SoylentNews is people
SoylentNews
from the the-folks-at-GCHQ-may-have-other-ideas-about-that dept.
By turning computer circuits into unsolvable puzzles, a University of Michigan team aims to create an unhackable computer with a new $3.6 million grant from the Defense Advanced Research Projects Agency.
Todd Austin, U-M professor of computer science and engineering, leads the project, called MORPHEUS. Its cybersecurity approach is dramatically different from today's, which relies on software—specifically software patches to vulnerabilities that have already been identified. It's been called the "patch and pray" model, and it's not ideal.
MORPHEUS outlines a new way to design hardware so that information is rapidly and randomly moved and destroyed. The technology works to elude attackers from the critical information they need to construct a successful attack. It could protect both hardware and software.
In this way, MORPHEUS could protect against future threats that have yet to be identified, a dreaded vulnerability that the security industry called a "zero day exploit." Under MORPHEUS, the location of the bug would constantly change and the location of the passwords would change, he said. And even if an attacker were quick enough to locate the data, secondary defenses in the form of encryption and domain enforcement would throw up additional roadblocks. The bug would still be there, but it wouldn't matter. The attacker won't have the time or the resources to exploit it.
DARPA is aiming to render these attacks impossible within five years. If developed, MORPHEUS could do it now, Austin said.
Unhackable computer under development
[Also Covered By]: Phys.org
So many, so called, unhackable devices were hacked, sometimes within hours of release. How long do you think this would remain unhackable ? Is it even possible to make an unhackable computer ?
(Score: 0) by Anonymous Coward on Friday December 22 2017, @01:47AM (1 child)
security through obscurity.
(Score: 0) by Anonymous Coward on Friday December 22 2017, @02:21AM
Was designed around ADA83 features, used memory fencing based on objects and primitives. Supported 64k chunks and 16 megs of RAM, up to 1TB of virtual memory, up to 8 atomically synced processors with the option for high reliability by locking cpus into triplets (similiar to i960), with enforced IOMMU via dedicated IO bridge processors which in turn talked to x86, 8051 and other cpus as the ISA/alternative i/o bus processors.
Was the future of Intel processors before the i860, Itanium, x86_64 each were marketed as 'the next evolution of intel desktop processor!' Unfortunately it was build in the 286 era and Intel was unwilling to keep the project going until the 386 era, and as a result performance suffered since, similiar to some of the later PDP chips, it required a 3 chip package using hand optimized board traces which as a result made performance suck. If it had been kept going for another 2 years, it would have ended up in a single chip package as a result of the 386 and had the potential to change what operating systems came after it, maybe even saving us from the late dos/early win9x era, and leading to more cross-platform compatibility being retained, rather than the Wintel monopoly.
(Score: 0, Offtopic) by Anonymous Coward on Friday December 22 2017, @01:52AM
https://www.explainxkcd.com/wiki/index.php/538:_Security [explainxkcd.com]
(Score: 3, Funny) by Arik on Friday December 22 2017, @01:53AM (2 children)
Like this.
I see lucrative contracts in the future.
If laughter is the best medicine, who are the best doctors?
(Score: 3, Interesting) by captain normal on Friday December 22 2017, @05:29AM (1 child)
My impression exactly. Sounds like a mumbo-jumbo grant pitch to me.
"information is rapidly and randomly moved and destroyed" That's one way to secure a computer. Make it so no one, not even the owner can retrieve information.
"It is easier to fool someone than it is to convince them that they have been fooled" Mark Twain
(Score: 2, Interesting) by ElizabethGreene on Friday December 22 2017, @02:51PM
It sounds like an extension of address space layout randomization with the extra feature that you have to retrieve module or data addresses immediately before calling them.
... which won't help you if the attacker can execute arbitrary code in your process.
This feels like the darpa project to develop a solution to IEDs that failed with the statement "It turns out these are a much harder problem than we realized."
(Score: 3, Funny) by coolgopher on Friday December 22 2017, @01:57AM (4 children)
I'm sure Oracle will want in on the action. Unbreakable is their domain after all.
And by unbreakable, I of course refer to their will to litigate left, right and center.
(Score: 2) by c0lo on Friday December 22 2017, @02:39AM (3 children)
Which one? Leisure suit Larry or Law suit Larry?
(grin)
https://www.youtube.com/watch?v=aoFiw2jMy-0
(Score: 3, Funny) by pipedwho on Friday December 22 2017, @03:00AM (2 children)
Law Suit Larry in the Land of the Lickerish Litigators?
(Score: 3, Funny) by Gaaark on Friday December 22 2017, @03:07AM (1 child)
Don't forget to put on the condom!
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 3, Funny) by c0lo on Friday December 22 2017, @04:05AM
Use the gel, Luke... errr... Larry.
that gel [soylentnews.org], yes
https://www.youtube.com/watch?v=aoFiw2jMy-0
(Score: 0) by Anonymous Coward on Friday December 22 2017, @03:09AM (1 child)
How about a quantum neural network computer that's designed to be unhackable. You train it to do stuff and it seems to mostly work, but when you try to examine it too closely it completely stops working :).
(Score: 0) by Anonymous Coward on Saturday December 23 2017, @06:38AM
In Roman times, ROT-3 was felt to be "secure" for State Secrets.
In early America, a cylinder cipher was state of the art encryption.
By 1939, Enigma was considered "unbreakable", but broken soon after.
So were the Japanese Navy's ciphers.
DES was going to be the cipher to end all ciphers. And then you got Triple DES... well...
Today elliptic public key is under attack with some cracks showing here and there in older standards.
Quantum will be the next wave in cryptography but laughed at by 2050 if not earlier.
The principle being that if a cipher can be designed, it can (eventually) be broken.
