KTN, profile picture
Uploaded byKTN
PPTX, PDF1,824 views

Digital Security by Design: Technology Platform - Richard Grisenthwaite, ARM

KTN ran a collaborators' workshop on 26 September 2019 in London to explain more about the Digital Security by Design Challenge announced by the government. The Digital Security by Design challenge has been recently announced by the Department for Business, Energy & Industrial Strategy (BEIS). This challenge, amounting to £70 million of government funding over 5 years, was delivered by UK Research and Innovation (UKRI) through the Industrial Strategy Challenge Fund (ISCF). This Collaborators' Workshop provides an opportunity to hear more details of the challenge and forthcoming competitions. A Scoping Workshop for this challenge was held on 30th May: http://ow.ly/oz6230pHlGl Find out more about the Defence and Security Interest Group at https://ktn-uk.co.uk/interests/defence-security Join the Defence and Security Interest Group at https://www.linkedin.com/groups/8584397 or Follow KTN_UK Defence group on Twitter https://twitter.com/KTNUK_Defence

Embed presentation

Downloaded 54 times
Digital Security by Design Richard Grisenthwaite SVP Chief Architect and Fellow Richard.Grisenthwaite@arm.com
2 2019 Arm Limited Security is the greatest challenge computing needs to address to meet its full potential
3 2019 Arm Limited New Architecture motivated by Security features • “Architecture” meaning CPU “Instruction Set Architecture” • Arm runs an incremental update process for the architecture • Security is one of the stronger motivations for incremental architectural improvements: • Privileged Access Never • Hypervisor applied Execute-Never • Pointer Authentication • Branch Target Identification • Introduction of Secure EL2 • Memory Tagging Extensions • These changes are incremental improvements to the architecture • Easy to deploy, small scale point improvements
4 2019 Arm Limited Going beyond incremental improvements Incremental improvements Getting to a “New level” Better Time
5 2019 Arm Limited CHERI architecture in one slide • CPU architecture adds 128-bit “capabilities” plus a memory tagging bit • Capability contains the address, bounds information, permission information etc • The memory tagging bit is metadata that distinguishes a capability from normal data  This memory tagging bit prevents “forging” of a capability  This functionality gives strong provenance of capabilities • Architecture has the ability to “seal” capabilities as well as part of compartmentalisation • Loads/stores using capabilities as addresses are checked to be legal • Within address range and matching the supplied permissions • Data processing on capabilities has rules to limit operations • Bounds cannot be arbitrarily increased, permissions cannot be relaxed etc • Capability is used in place of a normal pointer in some or all situations • Exactly how when this happens is part of the software usage case • Simply replacing all pointers with capabilities gives scope for strong spatial memory protection  But clearly is an ABI change and increases cache pressure
6 2019 Arm Limited Why is Arm interested in the CHERI architecture • Arm has been working with UoCambridge on CHERI for some 4-5 years • Big step to addressing security based on strong fundamental principles • Addresses spatial memory safety robustly and some ideas for temporal safety • Memory safety issues reported to be involved with ~70% of vulnerabilities (Matt Miller, BlueHat IL, 2019) • Has scope to be the foundation of a new mechanism for compartmentalisation • Potentially far cheaper than using translation tables • Interesting scope to address temporal safety issues as well as spatial ones…. • Many of the Arm software vendors are similarly interested in the possibilities of CHERI • Microsoft, Google and others have expressed strong interest in exploring the concept… • … but lots of questions about the real-world performance costs and usage models • …understanding the intended usage models is important to refine the architectural features • But is a novel thing to do with additional costs to the system and software • Adding a 129th tag bit has a lot of impacts to the memory system • it is an ABI change, so non-trivial costs for compatibility for some uses
7 2019 Arm Limited Performance effects of CHERI ? • Spatial memory safety involves replacing some/all of the pointer with capabilities • 128-bit items in place of 64-bit items hits the effective cache size to an unknown degree • Are all pointers replaced by capabilities or just some of them (esp for Java/Javascript) • How are the tags held in memory? • 129th bit (similar to ECC) or by carving out a separate area of memory • Do I need a tag-cache to hold the tag bits, is it hierarchical, what size is it etc etc • What is the performance implications for using CHERI for compartmentalisation? • Can I measure the improved performance from doing this vs (ab)using the process model • If I have more lightweight compartmentalisation, how do I segment my software efficiently – What is the performance effects of doing this? • What is the performance cost of using CHERI for temporal memory safety? • How do any of these benefits compare for real performance vs today’s established ways • Is the benefit worth the effort?
