DARPA-funded ‘unhackable’ computer could avoid future flaws like Spectre and Meltdown

UPDATE 1/9/2018: Microsoft Windows update “bricks” computers with AMD processor
January 8, 2018

(credit: University of Michigan)

A University of Michigan (U-M) team has announced plans to develop an “unhackable” computer, funded by a new $3.6 million grant from the Defense Advanced Research Projects Agency (DARPA).

The goal of the project, called MORPHEUS, is to design computers that avoid the vulnerabilities of most current microprocessors, such as the Spectre and Meltdown flaws announced  last week.*

The $50 million DARPA System Security Integrated Through Hardware and Firmware (SSITH) program aims to build security right into chips’ microarchitecture, instead of relying on software patches.*

The U-M grant is one of nine that DARPA has recently funded through SSITH.

Future-proofing

The idea is to protect against future threats that have yet to be identified. “Instead of relying on software Band-Aids to hardware-based security issues, we are aiming to remove those hardware vulnerabilities in ways that will disarm a large proportion of today’s software attacks,” said Linton Salmon, manager of DARPA’s System Security Integrated Through Hardware and Firmware program.

Under MORPHEUS, the location of passwords would constantly change, for example. And even if an attacker were quick enough to locate the data, secondary defenses in the form of encryption and domain enforcement would throw up additional roadblocks.

More than 40 percent of the “software doors” that hackers have available to them today would be closed if researchers could eliminate seven classes of hardware weaknesses**, according to DARPA.

DARPA is aiming to render these attacks impossible within five years. “If developed, MORPHEUS could do it now,” said Todd Austin, U-M professor of computer science and engineering, who leads the project. Researchers at The University of Texas and Princeton University are also working with U-M.

* Apple released today (Jan. 8) iOS 11.2.2 and macOS 10.13.2 updates with Spectre fix for Safari and WebKit, according to MacWorld. Threatpost has an update (as of Jan. 7) on efforts by Intel and others in dealing with Meltdown and Spectre processor vulnerabilities .

** Permissions and privileges, buffer errors, resource management, information leakage, numeric errors, crypto errors, and code injection.

UPDATE 1/9/2018: BLUE-SCREEN ALERT: Read this if you have a Windows computer with an AMD processor: Microsoft announced today it has temporarily paused sending some Windows operating system updates (intended to protect against Spectre and Meltdown chipset vulnerabilities) to devices that have impacted AMD processors. “Microsoft has received reports of some AMD devices getting into an unbootable state after installation of recent Windows operating system security updates.”