1.
ISCF Digital Security by Design (DSbD)
Creating a Step-Change in Cyber Security
DSbD Business-led Demonstrators - Phase 1 EOI
Competition briefing event, 9th March 2021
Prof. John Goodacre - DSbD Challenge Director

2.
Cyber-vulnerability footprint
▪ Cybersecurity is focused on configuration management best
practices, monitoring and patching of software
▪ Major software manufacturers write more software to enable
more secure services and applications
▪ But still, a single software vulnerability can open the entire
system to attack and loss of data
▪ ~70% of all declared computer vulnerabilities related how the
central processing unit lets software accesses memory
▪ This weakness in digital systems has been known about, with
solutions researched, since the 1970’s
▪ ISCF wave3 (2019) fund of £70M (£180M industry co-
investment) is supporting the industry defined challenge
to overcome the market failures that has stopped this being
fixed
▪ DSbD programme is realising a “secured by design” solution
which can block the negative effects of such vulnerabilities
Current situation
Hardware
Firmware
Software
Services
Applications
Configuration
The entire digital economy and infrastructure
are balanced on a fundamentally insecure architecture
Central Processing Unit
Memory access architecture
~1
~3
100’s
1000’s
100k’s
1M’s
Users
1B’s
The Cyber Pyramid

3.
ISCF DSbD Challenge Vision
By 2025, the ISCF Digital Security by Design challenge
aims to overcome the market failures and radically
update the foundation of the insecure digital computing
infrastructure that underpins the entire economy. A new
and secure computer hardware approach, proven in at least
two major industrial markets, will protect against at least half
of known and associated future technological vulnerabilities
Working up for the first time from the central hardware of a digital device

4.
Approach: Cross-Cutting Activities
Enabling Technology
Prototype Platform
Deliver a proven secure-by-default
hardware evaluation board and
system software
Technology Sector
Collaborative R&D
To enable market use, tooling and
processes to utilise the new security
capabilities; ecosystem enablement
Industry Sector
Business-led Demonstrators
Sector defined application e.g., IoT
scenario, autonomous vehicles,
financial services that showcase
impact and move the accepted norm
£9m
£49.8m £11.2m
1. Enablers 2. Users 3. Impacted

5.
What is the
Technology Prototype
Platform?
• Deliverable of Arm led consortium
• Linaro
• University of Cambridge
• University of Edinburgh
• Available for research and
innovation projects
• Virtual platform model also
now available from Arm
Ecosystem FVP

6.
EPSRC Competition
• £10M Academic Research funding
• £7M from ISCF/DSbD
• £3m from DCMS
• Building long-term skills and thought
leadership
• The EPSRC call covered 3 areas:
• Capability enabled hardware proof
and software verification
• Impact on system software and
libraries
• Future implications of capability
enabled Hardware
AppControl: Enforcing Application Behaviour through Type-Based Constraints
Dr Wim Vanderbauwhede (University of Glasgow)
CapableVMs
Dr Laurence Tratt (King’s College London) & Dr Jeremy Singer (University of Glasgow)
CAPcelerate: Capabilities for Heterogeneous Accelerators
Dr Timothy Jones (University of Cambridge)
CapC: Capability C semantics, tools and reasoning
Dr Mark Batty (University of Kent)
CAP-TEE: Capability Architectures for Trusted Execution
Dr David Oswald (University of Birmingham)
CHaOS: CHERI for Hypervisors and Operating Systems
Dr Robert Watson (University of Cambridge)
CloudCAP: Capability-based Isolation for Cloud-Native Applications
Prof Peter Pietzuch (Imperial College London)
HD-Sec: Holistic Design of Secure Systems on Capability Hardware
Professor Michael Butler (University of Southampton)
SCorCH: Secure Code for Capability Hardware
Dr Giles Reger (The University of Manchester)
Prof Daniel Kroening (University of Oxford)
Selected Projects

7.
ESRC
Competition –
Social Science Hub+
• Challenge Activities:
• Hub+: Acting as a hub-and-
spoke network brokerage,
develop agile,
multidisciplinary networks
between activities and
stakeholders
• Devolved Small Project
Research Budget: Started
funding commercially-
focused social science
research on barriers to
adoption
• The Hub+ is expected to develop a
multidisciplinary network of academics
and stakeholders
• It seeks to understand the behavioural
and adoption challenges in digital
security, to investigate what it means to
be secure and the commercial challenges
of moving beyond the current security
paradigms.
• Funding: £3.5 million
• https://www.discribehub.org
Digital Security is more
than just technology
• Routes to adoption:
readiness levels
• Routes to adoption:
barriers for business
• Regulatory challenges:
barriers and enablers
• Social, Cultural and
Commercial sector
differences

8.
Development
of the DSbD
Software
Ecosystem
• Objective: Expand beyond the enabling Technology
Platform software ecosystem and fund several
additional technology sector projects to investigate
and further enable DSbD technologies across
developer environments, tools, OS, runtimes,
frameworks and libraries.
• De minimis Competition closed 13th Jan 2021
• Apx 10 single-SME projects to be announced
soon focused on design investigations
• Expected to be followed by a Collaborative
R&D Competition in Q4 2021
• Focused on design implementation

9.
Business-led
Demonstrator
Activities
• Objective: To develop demonstrators showcasing the
use, adoption and impact of DSbD technologies
within an industry sector
• First Call (up to £5.8 million): Demonstrator with
additional technology ingredient
• Project in eCommerce (THG) commenced in Jan
2021
• Second Call (up to £6 million):
Expression of Interest is open until
26th May 2021

10.
Development
of the DSbD
Software
Ecosystem
Objective: Expand beyond the
enabling Technology Platform
software ecosystem and fund
several additional technology sector
projects to investigate and further
enable DSbD technologies across
developer environments, tools, OS,
runtimes, frameworks and libraries
• De minimis Competition closed 13th Jan 2021
• 10 single-SME projects focused on design investigation
• A feasibility study of a data security software product adopting Digital
Security by Design (DSbD) technology:
ANZEN Technology Systems Limited, London
• A TEE-aware compartmentalisation framework based on DSbD:
Verifoxx, London
• Assessing the viability of an open source DSbD desktop software
ecosystem:
Capabilities Limited, Carmarthenshire, Wales
• CHERI standards compliance (CHERI Stone):
DRISQ Ltd, Worcestershire
• Data path development kit:
Pytilia Limited, Northern Ireland
• Multi-compartment computation protocol based on DSbD:
MindHug LTD, Stowmarket, Suffolk.
• Porting edge AI workflows to CHERI/Morello:
OXON.Tech Ltd, Oxfordshire
• Quantum-resistant DSbD security leveraging MicroTokenisation:
Valid Datum Limited, London
• SecurlOT:
IOETEC Limited, Sheffield
• Trusted ring security for Morello Devices:
Metrarc Limited, Colchester and Canterbury.
• Expected to be followed by a Collaborative R&D
Competition in Q4 2021
• Focused on design implementation

11.
Thank you