8 2019 Arm Limited Challenges with creating substantially new architecture New Hardware New Software Models Required to justify Required to develop
9 2019 Arm Limited IP Position • Today’s CPU architectures have largely the same basic functionality • “Similar but different” approaches to most aspects of system architecture • Small scale optimisations exist • This position very beneficial for the porting of system software • Anything that fundamentally changes the system software architecture is likely to be ignored • Arm believes that this reality needs to continue with capabilities • Implication is that we’d like the world’s leading architectures to adopt capabilities • The Digital Security by Design program
10 2019 Arm Limited The Morello Board • An Industrial Demonstrator of a Capability architecture • Uses a prototype capability extension to the Arm Architecture • Prototype is a “superset” of what could be adopted into the Arm architecture • Use of a superset of the architecture is very unusual • Also unrealistic as a commercial product – there will be some frequency effects • However, there are tight timescales so architecture is nearly complete now • The superset of the architecture will allow a lot of software experimentation • Various different mechanisms for compartmentalisation • Collection of features for which the justification is unclear • Techniques for holding the capability tag bit • Architecture will have formally proved security properties (with UoC and UoE) • Morello Board will be the ONLY physical implementation of this prototype architecture • Learnings from these experiments will be adopted into a mainstream extension to the Arm architecture • NO COMMITMENT TO FULL BINARY COMPATIBILITY TO THE PROTOTYPE ARCHITECTURE – But successful concepts are expected to be carried forward into the architecture and can be reused there
11 2019 Arm Limited Morello Board overview (subject to change) • Quad core bespoke high-end CPU with prototype capability extensions • Backwards compatibility with v8.2 AArch64-only • Based on Neoverse N1 core – Multi-issue out-of-order superscalar core with 3 levels of cache • Build in 7nm process • Targeting clock frequency around 2GHz • Reasonable performance GPU and Display controller • Standard Mali architecture core – not extended with capability • Supports Android • PCIe and CCIx interfaces including to FPGA based accelerators • FPGA for peripheral expansion • SBSA compliant system • 16GB of System Memory (expandable to 32GB – tbc)
12 2019 Arm Limited Morello SoC (WIP) • Display processor • Single display output • Digital 8:8:8 RGB Output • UXGA60 : 1600 x 1200 • Mid-range GPU • Single shader • 256KByte L2 • SODIMM DDR4 3200 x2 (72pin) • 51.2 GBytes/s • Modifications to ECC to store capability bit • SCP & MCP System control including boot • High-end PCIe configuration • x16 PCIe CCIX enabled • x16 PCIe IO • Can’t carry capability tags • Thin Links to FPGA • Facilitates a broader set of IO not contained within the SoC itself • Quad Arm core with capabilities • L1/L2 cache modifications to proliferate capability bit
13 2019 Arm Limited Software and Tools on Morello Platform • Initial toolchain development is focussed on the LLVM toolchain (including LLDB) • GNU tools being developed as a secondary activity • Initial OS focus is FreeBSD (developed with UoCambridge), Android • Secondary focus: Windows PE, Yocto (Linux Distribution for IoT) , • Tertiary focus: Debian, RedHat Fedora, SuSE Tumbleweed,
14 2019 Arm Limited Timescales • September 2020: • Virtual Platform Model of Morello board (behavioural software model) • Architecture Specification of the CPU architecture used in the Morello board – This will include XML and Pseudo-code to allow formal proofs and other auto-generated collateral • September 2021 • Morello boards made available with initial software and toolchains
15 2019 Arm Limited What do we want to get from this… • Answers to the performance questions for a wide range of different usage models • Compelling examples of Capabilities offering a security/performance improvements • Backed up by “Red-teams” having attacked the system and demonstrated security of the system • Compelling in comparison with existing deployed state of the art approaches • Understanding of how different languages and run-times can use capabilities • Not just C and C++, but also Javascript, Java • Far better understanding of how fine-grained compartmentalisation can be used • A showcase to encourage other architectures to adopt capabilities • Experience of what the right SoC hardware is for building capabilities • An architectural approach with formally proven security properties => What to put into the Arm architecture to give Digital Security by Design.
Questions?

