DARPA backs research into 'unhackable' computer: The Defense Advanced Research Projects Agency is putting $3.6 million into research focused on the development of an "unhackable" computer. It's a timely investment given the spate of high-profile data breaches and general uptick in cybercrime.
The military agency is giving the research grant to the University of Michigan. Dubbed MORPHEUS, it reflects a $50 million program DARPA launched earlier this year around hardware-based cybersecurity techniques:
"Instead of relying on software Band-Aids to hardware-based security issues, we are aiming to remove those hardware vulnerabilities in ways that will disarm a large proportion of today's software attacks," said Linton Salmon, manager of DARPA's System Security Integrated Through Hardware and Firmware program.
MORPHEUS outlines a new way to design hardware so that information is rapidly and randomly moved and destroyed. The technology works to elude attackers from the critical information they need to construct a successful attack. It could protect both hardware and software.
"We are making the computer an unsolvable puzzle," Austin said. "It's like if you're solving a Rubik's Cube and every time you blink, I rearrange it."
In essence, MORPHEUS is meant to be a bulwark against zero-day exploits, which target vulnerabilities that are previously unknown—except to attackers, of course. Rather than fix vulnerabilities with software patches, the point is to use hardware to eliminate seven key classes of hardware weaknesses, such as buffer errors, permissions and privileges and code injection, the researchers say.
POV: The grant seems a bit light to fund such research on its own, but it's not clear whether the university is relying on other funding sources as well. However, the announcement's framing of the work as outlining "a new way to design hardware" suggests the researchers won't be attempting to fabricate any chips. In addition, one wonders if the researchers are tempting fate by declaring they can successfully create an "unhackable" computer. In any event, DARPA by nature and design is a highly experimental agency that grants money on many ambitious projects that ultimately go nowhere.
The short answer is that "nothing is unhackable," says Constellation VP and principal analyst Steve Wilson.
Moreover, "many of today's security problems are not in fact fundamental in nature, but they relate to runaway complexity, hasty development, poor product development management, especially in software," he adds. "So these problems do not go away with a radical new computing architecture. Most vulnerabilities are not in hardware per se but they are at the edges where overly complicated and unreliable software and firmware interfaces to hardware. The software is too complicated, it's written too quickly, it's cobbled together from third party modules that are not properly tested or even understood. We have mission critical products like medical devices running on commercial grade operating systems. They're so complex they cannot be tested."
Sometimes, even the most basic testing isn't done, Wilson adds, noting that here are medical devices out there with open wifi connectivity and no passwords. The point is that no mathematically perfect new hardware architecture—even if it was "unhackable—is going to make any difference until the whole industry comes to its senses, Wilson says. "We need to rethink software development and software-based products. Before the IoT runs amok. We need discipline, responsible sober development timelines, we need to reject re-usable general purpose commercial modules in mission critical applications. We need testing, testing, testing, code inspection, testing and more code inspection. And we need to stop objecting to the cost of all this, before a car runs out of control and kills people because the operating system had a bug in it."
As for MORPHEUS, Wilson wishes the researchers good luck. "This is important, like pure maths and quantum computing and gravitational wave detectors are important." However, "we must not let the security agenda be distracted by radical new R&D. We urgently need to rethink conventional security and the stack we're stuck with today."
Walmart continues on innovation path: The world's largest employer is finding more potential ways to fend off rival Amazon, with one of the latest reportedly being a skunkworks project centered around cashierless stores. While Walmart hasn't discussed the effort directly, Recode spoke with multiple sources who outlined what's in the making:
Amazon’s Go concept uses a combination of sensors and cameras to track what each store shopper takes off of shelves so it can automatically bill them for their purchase without their having to stop to pay on the way out. The store’s launch has been severely delayed, however, with reports that the technology did not work well when the store was crowded.
Walmart is envisioning a similar system that would potentially eliminate the need for cashiers in stores outfitted with the technology. Walmart has more than two million employees worldwide, many of whom work at checkout.
Dubbed Project Kepler, the effort said to be is headed up by Jet.com co-founder and former CTO Mike Hanrahan. Kepler is an apparent reference to the 17th-century German mathematician, astronomer and astrologer Johannes Kepler, known for developing the laws of planetary motion.
More details about Project Kepler are revealed in job postings for Store No. 8, Walmart's skunkworks unit centered on developing new shopping experiences. Listings include one for a computer vision engineer, several for core services and tooling engineers, and a product manager.
POV: It's not clear when Project Kepler's ideas will surface in Walmart's operations, whether in existing stores or as part of new ones. The fact that Amazon, with its vast technical know-how and resources, is having difficulty launching Go stores, may suggest it will be a while.