Funding competition Development of the Digital Security by Design Software Ecosystem

UK registered SMEs can apply for a share of up to £1.5 million for fast-start short-term projects. Funding is to investigate requirements for adoption of Digital Security by Design (DSbD) technologies across the software development ecosystem.

• Competition opens: Monday 30 November 2020
• Competition closes: Wednesday 13 January 2021 11:00am

This competition is now closed.

Competition sections

Description

Innovate UK, part of UK Research and Innovation, will invest up to £1.5 million to support SMEs working alone to explore and investigate the:

• requirements
• dependencies
• range of potential complexities

associated with the adoption of the Digital Security by Design (DSbD) technologies.

The aim of the competition is to enable the growth of the software ecosystem that will be crucial for the successful adoption of DSbD technologies.

In applying to this competition, you are entering into a competitive process. The competition closes at 11am UK time on the deadline stated.

Funding type

Grant

Project size

Your project’s total eligible costs must be between £40,000 and £80,000.

Who can apply

Your project

Your project must:

• have total eligible costs between £40,000 and £80,000
• be no longer than 6 months in duration
• start on or after 1 April 2021
• end by 30 September 2021

Lead organisation

Your organisation must:

• be a UK registered SME
• carry out its project work in the UK
• intend to exploit the results from or in the UK

The lead must claim funding by entering their costs during the application.

Subcontractors

Subcontractors are allowed in this competition. They must be UK-based SMEs that you normally work with. A subcontractor must be selected through the participant’s usual procurement process. Additionally, the grant recipient must adopt such policies and procedures that are required by Innovate UK, as stated in the grant offer letter, in order to ensure that value for money is obtained in the procurement of goods, services or works funded by the grant. The procurement process must reflect what a participant would typically use concerning its own money, with equal, or greater, vigilance. An inferior process will not be accepted.

Subcontractor costs must be justified and appropriate to the total eligible project costs.

Number of applications

You can submit a maximum of two applications.

Previous applications

You cannot use a previously submitted application to apply for this competition.

We will not award you funding if you have:

• failed to exploit a previously funded project
• an overdue independent accountant's report
• failed to comply with grant terms and conditions

State aid

The funding will be made as a de minimis grant.

All applicants for a de minimis award must complete and provide to Innovate UK, a de minimis declaration which can be found in question 1. This declares any and all de minimis awards, from any source of public funding, during the current and previous 2 fiscal (tax) years.

Total grant must not exceed 200,000 euros for any one organisation in line with the above de minimis regulations.

Funding

We have allocated up to £1.5 million to fund innovation projects in this competition.

De minimis

In order to minimise distortion of competition, the European Commission sets limits on how much assistance can be given without its prior approval, to organisations operating in a competitive market. Total grant must not exceed 200,000 euros for all de minimis aid provided to any one organisation over a 3 fiscal year period.

You need to declare any de minimis aid awarded to any other public funding body which requests it. You must also keep all documentation associated with the award for 10 years from the date the award is granted.

Ineligible costs

Capital usage costs are not allowed in this competition.

Self-funding

SMEs can self-fund their project beyond their allowable total eligible costs.

The total self-funded contribution must not exceed £160,000. The SME must identify and quantify this self-funding for additional project activities in Question 5.

Your proposal

This competition is an opportunity for SMEs working in software development, to investigate the requirements, dependencies and potential complexities associated with the adoption of the Digital Security by Design (DSbD) technologies.

This competition aims to enable the growth of the software ecosystem that will be crucial for the successful adoption of DSbD technologies.

Your proposal must focus on detailed investigation of a problem framed around a system and software stack concept. This could lead to a subsequent implementation that will benefit from the use of DSbD technologies.

Your proposal must:

• describe your use case or cases and related scenarios, and explain how your area of detailed investigation will enable a full software stack approach to increased security
• show how DSbD technologies will be incorporated into your detailed investigation work
• frame your solution under investigation in the context of a full software stack and describe how your work will address identified technical challenges, requirements, dependencies and related complexities
• explain how you will use the available Fixed Virtual Platform (FVP) model to inform your detailed investigation, or if you choose not to use it, explain your rationale and justify your decision
• explain how DSbD security will enhance your approach to security, qualitatively and quantitatively, and how you will confirm if it is a viable way forward
• identify and describe how you plan to overcome any dependence on other technology, ecosystem or business requirement for the transition and adoption of your innovation

You will have access to DSbD’s Morello Platform Model. This is a software-based, Fixed Virtual Platform (FVP) model representation of the DSbD technology platform prototype hardware-based platform. The model will initially be capable of building and running nano Android kernel (reduced headless) and user-space examples.

