A new computer processor architecture developed at the University of Michigan in Ann Arbor could usher in a future where computers proactively defend against threats, rendering the current electronic security model obsolete.
This chip, called Morpheus, blocks potential attacks by encrypting and randomly reshuffling key bits of its own code and data 20 times per second — infinitely faster than a human hacker can work and thousands of times faster than the fastest electronic hacking techniques.
“Imagine trying to solve a Rubik’s Cube that rearranges itself every time you blink,” says Todd Austin, U-M professor of computer science and engineering and a developer of the system. “That’s what hackers are up against with Morpheus. It makes the computer an unsolvable puzzle.”
The chip’s churn (reshuffling) rate can be adjusted up or down to strike the right balance between maximizing security and minimizing resource consumption, preventing computers from slowing down. The architecture also includes an attack detector that looks for pending threats and increases the churn rate if it senses that an attack is imminent.
“Today’s approach of eliminating security bugs one by one is a losing game,” says Austin. “People are constantly writing code, and as long as there is new code, there will be new bugs and security vulnerabilities. With Morpheus, even if a hacker finds a bug, the information needed to exploit it vanishes 50 milliseconds later. It’s perhaps the closest thing to a future-proof secure system.”
Austin and his colleagues have demonstrated a Defense Advanced Research Projects Agency-funded prototype processor that successfully defended against every known variant of control-flow attack, one of hackers’ most effective and widely used techniques.
The technology could be used in a variety of applications where simple and reliable security will be increasingly critical.
“We’ve all seen how damaging an attack can be when it hits a computer that’s sitting on your desk,” he says. “But attacks on the computer in your car, in your smart lock, or even in your body could place users at even greater risk.”
Austin and colleagues presented the chip and research paper last month at the Association for Computing Machinery International Conference on Architectural Support for Programming Languages and Operating Systems.
He is working to commercialize the technology through Agita Labs, a startup company founded by Austin and U-M computer science and engineering professor Valeria Bertacco, also an author on the paper.
The research was supported by the Defense Advanced Research Projects Agency.