Researchers from the University of Michigan have announced a new RISC-V processor design with a strong focus on security, using ‘churn’ to keep attackers from exploiting vulnerabilities.
“Today’s approach of eliminating security bugs one by one is a losing game,” claims Todd Austin, professor of computer science and engineering at the University of Michigan and one of the developers behind the design, dubbed Morpheus. “People are constantly writing code, and as long as there is new code, there will be new bugs and security vulnerabilities. With Morpheus, even if a hacker finds a bug, the information needed to exploit it vanishes 50 milliseconds later. It’s perhaps the closest thing to a future-proof secure system.”
The processor works, its creators claim, by ‘churning’ instructions and data – encrypting and shuffling them about – 20 times a second. A watchdog checks for likely attacks, and if a threat is detected ups the churn rate – which, at the default 50 millisecond level, is claimed to have a mere one percent impact on the processor’s performance.
While the true security of the Morpheus design will only be proven once it is in the hands of third-party researchers, its creation highlights how RISC-V and other free and open source silicon (FOSSi) efforts are seeing rapid adoption in research projects as a means of quickly creating a prototype of a new design – something not so easily achieved with proprietary equivalents like x86 and Arm.
A paper on the Morpheus design, which is to be commercialised by Agita Labs, has been published in the ACM Digital Library as part of the Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems.