March 26, 2024 at 06:23AM
The Beacon Awards recognized projects focusing on safer software for CHERI-enabled hardware and CheriBSD. The awards were part of the FreeBSD Foundation and UK government’s Digital Security by Design initiative. Winners included Mojo JVM, Intravisor, and Capabilities Limited for their work in memory-secure Java runtime, virtualization host, and refactoring web services software to CheriBSD.
Key takeaways from the meeting notes:
1. The inaugural Beacon Awards recognized projects focused on safer software for CHERI-enabled hardware running on the CheriBSD operating system. CHERI stands for Capability Hardware Enhanced RISC Instructions.
2. The Beacon Awards is a new initiative from the FreeBSD Foundation, in partnership with the UK government’s Digital Security by Design program, to reward efforts in creating safer software.
3. The Digital Security by Design initiative, in place for around six years, funds multiple security R&D projects. Arm received funding of £36 million at the recent awards, following their involvement in early 2019.
4. The FreeBSD project has been involved in this space, with notable achievements including getting the KDE stack running and highlighting the CHERI architecture.
5. The grand prize winners included the Mojo JVM, a memory-secure Java runtime, and Intravisor, a new virtualization host for cloud software running on CHERI-enabled hardware. Another prize went to Capabilities Limited for refactoring 1.7 million lines of C++ web services software to CheriBSD on Morello.
6. Honorable mentions were given to research projects by the University of Glasgow, including Morello Micropython and adapting the Boehm garbage collector to CHERI.
7. CHERI research aims to restore security features to existing systems running current software, with minimal modifications, in order to provide robust protection against vulnerabilities and exploits.
8. CHERI’s success could lead to hardware and software that are slower but more immune to software vulnerabilities and exploits, offering a potential solution to the performance impact of current security features in Linux.