On Tuesday the Defense Advanced Research Projects Agency (DARPA) announced it will be spending $3.6 million to develop a computer with hardware that is billed by its creators as an “unsolvable puzzle.” The project is called MORPHEUS, a homage to the ancient Greek god of dreams, and is intended to be a more robust alternative to today's so-called “patch and pray” approach to cybersecurity.
Instead of creating software patches for known security vulnerabilities and hoping that they fix the problem, the MORPHEUS hardware is designed so that information can be quickly and randomly shuffled around a computer. Todd Austin, a professor of computer science at the University of Michigan compared trying to attack MORPHEUS to “solving a Rubik’s cube, and every time you blink, I rearrange it.”
According to DARPA, 40 percent of software exploits available to hackers could be eliminated if a handful of different types of hardware weaknesses could be eliminated, such as errors with cryptography, code injection, and information leakage.
Austin and his colleagues are optimistic that MORPHEUS will provide a solution to each of these issues through its special hardware design. When an attacker gains access to a system, this often requires identifying and exploiting a bug in the software. Once this bug has been exploited, the attacker simply needs to identify where the valuable data in the system is stored, steal it, and get out.
"Typically, the location of this data never changes, so once attackers solve the puzzle of where the bug is and where to find the data, it's 'game over,'" Austin said in a statement.
The MORPHEUS system will supposedly render these software exploits ineffective using computer circuits that are designed to randomly shuffle data around a computer system. This way, even if an attacker finds a bug and tries to exploit it, the location of that software bug, as well as the location of any valuable data (such as passwords) will constantly be changing.
Austin pointed to the Heartbleed bug discovered in 2014, which allowed attackers to view passwords and other critical data on millions of machines around the world, as a case where the MORPHEUS system would have been able to stave off the attack.
DARPA aims to have rendered many of the most common software vulnerabilities obsolete within 5 years. To this end, the agency has earmarked $50 million for grants to research cybersecurity solutions that are a part of a computer’s hardware, such as MORPHEUS.
While this machine won’t likely be completely “unhackable,” it could be an elegant solution to some of the world’s most annoying cybersecurity issues.