Slash Boxes

SoylentNews is people

Submission Preview

Link to Story

FreeBSD Foundation Gives Beacon Gongs For Safer Software

Accepted submission by Arthur T Knackerbracket at 2024-03-26 15:36:50

--- --- --- --- Entire Story Below - Must Be Edited --- --- --- --- --- --- ---

Arthur T Knackerbracket has processed the following story []:

The inaugural Beacon Awards has handed three prizes to projects working on safer software for CHERI-enabled hardware running on the CheriBSD operating system.

For the unitiated, CHERI is an abbreviation of Capability Hardware Enhanced RISC Instructions.

The Beacon Awards [] is a fresh scheme from the FreeBSD Foundation, in partnership with the UK government's Digital Security by Design initiative, to reward efforts at safer software.

The Digital Security by Design [] initiative has been around for some six years now, and it funds multiple projects in the broader security R&D field. The Register reported on Arm jumping on board [] in early 2019. It worked: It was awarded £36 million ($45.43 million) at the gongs last week. Naturally, there were talks [] about much more money… but it's good to know that some real technological developments have come out of this.

One grand prize went to the Mojo JVM []. This is a memory-secure Java runtime that "can run existing Java applications with no or minimal code changes," according to the awards page. Java isn't trendy any more and applets in web pages disappeared years ago, but it remains very significant in internal business-process apps in many large companies. Its development is sponsored by The Hut Group, an etailer which occasionally [] pops up on the Register. The team has a 17-minute Youtube video [] explaining how CHERI can bring greater memory-safety to the OpenJDK JVM.

Another grand prize went to Intravisor [], a new form of virtualization host for cloud software, which can run various kinds of VMs with greater isolation on CHERI-enabled hardware. This includes its own lightweight ones and unmodified Linux environments. There's more info on the GitHub page, and there was a talk [] about Intravisor at the 2022 FOSDEM conference.

The third grand prize went to the appropriately named Capabilities Limited [] for its work refactoring 1.7 million lines of existing C++ web services software to CheriBSD on Morello.

Honorable mentions went to two pieces of research by the University of Glasgow's Jeremy Singer. One is Morello Micropython [], a research project [] that's produced a CHERI-enabled Micropython interpreter. He has also been studying adapting the Boehm garbage collector [] to CHERI, which he terms Capability Boehm [] [PDF].

The many strands of CHERI research don't get headlines in the same way as commercial R&D on fancy new GPUs – or the latest models of CPU which are a few percent faster than the previous kit. This is partly because those are commercial projects and their backers want to sell more hardware, and it's relatively easy to sell that something is faster than before.

As the Reg FOSS desk's holiday feature [] explored at some length, in the course of developing inexpensive mass-market microcomputers, a lot of the security systems of earlier generations of computers were simply discarded, either for being too expensive or too much hard work. Capabilities [] were just one of them.

The CHERI research is looking for ways to restore these to existing systems running current software, with minimal modifications. If they're successful, the resulting hardware and software will be slightly slower – but also immune, or at least far more robust against, all kinds of software vulnerabilities and exploits.

As it is today, Linux has a bunch of performance-killing security features, whose impact you can see if you just turn them off temporarily []. We're already paying the speed penalty for this stuff. CHERI could do better. It's a price worth paying.

Original Submission