Shapeshifting Morpheus chip aims to baffle hackers

Researchers at the University of Michigan call it ‘Morpheus’ and it aims to make hacking so difficult at microprocessor level that attackers will give up long before they get the chance to do any damage.

It’s the sort of pitch that will strike most people as pretty sensational, which is why the engineers behind the project are disinclined to call it ‘unhackable’ even as some journalists have written about it in such exaggerated terms.

Backed by the famous US Defense Advanced Research Projects Agency (DARPA), Morpheus is a new chip architecture that sets out to counter weaknesses in today’s microprocessors, which the researchers believe make vulnerabilities and their exploits impossible to defend against.

Today’s cyberattacks typically use malware to misuse basic programming possibilities such as permissions and code injection, or to manipulate unusual states, for example memory buffer overruns (a ‘control-flow’ attack) and information leakage.

This looks like an unavoidable software problem that exploits programming possibilities, which is how today’s industry treats them when they expose and patch vulnerabilities – essentially a way of rewriting code so that an error state is no longer possible.

It’s a neverending job because new code keeps getting added, which adds new vulnerabilities, requiring new patches.

Less commented upon is that attacks also rely on making assumptions about how a microprocessor manages its own on-chip and system memory in a predictable way.

It is this complex layer that Morpheus sets out to change by encrypting and randomising or ‘churning’ data every 50ms – faster than any attacker can locate it – in effect making many common vulnerabilities impossible to exploit.

The University of Michigan’s Todd Austin often explains this to journalists using the analogy of a Rubik’s Cube:

Imagine trying to solve a Rubik’s Cube that rearranges itself every time you blink. That’s what hackers are up against with Morpheus. It makes the computer an unsolvable puzzle.

Another way of understanding it is that it’s a lower-level and more powerful version of current techniques such as Address Space Layout Randomisation (ASLR).

This ‘moving target’ defence wouldn’t make computers unhackable – Morpheus doesn’t address every type of attack – but it would at least greatly reduce the attack surface.

Side channel

The clever part is that using a Morpheus-based microprocessor would not require developers to do anything because the protections work at the hardware level.

Inevitably, there are some downsides – primarily that the extra resource management hits performance and requires physically redesigned and possibly larger microprocessors.

Nevertheless, Morpheus’s significance could be that it influences a new generation of microprocessor designs, having impressed when tested against a subset of real-world attacks.

Morpheus also has wider potential, note the researchers:

Beyond control-flow attacks, we envision that a similar approach could be adopted to protect against side-channel attacks, timing attacks, Rowhammer attacks, and even cache attacks.

Indeed, with side-channel attacks on microprocessors themselves suddenly a big worry, this might be the capability that makes Morpheus something big chip makers will grab with open arms.