DARPA Invests in Hardware that Prevents Zero-Day Exploits
Ami Rojkes Dombe
| 26/12/2017
bigstockphoto
A University of Michigan (U-M) team that aims to create an "unhackable" computer receives $3.6 million grant from the US Defense Advanced Research Projects Agency. The project is called MORPHEUS.
"Instead of relying on software Band-Aids to hardware-based security issues, we are aiming to remove those hardware vulnerabilities in ways that will disarm a large proportion of today’s software attacks,” said Linton Salmon, manager of DARPA’s System Security Integrated Through Hardware and Firmware program.
According to the U-M publication, MORPHEUS outlines a new way to design hardware so that information is rapidly and randomly moved and destroyed. The technology works to elude attackers from the critical information they need to construct a successful attack. It could protect both hardware and software.
"Typically, the location of this data never changes, so once attackers solve the puzzle of where the bug is and where to find the data, it’s 'game over,'" said Todd Austin, U-M professor of computer science and engineering who leads the project.
Under MORPHEUS, the location of the bug would constantly change and the location of the passwords would change. Even if an attacker were quick enough to locate the data, secondary defenses in the form of encryption and domain enforcement would throw up additional roadblocks. The bug would still be there, but it wouldn’t matter. The attacker won’t have the time or the resources to exploit it.
Further reading: https://www.darpa.mil/news-events/ssith-proposers-day
bigstockphoto
A University of Michigan (U-M) team that aims to create an "unhackable" computer receives $3.6 million grant from the US Defense Advanced Research Projects Agency. The project is called MORPHEUS.
"Instead of relying on software Band-Aids to hardware-based security issues, we are aiming to remove those hardware vulnerabilities in ways that will disarm a large proportion of today’s software attacks,” said Linton Salmon, manager of DARPA’s System Security Integrated Through Hardware and Firmware program.
According to the U-M publication, MORPHEUS outlines a new way to design hardware so that information is rapidly and randomly moved and destroyed. The technology works to elude attackers from the critical information they need to construct a successful attack. It could protect both hardware and software.
"Typically, the location of this data never changes, so once attackers solve the puzzle of where the bug is and where to find the data, it’s 'game over,'" said Todd Austin, U-M professor of computer science and engineering who leads the project.
Under MORPHEUS, the location of the bug would constantly change and the location of the passwords would change. Even if an attacker were quick enough to locate the data, secondary defenses in the form of encryption and domain enforcement would throw up additional roadblocks. The bug would still be there, but it wouldn’t matter. The attacker won’t have the time or the resources to exploit it.
Further reading: https://www.darpa.mil/news-events/ssith-proposers-day
