— Open Source Hardware User Group

Event #59 — CHERI CPU, Adding Security to Compilers, Trust & Provenance in Open Data

On the 27 July 2017, 18:00 - 21:00 at BCS London, 1st Floor, The Davidson Building, 5 Southampton Street, London, WC2E 7HA, [map] (51.510812, -0.121733)

Please register to attend and share on Lanyrd.

After a brief hiatus we return this month for an evening of talks on the topics of trust and provenance in Open Data at GDS, adding security to compilers (LADA project and SECURE project), extending a RISC ISA to add capability enhancements for improved security (CHERI project).

Trust and provenance in Open Data

gov.uk Registers are Authoratitive Lists of Open Data that you can trust. Each Register is the most reliable list of its kind. For example, the Foreign and Commonwealth Office's Country Register is the most accurate and up-to-date list of countries available. In this talk, Michaela and Andy will explain how the Government Digital Service has designed Registers to use a combination of social and cryptographic techniques and processes in order to make Registers trusted, verifiable and secure.

Michaela Benyohai graduated in 2010 with a degree in Engineering Mathematics and spent 5 years at the Royal Bank of Scotland building low latency, aggregation engines and UIs. Keen for a new challenge and excited about the more meaningful projects in government technology, she moved to the Government Digital Service in early 2016. She is currently leading GDS' work on Registers, hoping to transform the way that government shares and accesses its data.

Andy Bennett after graduating from Imperial College with a degree in Electronic & Electrical Engineering joined Access Devices Digital Limited where he designed software and FPGAs for the UK's first Dual Tuner Personal Video Recorders. He continued working on Advanced Product Development at Pace Micro Technology before leaving to build distributed database engines at GenieDB. In 2011 he founded Knodium where he applied his finely honed ability to produce software on a shoestring. Andy is a Technologist that likes to inhabit the void between hardware and the software that runs on it. In his spare time he likes to embark on ambitious projects from scratch: in between prototyping designs for his own handheld computer, digital watch and bluetooth headset, he's currently building a two wheeled, actively balanced, robot.

Adding security to compilers

Information leakage via side channels is a widely recognised threat to cyber security. In particular small devices are known to leak information through physical channels, i.e. power consumption, electromagnetic radiation, and timing behaviour. Serveral implementation techniques and countermeasures are arising nowadays against this kind of threaths, but still only fully equipped testing labs with skilled people can afford to test new implementations against leakage attacks. We will focus on the information leakage due to timing behaviour and the possibility of 'cache-based' timing attacks. Then we will discuss about my work in the context of two projects (LADA project and SECURE project) which aim at bringing the skill of a testing lab to the desk of a developer of standard consumer devices, without the need for domain specific knowledge through the development of open source compilers.

Paolo Savini is an Intern Compiler Engineer at Embecosm Ltd working on the SECURE Project, where he is helping to bring the next generation of secure programming techniques to open source compilers. Prior to joining Embecosm he cooperated with the LADA project at the University of Bristol in order to explore the possility of creating compiler tools to help improve implementation of cryptography. Paolo is currently graduating at the University of Pavia (Italy), where he achieved a Bachelor degree in Electronic and Computer Engineering.

The CHERI CPU: Hardware-software co-design for security

This talk will introduce the CHERI CPU and associated C/C++ compiler stack. Various design decisions in the project were made based on the needs of programming languages to support real-world code and the requirements of hardware implementation. The C specification is intentionally vague and it would be very easy to create a conforming implementation of the language if this were the only requirement, but a C environment is only as good as the code that it runs. In the CHERI project, we have investigated a number of common C idioms and ensured that these can be supported by our hardware, while simultaneously allowing fine-grained memory safety and coarser-grained compartmentalisation of C programs.

David Chisnall is a Senior Research Associate at the University of Cambridge. His primary research interest is safe interoperability between programming languages. Most recently, he has been working on this in the context of the CHERI project, creating an implementation of the C programming language that can be used safely in the same process as languages with stricter safety guarantees. He presented a case study of this, allowing Java and C code to coexist in the same process without violating any of the JVM's safety and security guarantees at ASPLOS earlier this year. David is an active open source contributor, having been an LLVM committer since 2008, a member of the FreeBSD Core Team for two successive terms, and the author / maintainer of widely deployed Objective-C and C++ runtime libraries.

Note: Please aim to arrive by 18:15 as the event will start at 18:30 prompt.

To add your photographs to ones shown here, upload them to Flickr with the tag "oshug:event=59". You might also like to join the OSHUG Flickr Pool.