As cyber criminals up their game in terms of deriving different sophisticated techniques to compromise systems, steal funds, and take over identities, a group of researchers has developed what some media outlets called unhackable chip that is designed to confuse hackers and prevent them from infiltrating systems at the microprocessor level.
Researchers from the University of Michigan call it “Morpheus,” and it said to be “vulnerability tolerant” as it blocks potential attacks by confusing hackers and making it difficult for them to hack at the chip level.
Morpheus is backed by the famous US Defense Advanced Research Projects Agency (DARPA) and is a new chip architecture that bridges the gap between program and machine-level semantics making a system’s firewall impenetrable.
“Attacks often succeed by abusing the gap between program and machine-level semantics– for example, by locating a sensitive pointer, exploiting a bug to overwrite this sensitive data, and hijacking the victim program’s execution,” reads the study’s abstract.
Most common attacks today use malware to trick systems into misusing basic programming possibilities such as permissions and code injection, or into manipulating unusual states.
“In this work, we take secure system design on the offensive by continuously obfuscating information that attackers need, but normal programs do not use, such as [the] representation of code and pointers or the exact location of code and data,” the researchers added.
Just like the Greek god, Morpheus can manipulate program values
According to the developers of the Morpheus, the new chip architecture combines two powerful protections: ensembles of moving target defenses and churn.
The first layer of protection which is ensembling moving target defenses, the chip architecture randomizes key program values (e.g., relocating pointers and encrypting code and pointers) “which forces attackers to probe the system before an attack extensively.”
This means that much like Morpheus, the Greek god of sleep, the chip architecture can make fundamental program values (dreams) to shapeshift to make it harder for future hackers to distinguish them and exploit their vulnerabilities.
The second layer of protection brought by the new chip architecture is the churn, which transparently re-randomizes program values running underneath the system. “With frequent churn, systems quickly become impractically difficult to penetrate,” they said.
Furthermore, Morpheus is also designed to perform both the protection processes, re-randomizing program values every 50 milliseconds, which is faster than any hacker can catch up with, making it highly difficult to locate.
“Each moving target defense in Morpheus uses hardware support to individually offer more randomness at a lower cost than previous techniques. When ensembled with churn, Morpheus defenses offer strong protection against control-flow attacks, with our security testing and performance studies revealing:
- high-coverage protection for a broad array of control-flow attacks, including protections for advanced attacks and an attack disclosed after the design of Morpheus, and
- negligible performance impacts (1%) with churn periods up to 50 ms, which our study estimates to be at least 5000x faster than the time necessary to possibly penetrate Morpheus,” they wrote in their study.
One of the proponents of the study explained how the Morpheus chip works using analogies he derived from solving the Rubik’s cube puzzle.
“Imagine trying to solve a Rubik’s Cube that rearranges itself every time you blink. That’s what hackers are up against with Morpheus. It makes the computer an unsolvable puzzle,” University of Michigan’s Todd Austin explains to journalists.
The researchers said that another way of understanding how Morpheus works is that it is a low-level version of a standard protection technique called Address Space Layout Randomisation (ASLR).
Nonetheless, the researchers said that Morpheus chip architecture is not “unhackable.” Other techniques could fight off its protective mechanisms as it does not address all forms of attack. However, the innovation will reduce the attack surface at the very least.
“Looking ahead, we see great potential for EMTD technologies,” the researchers said. “Beyond control-flow attacks, we envision that a similar approach could be adopted to protect against side-channel attacks, timing attacks, Rowhammer attacks, and even cache attacks. To address each of these additional challenges, we will explore what assets the attacker needs and then develop efficient mechanisms to boost uncertainty and stifle attacks,” they added.