Tag: Puzzle | SpinSafe

Super-Secure Processor Thwarts Hackers by Turning a Computer Into a Puzzle

May 22, 2021/in Computer Security

We have developed and tested a secure new computer processor that thwarts hackers by randomly changing its underlying structure, thus making it virtually impossible to hack.

Last summer, 525 security researchers spent three months trying to hack our Morpheus processor as well as others. All attempts against Morpheus failed.

This study was part of a program sponsored by the U.S. Defense Advanced Research Program Agency to design a secure processor that could protect vulnerable software. DARPA released the results on the program to the public for the first time in January 2021.

A processor is the piece of computer hardware that runs software programs. Since a processor underlies all software systems, a secure processor has the potential to protect any software running on it from attack.

Our team at the University of Michigan first developed Morpheus, a secure processor that thwarts attacks by turning the computer into a puzzle, in 2019.

A processor has an architecture – x86 for most laptops and ARM for most phones – which is the set of instructions software needs to run on the processor.

Processors also have a microarchitecture, or the “guts” that enable the execution of the instruction set, the speed of this execution, and how much power it consumes.

Hackers need to be intimately familiar with the details of the microarchitecture to graft their malicious code, or malware, onto vulnerable systems.

To stop attacks, Morpheus randomizes these implementation details to turn the system into a puzzle that hackers must solve before conducting security exploits.

From one Morpheus machine to another, details like the commands the processor executes or the format of program data change in random ways. Because this happens at the microarchitecture level, software running on the processor is unaffected.

A skilled hacker could reverse-engineer a Morpheus machine in as little as a few hours, if given the chance. To counter this, Morpheus also changes the microarchitecture every few hundred milliseconds.

Thus, not only do attackers have to reverse-engineer the microachitecture, but they have to do it very fast.

With Morpheus, a hacker is confronted with a computer that has never been seen before…

Source…

Letter: Taxpayer assistance puzzle – Anchorage Daily News

March 28, 2021/in Computer Security

Here is an interesting conundrum. When I worked at the Internal Revenue Service in the late 1970s, I learned to file my tax return in person, so as to get the IRS date stamp on my copy as absolute proof of filing. (The alternatives are to submit by mail or file online. If by mail, even if sent registered or certified, all you can prove is that they got something, but not what. If online, it is always possible that the computer can hiccup and lose the return. Computer security is much better now than it was initially, but I am old school, so I continue to file in person. I want that date stamp.)

With that in mind, I went to the IRS office in Midtown Anchorage to file my return, only to be told that, because of COVID-19 concerns, I had to have an appointment — and I couldn’t make one then and there, even though there were no other taxpayers present — to take the time of the taxpayer service personnel. I was given a phone number to call to make an appointment. When I called the reservation number, a computer recording told me that I had to go online to make an appointment. Back home, I went to the indicated site, where I learned that appointments must be made by phone, and the number given was the same number I had been given at Taxpayer Service. So on the phone, they want you online, and online, they want you to phone. That explains the empty parking lot at IRS: You can’t get there from here.

Isn’t bureaucracy wonderful?

Have something on your mind? Send to [email protected] or click here to submit via any web browser. Letters under 200 words have the best chance of being published. Writers should disclose any personal or professional connections with the subjects of their letters. Letters are edited for accuracy, clarity and length.

Source…

Puzzle box: The quest to crack the world’s most mysterious malware warhead – Ars Technica

March 15, 2013/in Computer Security

Ars Technica

Puzzle box: The quest to crack the world's most mysterious malware warhead
Ars Technica
Certainly not your everyday malware. "Considering the link with Flame and Stuxnet, the payload of Gauss must be of similar magnitude," Costin Raiu, director of Kaspersky Lab's global research and analysis team, told Ars. "Given how careful the …

flame malware – read more

Tag Archive for: Puzzle