(Score: 2) by crafoo on Friday December 22 2017, @04:11AM (2 children)
I read the article but it's pretty light on details. What is the hardware doing to render standard bugs ineffective? I assume it still runs software, which will have bugs, which will have predictable consequences. Is it some sort of way of adding temporal "random" values to the program counter register and continuously randomly shuffling around the contents in RAM? Or just the stack?
(Score: 0) by Anonymous Coward on Friday December 22 2017, @08:44AM
is the government's grant money.
(Score: 2) by HiThere on Friday December 22 2017, @06:36PM
One way to render all current bugs ineffective is to create a CPU based on a new series of op codes. Perhaps one could extend those use in the i6502 chip modified to handle 64 bit registers, or 128 bit registers. Actually, you could start from scratch, since the thing is no existing binaries would work, and that only requires a trivial modification. A larger modification merely makes it more difficult to rewrite them to work. And use a derivative of Algol68 as your only compiler...and make that compiler one that does garbage collection and bounds checking so that buffer overflows, etc. are impossible. (Yes, it's less efficient. You'd also need an assembler for the spots where efficiency was critical. But the assembler couldn't handle any existing assembly code, and I don't think a translation program would be practical.)
To make this feasible you'd need a translator from C to Algol68++, but you'd never need to release it.
This doesn't seem to be what they're talking about, but it's a way that would render all existing bugs harmless.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 0) by Anonymous Coward on Friday December 22 2017, @04:59AM
Seriously enough said, it will be accessible to all people that want it, I mean this is how both face fuck and grovel happened
(Score: 3, Interesting) by stormwyrm on Friday December 22 2017, @07:00AM
The article is light on details, but from what I can gather, its security is based on, just like cryptographic keys, randomness. Everything hinges on the random number generator. If you can predict the random numbers the system uses you can predict where it might make the bug appear (to use the article's wording of a vague concept), and thereby the exploit would work. Attacks against random number generators become the way this gets exploited. True random number generators based on actual physical randomness like quantum-mechanical semiconductor diode noise, atmospheric noise, thermal resistor noise, ring counters, etc., would be needed to make this work. I imagine it would very quickly consume all of the entropy in a typical machine without such dedicated entropy sources if you were doing this for every program the system runs.
Numquam ponenda est pluralitas sine necessitate.
(Score: 1) by noyou on Friday December 22 2017, @07:18AM (4 children)
You want a secure computer? like nt no network access(physically isolated) and no global permissions at all, oh you want to have connectivity? well that is hard so lets give permission only to people the user doesn't know about
(Score: 1) by noyou on Friday December 22 2017, @07:37AM
I didn't say that although NT 4 was C2 in err... 99 or 00 that configuration is totally useless for any ... thing and is only hard to penetrate not even close to impossible, so computers that cannot be penetrated are computers that cannot be accessed, if you have physical access you have ownership. this will never change, if you don't want your computer penetrated remotely.. kill java script, people knew this when it first came out in the 90's but internet has a very short memory and people with money are mostly sociopaths so... here we are
(Score: 2) by HiThere on Friday December 22 2017, @06:46PM (2 children)
Here are my thoughts on the matter:
You want one that totally secure? Then it needs to be simple enough that you can't apply a version of Goedel coding to it. This isn't something that's totally useless, but it sure isn't a general purpose computer. A secure adding machine is easy. You can even add multiplication and division. And simple logic tests. But once you allow self-reference, then all sorts of demons (*NOT* daemons) pop out of the woodwork. Even limited self-reference can be handled, though, as long as you only allow extremely limited recursion...and NO self-modification. But working that close to the edge gets really tricky, and it's easy to have a bug you didn't notice.
That said, I'm not absolutely certain that I'm correct. Goedel doesn't apply directly to bounded systems. Neither does the halting problem, and both are relevant. To get an authoritative answer on this one you need to consult a real expert, and I'm not sure who qualifies.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 2) by hendrikboom on Friday December 22 2017, @11:05PM (1 child)
You seem to be talking about constructive type theory.
(Score: 2) by HiThere on Saturday December 23 2017, @06:14AM
No, *I* wasn't talking about constructive type theory, but if I were an expert perhaps I would have been.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 0) by Anonymous Coward on Friday December 22 2017, @01:07PM
Everything that DARPA produces comes out of their "backdoor". Trust me, this scam (Oops!, scheme) will not be secure... Ve no vat uv bin doing, und ve r nawt pleezed.
(Score: 3, Funny) by nobu_the_bard on Friday December 22 2017, @02:27PM
I call a "cement brick". It cannot be hacked because it has no input, output, or moving parts. Because it is solid state, it is very reliable, and will last a long time. It is also very stackable, excellent for rack or desktop use. It has holes for an optional shoulder strap and comes in gray, red, or beige.
(Score: 2) by All Your Lawn Are Belong To Us on Friday December 22 2017, @05:26PM
So they're inventing the iPhone?
But seriously....
Something has (or somethings have, whatev) to be monitoring where the data is. (If not, you have a white-noise machine, not an information processing machine. Information must be able to be input, processed, and output coherently). Compromise that monitor so you have a map of where all this "randomness" is being stored. Or discover what the private key is. "Problem" solved. And if you know what the meta-architecture is, it is highly likely a way to find out how to compromise that (by either programming or physical tapping of lines - it doesn't specify I can't physically hack the machine).
Though I would be loved to be proven wrong that nothing is unhackable.
This sig for rent.
(Score: 0) by Anonymous Coward on Friday December 22 2017, @08:03PM
Data and credentials that are constantly randomly moving sounds interesting. But at the same time it sounds like its impossible to get reproducible results.
That's great to prevent the spread of a bug, but terrible for issue reporting, QA, and debug.