A Microphchip That Can Stop Cyber Attacks

A new computer processor architecture developed at the University of Michigan (U-M) could assist in a future where computers proactively defend against cyber threats, rendering the current electronic security model of bugs and patches obsolete. 

The chip, called Morpheus, blocks potential attacks by encrypting and randomly reshuffling key bits of its own code and data 20 times per second. 

According to the team at U-M, this processor is faster than a human hacker and a thousand times faster than even the fastest electronic hacking techniques.

“Today’s approach of eliminating security bugs one by one is a losing game,” said Todd Austin, U-M professor of computer science and engineering. “People are constantly writing code, and as long as there is new code, there will be new bugs and security vulnerabilities.”

Also the developer of the system, Austin added: “With Morpheus, even if a hacker finds a bug, the information needed to exploit it vanishes 50 milliseconds later. It’s perhaps the closest thing to a future-proof secure system.” Austin and his colleagues have demonstrated a DARPA-funded prototype processor that successfully defended against every known variant of control-flow attack, one of hackers’ most dangerous and widely used techniques.

The researchers said the technology could be used in a variety of applications, from laptops and PCs to Internet of Things (IoT) devices, where simple and reliable security will be increasingly critical.

“We’ve all seen how damaging an attack can be when it hits a computer that’s sitting on your desk,” he said. “But attacks on the computer in your car, in your smart lock or even in your body could place users at even greater risk.”

Austin said that the system embeds security into its hardware, instead of using software to patch known code vulnerabilities. Such an application makes vulnerabilities impossible to pin down and exploit by constantly randomising critical programme assets in a process known as “churn”, he added.

“Imagine trying to solve a Rubik’s Cube that rearranges itself every time you blink,” Austin said. “That’s what hackers are up against with Morpheus. It makes the computer an unsolvable puzzle.”

The chip, however, is transparent to software developers and end-users as the technology focuses on randomising bits of data known as “undefined semantics”. Undefined semantics refers to the “nooks and crannies” of the computer architecture: for example, the location, format and content of programme code are undefined semantics.

According to the team, this randomisation of data is part of a processor’s most basic machinery, and legitimate programmers don’t generally interact with this process. However, hackers can reverse-engineer them to uncover vulnerabilities in a system and launch an attack.

The chip’s churn rate can be adjusted up or down to strike the right balance between maximising security and minimising resource consumption.

Austin explained that a churn rate of once every 50 milliseconds was chosen for the demonstration processor. This is because it’s several thousand times faster than the fastest electronic hacking techniques, but only slows the performance by around 1 per cent.

The computer processor architecture also features an attack detector. This searches for impending cyber threats and increases the churn rate if the system senses than an attack is imminent. Austin and colleagues presented the chip and research paper in April 2019 at the ACM International Conference on Architectural Support for Programming Languages and Operating Systems.

Engineering&Technology

You Might Also Read: 

Wanted: A New Microchip For The AI Era:

MIT Develops A Hack-Proof RFID Chip:

« Using Identity Access Management
Snowden Explains Why The CIA Is On Instagram »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

European Cybercrime Training and Education Group (ECTEG)

European Cybercrime Training and Education Group (ECTEG)

The primary aim of ECTEG is to enhance the coordination of cybercrime training, by identifying opportunities to build the capacity of countries to combat cybercrime

Cyber Exec

Cyber Exec

Cyber Exec is an executive search firm dedicated to global talent acquisition in Cyber Security, Information Technology, Defense...

WireX Systems

WireX Systems

WireX is an innovative network intelligence and forensics company that is changing the way businesses resolve cyber-attacks.

CyberESI

CyberESI

CyberESI is a Managed Security Service Provider providing 24x7 remote security monitoring and management of your mission-critical networks.

Clearswift

Clearswift

Clearswift is trusted by businesses, governments and defense organizations globally for its Adaptive Cyber Security and Data Loss Prevention solutions.

SKOUT Secure Intelligence

SKOUT Secure Intelligence

SkOUT Secure Intelligence (formerly Oxford Solutions) provides cyber security monitoring services to organizations around the globe.

RIPS Technologies

RIPS Technologies

RIPS Technologies delivers automated security analysis for PHP applications as platform independent software or highly scalable cloud service.

Plurilock Security Solutions

Plurilock Security Solutions

Plurilock is a real-time cybersecurity solution that uses artificial intelligence to identify, prevent, and eliminate insider threats.

CICRA

CICRA

CICRA is Sri Lanka's pioneering cyber security training and consultancy provider.

IntaPeople

IntaPeople

IntaPeople are IT and engineering recruitment specialists. We have specialist teams for job sectors including Cybersecurity, IT infrastructure and DevOps.

Com Laude

Com Laude

Com Laude is a domain name management company that provides strategic consulting to help companies strengthen digital brand, safeguard customers & protect brand IP.

Aura

Aura

Aura is a mission driven technology company dedicated to creating a safer internet for everyone. We’re making comprehensive digital security that's simple to understand and easy to use.

UncommonX

UncommonX

UncommonX offers enterprise-class cybersecurity protection for mid-size organizations by combining adaptive threat and intelligence software with 24/7 industry experts.

Secure Diversity

Secure Diversity

Secure Diversity is an innovative non-profit organization with leaders that think out of the box to create strategies & solutions to increase diversity in the cybersecurity industry.

VectorRock

VectorRock

Save Your Business From Cyber Criminals. We specialize in uncovering cyber risks which threaten your organization and fixing them.

Panoplia Digital Protection

Panoplia Digital Protection

Panoplia Digital Protection is a cutting-edge cybersecurity company that leverages the power of AI and ML to help businesses and consumers protect themselves against cyber threats.