Wearable devices have become pervasive and generating a lot of data which is indicative of our behaviour and physiology. This offers an unprecedented and detailed window onto human wellbeing, fitness as well as the potential for scalable public health and clinical monitoring tools. Recently, hearables have started to be used for a variety of activities ranging from the traditional music listening to more advanced fitness activities (such as running). During and following the pandemic, individuals have been commonly using these for all their virtual meetings too. Emerging companies are starting to market the devices also as comfortable sleeping aids. Hearable devices, placed on a person's head have also higher potential for detection of stable physiological signals with respect to watches, as arm movements are very pronounced and often affect sensors on watches, especially during full body movement, and hearables offer two channels (left and right). Yet, while hearable devices are indeed on the market in some form, their functions are generally still fairly restricted to means of transmission of audio and speech. Their ability to detect physiology, especially under motion and considering head and face macro and micro movements is also unproven. Additionally, they are not treated as standalone devices but they are usually dependent on smartphones for further computation and communication. Finally, the precious data generated usually, like for many other wearables, flows to commercial servers for analysis, potentially exposing users to privacy invasion. In general, there have been questions on the precision of data from wearable concerning our wellbeing and health: the sensors on these devices are often imprecise and various factors contribute to making the inference over this data hard (movement, variety of use, heterogeneity of human characteristics, etc). In this proposal I plan to advance the research on hearable sensing in fundamental ways to enable these devices to become truly reliable, trustworthy and privacy aware means of detection of our activity, fitness and health. The potential of such technology is immense: hearables are small and some versions are already very affordable, certainly more affordable than clinical diagnostics or fitness monitoring equipment. They are also more portable and people tend to wear them throughout their day (and sometimes nights, in the case of sleep hearables): this means that they have the potential of sensing the users continuously generating very precious longitudinal data which would impact the way in which we study personalized fitness as well as clinical disease progression, onset and recovery. The scalability enabled by such technology means that large populations can be reached and yet the temporal granularity of the data (i.e., the almost continuous monitoring of individuals) is not compromised, enabling public health and epidemiological studies to scale. Some of the findings of this work will impact the research in wearables and wearable data analysis in general, opening the door to a wide range of applications. More precisely the programme will innovate on the type of sensors which can be used to sense activity and health, the machine learning methods applied to this data and the systems aspects related to this which include the ability to run the models on device or explore the trade offs of local and remote computation. HearFit will also conduct extensive user studies in the context of fitness and health through collaborations with sport scientists and clinicians.

The modern semiconductor supply chain uses overseas foundries, third-party IP and third-party test facilities. However, with so many different untrusted entities, this design and fabrication outsourcing has exposed silicon chips to a range of hardware-based security threats such as counterfeiting, IP piracy, reverse engineering and hardware Trojans (HT). A hardware Trojan is a malicious modification of a circuit in order to control, modify, disable, monitor or affect the operation of the circuit. Although there have been no public reports of HTs detected in practice, in 2020, the cybersecurity company F-Secure published a report on their investigation into a pair of counterfeit Cisco Catalyst 2960-X series switches . While these devices did not have back-door functionality, they did employ measures to bypass processes that authenticate system components and F-Secure stated that motivated attackers use the same approach to insert hardware trojans to stealthily backdoor companies. Such hardware threats are major security threats for safety-critical and embedded systems applications, for e.g in the medical, automotive or transport sectors. Due to the nature of this clandestine industry, it is very difficult to ascertain the true scale of the problem. However, in recent years both the sovereignty and cyber security of the semiconductor supply chain have become significant concerns for many countries. The recently published EU Cyber Resilience Act (September 2022) outlines essential cybersecurity requirements for products with digital elements and states that such produced ''shall be delivered without any known exploitable vulnerabilities'. In addition, the 2022 National Cyber Strategy 2022 outlines the need to 'ensure that wherever possible the next generation of connected technologies are designed, developed and deployed with security and resilience in mind and ... embrace a 'secure by design' approach'. The overall goal of the TruDetect project is to develop a trustworthy DL-based HT detection system that can be easily integrated into a security verification framework in EDA tools. This will include the design of novel countermeasures that ensure trustworthiness of the DL-based HT detection system against adversarial HTs and the use of Explainable AI to offer a comprehensive analysis of the DL system behaviour.

