| EPSRC Reference: |
EP/V000373/1 |
| Title: |
CapableVMs |
| Principal Investigator: |
Tratt, Professor L |
| Other Investigators: |
|
| Researcher Co-Investigators: |
|
| Project Partners: |
|
| Department: |
Informatics |
| Organisation: |
Kings College London |
| Scheme: |
Standard Research |
| Starts: |
01 July 2020 |
Ends: |
28 February 2025 |
Value (£): |
837,189
|
| EPSRC Research Topic Classifications: |
| Fundamentals of Computing |
Software Engineering |
|
| EPSRC Industrial Sector Classifications: |
|
| Related Grants: |
|
| Panel History: |
| Panel Date | Panel Name | Outcome |
|
06 Apr 2020
|
ISCF Digital Security by Design Research Projects
|
Announced
|
|
|
Summary on Grant Application Form |
Virtual machines (VMs, also known as managed language runtimes) are ubiquitous components in the modern software stack. They power the web, running in client-side browsers, server-side applications, and smartphone apps. In any ranking of popular programming languages, at least half of the top ten languages run on VMs (e.g. Python, Java, C#, Javascript, PHP).
A key problem is that VM security has traditionally been a secondary concern relative to performance. Industrial strength VMs have large, complex code-bases, and large numbers of hand-crafted optimizations. Not only are they beyond any one person's ability to understand, but security has tended to be treated reactively: mature, widely used VMs such as HotSpot (the standard Java VM) regularly have 50-100 CVEs per year.
The CapableVMs project hypothesises that CHERI hardware enforced capabilities are the first realistic technique to make VM security proactive. In order to address this hypothesis, we will have to answer two research questions: can VMs be divided into compartments that capabilities can then enforce? and what is the performance impact of compartmentalisation? These two factors are related: some ways of dividing VMs into compartments may cause worse performance than others. We propose a number of different ways of compartmentalising VMs, starting on small VMs to help us understand the problem, before scaling up to V8 (the industrial strength JavaScript VM inside Chrome).
|
|
Key Findings |
|
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
|
|
Potential use in non-academic contexts |
|
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
|
|
Impacts |
|
| Description |
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk |
| Summary |
|
| Date Materialised |
|
|
|
|
Sectors submitted by the Researcher |
|
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
|
| Project URL: |
|
| Further Information: |
|
| Organisation Website: |
|