You will have access to the evolving support software in terms of toolchain, libraries, kernel development and user-space components. You can find additional details and download links in the public software releases and associated documentation.

We are looking to fund a portfolio of projects, featuring a mix of detailed investigation, use cases and technological approaches.

Final project report

Successful projects must submit a final report to UKRI as part of the project close out. This must report your findings, including challenges and lessons learnt during your detailed investigation effort.

A template will be provided by UKRI as part of the project close out documentation. The report will be confidential, and its use will be restricted to DSbD Programme activities within UKRI.

Specific themes

This competition is open to investigation of multiple approaches to applying DSbD security for fine-grained memory protection or software compartmentalisation.

Using a full software stack approach, projects can focus on one or more of the following aspects without intending to be an exhaustive list:

• software frameworks
• tooling
• development environments
• operating systems
• language runtimes
• libraries and ancillary support
• middleware

Projects we will not fund

We are not funding projects:

• that are not allowed under de minimis regulation restrictions
• that are not based on using DSbD capability hardware extension technologies
• that are not based on use cases benefiting from DSbD security and do not describe a full software stack approach to increased security
• that do not focus on a detailed investigation

• 27 November 2020: Recording of briefing event
• 30 November 2020: Competition opens
• 13 January 2021 11:00am: Competition closes
• 3 February 2021: Applicants notified

Before you start

You must read the guidance on applying for a competition on the Innovation Funding Service before you start.

What we ask you

The application is split into 3 sections:

1. Project details.
2. Application questions.
3. Finances.

1. Project details

This section provides background for the assessors and is not scored.

Equality, diversity and inclusion (not scored)

We collect and report on equality, diversity and inclusion (EDI) data to address under-representation in business innovation and ensure equality, diversity and inclusion across all our activities.

You must complete this EDI survey and then select yes in the application question. The survey will ask you questions on your gender, age, ethnicity and disability status. You will always have the option to ‘prefer not to say’ if you do not feel comfortable sharing this information.

Project summary

Describe your project briefly and be clear about what makes it innovative. We use this section to assign experts to assess your application.

Your answer can be up to 400 words long.

Public description

Describe your project in detail, and in a way that you are happy to see published. Do not include any commercially sensitive information. If we award your project funding, we will publish this description. This could happen before you start your project.

Your answer can be up to 400 words long.

Scope

Describe how your project fits the scope of the competition. If your project is not in scope it will be immediately rejected and will not be sent for assessment. We will inform you which aspect of the required scope you did not address.

Your answer can be up to 500 words long.

2. Application questions

The assessors will score your answers for questions 2 to 5. You will receive feedback from them for each one.

Do not include any website addresses (URLs) in your answers.

Question 1. De Minimis declaration (not scored)

Please download the de minimis declaration template. You must complete this declaring any other de minimis aid received during the current and previous 2 fiscal years. You must also keep all documentation relating to this and other de minimis awards for a period of 10 years and be prepared to release it to any public funding body which requests it. Please write “declaration attached” in the text box.

Question 2. Need or challenge

What is the technological challenge you need to overcome to secure software? What is the business need and market opportunity for your innovation?

Your answer can be up to 400 words long.

Describe or explain:

• the main motivation for the project
• your business need, technological challenge and market opportunity with respect to improving software security
• your problem domain, how it is being addressed today and the limitations of the current approach
• the potential of your project’s innovation in the context of using DSbD technologies

Question 3. Approach and innovation

How will you carry out your detailed investigation and where will the focus of your innovation be in the context of a full software stack approach to increased security?

Your answer can be up to 500 words long.

Describe or explain:

• your broader use case(s) and set of related scenarios
• how your detailed investigation aligns with a full software stack approach to increased security
• your solution under investigation in the context of a full software stack
• how your work will address identified technical challenges, requirements, dependencies and related complexities
• how you will use the platform model to inform your detailed investigation; alternatively, explain your rationale and justify why you will not use the model for your work
• how you have identified your technical deliverables
• describe your technical deliverables and provide appropriate checkpoints to demonstrate progress against your technical plan

You can submit one appendix. It can include diagrams and charts. It must be a PDF no larger than 10MB in size and can be up to 2 A4 pages long. The font must be legible at 100% zoom.