More Related Content

PDF
Competition Briefing - Open Digital Solutions for Net Zero Energy
byKTN
 
PDF
An Introduction to Eurostars - an Opportunity for SMEs to Collaborate Interna...
byKTN
 
PDF
Prospering from the Energy Revolution: Six in Sixty - Technology and Infrastr...
byKTN
 
PPTX
UK Catalysis: Innovation opportunities for an enabling technology
byKTN
 
PPTX
Industrial Energy Transformational Fund Phase 2 Spring 2022 - Competition Bri...
byKTN
 
PDF
Horizon Europe ‘Culture, Creativity and Inclusive Society’ Consortia Building...
byKTN
 
PDF
Horizon Europe ‘Culture, Creativity and Inclusive Society’ Consortia Building...
byKTN
 
PPTX
Smart Networks and Services Joint Undertaking (SNS JU) Call Topics
byKTN
 
Competition Briefing - Open Digital Solutions for Net Zero Energy
byKTN
 
An Introduction to Eurostars - an Opportunity for SMEs to Collaborate Interna...
byKTN
 
Prospering from the Energy Revolution: Six in Sixty - Technology and Infrastr...
byKTN
 
UK Catalysis: Innovation opportunities for an enabling technology
byKTN
 
Industrial Energy Transformational Fund Phase 2 Spring 2022 - Competition Bri...
byKTN
 
Horizon Europe ‘Culture, Creativity and Inclusive Society’ Consortia Building...
byKTN
 
Horizon Europe ‘Culture, Creativity and Inclusive Society’ Consortia Building...
byKTN
 
Smart Networks and Services Joint Undertaking (SNS JU) Call Topics
byKTN
 

More from KTN

PDF
Building Talent for the Future 2 – Expression of Interest Briefing
byKTN
 
PDF
Connected and Autonomous Vehicles Cohort Workshop
byKTN
 
PDF
Biodiversity and Food Production: The Future of the British Landscape
byKTN
 
PDF
Engage with...Performance Projects
byKTN
 
PDF
How to Create a Good Horizon Europe Proposal Webinar
byKTN
 
PDF
Horizon Europe Tackling Diseases and Antimicrobial Resistance (AMR) Webinar a...
byKTN
 
PDF
Engage with...Custom Interconnect
byKTN
 
PDF
Engage with...ZF
byKTN
 
PDF
Engage with...FluxSys
byKTN
 
PDF
Made Smarter Innovation: Sustainable Smart Factory Competition Briefing
byKTN
 
PDF
Driving the Electric Revolution – PEMD Skills Hub
byKTN
 
PDF
Medicines Manufacturing Challenge EDI Survey Briefing Webinar
byKTN
 
PDF
Horizon Europe Clean Energy Webinar - Cluster 5 Destination 3 | Pitches
byKTN
 
PDF
Horizon Europe Clean Energy Webinar - Cluster 5 Destination 3 | Slides
byKTN
 
PDF
Horizon Europe Quantum Webinar - Cluster 4 Destinations 4 and 5 | Slides
byKTN
 
PDF
Horizon Europe Quantum Webinar - Cluster 4 Destinations 4 and 5 | Pitches
byKTN
 
PPTX
Farming Innovation Programme - Small R&D Partnership Projects - Consortia Bui...
byKTN
 
PDF
Net Zero in Medicines Manufacturing: Measuring and Reporting Carbon Footprint
byKTN
 
PDF
Horizon Europe Clean Transport Webinar - Cluster 5 Destination 5 | Pitches
byKTN
 
PDF
Horizon Europe Clean Transport Webinar - Cluster 5 Destination 5 | Slides
byKTN
 
Building Talent for the Future 2 – Expression of Interest Briefing
byKTN
 
Connected and Autonomous Vehicles Cohort Workshop
byKTN
 
Biodiversity and Food Production: The Future of the British Landscape
byKTN
 
Engage with...Performance Projects
byKTN
 
How to Create a Good Horizon Europe Proposal Webinar
byKTN
 
Horizon Europe Tackling Diseases and Antimicrobial Resistance (AMR) Webinar a...
byKTN
 
