Funds for Companies

Grants and Resources for Sustainability

You are here: Home / Events / Apply for Digital Security by Design – Technology Access Programme (UK)

Apply for Digital Security by Design – Technology Access Programme (UK)

Deadline: 22 September 2024

Submissions are now open for the Digital Security by Design Technology Access Programme delivered in partnership with Digital Catapult, funded by UKRI.

The Digital Security by Design (DSbD) Technology Access Programme (TAP) is designed to give UK-based companies access to lowRISC’s Sonata board, Arm’s Morello board, the CHERI stack, and technical support to trial these technologies within their systems, products, and applications.

Through the DSbD Technology Access Programme, companies will be able to experiment with and validate the prototype cyber security technology and feedback their findings to influence its future development before it enters commercialisation.

The duration of the Technology Access Programme is 6 months. At the end of the trial period, participating companies will be offered the Sonata or Morello board to keep.

Programme Benefits

  • Companies will have exclusive access to cutting-edge cyber security technology, capable – if implemented correctly – of preventing around two thirds of hacks, cyber attacks and data breaches. This technology, when fully mature and market-ready, has the potential to open up whole new markets for cyber secure by design products, providing competitive advantage to companies who are already familiar with it.
  • These technologies can mitigate spatial and temporal memory-safety vulnerabilities in C/C++, and participants will be able to identify such issues in their own product code. CHERI has C/C++ language variants (CHERI C/C++) that require minimal change to an existing code base, approximately <0.5% LOC. CHERI also enables a second feature, a set of compartmentalisation models, to enrich the security guarantees provided by the architecture’s memory capabilities.
  • Further, individuals involved with the programme will become part of a vibrant community of like-minded professionals where they’ll be able to share ideas, forge new relationships and collaborations, as well as growing their knowledge and influence product development.
  • Companies sharing their programme related work will benefit from media exposure through DSbD as well as Digital Catapult communication channels.
  • Key benefits:
    • Experiment with prototype, cutting-edge technology and be ahead of the game
    • Build unique knowledge within your company and stay competitive
    • Improve your product by identifying cyber security vulnerabilities in your systems/software
    • Become part of a vibrant community of cyber security pioneers
    • Receive a £15,000 grant (Tier 1 companies only)
    • Get access to experts at lowRISC, Arm, University of Cambridge, and Digital Catapult
    • Become part of the TAP Alumni upon successful completion of the experimentation period

Programme Tiers 

  • TAP is a tiered programme. Tier 1 is for UK-based companies with under 250 employees while Tier 2 is for UK-based companies with more than 250 employees.
    • Tier 1
      • Receive £15,000 in funding during the course of the 5 month programme.
      • Gain access to a Sonata board (and Morello board if required), with possibility to keep the hardware following successful completion of the programme
      • Participate in one-to-one check-in sessions, group learning sessions, practical demonstrations and focused activities for the experimentation programme.
      • Receive technical guidance and support from the Digital Security by Design programme team and experts at lowRISC, Arm and University of Cambridge.
    • Tier 2
      • Gain access to a Sonata board (and Morello board if required), with possibility to keep the hardware following successful completion of the programme
      • Receive technical guidance and support from the Digital Security by Design programme team and experts at lowRISC, Arm and University of Cambridge.
      • Participate in one-to-one check-in sessions, group learning sessions, practical demonstrations and focused activities for the experimentation programme (optional).

Programme Requirements

  • Over the five-month period, successful applicants will be expected to:
    • Participate in one onboarding day at the start of the programme [Tier 1 & 2]
    • Write two technical reports –a short interim report based on progress and findings, and a final report based on your experience within the programme [Tier 1 & 2]
    • Participate in monthly online peer-to-peer knowledge sharing sessions [Tier 1]
    • Attend monthly online one-to-one progress-update and technical support sessions with the Digital Security by Design team [Tier 1]
    • Participate in the end-of-programme Showcase event and provide a demonstration or presentation on their experimental outcomes or learnings [Tier 1 & 2]

Who should apply?

  • The programme is open to UK-based companies that have a company culture of exploring, experimenting and inventing with new technologies, with a view of finding commercial applications. Companies with an R&D department and a strong focus on cyber security are encouraged to apply. Applicants must be registered on Companies House and also have a business bank account.
  • Companies within the following industries should apply:
    • Information Technology and services
    • Computer software
    • Industrial automation
    • Computer hardware
    • CPU semiconductors
    • Energy
    • Automotive
    • Telecoms
    • Manufacturers of connected consumer/industrial electronics (IoT & IIoT)
  • Your company would ideally operate within or supply to the following sectors: utilities, healthcare, transportation, telecommunications, automotive, energy & mining, and all other sectors serving the Critical National Infrastructure.

Technical Details

  • Please be aware of the following:
    • CHERIoT could involve C/C++, MicroPython, Verilog and RUST.
    • CHERIoT RTOS is recommended, but businesses are free to repurpose the FPGA is required.
    • CHERIoT LLVM toolchains are currently available. Additional operating system enablement is currently being addressed by a joint development between Arm, University of Cambridge, Microsoft and Google.
    • Several Morello emulators are available: Arm’s Fixed Virtual Platform, the Morello Integrated Environment, and the CHERI-QEMU fork maintained by the University of Cambridge and SRI International. There is also a Verilator-based simulator for CHERIoT: cheriot-safe.
    • This technology it’s not secure ‘out of the box’, there’s work to do in order to turn on security features. It’s not enough to just put your code on the board, because security is implemented by following a series of steps. Familiarity with FPGAs is invaluable.

For more information, visit Digital Catapult.