Arm rages against the insecure chip machine with new Morello architecture
Prototypes now available for testing
Arm has made available for testing prototypes of its Morello architecture, aimed at bringing features into the design of CPUs that provide greater robustness and make them resistant to certain attack vectors. If it performs as expected, it will likely become a fundamental part of future processor designs.
The Morello programme involves Arm collaborating with the University of Cambridge and others in tech to develop a processor architecture that is intended to be fundamentally more secure. Morello prototype boards are now being released for testing by developers and security specialists, based on a prototype system-on-chip (SoC) that Arm has built.
Arm said that the limited-edition evaluation boards are based on the Morello prototype architecture embedded into an Armv8.2-A processor. This is an adaptation of the architecture in the Arm Neoverse N1 design aimed at data centre workloads.
The boards are being handed for evaluation to major stakeholders in the programme such as Google and Microsoft, but also to other interested partners in both the industry and academia via the UK Research and Innovation Digital Security by Design (DSbD) initiative, Arm disclosed.
How does £36m sound, mon CHERI? UK.gov pumps cash into Arm security researchREAD MORE
Security capabilities in the Morello architecture centre on what Arm calls Capability Hardware Enhanced RISC Instructions, or CHERI. These appear to deliver changes to the way that CPU pointers operate, limiting the address ranges they can use to access memory locations, as well as placing restrictions on how those pointers can be used.
The use of these capabilities in place of some or all the memory accesses can improve the spatial memory safety of software, particularly software written in C or C++ code, according to Arm. Some security threats have involved the use of pointers to access memory locations used by other applications, but poorly written code can also corrupt data in memory the same way.
- EC president promises European Chips Act to quadruple homegrown production by 2030
- Nvidia promises British authorities it won’t strong Arm rivals after proposed merger
- RISC-V CTO: We won't dictate chip design like Arm and x86
- US trade watchdog opposes Nvidia's Arm buy, mostly over fears about datacentre innovation
These capabilities can be used to enforce much stronger memory safety by compartmentalising code into separate walled areas, with potentially far lower overheads than current approaches to partitioning, Arm claims. Code operating within one compartment has no access to any other area, which means that even if an attacker compromises one piece of the code or data, they cannot access other areas.
Arm claims there has never been a silicon implementation of this kind of hardware capability in a high-performance CPU, and so the Morello prototype board makes it possible for researchers to evaluate and test the security benefits of this kind of architecture in real-world scenarios.
David Weston, director of Enterprise and OS Security at Microsoft, said that memory safety exploits are one of the longest-standing and most challenging problems in software security.
"Using core silicon architecture to eliminate whole classes of security issues with minimal performance impact has the opportunity to be transformative with massive positive impact. I am incredibly excited about the Morello project," he said in a statement.
The Morello programme was started in 2019 by UK Research and Innovation and intended to span five years. This latest milestone allows participants such as security specialists, software companies and academic institutions two and a half years to test, write code and provide critical feedback to identify whether Morello is a viable security architecture for the future, Arm said.
Innovate UK has announced it will be holding a succession of information and launch bootcamps around the Morello developments, starting with a launch webinar to be held on 25 January. ®
- Apple M1
- AWS Graviton
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Trusted Platform Module
- Zero trust