Engage with...Custom Interconnect
byKTN
 
Engage with...ZF
byKTN
 
Engage with...FluxSys
byKTN
 
Made Smarter Innovation: Sustainable Smart Factory Competition Briefing
byKTN
 
Driving the Electric Revolution – PEMD Skills Hub
byKTN
 
Medicines Manufacturing Challenge EDI Survey Briefing Webinar
byKTN
 
Horizon Europe Clean Energy Webinar - Cluster 5 Destination 3 | Pitches
byKTN
 
Horizon Europe Clean Energy Webinar - Cluster 5 Destination 3 | Slides
byKTN
 
Horizon Europe Quantum Webinar - Cluster 4 Destinations 4 and 5 | Slides
byKTN
 
Horizon Europe Quantum Webinar - Cluster 4 Destinations 4 and 5 | Pitches
byKTN
 
Farming Innovation Programme - Small R&D Partnership Projects - Consortia Bui...
byKTN
 
Net Zero in Medicines Manufacturing: Measuring and Reporting Carbon Footprint
byKTN
 
Horizon Europe Clean Transport Webinar - Cluster 5 Destination 5 | Pitches
byKTN
 
Horizon Europe Clean Transport Webinar - Cluster 5 Destination 5 | Slides
byKTN
 

Recently uploaded

PPTX
ZAIRON AND CARLYN PPT 111111111111111111
byandaliasajohnzairon
 
PDF
Should you buy verified PayPal or Stripe accounts_.pdf
bywiulk201973rt6mlnjq7
 
PPTX
702112964-DELHI-HAAT-A-case-study data ppt
byrakshiperween3
 
PPTX
Noora_Custom_Color_HIV_TB_Flowchart.pptx
byparag186340
 
PDF
VERNACULAR ARCHITECTURE - CONCEPTS & PRINCIPLES
byCattleyaVanessaPamon
 
PPTX
Brain storming and Game storming IN ui ux
bysivamalarpcse
 
PPTX
2D Transformation (Translation, Rotation, Scaling) in Computer Graphics
byVanshikaBhardwaj32
 
PPTX
Visual_Merchandising_Detailed_Redesigned.pptx
bysep221
 
PPTX
TLE - FCS 7 - Introduction to Technical Drawing.pptx
byLANISOCRATES1
 
PDF
🥳 BUKTI KEMENANGAN HARI INI SELASA 03 FEBRUARI 2026 🥰
byGRAB
 
PPTX
ENGLISH DICTIONARY PORTFOLIO FOR EVENTS.
byRie ESPERTA
 
PPTX
etics.pptxghhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh...
byibganraffy22
 
PDF
CASE STUDY about Shreyas wellness Center, Quiet healing center; Auroville
byaishwaryag2304
 
PDF
Architectural Professional portfolio designs.pdf
bybuildasnest
 
PPTX
HARDITS THEORY: “to design the design as a design. PRESENTATION.pptx
bycasigbe
 
PPTX
MAJOR factors affecting TO SEED STORAGE PPT
byparamanandhulagannav
 
PDF
TOC Unit 1 Finite State Machine and divisible by 3
bySanjivani college of Engineering
 
PDF
Tokyo City Urban Planning Case Study Architecture
bySDhanushKumar
 
PPTX
Pathological Fractures Lecture.pptx ORTHOPAEDICS
bymc22367
 
PPTX
Azure_Landing_Zone_Proposal_with_CAF (1).pptx
bylemeli3232
 
ZAIRON AND CARLYN PPT 111111111111111111
byandaliasajohnzairon
 
Should you buy verified PayPal or Stripe accounts_.pdf
bywiulk201973rt6mlnjq7
 
702112964-DELHI-HAAT-A-case-study data ppt
byrakshiperween3
 
Noora_Custom_Color_HIV_TB_Flowchart.pptx
byparag186340
 
VERNACULAR ARCHITECTURE - CONCEPTS & PRINCIPLES
byCattleyaVanessaPamon
 
Brain storming and Game storming IN ui ux
bysivamalarpcse
 
2D Transformation (Translation, Rotation, Scaling) in Computer Graphics
byVanshikaBhardwaj32
 
Visual_Merchandising_Detailed_Redesigned.pptx
bysep221
 
TLE - FCS 7 - Introduction to Technical Drawing.pptx
byLANISOCRATES1
 
🥳 BUKTI KEMENANGAN HARI INI SELASA 03 FEBRUARI 2026 🥰
byGRAB
 
ENGLISH DICTIONARY PORTFOLIO FOR EVENTS.
byRie ESPERTA
 
etics.pptxghhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh...
byibganraffy22
 
CASE STUDY about Shreyas wellness Center, Quiet healing center; Auroville
byaishwaryag2304
 
Architectural Professional portfolio designs.pdf
bybuildasnest
 
HARDITS THEORY: “to design the design as a design. PRESENTATION.pptx
bycasigbe
 
MAJOR factors affecting TO SEED STORAGE PPT
byparamanandhulagannav
 
TOC Unit 1 Finite State Machine and divisible by 3
bySanjivani college of Engineering
 
Tokyo City Urban Planning Case Study Architecture
bySDhanushKumar
 
Pathological Fractures Lecture.pptx ORTHOPAEDICS
bymc22367
 
Azure_Landing_Zone_Proposal_with_CAF (1).pptx
bylemeli3232
 

Digital Security by Design: Technology Platform - Richard Grisenthwaite, ARM

  • 1.
    Digital Security by Design RichardGrisenthwaite SVP Chief Architect and Fellow Richard.Grisenthwaite@arm.com
  • 2.
    2 2019 ArmLimited Security is the greatest challenge computing needs to address to meet its full potential
  • 3.
    3 2019 ArmLimited New Architecture motivated by Security features • “Architecture” meaning CPU “Instruction Set Architecture” • Arm runs an incremental update process for the architecture • Security is one of the stronger motivations for incremental architectural improvements: • Privileged Access Never • Hypervisor applied Execute-Never • Pointer Authentication • Branch Target Identification • Introduction of Secure EL2 • Memory Tagging Extensions • These changes are incremental improvements to the architecture • Easy to deploy, small scale point improvements
  • 4.
    4 2019 ArmLimited Going beyond incremental improvements Incremental improvements Getting to a “New level” Better Time
  • 5.
    5 2019 ArmLimited CHERI architecture in one slide • CPU architecture adds 128-bit “capabilities” plus a memory tagging bit • Capability contains the address, bounds information, permission information etc • The memory tagging bit is metadata that distinguishes a capability from normal data  This memory tagging bit prevents “forging” of a capability  This functionality gives strong provenance of capabilities • Architecture has the ability to “seal” capabilities as well as part of compartmentalisation • Loads/stores using capabilities as addresses are checked to be legal • Within address range and matching the supplied permissions • Data processing on capabilities has rules to limit operations • Bounds cannot be arbitrarily increased, permissions cannot be relaxed etc • Capability is used in place of a normal pointer in some or all situations • Exactly how when this happens is part of the software usage case • Simply replacing all pointers with capabilities gives scope for strong spatial memory protection  But clearly is an ABI change and increases cache pressure
  • 6.
    6 2019 ArmLimited Why is Arm interested in the CHERI architecture • Arm has been working with UoCambridge on CHERI for some 4-5 years • Big step to addressing security based on strong fundamental principles • Addresses spatial memory safety robustly and some ideas for temporal safety • Memory safety issues reported to be involved with ~70% of vulnerabilities (Matt Miller, BlueHat IL, 2019) • Has scope to be the foundation of a new mechanism for compartmentalisation • Potentially far cheaper than using translation tables • Interesting scope to address temporal safety issues as well as spatial ones…. • Many of the Arm software vendors are similarly interested in the possibilities of CHERI • Microsoft, Google and others have expressed strong interest in exploring the concept… • … but lots of questions about the real-world performance costs and usage models • …understanding the intended usage models is important to refine the architectural features • But is a novel thing to do with additional costs to the system and software • Adding a 129th tag bit has a lot of impacts to the memory system • it is an ABI change, so non-trivial costs for compatibility for some uses
  • 7.
    7 2019 ArmLimited Performance effects of CHERI ? • Spatial memory safety involves replacing some/all of the pointer with capabilities • 128-bit items in place of 64-bit items hits the effective cache size to an unknown degree • Are all pointers replaced by capabilities or just some of them (esp for Java/Javascript) • How are the tags held in memory? • 129th bit (similar to ECC) or by carving out a separate area of memory • Do I need a tag-cache to hold the tag bits, is it hierarchical, what size is it etc etc • What is the performance implications for using CHERI for compartmentalisation? • Can I measure the improved performance from doing this vs (ab)using the process model • If I have more lightweight compartmentalisation, how do I segment my software efficiently – What is the performance effects of doing this? • What is the performance cost of using CHERI for temporal memory safety? • How do any of these benefits compare for real performance vs today’s established ways • Is the benefit worth the effort?
  • 8.
    8 2019 ArmLimited Challenges with creating substantially new architecture New Hardware New Software Models Required to justify Required to develop
  • 9.
    9 2019 ArmLimited IP Position • Today’s CPU architectures have largely the same basic functionality • “Similar but different” approaches to most aspects of system architecture • Small scale optimisations exist • This position very beneficial for the porting of system software • Anything that fundamentally changes the system software architecture is likely to be ignored • Arm believes that this reality needs to continue with capabilities • Implication is that we’d like the world’s leading architectures to adopt capabilities • The Digital Security by Design program
  • 10.
    10 2019 ArmLimited The Morello Board • An Industrial Demonstrator of a Capability architecture • Uses a prototype capability extension to the Arm Architecture • Prototype is a “superset” of what could be adopted into the Arm architecture • Use of a superset of the architecture is very unusual • Also unrealistic as a commercial product – there will be some frequency effects • However, there are tight timescales so architecture is nearly complete now • The superset of the architecture will allow a lot of software experimentation • Various different mechanisms for compartmentalisation • Collection of features for which the justification is unclear • Techniques for holding the capability tag bit • Architecture will have formally proved security properties (with UoC and UoE) • Morello Board will be the ONLY physical implementation of this prototype architecture • Learnings from these experiments will be adopted into a mainstream extension to the Arm architecture • NO COMMITMENT TO FULL BINARY COMPATIBILITY TO THE PROTOTYPE ARCHITECTURE – But successful concepts are expected to be carried forward into the architecture and can be reused there
  • 11.
    11 2019 ArmLimited Morello Board overview (subject to change) • Quad core bespoke high-end CPU with prototype capability extensions • Backwards compatibility with v8.2 AArch64-only • Based on Neoverse N1 core – Multi-issue out-of-order superscalar core with 3 levels of cache • Build in 7nm process • Targeting clock frequency around 2GHz • Reasonable performance GPU and Display controller • Standard Mali architecture core – not extended with capability • Supports Android • PCIe and CCIx interfaces including to FPGA based accelerators • FPGA for peripheral expansion • SBSA compliant system • 16GB of System Memory (expandable to 32GB – tbc)
  • 12.
    12 2019 ArmLimited Morello SoC (WIP) • Display processor • Single display output • Digital 8:8:8 RGB Output • UXGA60 : 1600 x 1200 • Mid-range GPU • Single shader • 256KByte L2 • SODIMM DDR4 3200 x2 (72pin) • 51.2 GBytes/s • Modifications to ECC to store capability bit • SCP & MCP System control including boot • High-end PCIe configuration • x16 PCIe CCIX enabled • x16 PCIe IO • Can’t carry capability tags • Thin Links to FPGA • Facilitates a broader set of IO not contained within the SoC itself • Quad Arm core with capabilities • L1/L2 cache modifications to proliferate capability bit
  • 13.
    13 2019 ArmLimited Software and Tools on Morello Platform • Initial toolchain development is focussed on the LLVM toolchain (including LLDB) • GNU tools being developed as a secondary activity • Initial OS focus is FreeBSD (developed with UoCambridge), Android • Secondary focus: Windows PE, Yocto (Linux Distribution for IoT) , • Tertiary focus: Debian, RedHat Fedora, SuSE Tumbleweed,
  • 14.
    14 2019 ArmLimited Timescales • September 2020: • Virtual Platform Model of Morello board (behavioural software model) • Architecture Specification of the CPU architecture used in the Morello board – This will include XML and Pseudo-code to allow formal proofs and other auto-generated collateral • September 2021 • Morello boards made available with initial software and toolchains
  • 15.
    15 2019 ArmLimited What do we want to get from this… • Answers to the performance questions for a wide range of different usage models • Compelling examples of Capabilities offering a security/performance improvements • Backed up by “Red-teams” having attacked the system and demonstrated security of the system • Compelling in comparison with existing deployed state of the art approaches • Understanding of how different languages and run-times can use capabilities • Not just C and C++, but also Javascript, Java • Far better understanding of how fine-grained compartmentalisation can be used • A showcase to encourage other architectures to adopt capabilities • Experience of what the right SoC hardware is for building capabilities • An architectural approach with formally proven security properties => What to put into the Arm architecture to give Digital Security by Design.
  • 16.

Editor's Notes

  • #5 Everyone can get behind incremental improvements – this conference Really successful companies can be really great at incremental improvements “Innovator’s dilemma” Passion for progress says we need to embrace more disruptive change too IPG re-org
  • #9 <don’t do the detail >