Thanks to a $3.6 million grant from DARPA, University of Michigan (U-M) researchers are hard at work creating an unhackable computer.
Current devices rely on the “patch and pray”” model, where developers create software patches for existing vulnerabilities. This approach is less than ideal to keep malicious entities at bay.
This past spring, DARPA announced the System Security Integrated Through Hardware and Firmware (SSITH) program. As its name suggests, the mission is to create cybersecurity solutions implemented at a hardware level. The U-M fortified computer, called the MORPHEUS project, is one of nine funded ideas that fall under the umbrella of the SSITH program.
“Instead of relying on software Band-Aids to hardware-based security issues, we are aiming to remove those hardware vulnerabilities in ways that will disarm a large proportion of today’s software attacks,” says Linton Salmon, manager of DARPA’s SSITH program.
The U-M team plans to create an unhackable computer with hardware that can randomly move and destroy information at a rapid pace. This method could hide vital data from hackers, foiling the success of their cyberattack.
“We are making the computer an unsolvable puzzle. It’s like if you’re solving a Rubik’s Cube and every time you blink, I rearrange it,” says Todd Austin, U-M professor of computer science and engineering, and leader of the MORPHEUS project.
“What’s incredibly exciting about the project is that it will fix tomorrow’s vulnerabilities. I’ve never known any security system that could be future proof,” Austin adds.
According to DARPA, if researchers remove seven classes of hardware weaknesses, about 40 percent of software hacking pathways could be eradicated. Identified by Common Weakness Enumeration (CWE), the seven vulnerabilities include buffer errors; permissions, privilege, and access control; resource management; numeric errors; code injections; crypto errors; and information leakage.