Super-Secure Processor Thwarts Hackers by Turning a Computer Into a Puzzle
We have developed and tested a secure new computer processor that thwarts hackers by randomly changing its underlying structure, thus making it virtually impossible to hack.
Last summer, 525 security researchers spent three months trying to hack our Morpheus processor as well as others. All attempts against Morpheus failed.
This study was part of a program sponsored by the U.S. Defense Advanced Research Program Agency to design a secure processor that could protect vulnerable software. DARPA released the results on the program to the public for the first time in January 2021.
A processor is the piece of computer hardware that runs software programs. Since a processor underlies all software systems, a secure processor has the potential to protect any software running on it from attack.
Our team at the University of Michigan first developed Morpheus, a secure processor that thwarts attacks by turning the computer into a puzzle, in 2019.
A processor has an architecture – x86 for most laptops and ARM for most phones – which is the set of instructions software needs to run on the processor.
Processors also have a microarchitecture, or the “guts” that enable the execution of the instruction set, the speed of this execution, and how much power it consumes.
Hackers need to be intimately familiar with the details of the microarchitecture to graft their malicious code, or malware, onto vulnerable systems.
To stop attacks, Morpheus randomizes these implementation details to turn the system into a puzzle that hackers must solve before conducting security exploits.
From one Morpheus machine to another, details like the commands the processor executes or the format of program data change in random ways. Because this happens at the microarchitecture level, software running on the processor is unaffected.
A skilled hacker could reverse-engineer a Morpheus machine in as little as a few hours, if given the chance. To counter this, Morpheus also changes the microarchitecture every few hundred milliseconds.
Thus, not only do attackers have to reverse-engineer the microachitecture, but they have to do it very fast.
With Morpheus, a hacker is confronted with a computer that has never been seen before and will never be seen again.