A Microphchip That Can Stop Cyber Attacks

A new computer processor architecture developed at the University of Michigan (U-M) could assist in a future where computers proactively defend against cyber threats, rendering the current electronic security model of bugs and patches obsolete. 

The chip, called Morpheus, blocks potential attacks by encrypting and randomly reshuffling key bits of its own code and data 20 times per second. 

According to the team at U-M, this processor is faster than a human hacker and a thousand times faster than even the fastest electronic hacking techniques.

“Today’s approach of eliminating security bugs one by one is a losing game,” said Todd Austin, U-M professor of computer science and engineering. “People are constantly writing code, and as long as there is new code, there will be new bugs and security vulnerabilities.”

Also the developer of the system, Austin added: “With Morpheus, even if a hacker finds a bug, the information needed to exploit it vanishes 50 milliseconds later. It’s perhaps the closest thing to a future-proof secure system.” Austin and his colleagues have demonstrated a DARPA-funded prototype processor that successfully defended against every known variant of control-flow attack, one of hackers’ most dangerous and widely used techniques.

The researchers said the technology could be used in a variety of applications, from laptops and PCs to Internet of Things (IoT) devices, where simple and reliable security will be increasingly critical.

“We’ve all seen how damaging an attack can be when it hits a computer that’s sitting on your desk,” he said. “But attacks on the computer in your car, in your smart lock or even in your body could place users at even greater risk.”

Austin said that the system embeds security into its hardware, instead of using software to patch known code vulnerabilities. Such an application makes vulnerabilities impossible to pin down and exploit by constantly randomising critical programme assets in a process known as “churn”, he added.

“Imagine trying to solve a Rubik’s Cube that rearranges itself every time you blink,” Austin said. “That’s what hackers are up against with Morpheus. It makes the computer an unsolvable puzzle.”

The chip, however, is transparent to software developers and end-users as the technology focuses on randomising bits of data known as “undefined semantics”. Undefined semantics refers to the “nooks and crannies” of the computer architecture: for example, the location, format and content of programme code are undefined semantics.

According to the team, this randomisation of data is part of a processor’s most basic machinery, and legitimate programmers don’t generally interact with this process. However, hackers can reverse-engineer them to uncover vulnerabilities in a system and launch an attack.

The chip’s churn rate can be adjusted up or down to strike the right balance between maximising security and minimising resource consumption.

Austin explained that a churn rate of once every 50 milliseconds was chosen for the demonstration processor. This is because it’s several thousand times faster than the fastest electronic hacking techniques, but only slows the performance by around 1 per cent.

The computer processor architecture also features an attack detector. This searches for impending cyber threats and increases the churn rate if the system senses than an attack is imminent. Austin and colleagues presented the chip and research paper in April 2019 at the ACM International Conference on Architectural Support for Programming Languages and Operating Systems.

Engineering&Technology

You Might Also Read: 

Wanted: A New Microchip For The AI Era:

MIT Develops A Hack-Proof RFID Chip:

« Using Identity Access Management
Snowden Explains Why The CIA Is On Instagram »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

InfoSec People

InfoSec People

InfoSec People is a boutique cyber and technology recruitment consultancy, built by genuine experts.

Optimum Insurance

Optimum Insurance

Optimum's Cyber Risk & Data Protection Insurance policies are designed to protect against cyber exposures that arise when a company’s data and customer information is breached or stolen.

TraceSecurity

TraceSecurity

TraceSecurity, a leading pioneer in cloud-based security solutions, provides IT governance, risk and compliance (GRC) management solutions.

National Association of Software and Services Companies (NASSCOM) - India

National Association of Software and Services Companies (NASSCOM) - India

NASSCOM is a trade association of Indian Information Technology and Business Process Outsourcing industry. Areas of activity include cyber security.

PhishLabs

PhishLabs

PhishLabs provides 24/7 services that help organizations protect against the cyberattacks targeting their employees, their customers and their brands.

Tukan IT

Tukan IT

Tukan IT provides a data classification and protection solution.

Online Business Systems

Online Business Systems

Online Business Systems is an information technology and business consultancy. We design improved business processes enabled with robust and secure information systems.

Redbelt Security

Redbelt Security

Redbelt is a cyber security consultancy. We integrate people, systems, services and products to transform how your information security is delivered.

Cobalt Iron

Cobalt Iron

Cobalt Iron is a global leader in SaaS-based enterprise backup and data protection technology.

Tyler Technologies

Tyler Technologies

Tyler Technologies is a leading provider of end-to-end information management solutions and services for local governments.

Regulativ.ai

Regulativ.ai

Regulativ.ai is an innovative and comprehensive platform, driven by AI, to address the regulatory and compliance needs of Cyber Security Regulatory compliance and reporting.

Allstate Identity Protection

Allstate Identity Protection

Allstate make it easy to provide complete identity protection, so everyone can live more confidently online.

Opkalla

Opkalla

We started Opkalla because we believe IT professionals deserve better. We help our clients navigate the confusion in the marketplace and choose the solution that is right for your business.

Capzul

Capzul

Capzul are transforming the network security landscape with a new approach; creating virtually impenetrable networks, precluding cybercriminal attacks on your network ecosystem.

NetSfere

NetSfere

NetSfere provides next-generation messaging and mobility solutions to carriers and enterprises globally including its enterprise-grade, secure mobile messaging platform NetSfere Enterprise.

SECQAI

SECQAI

At SECQAI we create dual-use hardware and software to enable the future of computing.