SlideShare a Scribd company logo
Digital Security by
Design
Richard Grisenthwaite
SVP Chief Architect and Fellow
Richard.Grisenthwaite@arm.com
2 2019 Arm Limited
Security is the greatest challenge computing needs to
address to meet its full potential
3 2019 Arm Limited
New Architecture motivated by Security features
• “Architecture” meaning CPU “Instruction Set Architecture”
• Arm runs an incremental update process for the architecture
• Security is one of the stronger motivations for incremental architectural improvements:
• Privileged Access Never
• Hypervisor applied Execute-Never
• Pointer Authentication
• Branch Target Identification
• Introduction of Secure EL2
• Memory Tagging Extensions
• These changes are incremental improvements to the architecture
• Easy to deploy, small scale point improvements
4 2019 Arm Limited
Going beyond incremental improvements
Incremental
improvements
Getting to a
“New level”
Better
Time
5 2019 Arm Limited
CHERI architecture in one slide
• CPU architecture adds 128-bit “capabilities” plus a memory tagging bit
• Capability contains the address, bounds information, permission information etc
• The memory tagging bit is metadata that distinguishes a capability from normal data
 This memory tagging bit prevents “forging” of a capability
 This functionality gives strong provenance of capabilities
• Architecture has the ability to “seal” capabilities as well as part of compartmentalisation
• Loads/stores using capabilities as addresses are checked to be legal
• Within address range and matching the supplied permissions
• Data processing on capabilities has rules to limit operations
• Bounds cannot be arbitrarily increased, permissions cannot be relaxed etc
• Capability is used in place of a normal pointer in some or all situations
• Exactly how when this happens is part of the software usage case
• Simply replacing all pointers with capabilities gives scope for strong spatial memory
protection
 But clearly is an ABI change and increases cache pressure
6 2019 Arm Limited
Why is Arm interested in the CHERI architecture
• Arm has been working with UoCambridge on CHERI for some 4-5 years
• Big step to addressing security based on strong fundamental principles
• Addresses spatial memory safety robustly and some ideas for temporal safety
• Memory safety issues reported to be involved with ~70% of vulnerabilities (Matt Miller, BlueHat IL, 2019)
• Has scope to be the foundation of a new mechanism for compartmentalisation
• Potentially far cheaper than using translation tables
• Interesting scope to address temporal safety issues as well as spatial ones….
• Many of the Arm software vendors are similarly interested in the possibilities of CHERI
• Microsoft, Google and others have expressed strong interest in exploring the concept…
• … but lots of questions about the real-world performance costs and usage models
• …understanding the intended usage models is important to refine the architectural features
• But is a novel thing to do with additional costs to the system and software
• Adding a 129th tag bit has a lot of impacts to the memory system
• it is an ABI change, so non-trivial costs for compatibility for some uses
7 2019 Arm Limited
Performance effects of CHERI ?
• Spatial memory safety involves replacing some/all of the pointer with capabilities
• 128-bit items in place of 64-bit items hits the effective cache size to an unknown degree
• Are all pointers replaced by capabilities or just some of them (esp for Java/Javascript)
• How are the tags held in memory?
• 129th bit (similar to ECC) or by carving out a separate area of memory
• Do I need a tag-cache to hold the tag bits, is it hierarchical, what size is it etc etc
• What is the performance implications for using CHERI for compartmentalisation?
• Can I measure the improved performance from doing this vs (ab)using the process model
• If I have more lightweight compartmentalisation, how do I segment my software efficiently
– What is the performance effects of doing this?
• What is the performance cost of using CHERI for temporal memory safety?
• How do any of these benefits compare for real performance vs today’s established ways
• Is the benefit worth the effort?
8 2019 Arm Limited
Challenges with creating substantially new architecture
New
Hardware
New
Software
Models
Required to justify
Required to develop
9 2019 Arm Limited
IP Position
• Today’s CPU architectures have largely the same basic functionality
• “Similar but different” approaches to most aspects of system architecture
• Small scale optimisations exist
• This position very beneficial for the porting of system software
• Anything that fundamentally changes the system software architecture is likely to be ignored
• Arm believes that this reality needs to continue with capabilities
• Implication is that we’d like the world’s leading architectures to adopt capabilities
• The Digital Security by Design program
10 2019 Arm Limited
The Morello Board
• An Industrial Demonstrator of a Capability architecture
• Uses a prototype capability extension to the Arm Architecture
• Prototype is a “superset” of what could be adopted into the Arm architecture
• Use of a superset of the architecture is very unusual
• Also unrealistic as a commercial product – there will be some frequency effects
• However, there are tight timescales so architecture is nearly complete now
• The superset of the architecture will allow a lot of software experimentation
• Various different mechanisms for compartmentalisation
• Collection of features for which the justification is unclear
• Techniques for holding the capability tag bit
• Architecture will have formally proved security properties (with UoC and UoE)
• Morello Board will be the ONLY physical implementation of this prototype architecture
• Learnings from these experiments will be adopted into a mainstream extension to the Arm architecture
• NO COMMITMENT TO FULL BINARY COMPATIBILITY TO THE PROTOTYPE ARCHITECTURE
– But successful concepts are expected to be carried forward into the architecture and can be reused there
11 2019 Arm Limited
Morello Board overview (subject to change)
• Quad core bespoke high-end CPU with prototype capability extensions
• Backwards compatibility with v8.2 AArch64-only
• Based on Neoverse N1 core
– Multi-issue out-of-order superscalar core with 3 levels of cache
• Build in 7nm process
• Targeting clock frequency around 2GHz
• Reasonable performance GPU and Display controller
• Standard Mali architecture core – not extended with capability
• Supports Android
• PCIe and CCIx interfaces including to FPGA based accelerators
• FPGA for peripheral expansion
• SBSA compliant system
• 16GB of System Memory (expandable to 32GB – tbc)
12 2019 Arm Limited
Morello SoC (WIP)
• Display processor
• Single display output
• Digital 8:8:8 RGB Output
• UXGA60 : 1600 x 1200
• Mid-range GPU
• Single shader
• 256KByte L2
• SODIMM DDR4 3200 x2
(72pin)
• 51.2 GBytes/s
• Modifications to ECC to
store capability bit
• SCP & MCP System
control including boot
• High-end PCIe
configuration
• x16 PCIe CCIX
enabled
• x16 PCIe IO
• Can’t carry
capability tags
• Thin Links to
FPGA
• Facilitates a
broader set of
IO not
contained
within the SoC
itself
• Quad Arm core
with capabilities
• L1/L2 cache
modifications to
proliferate
capability bit
13 2019 Arm Limited
Software and Tools on Morello Platform
• Initial toolchain development is focussed on the LLVM toolchain (including LLDB)
• GNU tools being developed as a secondary activity
• Initial OS focus is FreeBSD (developed with UoCambridge), Android
• Secondary focus: Windows PE, Yocto (Linux Distribution for IoT) ,
• Tertiary focus: Debian, RedHat Fedora, SuSE Tumbleweed,
14 2019 Arm Limited
Timescales
• September 2020:
• Virtual Platform Model of Morello board (behavioural software model)
• Architecture Specification of the CPU architecture used in the Morello board
– This will include XML and Pseudo-code to allow formal proofs and other auto-generated collateral
• September 2021
• Morello boards made available with initial software and toolchains
15 2019 Arm Limited
What do we want to get from this…
• Answers to the performance questions for a wide range of different usage models
• Compelling examples of Capabilities offering a security/performance improvements
• Backed up by “Red-teams” having attacked the system and demonstrated security of the system
• Compelling in comparison with existing deployed state of the art approaches
• Understanding of how different languages and run-times can use capabilities
• Not just C and C++, but also Javascript, Java
• Far better understanding of how fine-grained compartmentalisation can be used
• A showcase to encourage other architectures to adopt capabilities
• Experience of what the right SoC hardware is for building capabilities
• An architectural approach with formally proven security properties
=> What to put into the Arm architecture to give Digital Security by Design.
Questions?

