“Today’s approach of eliminating security bugs one by one is a losing game,” said Todd Austin, U-M professor of computer science and engineering and a developer of the system.
People are constantly writing code, and as long as there is new code, there will be new bugs and security vulnerabilities. To counterattack this problem head on,University of Michigan developed a new computer processor architecture where computers proactively defend against threats, rendering the current electronic security model of bugs and patches obsolete.
“Imagine trying to solve a Rubik’s Cube that rearranges itself every time you blink,” Austin said. “That’s what hackers are up against with MORPHEUS. It makes the computer an unsolvable puzzle.”
Today’s cyberattacks typically use malware to misuse basic programming possibilities such as permissions and code injection, or to manipulate unusual states, for example memory buffer overruns (a ‘control-flow’ attack) and information leakage.
This looks like an unavoidable software problem that exploits programming possibilities, which is how today’s industry treats them when they expose and patch vulnerabilities – essentially a way of rewriting code so that an error state is no longer possible.
It’s a neverending job because new code keeps getting added, which adds new vulnerabilities, requiring new patches.
Backed by the famous US Defense Advanced Research Projects Agency (DARPA), Morpheus sets out to counter weaknesses in today’s microprocessors, which the researchers believe make vulnerabilities and their exploits impossible to defend against. Morpheus encrypts and randomises or ‘churns’ data every 50ms – faster than any attacker can locate it – in effect making many common vulnerabilities impossible to exploit.
This ‘moving target’ defence wouldn’t make computers unhackable – Morpheus doesn’t address every type of attack – but it would at least greatly reduce the attack surface.
Panacea 