Developing and Evaluating an Open-Source Desktop for Arm Morello

This project is adapting a full-scale open-source desktop software environment for the ARM Morello board, making novel use of CHERI's fine-grained memory safety and scalable software compartmentalisation features to mitigate an expected three quarters of past software vulnerabilities in that software stack. This project will consist of three key elements combining practical engineering with empirical computer science:

(1) Building on foundations laid in our prior DSbD 'de minimis' project, we will develop a memory-safe and compartmentalized desktop environment illustrating key CHERI protection properties on the Arm Morello board. Software components will include GPU device drivers, windowing system, KDE desktop environment, and Chromium web browser;

(2) As well as developing this work as open source, we will produce software releases at regular intervals throughout the project to ensure that they are available for use by the broader DSbD community; and

(3) We will thoroughly evaluate this work considering aspects such as adaptation and longer-term maintenance difficulty, performance overheads (especially user-facing latency), and security impact.

The result will be an open-source desktop environment suitable for use on the Arm Morello board, demonstrating its hardware protection features with a CHERI software corpus exceeding 60MLoC, more than doubling the size of the 30MLoC corpus demonstrated to date. We will report on all aspects of the work and evaluation, seeking to publish via technical reports and, as appropriate, research publications.