A Microphchip That Can Stop Cyber Attacks

Uploaded on 2019-05-08 in TECHNOLOGY--Developments, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

A new computer processor architecture developed at the University of Michigan (U-M) could assist in a future where computers proactively defend against cyber threats, rendering the current electronic security model of bugs and patches obsolete. 

The chip, called Morpheus, blocks potential attacks by encrypting and randomly reshuffling key bits of its own code and data 20 times per second. 

According to the team at U-M, this processor is faster than a human hacker and a thousand times faster than even the fastest electronic hacking techniques.

“Today’s approach of eliminating security bugs one by one is a losing game,” said Todd Austin, U-M professor of computer science and engineering. “People are constantly writing code, and as long as there is new code, there will be new bugs and security vulnerabilities.”

Also the developer of the system, Austin added: “With Morpheus, even if a hacker finds a bug, the information needed to exploit it vanishes 50 milliseconds later. It’s perhaps the closest thing to a future-proof secure system.” Austin and his colleagues have demonstrated a DARPA-funded prototype processor that successfully defended against every known variant of control-flow attack, one of hackers’ most dangerous and widely used techniques.

The researchers said the technology could be used in a variety of applications, from laptops and PCs to Internet of Things (IoT) devices, where simple and reliable security will be increasingly critical.

“We’ve all seen how damaging an attack can be when it hits a computer that’s sitting on your desk,” he said. “But attacks on the computer in your car, in your smart lock or even in your body could place users at even greater risk.”

Austin said that the system embeds security into its hardware, instead of using software to patch known code vulnerabilities. Such an application makes vulnerabilities impossible to pin down and exploit by constantly randomising critical programme assets in a process known as “churn”, he added.

“Imagine trying to solve a Rubik’s Cube that rearranges itself every time you blink,” Austin said. “That’s what hackers are up against with Morpheus. It makes the computer an unsolvable puzzle.”

The chip, however, is transparent to software developers and end-users as the technology focuses on randomising bits of data known as “undefined semantics”. Undefined semantics refers to the “nooks and crannies” of the computer architecture: for example, the location, format and content of programme code are undefined semantics.

According to the team, this randomisation of data is part of a processor’s most basic machinery, and legitimate programmers don’t generally interact with this process. However, hackers can reverse-engineer them to uncover vulnerabilities in a system and launch an attack.

The chip’s churn rate can be adjusted up or down to strike the right balance between maximising security and minimising resource consumption.

Austin explained that a churn rate of once every 50 milliseconds was chosen for the demonstration processor. This is because it’s several thousand times faster than the fastest electronic hacking techniques, but only slows the performance by around 1 per cent.

The computer processor architecture also features an attack detector. This searches for impending cyber threats and increases the churn rate if the system senses than an attack is imminent. Austin and colleagues presented the chip and research paper in April 2019 at the ACM International Conference on Architectural Support for Programming Languages and Operating Systems.

Engineering&Technology

You Might Also Read: 

Wanted: A New Microchip For The AI Era:

MIT Develops A Hack-Proof RFID Chip:

« Using Identity Access Management
Snowden Explains Why The CIA Is On Instagram »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Nutanix

Nutanix

The Nutanix enterprise cloud platform provides performance, robust security, and seamless application mobility for a broad range of enterprise applications.

Veracode

Veracode

Veracode delivers the most widely used cloud-based platform for securing web, mobile, legacy and third-party enterprise applications.

Aviva

Aviva

Aviva provides Cyber Liability cover for small to mid-market customers to help combat the threat of data and privacy breach.

Metro Systems

Metro Systems

Metro Systems offer fully integrated IT solutions & services covering Digital Transformation, Digital Infrastructure, Cyber Security and Training.

URS Certification

URS Certification

United Registrar of Systems (URS Certification) is an independent certification body operating in more than 30 countries within the multinational URS Holdings.

National Cybersecurity Competence Centre (NC3) - Czech Republic

National Cybersecurity Competence Centre (NC3) - Czech Republic

NC3 has been established in response to growing demands for practically applicable products and solutions for ensuring cybersecurity of critical and non-critical information infrastructures.

AUREA Technology

AUREA Technology

The photon counter SPD_OEM_NIR from AUREA Technology is designed for quantum key distribution at telecom wavelengths.

ISMAC

ISMAC

ISMAC was founded to create a security solution that would work for smaller to medium as well as bigger corporations at an affordable price.

Cardonet

Cardonet

Cardonet is an IT Support and IT Services business offering end-to-end IT services, 24x7 IT Support to IT Consultancy, Managed IT and Cyber Security.

iSPIRAL IT Solutions

iSPIRAL IT Solutions

iSPIRAL is a leading regulatory technology software provider delivering state-of-art AML, KYC, Risk and Compliance solutions.

Avrem Technologies

Avrem Technologies

Avrem Technologies is a business IT and cybersecurity consulting firm. We design, implement, manage and monitor the networks, servers, computers and software that our clients rely on each day.

Domotz

Domotz

Domotz enables IT teams to monitor and manage their networks remotely, while ensuring that the security and the operational efficiency of their organizations are properly maintained.

appNovi

appNovi

appNovi inventories everything to map the attack surface, identify missing security agents, and prioritize vulnerabilities based on exposure.

Hughes Network Systems

Hughes Network Systems

Hughes are industry leaders in networking technologies and services, innovating constantly to deliver the global solutions that power a connected future for people, enterprises and things everywhere.

OOKOS

OOKOS

OOKOS was founded in 2023 by a team of cybersecurity veterans who recognized that traditional security models were failing to keep pace with evolving threats.

Acuvity

Acuvity

Acuvity is the most comprehensive AI security and governance platform for your employees and applications. Secure your GenAI adoption with confidence.