Arm is leading a multimillion-pound government-funded program called Morello. The program may radically change the way we design and program processors in future to enable better built-in security. Morello focuses on new ways of designing CPU architecture that will make processors more robust in future, and able to deter some types of security breaches. A five-year research program funded by UK Research and Innovation (UKRI), Morello will produce and test a prototype technology that, if successful, could be implemented in future hardware.
Arm and the University of Cambridge are collaborating in the development of its Capability Hardware Enhanced RISC Instructions (CHERI) architecture. Arm has developed a prototype architecture that adapts the hardware concepts of CHERI.
This new approach to cybersecurity requires extensive exploration work. This work involves a significant change in:
- How the architecture of the hardware is designed
- How the software running on devices is programmed to take advantage of the new features.
Using this new technology, Arm is designing a prototype System on Chip (SoC) and a development board, called the Morello board. This will enable industry and academic partners to test the new prototype architecture in real-world use cases.
The Morello program will span a five-year period. Arm aims to have a prototype platform ready within two and a half years. The remainder of the project time will be available for testing and feedback by the industry ecosystem.
Read Richard Grisenthwaite’s blog: A safer digital future, by design
Prototype Morello evaluation board
By creating a prototype Morello evaluation board, Arm is committing to the extensive engineering and research that is required to enable an industrial-scale trial of the candidate technologies. The trial is the first trial of this scale in the UK.
The Morello prototype board will be available to appropriate software companies, tools developers, and leading academic institutions. Arm will publish its key findings widely, to lead and enable industry change.
Note: Morello technology is at an early stage of research and testing. Arm has no roadmap or plan to include Morello technology in any current or future Arm products or architectures.
- The hardware capability technology that is used in CHERI and in the Arm prototype architecture combines references to memory locations, that is, pointers, with limits on how the references can be used. These limits relate to:
- The address ranges that the references can be used to access, and
- The functionality that the references can be used to access.
- This combined information, which is called a capability, is constructed so that it cannot be forged by software.
- Replacing pointers with capabilities in a program vastly improves memory safety, which is a key step for security. Recent research by Matt Miller of Microsoft has shown that ~70% of the vulnerabilities addressed through a security update each year continue to be memory safety issues.
- The benefit of hardware capability technology goes beyond memory safety. This is because the capabilities can be used as a building block for more fine-grained compartmentalization of software. Software that is constructed with fine-grained compartmentalization could result in inherently more robust software that is resistant to attack.
- A powerful feature of compartmentalization is that, even if one compartment is compromised by an attacker, the attacker cannot break out of the compartment to access any other information, or to take overall control of the computing system.
In addition to changes to hardware, this new approach to security will require re-architecting how code is created. Code will be written and compiled in a different way, to take advantage of the novel hardware features, to achieve a more secure result.
- The purpose of the demonstrator Morello board is to provide a realistic, highly capable Arm-based platform that software developers can use. Developers will be able to experiment and test the Morello board to investigate the best way to use fine-grained compartmentalization for improving security.
- The capability approach to hardware will require a new programming methodology, to take advantage of new features, like compartmentalization, that are available in the hardware.
- The world class programming abilities of companies like Microsoft and Google will be vital in constructing software that is genuinely more robust against security attacks, while retaining high performance.
- Programmers will use the Morello prototype board to test approaches that can work for the real, highly complex, software workloads that we see deployed in computing systems today.
- An open source software platform will allow multiple contributors to participate in this project.