Question 4. Market awareness and adoption aspects

What market and adoption-related aspects will you consider for your innovation?

Your answer can be up to 400 words long.

Describe or explain:

• your role in the software stack
• how you expect the readiness of other components of the stack you depend on to evolve in order to progress your innovation
• how DSbD security will enhance your approach to security, qualitatively and quantitatively, and how you will confirm if it is a viable way forward
• how you plan to overcome any dependence on other technology, ecosystem or business requirement for the transition and adoption of your innovation

Question 5. Resources and capabilities

What resources will you commit to the project and what is your organisational experience in relation to the proposed work?

Your answer can be up to 400 words long.

Describe or explain:

• your organisational experience in relation to the proposed work
• your team members responsible for executing the technical plan
• the total eligible project costs and provide justification against the proposed effort

If the activities you are proposing with this application have additional self-funded activities linked to or associated with them, you must include a separate appendix to describe or explain:

• the additional activities and associated self-financing value
• how they will be identified and monitored separately during the project

The financial contribution for the additional self-funded activities must adhere to the project size requirements.

You can submit one appendix to support your answer. It must be a PDF, can be up to 1 A4 page long and no larger than 10MB in size. The font must be legible at 100% zoom.

Text update: 13 Jan 2021. We have added an additional question to capture project partners locations

Question 6: Project partners location (not scored)

Where are the organisations within your project team registered?

What should you include?

Please name each organisation along with its full registered address. If you are working with an academic institution this doesn’t need to be included.

3. Finances

Your organisation must complete your own project costs, organisation details and funding details in the application.

For full details on what costs you can claim see our project costs guidance.

Background and further information

The Digital Security by Design (DSbD) Industrial Strategy Challenge Fund (ISCF) challenge aims to radically update the foundation of the UK’s insecure digital computing infrastructure. The challenge will:

• increase cyber security for businesses, government and the wider public and economy
• increase productivity for the UK through reduction of days lost to cyber-attacks
• make the UK a market leader through new capabilities fostering the trust that is necessary for successful adoption of future digital services in areas such as artificial intelligence (AI) and the Internet of Things (IoT)

The challenge is being delivered through a £70 million programme funded by the Industrial Strategy Challenge Fund that is matched by industry funding of over £117 million.

About DSbD technologies
The Digital Security by Design (DSbD) programme produces technologies that have the potential to create a step-change in addressing security from the central hardware up through the software stack of digital systems.

DSbD technologies enable fine grained memory protection and software compartmentalisation on top of a memory-managed processor. For example, a processor that uses a Memory Management Unit (MMU).

They offer an approach to containerise and protect access of data in digital systems with a potential to greatly increase robustness and resilience against cyber-attacks.

The DSbD Technology Platform Prototype uses an Arm 64-bit processor that incorporates the DSbD technologies and the concepts of the Capability Hardware Enhanced Reduced Instruction Set Computer (RISC) Instructions (CHERI) protection model.

CHERI comprised security features and safeguards that are built into the processor architecture so that the hardware system and associated software become more resilient and therefore more secure, against a range of software vulnerabilities.

The Fixed Virtual Platform (FVP) model takes a software programmer’s view of a computer and runs as an executable in a desktop-based development environment. It enables execution of full software stacks and provides a widely available virtual platform ahead of the delivery of the technology platform prototype hardware.

Enterprise Europe Network

If you are a UK SME and successful in receiving an award, you will be contacted by your local Enterprise Europe Network (EEN) Innovation Advisor. They act on behalf of Innovate UK to discuss the growth opportunities for your business.

They offer bespoke business support services to help you maximise your project and business potential. This service forms part of your Innovate UK offer under our commitment to help UK SMEs grow and scale.

Please engage positively with your EEN contact so that, working together, you can determine the most appropriate form of growth support for your business.

Contact us

If you need more information about how to apply email support@innovateuk.ukri.org or call 0300 321 4357.Our phone lines are open from 9am to 11:30am and 2pm to 4:30pm, Monday to Friday (excluding bank holidays).

Innovate UK is committed to making support for applicants accessible to everyone. We can provide help for applicants who face barriers when making an application. This might be as a result of a disability, neurodiversity or anything else that makes it difficult to use our services. We can also give help and make other reasonable adjustments for you if your application is successful.

If you think you need more support, it is important that you contact our Customer Support Service as early as possible during your application process. You should aim to contact us no later than 10 working days before the competition closing date.

Need help with this service? Contact us