Secure MicroPython for Morello |
Amount | £99,662 (GBP) |
Funding ID | DSTL0000013741 |
Organisation | Defence Science & Technology Laboratory (DSTL) |
Sector | Public |
Country | United Kingdom |
Start | 03/2023 |
End | 12/2023 |
Title | Boehm-Demers-Weiser Garbage Collector for CHERI |
Description | The Boehm-Demers-Weiser garbage collector is a conservative collector for C/C++ applications, which has been ported to CHERI/Morello hardware - taking advantage of hardware-assisted security mechanisms. |
Type Of Technology | Software |
Year Produced | 2022 |
Open Source License? | Yes |
Impact | Published papers. First proof-of-concept that garbage collection works on capability hardware. |
URL | https://github.com/capablevms/bdwgc |
Title | CHERI examples repository |
Description | A portfolio of sample C programs that demonstrate CHERI / capability features targetting RISC-V and Arm/Morello emulators. |
Type Of Technology | Software |
Year Produced | 2021 |
Open Source License? | Yes |
Impact | Engagement with other members of the Digital Security by Design research community in the UK, sharing knowledge and experiences with the CHERI platform. |
URL | https://github.com/capablevms/cheri-examples |
Description | High School visit (Gryffe) |
Form Of Engagement Activity | Participation in an activity, workshop or similar |
Part Of Official Scheme? | No |
Geographic Reach | Local |
Primary Audience | Schools |
Results and Impact | At a school careers event, I spoke to around 50 pupils about Cybersecurity, and gave a high-level overview of CHERI / Digital Security by Design. |
Year(s) Of Engagement Activity | 2022 |
Description | Research visit to Chalmers University, Sweden |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Postgraduate students |
Results and Impact | Presentation on CHERI / capabilities, including an overview of how garbage collection works in a capability system. |
Year(s) Of Engagement Activity | 2022 |
Description | Scottish Programming Languages Seminar |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Professional Practitioners |
Results and Impact | Hybrid seminar presentation (50 in-person plus 50 online) about Digital Security by Design, in particular memory management on CHERI platforms. Numerous conversations followed, and we are investigating possible partnerships with other organizations to exploit this work. |
Year(s) Of Engagement Activity | 2022 |
URL | https://spls-series.github.io/meetings/2022/march/ |
Description | Singapore DSO lab visit |
Form Of Engagement Activity | Participation in an open day or visit at my research institution |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Policymakers/politicians |
Results and Impact | Visitors from Singapore came to our lab to learn about Digital Security by Design, in particular about hardware assisted mechanisms for secure systems. They were interested in the work and would like to launch some collaborative activities. |
Year(s) Of Engagement Activity | 2022 |
URL | https://www.gla.ac.uk/colleges/socialsciences/research/interdisciplinaryresearchthemes/headline_8779... |
Description | Summer School lecture on Capabilities |
Form Of Engagement Activity | Participation in an activity, workshop or similar |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Postgraduate students |
Results and Impact | Around 100 people attended the PhD summer school on Programming Languages and Verification, at which I gave an invited lecture on 'Capabilities for Coders' - a generalist introduction to CHERI. There were many questions and comments following the talk, and a number of students followed up by downloading the software for CHERI. |
Year(s) Of Engagement Activity | 2022 |
URL | https://www.macs.hw.ac.uk/splv/splv-2022/ |
Description | Visit to Heriot Watt University |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | Local |
Primary Audience | Postgraduate students |
Results and Impact | Presentation about profiling cybersecure systems, for ensuring efficiency of memory allocators in CHERI. Lots of followup questions; one researcher then ordered a Morello machine for their own research project. |
Year(s) Of Engagement Activity | 2023 |
Description | Zoom workshop (hosted by Queen's University Belfast) on Programming |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | Regional |
Primary Audience | Postgraduate students |
Results and Impact | 30 students and professionals attended a remote workshop, discussing aspects of programming and security. |
Year(s) Of Engagement Activity | 2021 |