Public Funding for Verifoxx LTD.

Programmers can already write and compile code, for example in C or Rust, to create .wasm modules usable in any WASI-compliant environment, which has been massively adopted & supported across the conventional systems for its portability and near native performances. The problem is, do we have runtimes in CHERI that can actually execute those wasm modules "outside web browsers"? Our proposal is to enrich the DSbD ecosystem by developing capability aware WebAssembly System Interface-compliant WebAssembly (WASM) micro runtime for webassembly (WASM)modules that will be embedded into other compartmentalised application as a library runtime, providing a double sandboxed strategy. WASM modules that use WASI methods to interact with native functions of the host compartments and it's the underlying system resources via permissioned via controlled abstract capabilities model. The outcome of the proposal would be an open source * cWAMR runtime (capability aware WASM Micro Runtime) * cWASI SDK with cWASI-libc (cWASI SDK will be integrated within the cWAMR runtime) The above runtimes and SDKs will also be ported into the CHERI stacks (CheriBSD, Android stack, Bare metal and Linux) by default as part of cheribuild script. The developers with morello-boards can access them under respective stacks for development. As a result, this will enable a spectrum of developers to develop, port and test the CHERI platform with their respective webassembly application modules for their near native performance and the security guarantees of CHERI.

Through this project, we will contribute to our industry's understanding of how to build a capability architecture based Trusted Execution Environment (TEE) that provides strong isolation and secure data sharing across the secure and normal worlds. As a company, we require this for our products but the opportunity is much bigger than our sector alone (identity verification). Many use cases exist, for example in financial services, in enterprise and in media to enhance security around transactions, data and content. With this grant, our objective is to investigate a solution that could mitigate current vulnerabilities posed by existing TEEs, by researching a capability architecture based TEE development framework for strong isolation and secure sharing of systems resources and application data across secure and normal worlds by controlling dataflows within object capabilities via isolated compartments with assured pipelines. We are a passionate AIOT SME but security underpins our technology, our positioning and our growth. TEEs is an area our CTO has done a lot of work in. Winning this grant would allow us to put resource behind this real market problem. Our vision is that this research could be used as a basis for us to build a prototype in the future, which would strengthen not only our product's security, but also play our part in radicalising the UK's digital computing infrastructure. Using the FVP platform with CHERI processor prototype, CheriBSD kernel, Clang/LLVM and CheriBSD's userspace, our key objectives are to: * Investigate the performance, semantics, vulnerability mitigations and merits of compartmentalized TEE in comparison to existing standard TEE environments Intel SGX and ARM TrustZone TEE * Understand if a framework like this helps towards ease of development and adoption as well as knowing if it supports hardware independence * Explore enclave life cycle management We will focus on the application layer compartmentalization by separation of concerns between the normal world and secure world functions, and further decomposition of capabilities within the secure (enclave) world including modular abstraction with isolated compartments with single responsibility principles and the separation of privileges.This is innovative because working with DSbD technologies, it aims to move the separation of concerns between the two worlds away from the hardware or the OS stack while retaining the integrity of TEE but addressing the vulnerabilities of existing approaches. After completing this research, we endeavour to build a prototype framework for further testing internally, and ideally with the wider software and DSbD community.

COVID-19 has had an unprecedented impact on the events industry in the UK and globally, bringing a £70BN industry (UK alone) to a standstill, putting over half a million jobs at risk in over 25,000 event businesses. This is a direct challenge caused purely by the COVID-19 pandemic. A major bottleneck for events is around event entry and how to make this process, more COVID-19 safe, and more sustainable. Most event entrance policies require a digital/paper ticket, ID to prove age, and the payment method used from an attendee to allow entry, all of which are also privacy sensitive. For these reasons, event entry is a hotspot for C-19 and a key reason why events have not been able to operate since the start of the pandemic. Additionally, it also does little to prevent ticket fraud, which pervades the industry. Our project, Photofoxx Capsule, will bring event entry a step closer into a new era. Our technology will take a new form, called a Zicket, based on privacy preserving technology which will also prevent ticket fraud thanks to blockchain. Photofoxx Capsule is a platform that can allow consumers to verify their age not just for events, but for any product or service that requires age verification, without sending or sharing personal data. All data stays securely on a users mobile device. Thanks to this fund, we will focus on events to start with. This solution is extremely scalable. Imagine NOT having to share confidential documents with a company and know that your personal data is safe on your phone, while still being able to get your age verified? This is just the start, with our next step focusing on identity verification, all done remotely on a user device (out of scope for this project). In an event context, simply put, a user would: 1. Purchase an event ticket from the event website selecting a Photofoxx Capsule delivery option (versus download/print/email options) 2. Complete Age criteria verification via our mobile app. This means they can prove their age to various events without sharing/emailing any sensitive age documentation 3. SMART Contract tracked Zicket (blockchain powered ticket) gets issued into their app. For attendees, the benefits include 1. Faster, greener, C-19 safe entry to physical events 2. Personal data on age stays on a users own device. No sensitive document sharing. 3. One-Click, frictionless control over Zicket sharing with family, friends to invite them along for the event. 4. Highly anonymised design built in-house to provide differential privacy-by-design on age data For events and businesses, there are numerous advantages: 1. C-19 safe event entry, more sustainable, with entry staff redeployed 2. Faster queues 3. Protects against fraud and ticket touts, with all resell data per ticket visible. 4. Control - Includes SMART Contracts that can simply prevent ticket resales/resales at higher prices. 5. Simplifies GDPR management Photofoxx Capsule brings together zero knowledge technology and blockchain networks with Smart Contracts for events, to provide a B2B2C solution that makes the advantages of these technologies readily accessible to everyone.