Our society is increasingly reliant on digital devices that are capable of performing several tasks at the same time: tablets, smartphones, our personal computers, they all contain processors capable of executing multiple instructions concurrently. Bugs in these processors, such as the recent Meltdown and Spectre, can seriously compromise the security and safety of their users. As the complexity of these systems increases, there is a pressing need to automate the assessment of their correctness, especially with respect to concurrency-related aspects. Formal verification is a highly effective technique to automatically check important properties of systems. It relies on a machine-readable abstraction of the actual system---a model. A key strength of formal verification is that, when the model is accurate enough, it is able to find bugs that would be hard to find and reproduce using traditional testing alone. However, these models are usually built by humans and as such can be error-prone and inaccurate. Moreover, sophisticated concurrent behaviours such as weak-memory concurrency make modelling even more challenging. The overall goal of this project is to develop a verification framework for hardware systems that uses artificial intelligence to automatically build and verify better models. Ultimately, this will lead to lower production costs and more reliable hardware. This is particularly important for companies that design hardware units destined to large-scale production, such as ARM: a bug in the design may lead to millions of faulty units being manufactured. The novel idea behind this project is to rely on the model learning paradigm, originally proposed in AI, to automatically build a model of a running system in a black-box fashion---from a series of observations of the behaviour of the system. This approach can be very effective in taming complexity and achieving scalability: by treating the whole system, or some of its components, as black-boxes, one can fine-tune the level of detail of the model and focus the analysis on specific features. In recent years model learning has started to be successfully applied in a variety of academic and industrial contexts. However, the models developed using this approach are all inherently sequential. The verification of concurrent behaviour in hardware systems is an unexplored, challenging, and potentially rewarding application that this project proposes to explore.

The Chrompartments project will explore hybrid compartmentalisation for web browsers using Chrome as a concrete example. Browsers are systemically important but present a large attack surface due to their scale and complexity: they are a magnet for attackers with frequent published attacks. Chrompartments will use CHERI to split browsers into mutually distrusting compartments, making them more resilient and performant. We will use Chrome (in the form of its open-source variant Chromium) as the vehicle for our experimentation because it is the most widely used browser and it is already partially compartmentalised in a way that we can build upon. Chrome tries when possible to split itself into process-based compartments (roughly speaking: 1 process per tab; and some core components such as graphics are split into separate processes). However, this model is heavyweight: OS processes consume considerable resources and many devices (particularly phones) quickly hit their process limits, forcing the browser to merge multiple tabs in a single process; and communication between processes is painfully slow. Some security-critical components (e.g. V8, Chrome's JavaScript engine) would ideally be split out too, but resource and performance constraints make this impractical. We will use CHERI's "hybrid mode" (i.e. where both traditional width pointers can be used alongside capabilities) to split Chrome into process-like compartments. Most code will use traditional width pointers and will be boxed into compartments; pure capabilities will allow us to emulate various forms of inter-compartment communication. We hypothesise that this will lead to greater practical security, and require fewer changes, than the ideal pure-capability-based compartmentalisation. Our overall aim is thus first to replace Chrome's process-based model with CHERI compartments, and then break those crude compartments into finer-grained compartments, enhancing security without significantly affecting performance. As well as significant engineering, there is also important research: processes give some guarantees (e.g. against some side-channel attacks) that CHERI compartments do not currently give. We will explore these guarantees and replicate them for CHERI compartments where their existence is necessary for browser security. After converting process-based isolation to CHERI compartmentalisation, Chrompartments will operate in two strands: V8, the JavaScript engine; and the graphics stack. Both strands contain significant challenges: for example, the graphics stack is currently contained within a single process no matter how many sites are using it. Understanding the right compartmentalisation points will be critical to Chrompartments' success and lead to a much greater understanding of how to use CHERI on large-scale systems.

The 'Capabilities for Coders' project involves the creation and curation of a set of freely available Morello coding resources for system developers. Standard developer behaviour involves interactive searching through online forums like StackOverflow and web tutorials like W3Schools. Currently there are no relevant targeted resources available for the Arm Morello system, and very few sites covering CHERI concepts in a developer-friendly style. This project will set up a one-stop shop for Morello programming, in the form of an open-access, online, interactive textbook called 'Capabilities for Coders'. This will be in the best tradition of programming language books - written by coders for coders. The unique appeal of this learning resource will be the inclusion of a large set of open-source code templates and fragments, effectively a library of reusable software samples for Morello applications written in C and C++ with assembler code where necessary. The textbook and accompanying code samples will serve to enrich understanding of the current and evolving Morello stacks, providing support for existing developers and new arrivals in this domain. Because the learning resources are hosted online, it will be straightforward to keep them up-to-date (unlike hardcopy textbooks). Because the learning resources will be developed using the github platform, any user will be able to submit corrections and change requests. This will ensure the ongoing relevance of the project as the Morello technology evolves over time. The project outputs will be open-access and freely available online. There will be no registration requirement or paywall. The site will be indexed by all major search engines. The resources will be clear, globally visible and highly accessible. These resources will provide direct, immediate benefit to the Morello ecosystem of developers. At this stage, it is not possible to give a full table of contents for the online textbook. However, topics broadly covered will include: motivating the need for memory safety in systems code, hardware capabilities for memory safety, motivating compartmentalization in modern systems software, hardware capabilities for compartments, porting legacy applications to Morello, debugging capability-based code, performance engineering for capability-based code, and future directions. Each topic will be accompanied by an extensive range of open-source code examples to illustrate the various concepts. These software samples will be easily reusable by developers in their own code projects. Additionally, the 'Capabilities for Coders' project will serve the community by posting relevant answers on StackOverflow and producing a podcast series.