Last summer, 525 security researchers spent three months trying to hack our Morpheus processor and others. All attempts against Morpheus failed. This study was part of a program sponsored by the United States Agency for Advanced Defense Research Program to develop a secure processor that could protect vulnerable software. DARPA first published the results of the program to the public in January 2021.
A processor is the computer hardware on which software programs run. Since a processor is the basis of all software systems, a secure processor can protect any software running on it from attacks. Our team at the University of Michigan first developed Morpheus, a secure processor that prevents attacks by turning the computer into a puzzle, in 2019.
A processor has an architecture – x86 for most Laptops and ARM for most phones – which contains the instructions software needs to run on the processor. Processors also have a microarchitecture or “guts” that allow the instruction set to execute, the speed of that execution, and the power consumption.
Academic efforts such as the RISC instructions for Capability Hardware Enhanced at the University of Cambridge have shown strong protection against memory errors. Commercial efforts have also begun, such as Intel’s soon-to-be-released control flow enforcement Technology.
Morpheus takes a significantly different approach to ignoring the bugs and instead randomizes its internal implementation to prevent bugs from being exploited. Fortunately, these are complementary techniques, and combining them will likely make systems even more difficult to attack.