Oxford e-Research Centre Project Shows the Way to a Secure Digital Future

At times, it can seem that cybersecurity is never out of the news. There is always some fresh story about a data breach, a hacked website, or a malware infection hitting a major company or organisation. These attacks can have devastating consequences, like crippling a vital service or exposing people's personal data to criminals, and there is often a high financial cost as well.

Over the last forty years, digital technology has permeated life in the UK and many other countries. This has brought a wealth of new possibilities to our lives, but these possibilities bring with them a vulnerability to attack by malicious hackers. Despite decades of effort towards more secure systems and many hard-won lessons, the threat from cyberattacks remains a constant feature of our digital lives.

One explanation for the weakness of our technology against attack is that digital security is difficult to get right, and easy to neglect. Making a system secure requires expertise and time, things which the companies who are building our digital world often lack in the rush to get new ideas into production while keeping costs down. Natural commercial pressures can often be exactly opposed to good security.

But CHERI, a new technology developed in the UK, holds out the promise of a future where systems are inherently less prone to some of the weaknesses which can be an open door to malware and hackers. These weaknesses are caused by memory access bugs, a broad class of software bugs which arise from incorrect management of a computer's memory. One frequently neglected and especially effort-consuming aspect of digital security is combing through software source code to root out this kind of bug.

CHERI (Capability Hardware Enhanced Reduced Instructions) is an enhancement to current computer processor designs which adds low-level protections against memory access bugs. When software runs on a CHERI-enabled processor, access to the computer's memory can be subject to much tighter controls than with traditional processors. This ensures that any memory access bugs which might be present in the software cannot be exploited by malware or hackers.

Oxford e-Research Centre has recently completed a UKRI-funded research project, in partnership with Newbury-based digital security company CyberHive, to explore the application of CHERI to real-world use cases in different sectors. Our work formed part of the national Digital Security by Design programme, which has connected academia with industry to allow ideas from cutting-edge research to flow into industrial practice.

We have made use of ARM's prototype Morello machines, which integrates CHERI with the existing ARM processor design, to create a collection of technology demonstrators which show how CHERI can protect against cyberattacks in diverse settings, including a building full of smart devices, a battery energy storage facility, a hospital MRI unit, an electric vehicle charging station, and a gaming arcade. These demonstrators have also featured enhanced network security by integrating CyberHive's Connect mesh VPN system.

The project has engaged with potential users of CHERI and produced a number of outputs to allow the dissemination of our work for the benefit of everyone who needs to think about digital security. Our engagement with industrial partners to plan our demonstrators has raised awareness of the potential of CHERI to solve real-world problems. Our demonstrators were exhibited at CYBERUK 2024 in Birmingham and UK’s Digital Security by Design Showcase 2025 in London, generating engagement and interest in CHERI. We are in the process of publishing two articles in academic journals, which will share technical details of our work. All of the code from our demonstrators, together with instructions on how to use it, has been made available under a permissive license for anyone to use.

Our work to spread awareness of CHERI should contribute to the creation of commercial demand for CHERI-enabled hardware, which will give chip manufacturers the confidence to invest the substantial capital needed to bring a new chip technology to market. This will guarantee the future of CHERI, unlocking the possibility of a world where the threat from cyberattacks is permanently reduced.

Article by Oxford e-Research Centre researchers Reuben Green, Professor David Wallom and Tolga Yilmaz