Notebookcheck
, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
 

World's best 500+ cybersecurity experts fail to hack the Morpheus processor

Cybersecurity experts from all over the world tried to hack Morpheus for 2 months to no avail. (Image Source: umich.edu)
Cybersecurity experts from all over the world tried to hack Morpheus for 2 months to no avail. (Image Source: umich.edu)
In mid-2020, DARPA created a bug bounty program dubbed Finding Exploits to Thwart Tampering (FETT), to which it invited more than 500 cybersecurity experts tasked to breach certain experimental computer processors. Morpheus, the "unhackable" processor developed by the University of Michigan was the only one to live up to its nickname.
, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
 

A couple of years ago, we were reporting on the announcement of the “unhackable” Morpheus computer processor developed by the computer science researchers at the University of Michigan in the US. On paper, the processor presented quite the paradigm shift from traditional cybersecurity that usually relies on finding and eliminating software bugs, as Morpheus is designed to reconfigure key bits of its code and data dozens of times per second, turning any vulnerabilities into dead ends for hackers. However, in practice, it seemed that, given enough time, and with the aid of powerful AI tools, the sophisticated walls raised by Morpheus could eventually be breached. DARPA wanted to test this theory and amassed over 500 of the best cybersecurity experts in the world to try and hack Morpehus, but no one succeeded.

The Morpheus hacking challenge was part of a bug bounty program dubbed Finding Exploits to Thwart Tampering (FETT) organized by DARPA, the Department of Defense’s Defense Digital Service (DDS) and Synack - a crowdsourced security platform. This program ran from June through August of 2020 and evaluated the integrity of the Morpheus processor along with similar solutions developed by MIT, Cambridge University, Lockheed Martin and non-profit tech institute SRI International. It looks like only Morhpeus emerged unscathed. According to University of Michigan team leader Todd Austin, the success of the Morpheus processor is further proof that computer security needs to move away from its traditional bugs-and-patches paradigm.

“Today’s approach of eliminating security bugs one by one is a losing game,” Austin said. “Developers are constantly writing code, and as long as there is new code, there will be new bugs and security vulnerabilities. With Morpheus, even if a hacker finds a bug, the information needed to exploit it vanishes within milliseconds. It’s perhaps the closest thing to a future-proof secure system.”

As part of the FETT program, cybersecurity experts were offered tens of thousands of dollars to breach a computer system powered by Morpheus that housed a mock medical database. The Morpheus system was the second-most popular target of the seven processors evaluated under FETT. Experts tried to hack Morpheus by reverse-engineering the processor’s most basic machinery like the location, format and content of program code, also known  as “undefined semantics.” This approach is rendered ineffective by the chip’s ability to protect undefined semantics through “encryption and churn.” Encryption randomizes the important undefined semantics that hackers need to launch a successful attack, while churn re-randomizes them while the system is running. Austin explains that the churn rate is normally kept low to keep system performance high, but when a would-be hacker exercises an undefined semantic in an attempted attack, the churn rate spikes, stopping attackers in their tracks.

Since it managed to foil every cyber-attack, the Morpheus chip was awarded by DARPA with an A rating, which stands for “Approved for Public Release, Distribution Unlimited.”

 

Buy the AMD Ryzen 7 5800X processor on Amazon

static version load dynamic
Loading Comments
Comment on this article
, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
 
Bogdan Solca
Bogdan Solca - Senior Tech Writer - 1500 articles published on Notebookcheck since 2017
I first stepped into the wondrous IT&C world when I was around seven years old. I was instantly fascinated by computerized graphics, whether they were from games or 3D applications like 3D Max. I'm also an avid reader of science fiction, an astrophysics aficionado, and a crypto geek. I started writing PC-related articles for Softpedia and a few blogs back in 2006. I joined the Notebookcheck team in the summer of 2017 and am currently a senior tech writer mostly covering processor, GPU, and laptop news.
contact me via: Facebook
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2021 03 > World's best 500+ cybersecurity experts fail to hack the Morpheus processor
Bogdan Solca, 2021-03- 6 (Update: 2021-03- 6)