Endpoint Security , Governance & Risk Management , Internet of Things Security

Memory Safety by Design: How Emerging Hardware Blocks Bugs

Hardware for IT/OT Runs C Code, Blocks Exploitation of Numerous Vulnerability Types
John Goodacre, director, Digital Security by Design

What if the world had access to memory-safe hardware designed to run existing C code and to block numerous types of vulnerabilities from being exploited?

See Also: SASE: Recognizing the Challenges of Securing a Hybrid Workforce

Enter Britain's Digital Security by Design, sponsored by government-funded UK Research and Innovation and backed by many organizations - including RISC chipmaker Arm, the University of Cambridge, Google, Microsoft and the National Cyber Security Center.

"We're changing the instructions that a computer uses to run software," said John Goodacre, the director of DSbD, who is also a professor of computer architectures at the University of Manchester.

The initiative includes building and delivering memory-safe hardware that uses CHERI, or Capability Hardware Enhanced RISC Instructions and is designed to prevent unsafe C or C++ patterns from running and to mitigate security vulnerabilities. The initiative also includes preparing training for the hardware and bolstering required tools.

"We are now starting to see the first commercial adoptions - mostly in the operational technology rather than the IT area," Goodacre said, adding that existing development tools are being upgraded. As a result, they can be used not just to compile the code but also to debug existing code that runs on non-memory-safe hardware. Debuting soon: A "Tested on Morello" program will enable developers to take their code, compile it for the platform, run it on this type of computer and "it will then feed back where your problems are, so you then deploy that less buggy software on the traditional systems," he said.

In this video interview with Information Security Media Group, Goodacre also discussed:

  • Immediate applications for memory-safe hardware in IT and OT environments;
  • How memory safety reduces the attack surface - potentially by up to 70% - while adding performance improvements and increased developer productivity, likely for little or no additional cost;
  • How memory-safe hardware complements the use of memory-safe programming languages.

Goodacre spent 17 years as its director of technology and systems at Arm, where he defined and introduced the first multicore processors and other widely deployed technologies. His research interests include new processing paradigms, web-scale servers, exascale-efficient systems, and secure and ubiquitous computing.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.