More Related Content

More from KTN

Building Talent for the Future 2 – Expression of Interest Briefing
Building Talent for the Future 2 – Expression of Interest BriefingBuilding Talent for the Future 2 – Expression of Interest Briefing
Building Talent for the Future 2 – Expression of Interest Briefing
KTN
 
Connected and Autonomous Vehicles Cohort Workshop
Connected and Autonomous Vehicles Cohort WorkshopConnected and Autonomous Vehicles Cohort Workshop
Connected and Autonomous Vehicles Cohort Workshop
KTN
 
Biodiversity and Food Production: The Future of the British Landscape
Biodiversity and Food Production: The Future of the British LandscapeBiodiversity and Food Production: The Future of the British Landscape
Biodiversity and Food Production: The Future of the British Landscape
KTN
 
Engage with...Performance Projects
Engage with...Performance ProjectsEngage with...Performance Projects
Engage with...Performance Projects
KTN
 
How to Create a Good Horizon Europe Proposal Webinar
How to Create a Good Horizon Europe Proposal WebinarHow to Create a Good Horizon Europe Proposal Webinar
How to Create a Good Horizon Europe Proposal Webinar
KTN
 
Horizon Europe Tackling Diseases and Antimicrobial Resistance (AMR) Webinar a...
Horizon Europe Tackling Diseases and Antimicrobial Resistance (AMR) Webinar a...Horizon Europe Tackling Diseases and Antimicrobial Resistance (AMR) Webinar a...
Horizon Europe Tackling Diseases and Antimicrobial Resistance (AMR) Webinar a...
KTN
 
Engage with...Custom Interconnect
Engage with...Custom InterconnectEngage with...Custom Interconnect
Engage with...Custom Interconnect
KTN
 
Engage with...ZF
Engage with...ZFEngage with...ZF
Engage with...ZF
KTN
 
Engage with...FluxSys
Engage with...FluxSysEngage with...FluxSys
Engage with...FluxSys
KTN
 
Made Smarter Innovation: Sustainable Smart Factory Competition Briefing
Made Smarter Innovation: Sustainable Smart Factory Competition BriefingMade Smarter Innovation: Sustainable Smart Factory Competition Briefing
Made Smarter Innovation: Sustainable Smart Factory Competition Briefing
KTN
 
