Todd Austin is Professor of Electrical Engineering and Computer Science at the University of Michigan. Lauren Biernacki is a PhD candidate in computer science and engineering at the University of Michigan. This story was originally featured on The conversation.
We have developed and tested a new secure computer processor that outwits hackers by randomly altering its underlying structure, making hacking virtually impossible.
Last summer, 525 security researchers spent three months trying to hack our Morpheus processor and others. All attempts against Morpheus have failed. This study was part of a program sponsored by the US Defense Advanced Research Program Agency to design a secure processor capable of protecting vulnerable software. DARPA first released the results of the program to the public in January 2021.
A processor is the computer hardware that runs software programs. Since a processor is the foundation of all software systems, a secure processor has the potential to protect any software that runs on it from attacks. Our team at the University of Michigan first developed Morpheus, a secure processor that thwarts attacks by turning the computer into a puzzle, in 2019.
A processor has an architecture – x86 for most laptops and ARM for most phones – which is the set of instructions software needs to run on the processor. Processors also have a microarchitecture, or “guts” that allow the instruction set to execute, the speed of that execution, and the amount of power it consumes.
Hackers must be intimately familiar with the details of the microarchitecture to graft their malicious code, or malware, onto vulnerable systems. To stop the attacks, Morpheus randomizes these implementation details to turn the system into a puzzle that hackers must solve before they carry out security exploits. From one Morpheus machine to another, details like the commands executed by the processor or the program’s data format change randomly. As happens at the microarchitecture level, software running on the processor is not affected.
A seasoned hacker could reverse engineer a Morpheus machine in as little as a few hours, if given the chance. To counter this, Morpheus also changes the microarchitecture every few hundred milliseconds. So not only do attackers have to reverse engineer the microarchitecture, they have to do it very quickly. With Morpheus, a hacker is confronted with a computer that has never been seen before and that will never be seen again.
Why is this important
To carry out a security exploit, hackers use vulnerabilities in software to get inside a device. Once inside, they graft their malware onto the device. Malware is designed to infect the host device in order to steal sensitive data or spy on users.
The typical approach to computer security is to patch individual software vulnerabilities to keep hackers out. For these patch-based techniques to be successful, programmers must write perfect software without any bugs. But ask any programmer, and the idea of creating a perfect program is laughable. Bugs are everywhere, and security bugs are the hardest to find because they don’t affect the normal operation of a program.
Morpheus takes a distinct approach to security by increasing the underlying processor to prevent attackers from grafting malware onto the device. With this approach, Morpheus protects any vulnerable software that runs on it.
What other research is in progress
For a very long time, processor designers saw security as an issue for software programmers because programmers created software bugs that lead to security issues. But recently, computer designers have discovered that hardware can help protect software.
Academic efforts, such as Capability Hardware’s enhanced RISC instructions at the University of Cambridge, have demonstrated strong protection against memory bugs. Commercial efforts have also started, such as Intel’s control flow control technology, which will be available soon.
Morpheus takes a significantly different approach to ignoring bugs and instead randomizes its internal implementation to thwart bug exploitation. Fortunately, these are complementary techniques and their combination will likely make systems even more difficult to attack.
We examine how fundamental aspects of Morpheus design can be applied to protect sensitive data on user devices and in the cloud. Besides randomizing the implementation details of a system, how can we randomize the data in a way that preserves confidentiality without being a burden on software programmers?