On Tuesday the Defense Advanced Research Projects Agency (DARPA) introduced it is going to be spending $3.6 million to develop a pc with hardware that’s billed by its creators as an “unsolvable puzzle.” The challenge known as MORPHEUS, a homage to the traditional Greek god of desires, and is meant to be a extra sturdy various to at the moment’s so-called “patch and pray” strategy to cybersecurity.
Instead of making software program patches for identified safety vulnerabilities and hoping that they repair the issue, the MORPHEUS hardware is designed in order that info could be rapidly and randomly shuffled round a pc. Todd Austin, a professor of pc science on the University of Michigan in contrast attempting to assault MORPHEUS to “fixing a Rubik’s dice, and each time you blink, I rearrange it.”
According to DARPA, 40 % of software program exploits obtainable to hackers could possibly be eradicated if a handful of several types of hardware weaknesses could possibly be eradicated, equivalent to errors with cryptography, code injection, and data leakage.
Austin and his colleagues are optimistic that MORPHEUS will present an answer to every of those points via its particular hardware design. When an attacker positive aspects entry to a system, this usually requires figuring out and exploiting a bug within the software program. Once this bug has been exploited, the attacker merely must determine the place the precious knowledge within the system is saved, steal it, and get out.
“Typically, the placement of this knowledge by no means modifications, so as soon as attackers resolve the puzzle of the place the bug is and the place to search out the info, it is ‘recreation over,'” Austin mentioned in a press release.
The MORPHEUS system will supposedly render these software program exploits ineffective utilizing pc circuits which might be designed to randomly shuffle knowledge round a pc system. This approach, even when an attacker finds a bug and tries to use it, the placement of that software program bug, in addition to the placement of any invaluable knowledge (equivalent to passwords) will consistently be altering.
Austin pointed to the Heartbleed bug found in 2014, which allowed attackers to view passwords and different essential knowledge on tens of millions of machines world wide, as a case the place the MORPHEUS system would have been in a position to stave off the assault.
Read More: The Heartbleed Bug Will Lurk within the Internet of Things for Decades
DARPA goals to have rendered most of the most typical software program vulnerabilities out of date inside 5 years. To this finish, the company has earmarked $50 million for grants to analysis cybersecurity options which might be part of a pc’s hardware, equivalent to MORPHEUS.
While this machine received’t probably be fully “unhackable,” it could possibly be a chic answer to a few of the world’s most annoying cybersecurity points.
This article sources info from Motherboard