Driving the Electric Revolution – PEMD Skills Hub
Driving the Electric Revolution – PEMD Skills HubDriving the Electric Revolution – PEMD Skills Hub
Driving the Electric Revolution – PEMD Skills Hub
KTN
 
Medicines Manufacturing Challenge EDI Survey Briefing Webinar
Medicines Manufacturing Challenge EDI Survey Briefing WebinarMedicines Manufacturing Challenge EDI Survey Briefing Webinar
Medicines Manufacturing Challenge EDI Survey Briefing Webinar
KTN
 
Horizon Europe Clean Energy Webinar - Cluster 5 Destination 3 | Pitches
Horizon Europe Clean Energy Webinar - Cluster 5 Destination 3 | PitchesHorizon Europe Clean Energy Webinar - Cluster 5 Destination 3 | Pitches
Horizon Europe Clean Energy Webinar - Cluster 5 Destination 3 | Pitches
KTN
 
Horizon Europe Clean Energy Webinar - Cluster 5 Destination 3 | Slides
Horizon Europe Clean Energy Webinar - Cluster 5 Destination 3 | SlidesHorizon Europe Clean Energy Webinar - Cluster 5 Destination 3 | Slides
Horizon Europe Clean Energy Webinar - Cluster 5 Destination 3 | Slides
KTN
 
Horizon Europe Quantum Webinar - Cluster 4 Destinations 4 and 5 | Slides
Horizon Europe Quantum Webinar - Cluster 4 Destinations 4 and 5 | SlidesHorizon Europe Quantum Webinar - Cluster 4 Destinations 4 and 5 | Slides
Horizon Europe Quantum Webinar - Cluster 4 Destinations 4 and 5 | Slides
KTN
 
Horizon Europe Quantum Webinar - Cluster 4 Destinations 4 and 5 | Pitches
Horizon Europe Quantum Webinar - Cluster 4 Destinations 4 and 5 | PitchesHorizon Europe Quantum Webinar - Cluster 4 Destinations 4 and 5 | Pitches
Horizon Europe Quantum Webinar - Cluster 4 Destinations 4 and 5 | Pitches
KTN
 
Farming Innovation Programme - Small R&D Partnership Projects - Consortia Bui...
Farming Innovation Programme - Small R&D Partnership Projects - Consortia Bui...Farming Innovation Programme - Small R&D Partnership Projects - Consortia Bui...
Farming Innovation Programme - Small R&D Partnership Projects - Consortia Bui...
KTN
 
Net Zero in Medicines Manufacturing: Measuring and Reporting Carbon Footprint
Net Zero in Medicines Manufacturing: Measuring and Reporting Carbon FootprintNet Zero in Medicines Manufacturing: Measuring and Reporting Carbon Footprint
Net Zero in Medicines Manufacturing: Measuring and Reporting Carbon Footprint
KTN
 
Horizon Europe Clean Transport Webinar - Cluster 5 Destination 5 | Pitches
Horizon Europe Clean Transport Webinar - Cluster 5 Destination 5 | PitchesHorizon Europe Clean Transport Webinar - Cluster 5 Destination 5 | Pitches
Horizon Europe Clean Transport Webinar - Cluster 5 Destination 5 | Pitches
KTN
 
Horizon Europe Clean Transport Webinar - Cluster 5 Destination 5 | Slides
Horizon Europe Clean Transport Webinar - Cluster 5 Destination 5 | SlidesHorizon Europe Clean Transport Webinar - Cluster 5 Destination 5 | Slides
Horizon Europe Clean Transport Webinar - Cluster 5 Destination 5 | Slides
KTN
 

More from KTN (20)

Building Talent for the Future 2 – Expression of Interest Briefing
Building Talent for the Future 2 – Expression of Interest BriefingBuilding Talent for the Future 2 – Expression of Interest Briefing
Building Talent for the Future 2 – Expression of Interest Briefing
 
Connected and Autonomous Vehicles Cohort Workshop
Connected and Autonomous Vehicles Cohort WorkshopConnected and Autonomous Vehicles Cohort Workshop
Connected and Autonomous Vehicles Cohort Workshop
 
Biodiversity and Food Production: The Future of the British Landscape
Biodiversity and Food Production: The Future of the British LandscapeBiodiversity and Food Production: The Future of the British Landscape
Biodiversity and Food Production: The Future of the British Landscape
 
Engage with...Performance Projects
Engage with...Performance ProjectsEngage with...Performance Projects
Engage with...Performance Projects
 
How to Create a Good Horizon Europe Proposal Webinar
How to Create a Good Horizon Europe Proposal WebinarHow to Create a Good Horizon Europe Proposal Webinar
How to Create a Good Horizon Europe Proposal Webinar
 
Horizon Europe Tackling Diseases and Antimicrobial Resistance (AMR) Webinar a...
Horizon Europe Tackling Diseases and Antimicrobial Resistance (AMR) Webinar a...Horizon Europe Tackling Diseases and Antimicrobial Resistance (AMR) Webinar a...
Horizon Europe Tackling Diseases and Antimicrobial Resistance (AMR) Webinar a...
 
Engage with...Custom Interconnect
Engage with...Custom InterconnectEngage with...Custom Interconnect
Engage with...Custom Interconnect
 
Engage with...ZF
Engage with...ZFEngage with...ZF
Engage with...ZF
 
Engage with...FluxSys
Engage with...FluxSysEngage with...FluxSys
Engage with...FluxSys
 
Made Smarter Innovation: Sustainable Smart Factory Competition Briefing
Made Smarter Innovation: Sustainable Smart Factory Competition BriefingMade Smarter Innovation: Sustainable Smart Factory Competition Briefing
Made Smarter Innovation: Sustainable Smart Factory Competition Briefing
 
Driving the Electric Revolution – PEMD Skills Hub
Driving the Electric Revolution – PEMD Skills HubDriving the Electric Revolution – PEMD Skills Hub
Driving the Electric Revolution – PEMD Skills Hub
 
Medicines Manufacturing Challenge EDI Survey Briefing Webinar
Medicines Manufacturing Challenge EDI Survey Briefing WebinarMedicines Manufacturing Challenge EDI Survey Briefing Webinar
Medicines Manufacturing Challenge EDI Survey Briefing Webinar
 
Horizon Europe Clean Energy Webinar - Cluster 5 Destination 3 | Pitches
Horizon Europe Clean Energy Webinar - Cluster 5 Destination 3 | PitchesHorizon Europe Clean Energy Webinar - Cluster 5 Destination 3 | Pitches
Horizon Europe Clean Energy Webinar - Cluster 5 Destination 3 | Pitches
 
Horizon Europe Clean Energy Webinar - Cluster 5 Destination 3 | Slides
Horizon Europe Clean Energy Webinar - Cluster 5 Destination 3 | SlidesHorizon Europe Clean Energy Webinar - Cluster 5 Destination 3 | Slides
Horizon Europe Clean Energy Webinar - Cluster 5 Destination 3 | Slides
 
Horizon Europe Quantum Webinar - Cluster 4 Destinations 4 and 5 | Slides
Horizon Europe Quantum Webinar - Cluster 4 Destinations 4 and 5 | SlidesHorizon Europe Quantum Webinar - Cluster 4 Destinations 4 and 5 | Slides
Horizon Europe Quantum Webinar - Cluster 4 Destinations 4 and 5 | Slides
 
Horizon Europe Quantum Webinar - Cluster 4 Destinations 4 and 5 | Pitches
Horizon Europe Quantum Webinar - Cluster 4 Destinations 4 and 5 | PitchesHorizon Europe Quantum Webinar - Cluster 4 Destinations 4 and 5 | Pitches
Horizon Europe Quantum Webinar - Cluster 4 Destinations 4 and 5 | Pitches
 
Farming Innovation Programme - Small R&D Partnership Projects - Consortia Bui...
Farming Innovation Programme - Small R&D Partnership Projects - Consortia Bui...Farming Innovation Programme - Small R&D Partnership Projects - Consortia Bui...
Farming Innovation Programme - Small R&D Partnership Projects - Consortia Bui...
 
Net Zero in Medicines Manufacturing: Measuring and Reporting Carbon Footprint
Net Zero in Medicines Manufacturing: Measuring and Reporting Carbon FootprintNet Zero in Medicines Manufacturing: Measuring and Reporting Carbon Footprint
Net Zero in Medicines Manufacturing: Measuring and Reporting Carbon Footprint
 
Horizon Europe Clean Transport Webinar - Cluster 5 Destination 5 | Pitches
Horizon Europe Clean Transport Webinar - Cluster 5 Destination 5 | PitchesHorizon Europe Clean Transport Webinar - Cluster 5 Destination 5 | Pitches
Horizon Europe Clean Transport Webinar - Cluster 5 Destination 5 | Pitches
 
Horizon Europe Clean Transport Webinar - Cluster 5 Destination 5 | Slides
Horizon Europe Clean Transport Webinar - Cluster 5 Destination 5 | SlidesHorizon Europe Clean Transport Webinar - Cluster 5 Destination 5 | Slides
Horizon Europe Clean Transport Webinar - Cluster 5 Destination 5 | Slides
 

Recently uploaded

一比一原版(KPU毕业证)加拿大昆特兰理工大学毕业证如何办理
一比一原版(KPU毕业证)加拿大昆特兰理工大学毕业证如何办理一比一原版(KPU毕业证)加拿大昆特兰理工大学毕业证如何办理
一比一原版(KPU毕业证)加拿大昆特兰理工大学毕业证如何办理
kmzsy4kn
 
一比一原版(Deakin毕业证书)澳洲迪肯大学毕业证文凭如何办理
一比一原版(Deakin毕业证书)澳洲迪肯大学毕业证文凭如何办理一比一原版(Deakin毕业证书)澳洲迪肯大学毕业证文凭如何办理
一比一原版(Deakin毕业证书)澳洲迪肯大学毕业证文凭如何办理
k4krdgxx
 
一比一原版澳洲科廷科技大学毕业证(Curtin毕业证)如何办理
一比一原版澳洲科廷科技大学毕业证(Curtin毕业证)如何办理一比一原版澳洲科廷科技大学毕业证(Curtin毕业证)如何办理
一比一原版澳洲科廷科技大学毕业证(Curtin毕业证)如何办理
bz42w9z0
 
一比一原版亚利桑那大学毕业证(UA毕业证书)如何办理
一比一原版亚利桑那大学毕业证(UA毕业证书)如何办理一比一原版亚利桑那大学毕业证(UA毕业证书)如何办理
一比一原版亚利桑那大学毕业证(UA毕业证书)如何办理
21uul8se
 
一比一原版布兰登大学毕业证(BU毕业证书)如何办理
一比一原版布兰登大学毕业证(BU毕业证书)如何办理一比一原版布兰登大学毕业证(BU毕业证书)如何办理
一比一原版布兰登大学毕业证(BU毕业证书)如何办理
wkip62b
 
一比一原版(USQ毕业证书)南昆士兰大学毕业证如何办理
一比一原版(USQ毕业证书)南昆士兰大学毕业证如何办理一比一原版(USQ毕业证书)南昆士兰大学毕业证如何办理
一比一原版(USQ毕业证书)南昆士兰大学毕业证如何办理
p74xokfq
 
一比一原版(ututaustin毕业证书)美国德克萨斯大学奥斯汀分校毕业证如何办理
一比一原版(ututaustin毕业证书)美国德克萨斯大学奥斯汀分校毕业证如何办理一比一原版(ututaustin毕业证书)美国德克萨斯大学奥斯汀分校毕业证如何办理
一比一原版(ututaustin毕业证书)美国德克萨斯大学奥斯汀分校毕业证如何办理
yqyquge
 
一比一原版(UoB毕业证)英国伯明翰大学毕业证如何办理
一比一原版(UoB毕业证)英国伯明翰大学毕业证如何办理一比一原版(UoB毕业证)英国伯明翰大学毕业证如何办理
一比一原版(UoB毕业证)英国伯明翰大学毕业证如何办理
zv943dhb
 
Practical eLearning Makeovers for Everyone
Practical eLearning Makeovers for EveryonePractical eLearning Makeovers for Everyone
Practical eLearning Makeovers for Everyone
Bianca Woods
 
一比一原版(CSU毕业证书)查尔斯特大学毕业证如何办理
一比一原版(CSU毕业证书)查尔斯特大学毕业证如何办理一比一原版(CSU毕业证书)查尔斯特大学毕业证如何办理
一比一原版(CSU毕业证书)查尔斯特大学毕业证如何办理
67n7f53
 
UXpert_Report (UALR Mapping Renewal 2022).pdf
UXpert_Report (UALR Mapping Renewal 2022).pdfUXpert_Report (UALR Mapping Renewal 2022).pdf
UXpert_Report (UALR Mapping Renewal 2022).pdf
anthonylin333
 
一比一原版(LSE毕业证书)伦敦政治经济学院毕业证如何办理
一比一原版(LSE毕业证书)伦敦政治经济学院毕业证如何办理一比一原版(LSE毕业证书)伦敦政治经济学院毕业证如何办理
一比一原版(LSE毕业证书)伦敦政治经济学院毕业证如何办理
340qn0m1
 
欧洲杯买球-欧洲杯买球买球网好的网站-欧洲杯买球哪里有正规的买球网站|【​网址​🎉ac123.net🎉​】
欧洲杯买球-欧洲杯买球买球网好的网站-欧洲杯买球哪里有正规的买球网站|【​网址​🎉ac123.net🎉​】欧洲杯买球-欧洲杯买球买球网好的网站-欧洲杯买球哪里有正规的买球网站|【​网址​🎉ac123.net🎉​】
欧洲杯买球-欧洲杯买球买球网好的网站-欧洲杯买球哪里有正规的买球网站|【​网址​🎉ac123.net🎉​】
jafiradnan336
 
Introduction to User experience design for beginner
Introduction to User experience design for beginnerIntroduction to User experience design for beginner
Introduction to User experience design for beginner
ellemjani
 
一比一原版(UW毕业证书)华盛顿大学毕业证如何办理
一比一原版(UW毕业证书)华盛顿大学毕业证如何办理一比一原版(UW毕业证书)华盛顿大学毕业证如何办理
一比一原版(UW毕业证书)华盛顿大学毕业证如何办理
i990go7o
 
Best Digital Marketing Strategy Build Your Online Presence 2024.pptx
Best Digital Marketing Strategy Build  Your Online Presence 2024.pptxBest Digital Marketing Strategy Build  Your Online Presence 2024.pptx
Best Digital Marketing Strategy Build Your Online Presence 2024.pptx
pavankumarpayexelsol
 
一比一原版(爱大毕业证)美国爱荷华大学毕业证如何办理
一比一原版(爱大毕业证)美国爱荷华大学毕业证如何办理一比一原版(爱大毕业证)美国爱荷华大学毕业证如何办理
一比一原版(爱大毕业证)美国爱荷华大学毕业证如何办理
ynrtjotp
 
一比一原版(Brunel毕业证)英国布鲁内尔大学毕业证如何办理
一比一原版(Brunel毕业证)英国布鲁内尔大学毕业证如何办理一比一原版(Brunel毕业证)英国布鲁内尔大学毕业证如何办理
一比一原版(Brunel毕业证)英国布鲁内尔大学毕业证如何办理
ka3y2ukz
 
