EPSRC logo

Details of Grant 

EPSRC Reference: EP/V000373/1
Title: CapableVMs
Principal Investigator: Tratt, Professor L
Other Investigators:
Researcher Co-Investigators:
Project Partners:
ARM Ltd Shopify
Department: Informatics
Organisation: Kings College London
Scheme: Standard Research
Starts: 01 July 2020 Ends: 29 February 2024 Value (£): 837,189
EPSRC Research Topic Classifications:
Fundamentals of Computing Software Engineering
EPSRC Industrial Sector Classifications:
Information Technologies
Related Grants:
EP/V000349/1
Panel History:
Panel DatePanel NameOutcome
06 Apr 2020 ISCF Digital Security by Design Research Projects Announced
Summary on Grant Application Form
Virtual machines (VMs, also known as managed language runtimes) are ubiquitous components in the modern software stack. They power the web, running in client-side browsers, server-side applications, and smartphone apps. In any ranking of popular programming languages, at least half of the top ten languages run on VMs (e.g. Python, Java, C#, Javascript, PHP).

A key problem is that VM security has traditionally been a secondary concern relative to performance. Industrial strength VMs have large, complex code-bases, and large numbers of hand-crafted optimizations. Not only are they beyond any one person's ability to understand, but security has tended to be treated reactively: mature, widely used VMs such as HotSpot (the standard Java VM) regularly have 50-100 CVEs per year.

The CapableVMs project hypothesises that CHERI hardware enforced capabilities are the first realistic technique to make VM security proactive. In order to address this hypothesis, we will have to answer two research questions: can VMs be divided into compartments that capabilities can then enforce? and what is the performance impact of compartmentalisation? These two factors are related: some ways of dividing VMs into compartments may cause worse performance than others. We propose a number of different ways of compartmentalising VMs, starting on small VMs to help us understand the problem, before scaling up to V8 (the industrial strength JavaScript VM inside Chrome).
Key Findings
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Potential use in non-academic contexts
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Impacts
Description This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Summary
Date Materialised
Sectors submitted by the Researcher
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Project URL:  
Further Information:  
Organisation Website: