WHY THIS MATTERS IN BRIEF
Being able to create an unhackable computer sounds like science fiction, but that doesn’t stop researchers from giving it a go.
“Unhackable” is a strong word. And so far many of the technologies that people have described as being unhackable, even awesome science fiction like technologies such as quantum encryption have been hacked. Meanwhile though other “unhackable things,” such as unhackable code, is still comfortably fending off every hacking attempt thrown at it. So far. Undeterred though last year DARPA, the bleeding edge research arm of the US military awarded a multi-million dollar grant to the University of Michigan to create the world’s first unhackable computer system – the MORPHEUS computer system, a platform that would be capable of self-reconfiguring both its hardware and software hundreds of times a minute in order to fend off and thwart all hacking attempts.
Now the first fruits of that research have been unveiled after the researchers heading up the program demonstrated the world’s first MORPHEUS computer chip prototype that blocks potential hacking attacks by encrypting and randomly reshuffling key bits of its own code and data 20 times per second – a speed that is infinitely faster than a human hacker can work and thousands of times faster than even the fastest electronic hacking techniques, including the new breed of Artificial Intelligence (AI) robo-hackers that are being used by the Pentagon to protect their mission critical systems. And after it’s successful trial it’s believed that the new computer processor architecture could usher in a future where computers proactively defend against threats, rendering the current electronic security model of bugs and patches completely obsolete.
Suffice to say, that would represent a huge leap forward in helping organisations defend themselves against the unrelenting onslaught of cyber attackers, both human and robot, that recently prompted the Pentagon and the US DoD to publicly admit that they “can no longer keep up with the pace or variety of [cyber] attacks.”
“Today’s approach of eliminating security bugs one by one is a losing game,” says Todd Austin, professor of computer science and engineering who led the development of the new system. “People are constantly writing code, and as long as there is new code, there will be new bugs and security vulnerabilities. With MORPHEUS, even if a hacker finds a bug, the information needed to exploit it vanishes 50 milliseconds later. It’s perhaps the closest thing to a future-proof secure system.”
The prototype processor that Austin and his colleagues demonstrated managed to successfully defend itself against every known variant of control-flow attack, one of hackers’ most dangerous and widely used techniques, and the technology could, unsurprisingly, be useful in a variety of applications, from laptops and PCs to Internet of Things devices, where simple and reliable security will be increasingly critical.
“We’ve all seen how damaging an attack can be when it hits a computer that’s sitting on your desk,” he says. “But attacks on the computer in your car, and in the future, self-driving car, in your smart lock, or even the [implanted medical] devices in your body could place users at even greater risk.”
Austin says that instead of using software to patch known code vulnerabilities, MORPHEUS bakes security into its hardware. It makes vulnerabilities virtually impossible to pin down and exploit by constantly randomising critical program assets in a process called “Churn.”
“Imagine trying to solve a Rubik’s Cube that rearranges itself every time you blink,” Austin says. “That’s what hackers are up against with MORPHEUS. It makes the computer an unsolvable puzzle.”
Additionally, MORPHEUS is transparent to software developers and end users because it focuses on randomising bits of data known as “undefined semantics.” Undefined semantics are nooks and crannies of the computing architecture – for example the location, format, and content of program code is an undefined semantic.
Undefined semantics are part of a processor’s most basic machinery, and legitimate programmers don’t generally interact with them. But hackers can reverse-engineer them to uncover vulnerabilities and launch an attack.
The researchers can adjust the chip’s churn rate up or down to strike the right balance between maximizing security and minimising resource consumption. Austin says they chose a churn rate of once every 50 milliseconds for the demonstration processor because it’s several thousand times faster than even the fastest electronic hacking techniques, but only slows performance by about 1 percent. The architecture also includes an attack detector that looks for pending threats and increases the churn rate if it senses that an attack is imminent.
Austin and his colleagues presented the chip and research paper last month at the ACM International Conference on Architectural Support for Programming Languages and Operating Systems.
The demonstration chip is a RISC-V processor, a common open source chip design researchers often used for their work and Austin is now working to commercialise the technology through Agita Labs, a start up company he founded and University of Michigan computer science and engineering professor Valeria Bertacco, also an author of the paper. Additional researchers came from the University of Michigan, the University of Texas, and Princeton University.
Source: University of Michigan