Engineers have developed a computer processor that randomly changes its microarchitecture every few milliseconds. The processor, known as Morpheus, has already successfully passed its first major tests, throwing hundreds of professional hackers into the DARPA security test. Writes about this The Conversation.
In 2017, DARPA supported the Morpheus project of the University of Michigan, allocating $ 3.6 million for it, four years later the processor is ready and undergoing testing. For four months in 2020, DARPA launched a bug-reward program called Finding Exploits to Thwart Tampering (FETT), in which 525 professional security researchers pitted against Morpheus and a range of other processors.
The goal of the program was to test new security systems based on hardware that could protect data no matter how vulnerable the underlying software is. Morpheus was modeled to resemble a medical database full of software vulnerabilities – and yet no attack went through its defenses.
Basically, there is no such thing as bug-free software, and in many cases these bugs can be exploited by hackers. Software developers usually fix them when they find them, but often it doesn’t happen until after the attack, and hackers just move on to the next vulnerability. The cycle continues in an endless arms race between hackers and developers.
More recently, computer scientists have begun to understand that hardware can play an important role in security. To develop malware, hackers need to understand the microarchitecture of the processor so that they can figure out where to inject their malicious code. Locking the system down at the hardware level could potentially end the arms race once and for all.
This was the design philosophy behind Morpheus. Basically, the processor starts by encrypting key information such as the location, format, and content of the data. But this alone is not enough – a hacker can break this code within a few hours.
And in this Morpheus is unique – the system randomly shuffles the encryption every few hundred milliseconds. Thus, even if a hacker somehow manages to get an image of the entire processor, it will completely change before the attacker has a chance to act.
“Imagine trying to solve a Rubik’s cube that rebuilds every time you blink,” says Todd Austin, lead researcher for the Morpheus Project. “This is what the hackers are struggling with in the case of Morpheus. It turns the computer into an insoluble puzzle. ”
The main side effect is that Morpheus is about 10% slower than an equivalent system could, but this is a pretty good compromise for a virtually unbreakable processor. In addition, the team says that further refinement could speed up the system.
The Morpheus team says the next step in the project will be to adapt the technology to use it to protect data in the cloud.