DARPA awards Galois SafeDocs Phase 3 award
The Defense Advanced Research Projects Agency (DARPA) has awarded Galois a $4.6 million contract for the final phase of the Safe Documents (SafeDocs) Program, Portland, OR-based Galois announced February 10. As part of this contract ($1.25 million), Galois will be partnering with Real-Time Innovations (RTI) and Verocel, Inc. to develop a novel code generator for the Data Distribution Service (DDS) standard interface description language. Inspired by discoveries made during the execution of the DARPA-funded SafeDocs Program, the code generator would allow users to write formats while automatically generating safe parsers and unparsers.
“A huge proportion of security vulnerabilities originate in parsing problems,” explained Galois Principal Scientist Mike Dodds. “We want to make systems that are resistant not just now, but in the future. Until now, developers have had to choose between parsers that are easy to develop but insecure and parsers that are difficult to develop but guaranteed secure. We want to bridge that gap to make safe parsing available to everybody.”
Current parsing technologies generate mostly uncertified code with no guarantee of correctness or safety. Certifying that code—a requirement for many defense and critical industry systems—is also expensive and time consuming.
“Software certification can cost hundreds of dollars per line of code depending upon the level,” said RTI Director of Research Paul Pazandak. “A qualifiable DDS code generator would be a market-first. It would shorten time to system deployment and reduce the cost to certify and to recertify these systems. We look forward to leveraging the advancements from DARPA SafeDocs and collaborating with Galois and Verocel on this effort.”
The SafeDocs project has already developed parser technologies that are safe by design, meaning many types of parser vulnerabilities cannot occur. Now, Galois engineers aim to create a parser generator that is itself qualified. The pre-qualified parsing process will automatically generate code that is guaranteed to be secure, making it dramatically easier to certify than current options.
The result: rapid development of safe, highly effective parsers, which can enable critical systems to do their job as intended, and nothing more. This technological innovation is made possible through leveraging and building from the foundational, problem-solving potential of the DaeDaLus technology tool chain—itself developed within the SafeDocs Program.
“We’re not just re-using the tools that we developed with SafeDocs,” said Dodds. “What we’re doing instead is even more exciting: we’re taking those research ideas and building a system designed for deployment in high assurance environments. Rather than a research tool, we’re building a tool for everyone.”
Your competitors read IC News each day. Shouldn’t you? Learn more about our subscription options, and keep up with every move in the IC contracting space.