SoylentNews
SoylentNews is people
https://soylentnews.org/

Arthur T Knackerbracket has processed the following story:

The inaugural Beacon Awards has handed three prizes to projects working on safer software for CHERI-enabled hardware running on the CheriBSD operating system. For the unitiated, CHERI is an abbreviation of Capability Hardware Enhanced RISC Instructions.

The Beacon Awards is a fresh scheme from the FreeBSD Foundation, in partnership with the UK government's Digital Security by Design initiative, to reward efforts at safer software. The Digital Security by Design initiative has been around for some six years now, and it funds multiple projects in the broader security R&D field. The Register reported on Arm jumping on board in early 2019. It worked: It was awarded £36 million ($45.43 million) at the gongs last week. Naturally, there were talks about much more money… but it's good to know that some real technological developments have come out of this.

One grand prize went to the Mojo JVM. This is a memory-secure Java runtime that "can run existing Java applications with no or minimal code changes," according to the awards page. Java isn't trendy any more and applets in web pages disappeared years ago, but it remains very significant in internal business-process apps in many large companies. Its development is sponsored by The Hut Group, an etailer which occasionally pops up on the Register. The team has a 17-minute Youtube video explaining how CHERI can bring greater memory-safety to the OpenJDK JVM.

Another grand prize went to Intravisor, a new form of virtualization host for cloud software, which can run various kinds of VMs with greater isolation on CHERI-enabled hardware. This includes its own lightweight ones and unmodified Linux environments. There's more info on the GitHub page, and there was a talk about Intravisor at the 2022 FOSDEM conference.

The third grand prize went to the appropriately named Capabilities Limited for its work refactoring 1.7 million lines of existing C++ web services software to CheriBSD on Morello.

Honorable mentions went to two pieces of research by the University of Glasgow's Jeremy Singer. One is Morello Micropython, a research project that's produced a CHERI-enabled Micropython interpreter. He has also been studying adapting the Boehm garbage collector to CHERI, which he terms Capability Boehm [PDF].

[...] in the course of developing inexpensive mass-market microcomputers, a lot of the security systems of earlier generations of computers were simply discarded, either for being too expensive or too much hard work. Capabilities were just one of them.

The CHERI research is looking for ways to restore these to existing systems running current software, with minimal modifications. If they're successful, the resulting hardware and software will be slightly slower – but also immune, or at least far more robust against, all kinds of software vulnerabilities and exploits.

As it is today, Linux has a bunch of performance-killing security features, whose impact you can see if you just turn them off temporarily. We're already paying the speed penalty for this stuff. CHERI could do better. It's a price worth paying.

Original Submission

1. "following story" - https://www.theregister.com/2024/03/26/beacon_awards_freebsd/
2. "Beacon Awards" - https://freebsdfoundation.org/blog/beacon-awards-summary/
3. "Digital Security by Design" - https://www.dsbd.tech/
4. "Arm jumping on board" - https://www.theregister.com/2019/10/18/arm_security_by_design_research/
5. "were talks" - https://www.theregister.com/2021/12/16/national_cyber_strategy_uk_launched/
6. "Mojo JVM" - https://www.mojo-jvm.org/research
7. "occasionally" - https://www.theregister.com/2018/07/05/uk2_talktalk_outage/
8. "Youtube video" - https://www.youtube.com/watch?v=H-7zpyyB1Xw
9. "Intravisor" - https://github.com/lsds/intravisor
10. "talk" - https://archive.fosdem.org/2022/schedule/event/tee_intravisor/
11. "Capabilities Limited" - https://github.com/Capabilities-Limited/Capabilities-Limited.github.io
12. "Morello Micropython" - https://capabilitiesforcoders.com/faq/python.html
13. "research project" - https://eprints.gla.ac.uk/304475/
14. "Boehm garbage collector" - https://hboehm.info/gc/
15. "Capability Boehm" - https://www.dcs.gla.ac.uk/~jsinger/pdfs/vee22.pdf
16. "Capabilities" - https://archive.ph/20130112225523/http://www.eros-os.org/essays/capintro.html
17. "if you just turn them off temporarily" - https://www.theregister.com/2022/07/18/improve_linux_performance/
18. "Original Submission" - https://soylentnews.org/submit.pl?op=viewsub&subid=62422

printed from SoylentNews, FreeBSD Foundation Gives Beacon Gongs For Safer Software on 2024-07-26 23:25:06