DARPA launches SafeDocs program, announces Proposers’ Day
To reduce the sizable attack surface created across consumer, enterprise, and critical infrastructure systems and to help tackle the threat posed by unauthenticated and potentially compromised electronic data, DARPA announced on August 9 a new program called Safe Documents (SafeDocs). The goal of the SafeDocs program is to dramatically improve software’s ability to detect and reject invalid or maliciously crafted input data, without impacting the key functionality of new and existing electronic data formats.
“With today’s online risk environment, allowing software to interact with untrusted electronic documents and messages is akin to downloading and running untrusted programs on your computer,” said Sergey Bratus, the DARPA Information Innovation Office (I2O) program manager leading SafeDocs. “To create a safer internet, we must first create safer electronic documents. Through SafeDocs, we are looking for ways to reduce the complexity of electronic document exchange and minimize the means of exploitation for all malicious actors–from cybercriminals to nation states.”
SafeDocs seeks to create technological assurance that an electronic document or message is automatically checked and safe to open, while also generating safer document formats that are subsets of current, untrustworthy versions. To accomplish its goals, the program will focus on two primary technical research thrusts.
The first thrust seeks to develop methodologies and tools for capturing and defining human-intelligible, machine-readable descriptors of electronic data formats. To do this, researchers will explore means of extracting the de facto syntax of existing data formats and identifying each format’s simpler subset that can be parsed safely and unambiguously, and used in verified programming without impacting the format’s essential functionality.
Under the second technical thrust, researchers will create software construction kits for building secure, verified parsers, using the simplified format subsets where the existing format’s inherent complexity or ambiguity has been reduced for safety. Parsers, which are used to break data inputs down into manageable objects for further processing, can contain exploitable flaws and behaviors. Research under this thrust will strive to create the methodologies and tools needed to build high-assurance and verifiable parsers for new and existing data formats to help reduce the technology’s chances of compromise.
Interested proposers have an opportunity to learn more about the SafeDocs program during a Proposers Day, scheduled for Friday, August 24, 2018 from 2:00pm-5:00pm ET at the DARPA Conference Center, located at 675 N. Randolph St., Arlington, Virginia, 22203. Additional information is available here.
A full description of the program will be made available in a forthcoming Broad Agency Announcement.