Funded by the US Defense Department, Morpheus repeatedly randomizes key parts of its software so attackers face a moving target
Last year’s revelations of security holes that affect billions of chips have spurred researchers to seek more effective ways of securing semiconductors.
Todd Austin, a professor at the University of Michigan, is working on an approach known as Morpheus that aims to frustrate hackers trying to gain control of microchips by presenting them with a rapidly changing target.
At a conference in Detroit this week organized by the US Defense Department’s Defense Advanced Research Projects Agency (DARPA), Austin described how the prototype Morpheus chip works.
The aim is to make it incredibly difficult for hackers to exploit key software that helps govern the chip’s operation. Morpheus does this by repeatedly randomizing elements of the code that attackers need access to in order to compromise the hardware. This can be achieved without disrupting the software applications that are powered by the processor.
Austin has been able to get the chip’s code “churning” to happen once every 50 milliseconds—way faster than needed to frustrate the most powerful automated hacking tools. So even if hackers find a vulnerability, the information needed to exploit it disappears in the blink of an eye.
Linton Salmon of DARPA, who oversees the agency’s project that backs Morpheus, says a big advantage of the technology is that it can defend against a wide range of cyberattacks.
The prototype chip also boasts software that aims to spot new kinds of digital assaults, adjusting its churn rate according to the severity of the threat.
Cost versus benefits
There’s a cost to all this: the technology causes a slight drop in performance and requires somewhat bigger chips. The military may accept this trade-off in return for greater security on the battlefield, but it could limit Morpheus’s appeal to businesses and consumers.
Austin and Valeria Bertacco, a colleague at the University of Michigan, have cofounded a startup called Agita Labs to commercialize Morpheus, whose prototype is based on the popular open-source RISC-V chip architecture.
Potential buyers will want proof that the technology works. Austin said a prototype has already resisted every known variant of a widely-used hacking technique known as a control-flow attack, which does things like tampering with the way a processor handles memory in order to allow hackers to sneak in malware.
More tests lie ahead. A team of US national security experts will soon begin probing the prototype chip to see if they can compromise its defenses, and Austin also plans to post some of Morpheus’s code online so that other researchers can try to find flaws in it, too.
Font: MIT Technology Review
Ransomware suspected in cyberattack that crippled major US newspapers
Cybersecurity: Three hacking trends you need to know about to help protect yourself