A Microphchip That Can Stop Cyber Attacks

Uploaded on 2019-05-08 in TECHNOLOGY--Developments, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

A new computer processor architecture developed at the University of Michigan (U-M) could assist in a future where computers proactively defend against cyber threats, rendering the current electronic security model of bugs and patches obsolete. 

The chip, called Morpheus, blocks potential attacks by encrypting and randomly reshuffling key bits of its own code and data 20 times per second. 

According to the team at U-M, this processor is faster than a human hacker and a thousand times faster than even the fastest electronic hacking techniques.

“Today’s approach of eliminating security bugs one by one is a losing game,” said Todd Austin, U-M professor of computer science and engineering. “People are constantly writing code, and as long as there is new code, there will be new bugs and security vulnerabilities.”

Also the developer of the system, Austin added: “With Morpheus, even if a hacker finds a bug, the information needed to exploit it vanishes 50 milliseconds later. It’s perhaps the closest thing to a future-proof secure system.” Austin and his colleagues have demonstrated a DARPA-funded prototype processor that successfully defended against every known variant of control-flow attack, one of hackers’ most dangerous and widely used techniques.

The researchers said the technology could be used in a variety of applications, from laptops and PCs to Internet of Things (IoT) devices, where simple and reliable security will be increasingly critical.

“We’ve all seen how damaging an attack can be when it hits a computer that’s sitting on your desk,” he said. “But attacks on the computer in your car, in your smart lock or even in your body could place users at even greater risk.”

Austin said that the system embeds security into its hardware, instead of using software to patch known code vulnerabilities. Such an application makes vulnerabilities impossible to pin down and exploit by constantly randomising critical programme assets in a process known as “churn”, he added.

“Imagine trying to solve a Rubik’s Cube that rearranges itself every time you blink,” Austin said. “That’s what hackers are up against with Morpheus. It makes the computer an unsolvable puzzle.”

The chip, however, is transparent to software developers and end-users as the technology focuses on randomising bits of data known as “undefined semantics”. Undefined semantics refers to the “nooks and crannies” of the computer architecture: for example, the location, format and content of programme code are undefined semantics.

According to the team, this randomisation of data is part of a processor’s most basic machinery, and legitimate programmers don’t generally interact with this process. However, hackers can reverse-engineer them to uncover vulnerabilities in a system and launch an attack.

The chip’s churn rate can be adjusted up or down to strike the right balance between maximising security and minimising resource consumption.

Austin explained that a churn rate of once every 50 milliseconds was chosen for the demonstration processor. This is because it’s several thousand times faster than the fastest electronic hacking techniques, but only slows the performance by around 1 per cent.

The computer processor architecture also features an attack detector. This searches for impending cyber threats and increases the churn rate if the system senses than an attack is imminent. Austin and colleagues presented the chip and research paper in April 2019 at the ACM International Conference on Architectural Support for Programming Languages and Operating Systems.

Engineering&Technology

You Might Also Read: 

Wanted: A New Microchip For The AI Era:

MIT Develops A Hack-Proof RFID Chip:

« Using Identity Access Management
Snowden Explains Why The CIA Is On Instagram »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

RedLock

RedLock

The RedLock Cloud 360TM platform correlates disparate security data sets to provide a unified view of risks across fragmented cloud environments.

Core Security

Core Security

Core Security provides threat-aware identity, access, authentication and vulnerability management solutions.

Security & Intelligence Agency (SOA) - Croatia

Security & Intelligence Agency (SOA) - Croatia

SOA is the Croatian security and intelligence service. Areas of activity include Cyber Security and Information Security.

CSIRT GOV - Poland

CSIRT GOV - Poland

Computer Security Incident Response Team CSIRT GOV, run by the Head of the Internal Security Agency, acts as the national CSIRT responsible for coordinating the response to computer incidents.

Navarino

Navarino

Navarino is the maritime industry’s most advanced communications and connectivity company. We develop advanced technologies and innovative IT solutions including cyber security.

QOMPLX

QOMPLX

QOMPLX integrate, contextualize, and analyze data from virtually any source to help you identify operational risk and inefficiencies throughout the enterprise.

Redstor

Redstor

Redstor's complete data management helps you discover, manage and control your data from a single control centre, unifying backup and recovery, disaster recovery, archiving and search and insight.

Crypto Quantique

Crypto Quantique

Crypto Quantique's ground-breaking technology radically simplifies the process of generating a hardware root of trust in an IoT device.

Partnership for Conflict, Crime and Security Research (PaCCS)

Partnership for Conflict, Crime and Security Research (PaCCS)

PaCCS delivers high quality and cutting edge research to improve our understanding of current and future global security challenges in areas including cybersecurity.

Prima Cyber Solutions (PCS)

Prima Cyber Solutions (PCS)

Prima Cyber Solutions is focused on protecting your business from the massive and devastating impacts that cyber-attacks may cause.

Sekuro

Sekuro

Sekuro is your leading governance and cyber security partner. Building organisational resilience. Enabling fearless innovation.

Cegeka

Cegeka

Cegeka is a family-owned IT company providing end-to-end IT solutions, services & consultancy.

eGeneration

eGeneration

eGeneration is one of the leading technology solutions and system integration companies in Bangladesh.

Boston Government Services (BGS)

Boston Government Services (BGS)

Boston Government Services is an engineering, technology, and security firm providing mission-focused solutions for the clean energy, nuclear, and federal programs markets.

TraitWare

TraitWare

The TraitWare mission is to increase user and company security while simplifying access to digital and physical resources through the elimination of the need for usernames and passwords.

Network Coverage

Network Coverage

Network Coverage align, maintain, and integrate technology and cloud solutions with business operations to improve productivity and security with as few issues and disruptions as possible.