一比一原版(UWS毕业证)澳洲西悉尼大学毕业证如何办理
一比一原版(UWS毕业证)澳洲西悉尼大学毕业证如何办理一比一原版(UWS毕业证)澳洲西悉尼大学毕业证如何办理
一比一原版(UWS毕业证)澳洲西悉尼大学毕业证如何办理
t34zod9l
 
一比一原版(ECU毕业证)澳洲埃迪斯科文大学毕业证如何办理
一比一原版(ECU毕业证)澳洲埃迪斯科文大学毕业证如何办理一比一原版(ECU毕业证)澳洲埃迪斯科文大学毕业证如何办理
一比一原版(ECU毕业证)澳洲埃迪斯科文大学毕业证如何办理
kohd1ci2
 

Recently uploaded (20)

一比一原版(KPU毕业证)加拿大昆特兰理工大学毕业证如何办理
一比一原版(KPU毕业证)加拿大昆特兰理工大学毕业证如何办理一比一原版(KPU毕业证)加拿大昆特兰理工大学毕业证如何办理
一比一原版(KPU毕业证)加拿大昆特兰理工大学毕业证如何办理
 
一比一原版(Deakin毕业证书)澳洲迪肯大学毕业证文凭如何办理
一比一原版(Deakin毕业证书)澳洲迪肯大学毕业证文凭如何办理一比一原版(Deakin毕业证书)澳洲迪肯大学毕业证文凭如何办理
一比一原版(Deakin毕业证书)澳洲迪肯大学毕业证文凭如何办理
 
一比一原版澳洲科廷科技大学毕业证(Curtin毕业证)如何办理
一比一原版澳洲科廷科技大学毕业证(Curtin毕业证)如何办理一比一原版澳洲科廷科技大学毕业证(Curtin毕业证)如何办理
一比一原版澳洲科廷科技大学毕业证(Curtin毕业证)如何办理
 
一比一原版亚利桑那大学毕业证(UA毕业证书)如何办理
一比一原版亚利桑那大学毕业证(UA毕业证书)如何办理一比一原版亚利桑那大学毕业证(UA毕业证书)如何办理
一比一原版亚利桑那大学毕业证(UA毕业证书)如何办理
 
一比一原版布兰登大学毕业证(BU毕业证书)如何办理
一比一原版布兰登大学毕业证(BU毕业证书)如何办理一比一原版布兰登大学毕业证(BU毕业证书)如何办理
一比一原版布兰登大学毕业证(BU毕业证书)如何办理
 
一比一原版(USQ毕业证书)南昆士兰大学毕业证如何办理
一比一原版(USQ毕业证书)南昆士兰大学毕业证如何办理一比一原版(USQ毕业证书)南昆士兰大学毕业证如何办理
一比一原版(USQ毕业证书)南昆士兰大学毕业证如何办理
 
一比一原版(ututaustin毕业证书)美国德克萨斯大学奥斯汀分校毕业证如何办理
一比一原版(ututaustin毕业证书)美国德克萨斯大学奥斯汀分校毕业证如何办理一比一原版(ututaustin毕业证书)美国德克萨斯大学奥斯汀分校毕业证如何办理
一比一原版(ututaustin毕业证书)美国德克萨斯大学奥斯汀分校毕业证如何办理
 
一比一原版(UoB毕业证)英国伯明翰大学毕业证如何办理
一比一原版(UoB毕业证)英国伯明翰大学毕业证如何办理一比一原版(UoB毕业证)英国伯明翰大学毕业证如何办理
一比一原版(UoB毕业证)英国伯明翰大学毕业证如何办理
 
Practical eLearning Makeovers for Everyone
Practical eLearning Makeovers for EveryonePractical eLearning Makeovers for Everyone
Practical eLearning Makeovers for Everyone
 
一比一原版(CSU毕业证书)查尔斯特大学毕业证如何办理
一比一原版(CSU毕业证书)查尔斯特大学毕业证如何办理一比一原版(CSU毕业证书)查尔斯特大学毕业证如何办理
一比一原版(CSU毕业证书)查尔斯特大学毕业证如何办理
 
UXpert_Report (UALR Mapping Renewal 2022).pdf
UXpert_Report (UALR Mapping Renewal 2022).pdfUXpert_Report (UALR Mapping Renewal 2022).pdf
UXpert_Report (UALR Mapping Renewal 2022).pdf
 
一比一原版(LSE毕业证书)伦敦政治经济学院毕业证如何办理
一比一原版(LSE毕业证书)伦敦政治经济学院毕业证如何办理一比一原版(LSE毕业证书)伦敦政治经济学院毕业证如何办理
一比一原版(LSE毕业证书)伦敦政治经济学院毕业证如何办理
 
欧洲杯买球-欧洲杯买球买球网好的网站-欧洲杯买球哪里有正规的买球网站|【​网址​🎉ac123.net🎉​】
欧洲杯买球-欧洲杯买球买球网好的网站-欧洲杯买球哪里有正规的买球网站|【​网址​🎉ac123.net🎉​】欧洲杯买球-欧洲杯买球买球网好的网站-欧洲杯买球哪里有正规的买球网站|【​网址​🎉ac123.net🎉​】
欧洲杯买球-欧洲杯买球买球网好的网站-欧洲杯买球哪里有正规的买球网站|【​网址​🎉ac123.net🎉​】
 
