Google among big-hitters to join Cambridge’s CHERI Alliance on launch

14 Nov, 2024
Newsdesk
Google and other global big-hitters have joined the Cambridge-steered CHERI Alliance CIC (Community Interest Company) on its official launch. The initiative is designed to combat cyber security threats at hardware level.
Thumbnail
Dr. Robert N. M. Watson, Director of the CHERI Alliance. Courtesy – University of Cambridge.

Founding members include global commercial, research and open-source organisations and several UK universities and government entities. A Taiwan tech corporation, The National Cyber Security Centre (part of GCHQ) and heavyweights from the US and UK have bolstered the effort.

Among the extended membership, the body has welcomed Chevin Technology (UK), Critical Technologies (USA), the Defence Science and Technology Laboratory (DSTL, UK), Google (USA), Light Momentum Technology Corporation (Taiwan), National Cyber Security Centre (NCSC, a part of GCHQ, UK), Parvat Infotech (India), SRI International (USA), TechWorks (UK), Trusted Computer Center of Excellence (USA), the University of Birmingham (UK), and the University of Glasgow (UK) as founding members.

Founded to unite hardware security leaders and system developers, the CHERI Alliance aims to establish CHERI (Capability Hardware Enhanced RISC Instructions) as the new standard for memory safety and scalable software compartmentalisation.

Previously announced founding members include Capabilities Limited, Codasip, CyNam, the FreeBSD Foundation, lowRISC, OpenHW Group, SCI Semiconductor, Swansea University, and the University of Cambridge.

Following its initial formation in June, the new additions reinforce the collaborative effort to protect against memory-related vulnerabilities – a critical security challenge that constitutes approximately 70 per cent of the vulnerabilities exploited in cyberattacks.

“Expanding our membership signals growing recognition of CHERI's transformative potential,” said Dr. Robert N. M. Watson, Professor, University of Cambridge, Director of the CHERI Alliance, and Director of Capabilities Limited.

“After more than a decade of development, it's rewarding to see the CHERI community grow as new members bring their innovation and commitment to the Alliance. We are now well-positioned to advance our mission of delivering scalable, hardware-based security solutions that address critical vulnerabilities.”

UK Minister for AI and Digital Government Feryal Clark added: “Digital and online security is a fundamental part of our duty as a government to keep the British public, our vital services, and our critical national infrastructure safe.

“CHERI is a fantastic example of how brilliant British ingenuity is rising to that challenge, focusing on shoring up our defences in areas which are so often a target for would-be cyber attackers.

“It’s great to see our national security community and some of the leading lights in tech backing this work – ensuring a joined-up approach which will keep our digital economy and the services we rely on daily safe, secure, and alert to the growing range of online threats that we face.”

CHERI technology, developed starting in 2010 through a collaboration between the University of Cambridge and SRI International, offers robust protection against memory safety issues such as buffer overflows and heap use-after-free vulnerabilities.

The technology's ability to enable high-performance, scalable compartmentalisation significantly reduces the risk of both known and future unknown vulnerabilities.

With a broader range of companies, open-source organisations, and research institutions on board, the CHERI Alliance is poised to strengthen its efforts in standardisation, technical alignment and educational outreach to promote CHERI’s adoption as an industry-standard security measure.

Ben Laurie, Lead Security Researcher at Google, commented: “Google's interest in CHERI stems from our unwavering commitment to security and privacy.

“We recognise the potential of CHERI in significantly enhancing system security by mitigating common software vulnerabilities. CHERI offers fine-grained compartmentalisation, which isolates sensitive data into secure compartments, and deterministic memory safety.

“In security-critical systems that handle sensitive information and personal data, such as those found in generative AI applications, CHERI helps protect against breaches and ensures robust protection against malicious attacks.”

• The CHERI Alliance welcomes applications from forward-thinking companies looking to shape the future of cybersecurity. Interested companies can apply via the CHERI Alliance website.

lowRISC and SCI Semiconductor on song as Sonata transforms open source design