Unhackable Morpheus CPU architecture announced by University of Michigan
Even though there are no reports of real-world disasters caused by hackers taking advantage of the inherent Spectre and Meltdown vulnerabilities that plague most CPUs released in the past 10 years, the flawed architectures employed by Intel and AMD clearly need to be updated with improved security features. Both chip makers are now trying to provide hardware-level patches and fixes, but hackers already found more Spectre and Meltdown variants, so maybe this security model of bugs and patches needs to be replaced. Enter the “unhackable” Morpheus CPU security architecture developed by researchers at the University of Michigan.
Morpheus uses a pro-active security system that encrypts and randomly reshuffles bits of its own code 20 times per second. According to Todd Austin, one of the engineers and developers of the architecture, “even if a hacker finds a bug, the information needed to exploit it vanishes 50 milliseconds later. It’s perhaps the closest thing to a future-proof secure system […] Imagine trying to solve a Rubik’s Cube that rearranges itself every time you blink. That’s what hackers are up against with Morpheus. It makes the computer an unsolvable puzzle.”
It looks like the U.S. Army is also interested in this new architecture, as a working Morpheus prototype was funded by DARPA. The prototype managed to defend against every known variant of the control-flow attack, which is currently the most efficient way to compromise CPUs. The research team lead by Austin is confident that the Morpheus processor can fend off even the fastest electronic hacking techniques and can increase the randomization speed if it detects an increased rate of attacks. The default 50 millisecond randomization speed only has a 1% performance impact.
The demo chip was built using the RISC-V architecture, which is common for open-source research of this kind. This shows that security systems similar to Morpheus can eventually be implemented in consumer chips like desktop CPUs or IoT devices, and Austin is already looking to commercialize the technology via its Agita Labs startup company.