Scientists at the University of Michigan look to flip the script on cybersecurity by creating an impressively secure computer with the help of a $3.6 million grant from Defense Advanced Research Projects Agency (DARPA).
The project is called MORPHEUS. Lead by Todd Austin, professor of computer science and engineering at U-M, it approaches cybersecurity from a unique perspective. Today, computers are protected by a “patch and pray” method of covering hardware vulnerabilities with software code. MORPHEUS aims to bake cybersecurity into the hardware itself thereby eliminating many current and future threats.
“Instead of relying on software Band-Aids to hardware-based security issues, we are aiming to remove those hardware vulnerabilities in ways that will disarm a large proportion of today’s software attacks,” said Linton Salmon, manager of DARPA’s System Security Integrated Through Hardware and Firmware program.
Austin’s team is designing new computer circuits that quickly and randomly move information around like a puzzle where the pieces and the picture are constantly changing, a noted departure from current hardware architecture. When a computer bug infects a system, it often hides itself where the user is unlikely to look. An intruder would access the bug to exploit the system. “Typically, the location of this data never changes, so once attackers solve the puzzle of where the bug is and where to find the data, it’s ‘game over,'” Austin said.
Austin likens the concept to a popular cubed game with a twist. “We are making the computer an unsolvable puzzle. It’s like if you’re solving a Rubik’s Cube and every time you blink, I rearrange it.”
The SSITH program seeks to address seven main types of hardware vulnerability: permissions and privileges, buffer errors, resource management, information leakage, numeric errors, crypto errors, and code injection. Fixing these hardware weaknesses would effectively close down more than 40% of the software doors available to unwelcome guests.