ARM ships ground-breaking Morello secure processor board

Technology News |
By Nick Flaherty

ARM has shipped the first version of a new compartmentalised, secure microprocessor design called Morello that could fundamentally change the way hardware and software is developed

Morello is part of a five year research programme led by ARM that has the potential to radically change the way processors are developed and programmed in the future to improve built-in security. Funded by the UK government’s Industrial Strategy Challenge Fund (ISCF) Digital Security by Design (DSbD) programme, the project aims to update the security foundations of the digital computing infrastructure that underpins the entire global economy. Research by Microsoft has shown that around 70 percent of the vulnerabilities addressed through a security update each year continue to be memory safety issues.

The main anticipated output of DSbD is a technology platform prototype, designed and produced by ARM, the Morello evaluation board, which shipped to researchers this week.

This uses an architecture called CHERI (Capability Hardware Enhanced RISC Instructions) developed with researchers at the University of Cambridge  (CHERI) architecture that replaces software pointers in the chip. ARM has developed a prototype architecture based on an Armv8.2-A processor adapted from the ARM Neoverse N1 chip that adapts the hardware concepts of CHERI.

The hardware capability technology that is used in CHERI and in the ARM prototype architecture combines references to memory locations. These act as pointers, with limits on how the references can be used. These limits relate to the address ranges and functionality that the references can be used to access.

This combined information, which is called a capability, is constructed so that it cannot be forged by software. Replacing pointers with capabilities in a program vastly improves memory safety, which is a key step for security.

The benefit of hardware capability technology goes beyond memory safety. This is because the capabilities can be used as a building block for more fine-grained compartmentalization of software. Software that is constructed with fine-grained compartmentalization could result in inherently more robust software that is resistant to attack.

A powerful feature of compartmentalization is that, even if one compartment is compromised by an attacker, the attacker cannot break out of the compartment to access any other information, or to take overall control of the computing system.

In addition to changes to hardware, this will require re-architecting how code is created. Code will be written and compiled in a different way, to take advantage of the new hardware features and to achieve a more secure result.

The Morello board will also be used by another five year research programme funded by UK Research and Innovation (UKRI), to produce and test a prototype technology that, if successful, could be implemented in future hardware.

Now the evaluation board is shipping, testing and feedback by the industry ecosystem can start. Details of the open source code and architecture are available as part of the project.

Related articles

Other articles on eeNews Europe


Linked Articles
eeNews Europe