For the Hardening Development Toolchains Against Emergent Execution Engines (HARDEN) program, announced October 13, DARPA selected teams to create practical tools that will prevent exploitation of integrated computing systems by disrupting the patterns of robust, reliable exploits used by attackers, and depriving the attackers of emergent execution engines.
“Weird machines can provide tremendous advantages to attackers who manage to discover and control emergent behaviors in their targets,” said Sergey Bratus, HARDEN program manager in DARPA’s Information Innovation Office. “HARDEN aims to deny these advantages, by combining ethical hackers’ growing understanding of how attackers turn parts of modern computing systems against the whole with the pioneering formal methods and automated software analysis developed with DARPA’s support. It stands to reason that ethical hackers and non-traditional performers play a key role in HARDEN.”
Attackers increasingly target the software that runs when computers boot up so they can dodge security protections before they are activated. These parts of computing systems provide the “root of trust” for the rest of the system – i.e. compromising these parts of a system destroys its trustworthiness. HARDEN will apply its combination of ethical hacker insights, mathematical models, and automation to secure the critical root-of-trust parts of systems.
The program will run for 48 months and is organized into three phases: Phases 1 and 2 will each be 18-months, followed by a 12-month Phase 3. Work performed by HARDEN teams will span several major technical areas, such as developing tools for software developers to account for emergent behaviors and creating models of emergent execution. Notably, several organizations selected for HARDEN are direct descendants of DARPA’s Cyber Fast Track program and Cyber Grand Challenge, both of which reached out to the ethical hacking community and helped diversify and grow their ranks. The selected performers include:
- Arizona State University
- Galois
- Kudu Dynamics
- Narf Industries
- River Loop Security
- Riverside Research Institute
- University of California, Santa Barbara
- WebSensing
An additional performer may be added, pending contract finalization.
Cromulence and the University of Illinois Urbana-Champaign will serve as proxies for the offense and test effectiveness of the proposed mitigations. Northrop Grumman will serve as the integration and systems engineering evaluator.
Source: DARPA
Stay in the know with breaking news from across the IC and IC contracting landscape by becoming a paid subscriber to IC News. Your support makes our work possible.
By 
