A new prototype technology has the potential to revolutionize cybersecurity, making it possible for businesses to prevent the majority of cyberattacks with ease.
In a joint project developed by ARM and the University of Cambridge, world-renowned for its computer science pedigree, the prototype processor was used in experiments by various companies for six months as part of the Technology Access Programme, courtesy of Digital Catapult with support from the University of Cambridge and Arm.
As a result of this programme, 27 of the participating companies gathered Digital Catapult’s London HQ to demonstrate their findings, and many were impressed it seems with the prototype’s ability to defend against memory-related cyberattacks.
Bad memory
Attacks that can corrupt computer memory, such as buffer overflow attacks, can allow threat actors to perform DDoS attacks and remote takeovers via malware, which can then lead to ransomware attacks too.
The companies also revealed the new technology’s “ease-of-use, the minimal changes needed to existing code and its usefulness in discovering fresh bugs in their own software and in their dependencies.”
Around 70% of cyberattacks make use of vulnerabilities found in memory, even though such flaws are often well documented. The standard cybersecurity practice is to patch software regularly, which means constantly playing a game of catch-up, with more vulnerabilities being revealed in future.
The new prototype, called the Arm Morello Evaluation Board, aims to put an end to this. It is based on the CHERI (capability hardware enhanced RISC instructions) instruction set architecture, which was developed by Cambridge University and SRI International.
It is compartmentalized to ensure that any breaches remain confined to a particular aspect, rather than spreading throughout the whole system. This is just one of the scenarios where CHERI’s memory-safe features come in handy.
Access to the technology was facilitated by the Digital Security by Design (DSbD), a government-backed initiative that aims to improve the safety of the UK’s digital landscape.
Although it is still in the research phase, the prototype is claimed to have the potential to help protect industries and firms. already, the programme has racked up over a thousand days in development work wot other 13 million lines of code being experimented with.
There will also be a new round of experiments starting from May 25, which will explore porting the Morello platform, as well as how the CHERI architecture can secure applications against memory flaws and whether code can be improved by highlighting errors and vulnerabilities.
