back to article How does £36m sound, mon CHERI? UK.gov pumps cash into Arm security research

University of Cambridge researchers and UK industry bods have been tossed £36m from the UK government to support their work with Arm to strengthen security by improving memory protection. As part of the "Digital Security by Design" scheme, part of the funding will be funnelled into the research team's Morello project to create …

  1. Anonymous Coward
    Anonymous Coward

    Have I got this right?

    The (what we laughingly call) government is spending taxpayers money on a bid to make systems more secure, whilst at the same time calling for laws to weaken encryption?

    Will someone please tell me what I am missing here?

    Cheers.. Ishy

    1. GnuTzu

      Re: Have I got this right?

      Yet more evidence of the divide. I'm convinced somebody profits from the confusion. Anyone care to speculate?

    2. JassMan

      Re: Have I got this right?

      I assume this is the same Arm her predecessor allowed to be sold off so that all the income goes to foreign countries and now she wants go pay them to improve the design so that even more money stays offshore.

    3. gnasher729 Silver badge

      Re: Have I got this right?

      "Will someone please tell me what I am missing here?"

      There is no "the government". Different branches have different priorities. There's one branch that wants the population and businesses to be safe from hackers. There's another branch that wants to spy on citizens in case they are criminals. To you and me, that's contradictory. To the people making the proposals probably think it's contradictory as well.

      I loved when a former NSA director said quite publicly that creating the ability to spy on criminals and terrorists would all in all make the USA less secure (that from a man who professionally doesn't care about your privacy or your human rights or whatever which are violated by the government spying on you, but who is just concerned with the country's security).

      1. GnuTzu

        Re: Have I got this right?

        Yup. Yet, who's in charge here? Competing agendas going in circles?

        1. Michael Wojcik Silver badge

          Re: Have I got this right?

          Competing agendas going in circles?

          I don't see the competition in this case. Some people in government want CPUs that offer stronger protection against various types of invalid-access vulnerabilities.1 Other people in government want encryption backdoors.

          Those are both IT security issues, but so is everything in IT, at a sufficiently high level of abstraction. And these two are not directly opposed in any but the most general, ideological sense. The backdoor proponents favor introducing one particular, narrow class of vulnerability. They aren't necessarily in favor of others.

          1Capability architectures typically mean better protection against stack and heap smashing, and against reading sensitive data that the current unit of execution shouldn't have access to.

  2. Snapper

    She can use a computer!

    She's so dense I'm surprised Andrea Leadsom doesn't get her PA to print out all the emails for her.

    1. Adrian 4

      Re: She can use a computer!

      It's hardly surprising. When you have to pick your government from brexit-supporting MPs you're not going to get the brightest pennies in the box. At least Farage has thoughtfully skimmed off the very worst though.

  3. Ian Mason

    Money for old rope.

    What's laughable about this is, this "research" that costs millions boils down to rehashing work already done at Cambridge in the 1970's by Maurice Wilkes and Roger Needham. See "The Cambridge CAP computer and its operating system" ISBN 0-444-00358-4 (pub. 1979) and "Capabilty-Based Computer Systems", Henry M. Levy, Digital Press 1984.

    1. Anonymous Coward
      Anonymous Coward

      Re: Money for old rope.

      Yes, but Japanese companies need to get their money from someone (especially if their backers are somewhat preoccupied by WeDontWork)

    2. Michael Wojcik Silver badge

      Re: Money for old rope.

      Yes, capability architectures have been done before. That doesn't mean there's no scope for additional research, particularly into a capability architecture being added on top of an existing ISA. Or into performance, for that matter, which remains one of the big practical issues with capability architectures.

      Benz invented an automobile powered by an internal combustion engine, so we should have just stopped research into that area there, eh?

  4. karlkarl Silver badge

    I had a play with CHERI a while back (There is a CHERI 128-bit capable Qemu emulator in the FreeBSD ports).

    ... urm, nothing much more to add. If you use C and a correct build system, your code compiles like normal and runs. I ported a simple game (actually required zero patches). It was fun albeit uneventful ;)

  5. Anonymous Coward
    Anonymous Coward

    Best place to start a digital business...

    If they want to achieve that, how about giving access to grants and funding possible for mortals and not use them to disguise high interest loans?

    A lot of the funding goes into the pockets of startup accelerators / serial board members and not into the hands of actual British innovators.

    Next time you come across a startup, do some due dil on the CEO and other execs, I'll bet you'll find they "run" about a half dozen firms.

    It's becoming the norm for a shady bloke or two rocking up to an accelerator with a dodgy buzz word filled business plan, securing some funding then offshoring the tech work and building out a bare bones MVP then punting it on to a bag holder.

    Most tech projects can be pulled off by a small team of engineers, no middlemen are required, which is relatively cheap and very efficient. That's how projects used to work.

    These days you have a board of non-technical fuckwits outnumbering the actual talent all clawing to "own the data and the intellectual property" despite not having a hand in inventing the product or executing the plan.

    Meanwhile, you generally have one Cambridge Comp Sci prick with very little real world exposure (whose fundamental job is to lend some sort of credibility to the project) overseeing a team of Indians or Romanians and struggling with a language barrier which ultimate leads to a massively delayed and subpar product.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like