FreeBSD Foundation and Digital Security by Design (DSbD) Announce Beacon Award Winners for Innovations and Improvements to CheriBSD

  • by

Winning Projects Highlight CheriBSD’s Role in Advancing Digital Security

BOULDER, Colo., April 03, 2024 (GLOBE NEWSWIRE) — FreeBSD Foundation, in partnership with Innovate UK and Digital Security by Design (DSbD), announced the first annual Digital Security by Design (DSbD) Ecosystem Beacon Awards to celebrate innovators working with and enhancing CheriBSD, one of the notable breakthroughs made possible by FreeBSD.

Cheri and CheriBSD, developed to revolutionize hardware-based protection against memory safety vulnerabilities, were developed by a collaboration from researchers from the University of Cambridge, alongside corporate partners such as Google, Microsoft, Arm, and SRI International, and with support from the UK government.

The Digital Security by Design (DSbD) initiative, also backed by the UK government, aims to transform digital technology and create a more resilient and secure foundation for a safer future. As the DSbD community embraces Cheri technology for wider industrial applications, developers are crafting new software and modifying existing applications for the Arm Morello architecture and CheriBSD, to protect society from memory safety vulnerabilities. The community launched the inaugural Beacon Awards, to celebrate technological advances that boost security without sacrificing performance or inflating costs.

The Beacon Awards recognize successful CheriBSD innovations that improve performance at a fraction of the cost. The technology industry is witnessing a crucial evolution in security, and the sheer number of individuals and projects spearheading innovation with CheriBSD is inspiring as evidenced by the high quality of submissions.

“We are thrilled to partner with Innovate UK and Digital Security by Design (DSbD) to launch the first annual DSbD Ecosystem Beacon Awards. This initiative celebrates the innovative minds enhancing CheriBSD, showcasing FreeBSD’s crucial role in achieving breakthroughs in digital security,” said Deb Goodkin, Executive Director of the FreeBSD Foundation.

The inaugural Beacon Awards were awarded across two categories: adapting existing applications and refactoring code to use CHERI compartmentalization.

Beacon Award Category 1: Adapting Existing Applications

This category highlights significant contributions within the DSbD ecosystem, focusing on projects that have successfully adapted existing applications to operate on Morello or CHERI-RISC-V architectures with enhanced memory safety using CheriBSD. It celebrates efforts that have demonstrably enriched and improved the CheriBSD platform by enabling applications to utilize these advanced hardware architectures for increased security.

The winner was the MOJO Project. The MOJO Project by THG and the University of Manchester enhances Java’s security on CheriBSD, addressing critical buffer overflow vulnerabilities by porting Epsilon GC and Serial GC for object allocation within OpenJDK JVM. This allows Java applications to run securely with minimal changes, promoting the widespread adoption of CheriBSD.

Other submissions included:

Honorablemention – MicroPython: The MicroPython project on CheriBSD introduces the first pure-capability Python interpreter. It enhances security through significant codebase modifications that ensure spatial memory safety, indicating its potential for broad, secure computing applications.Honorable mention – Boehm-Demers-Weiser:This project ports the Boehm-Demers-Weiser garbage collection library to CheriBSD for pure capability mode, transforming it into a precise garbage collector and marking the first such open source library for CheriBSD, enabling enhanced security for a range of applications.SensorIT: Sensor IT migrates the eXtremail email server to CheriBSD to enhance security against memory overflow exploits by applying memory compartmentalization and testing against real-world hacker exploits, demonstrating the platform’s capability to secure vulnerable applications.

Beacon Award Category 2: Refactoring Code to Use CHERI Compartmentalization

This category acknowledges improvements in two key areas: enhancements in performance compared to current inter-process communication (IPC) methods or advancements in security achieved by restructuring code to incorporate compartmentalization across various scenarios.

The two winners for this category were Intravisor and Capabilities Limited.

Intravisor: Intravisor introduces a novel cloud software architecture that utilizes cap-VMs for strong isolation, reduced TCB, and efficient IPC, significantly outperforming traditional virtualization mechanisms and setting a new standard for cloud security and efficiency.Capabilities Limited: Capabilities Limited explores the application of CHERI’s memory safety and compartmentalization in server environments, achieving improved security in server-side software with minimal modifications and demonstrating the practical scalability of CHERI-based protections.

Other submissions include:

Configured Things: This DSbD TAP project uses memory compartmentalization and co-process abstraction on Arm Morello’s CHERI capabilities to create a secure, high-performance data transmission method that acts like a data diode, enhancing cybersecurity for critical infrastructure.

About The FreeBSD Foundation:

The FreeBSD Foundation is a 501(c)(3) non-profit organization dedicated to supporting the FreeBSD Project and community. The Foundation gratefully accepts donations from individuals and businesses, using them to fund and manage projects, employ a staff of software engineers, organize and run FreeBSD events, advocate for FreeBSD, and provide training and educational material. In addition, the Foundation represents the FreeBSD Project in executing contracts, license agreements, and other legal arrangements that require a recognized legal entity. The FreeBSD Foundation is entirely supported by donations.

 

CONTACT: Contact:
bret@clementpeterson.com
 

Leave a Reply

Your email address will not be published.