Protecting safety and security-critical systems with capability architectures and trusted execution


Trusted Execution Environments (TEEs) shield computations using security-sensitive data (e.g. personal data, banking information, or encryption keys) inside a secure "enclave" from the rest of the untrusted operating system. A TEE protects its data and code even if an attacker has gained full root access to the untrusted parts of the system. Today, TEEs like ARM Trustzone and Intel SGX are therefore widely used in general-purposes devices, including most laptops and smartphones. But with increasingly wide-spread use, TEEs have proven vulnerable to a number of hardware and software-based attacks, often leading to the complete compromise of the protected data. In this project, we will use capability architectures (as e.g. developed by the CHERI project) to protect TEEs against such state-of-the-art attacks. We address a wide range of threats from software vulnerabilities such as buffer overflows to sophisticated hardware attacks like fault injection. CAP-TEE will provide a strong, open-source basis for the future generation of more secure TEEs. When developing such disruptive technologies, it is key to minimise the efforts for porting existing codebases to the new system to facilitate adoption in practice. In CAP-TEE, we therefore focus on techniques to ease the transition to our capability-enabled TEE. In industrial cases studies for the automotive and rail sector, we will demonstrate how complex code written in a memory-unsafe language like C(++) can be seamlessly moved to our platform to benefit from increased security without a full redesign.


David Oswald

Principle Investigator | Professor in Computer Security | University of Birmingham
Jennifer Jackson

Research Fellow in Computer Security | University of Birmingham
Minmin Jiang

Research Fellow in Computer Security | University of Birmingham
Jacqueline Henes

PhD Student in Computer Security | University of Birmingham
Matthew Bowden

PhD Student in Computer Security | University of Birmingham
Mark Ryan

Co-I | Professor in Computer Security | University of Birmingham
Flavio Garcia

Co-I | Professor in Computer Security | University of Birmingham
Mihai Ordean

Co-I | Lecturer in Computer Security | University of Birmingham
Richard Thomas

Co-I | Industrial Fellow in Data Integration and Cybersecurity | University of Birmingham
Sujoy Sinha Roy

Associated researcher | Assistant Professor | TU Graz


How can I get more information?

More information will be added to this page as we get along. For now, please contact the team at if you want to get in touch.

Will you make source code available?

Yes, we will publish source code on our Github repos in the future.

How is this related to ARM's Morello platform?

This project will indeed make use of ARM's experimental architecture.

What are capability architectures?

Capability architectures replace handles to access resources (in practice for example pointers) with objects that carry additional information, e.g. on buffer boundaries in the case of pointers. They thus allow to mitigate current vulnerability classes (e.g. buffer overflows) without rewriting legacy code in a memory-safe language. In addition, they also provide new primitives to compartmentalize software. In this project, we will look at the interaction of Trusted Execution Environments with such capability architectures.


This project is funded by EPSRC under EP/V000454/1 and forms part of the UKRI Digital Security by Design Challenge of the Industrial Strategy Challenge Fund (ISCF).