See Solution
Digital Security by Design
The Digital Security by Design (DSbD) is a UKRI and Innovate UK initiative designed to radically change how we build secure computing systems. At its core, DSbD supports collaboration between industry and academia using hardware such as Arm’s Morello and Sonata development platforms.
What is the Digital Security by Design Initiative
The Digital Security by Design (DSbD) programme is a transformative initiative backed by the UK Government through UK Research and Innovation (UKRI) and Innovate UK, in partnership with leading academic institutions and industry stakeholders. Its core mission is to redefine the foundations of digital security by addressing long-standing vulnerabilities that exist at the very heart of modern computing — the hardware level.
Modern computers and connected systems are incredibly powerful, but they remain inherently fragile due to fundamental flaws in memory access and software execution that traditional operating systems and software cannot always protect against.
DSbD aims to change this by radically redesigning the digital computing infrastructure, starting from the processor itself. At the heart of this innovation is the CHERI (Capability Hardware Enhanced RISC Instructions) architecture, developed by the University of Cambridge in collaboration with Arm. CHERI extends conventional hardware instruction sets with capability-based security, allowing much finer control over how memory is accessed and shared between software components.
To demonstrate and test these technologies in real-world scenarios, DSbD has developed and distributed experimental hardware platforms like the Morello Board and the Sonata Board, which integrate CHERI concepts into Arm-based processors. These platforms have been made available to UK industry partners through a series of competitive cohort programmes, enabling businesses of all sizes to explore how DSbD technologies can enhance the security, resilience, and trustworthiness of their products.
Sensor IT and the Digital Security by Design Programme
Sensor IT’s involvement in the Digital Security by Design programme started with Cohort One, right at the start. This cohort focused on the innovative Morello Board, designed by Arm, which introduced a radical approach to memory safety using CHERI (Capability Hardware Enhanced RISC Instructions).
As a company at the forefront of embedded and sensor-based systems, Sensor IT saw early potential in using capability-based security at the hardware level to strengthen the trustworthiness of IoT deployments (Sensor IT and the Digital Security by Design Programme). The Morello architecture provided an unprecedented opportunity to rethink how memory isolation, software compartmentalisation, and access control could be integrated directly into the fabric of real-time and safety-critical applications.
DSbD Cohort 1
During Cohort One, Sensor IT focused on:
- Evaluating CHERI-based cybersecurity Memory Protection: We explored how CHERI memory safety could enforce fine-grained access control across firmware modules in smart sensors and embedded gateways.
- Prototype Development: A secure sensor firmware stack was developed to demonstrate isolation of critical functions such as data acquisition, encryption, and network communication.
- Proof-of-Concept Deployment: Sensor IT implemented a working proof-of-concept using the Morello board to run a secure sensor node in a lab setting, capable of self-checking and resisting common memory vulnerabilities such as buffer overflows.
The Morello phase laid a strong technical foundation and helped our team understand how hardware capabilities could drive the next generation of cyber-secure embedded systems.
DSbD Cohort 2
Building on the success and lessons from Morello, Sensor IT joined Cohort Six, focusing on the Sonata board — another CHERI-enabled architecture tailored for real-time and embedded systems.
The Sonata phase was especially valuable in the context of Sensor IT’s work in industrial sensing, smart infrastructure, and transportation, where real-time constraints, low-latency processing, and safety are paramount.
Our work in this cohort included:
- Hardening Sensor Data Pipelines: We designed a real-time sensor data path where memory safety was enforced through CHERI memory safety capabilities — eliminating large classes of potential security flaws.
- Memory Tagging for Runtime Checks: We implemented memory tagging and runtime monitoring mechanisms to validate memory access, greatly enhancing system robustness.
Integration with RTOS and Edge AI: We explored how secure processing could be extended to edge machine learning inference, using CHERI to protect model data and execution contexts from tampering.
Use Cases and Outcome
Sensor IT’s participation across both Digital Security by Design cohorts allowed us to translate DSbD principles into tangible, domain-specific benefits.
Collaboration and Innovation
We continue to apply lessons from Digital Security by Design to enhance the security posture of our commercial offerings. From environmental monitoring and critical infrastructure protection, to smart buildings and intelligent transport systems, Sensor IT is committed to embedding security at the hardware level — where it belongs.
As the Digital Security by Design programme evolves and more CHERI-enabled platforms reach production maturity, we aim to be among the first companies to bring secure-by-design sensor systems into operational environments at scale.