Introduction to User experience design for beginner
Introduction to User experience design for beginnerIntroduction to User experience design for beginner
Introduction to User experience design for beginner
 
一比一原版(UW毕业证书)华盛顿大学毕业证如何办理
一比一原版(UW毕业证书)华盛顿大学毕业证如何办理一比一原版(UW毕业证书)华盛顿大学毕业证如何办理
一比一原版(UW毕业证书)华盛顿大学毕业证如何办理
 
Best Digital Marketing Strategy Build Your Online Presence 2024.pptx
Best Digital Marketing Strategy Build  Your Online Presence 2024.pptxBest Digital Marketing Strategy Build  Your Online Presence 2024.pptx
Best Digital Marketing Strategy Build Your Online Presence 2024.pptx
 
一比一原版(爱大毕业证)美国爱荷华大学毕业证如何办理
一比一原版(爱大毕业证)美国爱荷华大学毕业证如何办理一比一原版(爱大毕业证)美国爱荷华大学毕业证如何办理
一比一原版(爱大毕业证)美国爱荷华大学毕业证如何办理
 
一比一原版(Brunel毕业证)英国布鲁内尔大学毕业证如何办理
一比一原版(Brunel毕业证)英国布鲁内尔大学毕业证如何办理一比一原版(Brunel毕业证)英国布鲁内尔大学毕业证如何办理
一比一原版(Brunel毕业证)英国布鲁内尔大学毕业证如何办理
 
一比一原版(UWS毕业证)澳洲西悉尼大学毕业证如何办理
一比一原版(UWS毕业证)澳洲西悉尼大学毕业证如何办理一比一原版(UWS毕业证)澳洲西悉尼大学毕业证如何办理
一比一原版(UWS毕业证)澳洲西悉尼大学毕业证如何办理
 
一比一原版(ECU毕业证)澳洲埃迪斯科文大学毕业证如何办理
一比一原版(ECU毕业证)澳洲埃迪斯科文大学毕业证如何办理一比一原版(ECU毕业证)澳洲埃迪斯科文大学毕业证如何办理
一比一原版(ECU毕业证)澳洲埃迪斯科文大学毕业证如何办理
 

Digital Security by Design: Technology Platform - Richard Grisenthwaite, ARM

  • 1. Digital Security by Design Richard Grisenthwaite SVP Chief Architect and Fellow Richard.Grisenthwaite@arm.com
  • 2. 2 2019 Arm Limited Security is the greatest challenge computing needs to address to meet its full potential
  • 3. 3 2019 Arm Limited New Architecture motivated by Security features • “Architecture” meaning CPU “Instruction Set Architecture” • Arm runs an incremental update process for the architecture • Security is one of the stronger motivations for incremental architectural improvements: • Privileged Access Never • Hypervisor applied Execute-Never • Pointer Authentication • Branch Target Identification • Introduction of Secure EL2 • Memory Tagging Extensions • These changes are incremental improvements to the architecture • Easy to deploy, small scale point improvements
  • 4. 4 2019 Arm Limited Going beyond incremental improvements Incremental improvements Getting to a “New level” Better Time
  • 5. 5 2019 Arm Limited CHERI architecture in one slide • CPU architecture adds 128-bit “capabilities” plus a memory tagging bit • Capability contains the address, bounds information, permission information etc • The memory tagging bit is metadata that distinguishes a capability from normal data  This memory tagging bit prevents “forging” of a capability  This functionality gives strong provenance of capabilities • Architecture has the ability to “seal” capabilities as well as part of compartmentalisation • Loads/stores using capabilities as addresses are checked to be legal • Within address range and matching the supplied permissions • Data processing on capabilities has rules to limit operations • Bounds cannot be arbitrarily increased, permissions cannot be relaxed etc • Capability is used in place of a normal pointer in some or all situations • Exactly how when this happens is part of the software usage case • Simply replacing all pointers with capabilities gives scope for strong spatial memory protection  But clearly is an ABI change and increases cache pressure
  • 6. 6 2019 Arm Limited Why is Arm interested in the CHERI architecture • Arm has been working with UoCambridge on CHERI for some 4-5 years • Big step to addressing security based on strong fundamental principles • Addresses spatial memory safety robustly and some ideas for temporal safety • Memory safety issues reported to be involved with ~70% of vulnerabilities (Matt Miller, BlueHat IL, 2019) • Has scope to be the foundation of a new mechanism for compartmentalisation • Potentially far cheaper than using translation tables • Interesting scope to address temporal safety issues as well as spatial ones…. • Many of the Arm software vendors are similarly interested in the possibilities of CHERI • Microsoft, Google and others have expressed strong interest in exploring the concept… • … but lots of questions about the real-world performance costs and usage models • …understanding the intended usage models is important to refine the architectural features • But is a novel thing to do with additional costs to the system and software • Adding a 129th tag bit has a lot of impacts to the memory system • it is an ABI change, so non-trivial costs for compatibility for some uses
  • 7. 7 2019 Arm Limited Performance effects of CHERI ? • Spatial memory safety involves replacing some/all of the pointer with capabilities • 128-bit items in place of 64-bit items hits the effective cache size to an unknown degree • Are all pointers replaced by capabilities or just some of them (esp for Java/Javascript) • How are the tags held in memory? • 129th bit (similar to ECC) or by carving out a separate area of memory • Do I need a tag-cache to hold the tag bits, is it hierarchical, what size is it etc etc • What is the performance implications for using CHERI for compartmentalisation? • Can I measure the improved performance from doing this vs (ab)using the process model • If I have more lightweight compartmentalisation, how do I segment my software efficiently – What is the performance effects of doing this? • What is the performance cost of using CHERI for temporal memory safety? • How do any of these benefits compare for real performance vs today’s established ways • Is the benefit worth the effort?
  • 8. 8 2019 Arm Limited Challenges with creating substantially new architecture New Hardware New Software Models Required to justify Required to develop
  • 9. 9 2019 Arm Limited IP Position • Today’s CPU architectures have largely the same basic functionality • “Similar but different” approaches to most aspects of system architecture • Small scale optimisations exist • This position very beneficial for the porting of system software • Anything that fundamentally changes the system software architecture is likely to be ignored • Arm believes that this reality needs to continue with capabilities • Implication is that we’d like the world’s leading architectures to adopt capabilities • The Digital Security by Design program
  • 10. 10 2019 Arm Limited The Morello Board • An Industrial Demonstrator of a Capability architecture • Uses a prototype capability extension to the Arm Architecture • Prototype is a “superset” of what could be adopted into the Arm architecture • Use of a superset of the architecture is very unusual • Also unrealistic as a commercial product – there will be some frequency effects • However, there are tight timescales so architecture is nearly complete now • The superset of the architecture will allow a lot of software experimentation • Various different mechanisms for compartmentalisation • Collection of features for which the justification is unclear • Techniques for holding the capability tag bit • Architecture will have formally proved security properties (with UoC and UoE) • Morello Board will be the ONLY physical implementation of this prototype architecture • Learnings from these experiments will be adopted into a mainstream extension to the Arm architecture • NO COMMITMENT TO FULL BINARY COMPATIBILITY TO THE PROTOTYPE ARCHITECTURE – But successful concepts are expected to be carried forward into the architecture and can be reused there
  • 11. 11 2019 Arm Limited Morello Board overview (subject to change) • Quad core bespoke high-end CPU with prototype capability extensions • Backwards compatibility with v8.2 AArch64-only • Based on Neoverse N1 core – Multi-issue out-of-order superscalar core with 3 levels of cache • Build in 7nm process • Targeting clock frequency around 2GHz • Reasonable performance GPU and Display controller • Standard Mali architecture core – not extended with capability • Supports Android • PCIe and CCIx interfaces including to FPGA based accelerators • FPGA for peripheral expansion • SBSA compliant system • 16GB of System Memory (expandable to 32GB – tbc)
  • 12. 12 2019 Arm Limited Morello SoC (WIP) • Display processor • Single display output • Digital 8:8:8 RGB Output • UXGA60 : 1600 x 1200 • Mid-range GPU • Single shader • 256KByte L2 • SODIMM DDR4 3200 x2 (72pin) • 51.2 GBytes/s • Modifications to ECC to store capability bit • SCP & MCP System control including boot • High-end PCIe configuration • x16 PCIe CCIX enabled • x16 PCIe IO • Can’t carry capability tags • Thin Links to FPGA • Facilitates a broader set of IO not contained within the SoC itself • Quad Arm core with capabilities • L1/L2 cache modifications to proliferate capability bit
  • 13. 13 2019 Arm Limited Software and Tools on Morello Platform • Initial toolchain development is focussed on the LLVM toolchain (including LLDB) • GNU tools being developed as a secondary activity • Initial OS focus is FreeBSD (developed with UoCambridge), Android • Secondary focus: Windows PE, Yocto (Linux Distribution for IoT) , • Tertiary focus: Debian, RedHat Fedora, SuSE Tumbleweed,
  • 14. 14 2019 Arm Limited Timescales • September 2020: • Virtual Platform Model of Morello board (behavioural software model) • Architecture Specification of the CPU architecture used in the Morello board – This will include XML and Pseudo-code to allow formal proofs and other auto-generated collateral • September 2021 • Morello boards made available with initial software and toolchains
  • 15. 15 2019 Arm Limited What do we want to get from this… • Answers to the performance questions for a wide range of different usage models • Compelling examples of Capabilities offering a security/performance improvements • Backed up by “Red-teams” having attacked the system and demonstrated security of the system • Compelling in comparison with existing deployed state of the art approaches • Understanding of how different languages and run-times can use capabilities • Not just C and C++, but also Javascript, Java • Far better understanding of how fine-grained compartmentalisation can be used • A showcase to encourage other architectures to adopt capabilities • Experience of what the right SoC hardware is for building capabilities • An architectural approach with formally proven security properties => What to put into the Arm architecture to give Digital Security by Design.

Editor's Notes

  1. Everyone can get behind incremental improvements – this conference Really successful companies can be really great at incremental improvements “Innovator’s dilemma” Passion for progress says we need to embrace more disruptive change too IPG re-org
  2. <don’t do the detail >