March 21, 2024
Held at the beautiful Kia Oval cricket grounds in London on March 13, the Digital Security by Design Ecosystem Beacon Awards recognized the early adopters of CheriBSD and Morello. The awards sought to encourage more adoption, innovation, and contribution to the Open Source projects that serve as the foundation for this and so many breakthroughs.
Submissions were evaluated by a panel of 9 esteemed judges in the DSbD Ecosystem, from Arm, Linaro, SRI International, University of Edinburgh, University of Cambridge, UKRI, and the FreeBSD Foundation.
Judges evaluated submissions on the following criteria.
- Potential Impact
- Approach and potential ecosystem benefit
- Quality of the Idea
We celebrated three Beacon grand prize winners and two honorable mentions. Grand Prize winners receive $2,000 and Honorable Mentions $1,500
Honorable Mentions
- MicroPython, a lean implementation of the Python 3 language, replaces all internal pointers with CHERI-specific bounded capabilities, enabling secure-by-design spatial memory safety for the MicroPython interpreter and client Python applications.
- Second, applying capability enhancements to the Boehm GC codebase tags all capabilities, making this “conservative” garbage collector (which guesses from bit-patterns whether a value is a pointer) into a “precise” garbage collector (which knows precisely which values are pointers).
Both were submitted by Jeremy Singer, Reader in Programming Language Implementation / University of Glasgow
Grand Prize Winners
MOJO Project, submitted by The Hut Group
This work ported the OpenJDK JVM and two common GCs to CheriBSD. In providing a memory-secure JVM that can run existing Java applications with no or minimal code changes, this work greatly benefits the massive Java community.
Intravisor, submitted by Imperial College London, University of Otago, and University of Tokyo
Intravisor introduces a new cloud software architecture, providing a virtualization abstraction called “cap-VMs” in the Refactoring code to use the CHERI compartmentalization category. Intravisor offers strong isolation, low shared TCB, and fast IPC, using hardware memory capabilities as the foundation for virtualization.
CHERI-based memory protection and compartmentalization for web services on Morello, submitted by Capabilities Limited
In the Refactoring code to use CHERI compartmentalization category, this work applies and evaluates the CHERI protection model in server environments. It is also the first known deployment of the CHERI library compartmentalization model to C++ software.
This project has ported a total of about 1.7 million lines of server-side software to the CheriBSD ecosystem, including the nginx web server, gRPC framework, PostgreSQL database server, and supporting libraries such as Google’s Protobuf and Abseil. Porting server software components to CHERI C/C++ is mostly straightforward, affecting approximately 1% of the total lines of code.