DARPA (Defense Advanced Research Project Agency), who gave us the early version of the internet is now trying to fix a major problem – computers vulnerable to cyber attacks.
As a part of a program called System Security Integrated through Hardware and Firmware (SSITH), the US military agency has loosened their pockets to fund $3.6 million to the University of Michigan.
The funding will be used to develop a computer project Morpheus. It is assumed to be “unhackable” because of its advanced hardware-backed security system which could protect against unknown future attacks and 0-days.
One of the reasons why hacking activities are on the rise is because the security measures implemented are mostly software-based. These rely on “patch and pray” model where security patches are issued for the vulnerabilities that are already known.
Several hardware-based security measures are available in the market, but cyber attacks are becoming more sophisticated by the tick of the clock. The Morpheus project would focus on removing vital information the hackers would require to put together an attack, thereby, protecting both hardware and software.
“We are making the computer an unsolvable puzzle. “It’s like if you’re solving a Rubik’s Cube and every time you blink, I rearrange it,” said Todd Austin of UM who is leading the project.
According to Austin, even if an attacker is aware of a possible bug, the location of the bug would change in a random fashion preventing the attacker from exploiting it as there won’t be enough time. There would be other security measures like encryption and domain enforcement for added security.
DARPA’s goal for the Morpheus project is to eliminate seven classes of hardware weaknesses within the next five years. These include buffer errors, resource management, information leakage, numeric errors, crypto errors, permissions and privileges, and code injection.
Morpheus is one of the nine projects funded by DARPA under SSITH. If the computer like this ever comes into existence, it would be highly useful for military and other organizations where sensitive data is stored.