The new “Morpheus” CPU design defeats hundreds of hackers in DARPA tests

This site can earn affiliate commissions from the links on this page. Terms of use.

A new microprocessor design was praised for its security features after nearly 600 experts failed to crack it in a series of tests last summer. The new processor, codenamed “Morpheus,” continually rewrites its architecture, making it impossible for an attacker to target the kinds of flaws that allow for Specter and Meltdown-style side-channel attacks against conventional x86 processors.

Morpheus was developed as part of a DARPA funded project. About 580 experts attempted to hack a medical database by injecting code into the underlying machine. Despite burning 13,000 hours collectively trying to hack the system, the effort failed.

“Today’s approach of fixing security bugs one by one is a losing game,” said Todd Austin, a professor of computer science and engineering at the University of Michigan. “People are constantly writing code and as long as there is new code, there will be new bugs and security vulnerabilities… With MORPHEUS, even if a hacker finds a bug, the information needed to exploit it vanishes 50 milliseconds later. It is perhaps the closest thing to a secure, future-proof system. “

Morpheus 1

Morpheus was implemented using the gem5 simulator on a Xilinx FPGA and simulates a MinorCPU 4-stage in-order core running at 2.5GHz with a 32KB L1i and 32KB L1d. The L2 cache was 256 KB. This isn’t a high-performance x86 CPU that you can run out of and buy, in other words.

According to Austin, his research team at the University of Michigan has focused on making Morpheus a difficult target for any CPU-targeting exploit rather than focusing on building a chip that could defeat a specific class of exploits. The question was: how to hide critical information from the attacker, without ruining what the programmer is trying to do, which is to write effective code?

Xilinx FPGA 1

The Morpheus FPGA. Image credit: Todd Austin

The Austin team opted for the idea of ​​obfuscating a data class known as “undefined semantics”. Indefinite semantics are information that the end user or programmer does not need to know to make a system work. Austin uses the analogy of driving a car. To drive a vehicle, you need to know how to operate the steering wheel, gearshift and pedals. You don’t need to know how much power the engine produces, or whether the car uses synthetic or standard oil, or what brand of antifreeze is in the engine. These types of traits, according to Austin, are the indefinite semantics of the vehicle.

Morpheus achieves this by encrypting memory pointers every 100 milliseconds, over and over again. By continuously encrypting data, the project denies attackers the window of time they would need to successfully launch an attack in the first place. Austin refers to this as trying to solve a Rubik’s cube that rearranges itself every time you blink. The performance penalty for this type of encryption, according to the team, is around 10%.

Morpheus’ design team refers to this constant pointer encryption scheme as “churn” and measured the performance impact:

Morpheus2 1

At 100 ms, the performance impact is minimal. As the rate of abandonment increases, the impact on performance also increases, but also the abandonment every 50ms keeps the performance drop in the average case tolerable. The worst-case impact is greater, but this isn’t a CPU that will ever SPEC in the first place, so we should see the impact of such a scheme on higher-performance chips before drawing firm conclusions.

As Austin notes, this approach to memory encryption doesn’t stop every type of attack you can launch against a system. High-level attacks such as SQL injection and man-in-the-middle attacks on web servers would still work flawlessly. Spearphishing techniques that target people would remain completely unaffected. The work presented here, meanwhile, doesn’t offer a simple onboarding method for Intel and AMD to take advantage of.

However, Morpheus suggests that better protection from side channel attacks is possible, and end users may be willing to trade 5-10 percent of the theoretical performance in exchange for the security of knowing they won’t be affected by the mid-cycle updates they remove anyway. so many performances. It should be noted that while Morpheus is called “unassailable” in some publications, Austin himself disputes this opinion, telling IEEE spectrum: “I think it’s hackable. But it’s super hard to hack. “

Now read: