DARPA is close to developing code that heals itself and is capable of dealing with threats without the need for third-party programs or user action.
Security experts have spent decades searching for ways to make crackers, hackers, and malware makers obsolete, without success. Every time one side has gained some edge, the other side has responded immediately, and we’ve been doing this dance for a long time.
Is it really possible to create source code that is independent, that does not need external help to survive against the attacks that it will surely suffer? It is a question that DARPA wants to answer as soon as possible, and the next August 4 will look for answers with a competition.
The competition that seeks the code to heal itself
The Cyber Grand Challenge (CGC) will consist of a competition to capture the flag. No, they will not have to play the Unreal Tournament or any other online video game in a similar way.
Capturing the flag is a type of competition that consists of find the weak point of software defenses, using different methodologies; for example, it is possible to reverse engineer the program to understand how it works and find weak points, look for hidden vulnerabilities and finally, patch the code to eliminate them.
The teams receive programs that run on architectures created by DARPA itself; each program is of varying complexity, so the difficulty is never the same. Each program has a bug, that the teams will have to find without having access to the source code.
The interesting thing is that normally these types of competitions are reserved for security experts, but In the Cyber Grand Challenge all teams are made up of computer systems, who will fight each other to be the best.
How one program will have to cure another
Each system will have to analyze the program and check how it can activate the bug; The only way judges will award points is if the system develops a method to exploit the bug and take control of the program.
So, the system will have to develop a patch, but it is not enough that the bug is covered; the functionality of the program has to remain intactThere is no point in plugging a security hole if the program stops doing what it should. In addition, it will also be scored relative to the impact the patch has on the program (for example, if it is slower than before).
In total, seven systems will participate in the tournament, and the prizes will reach 4 million dollarsSo, in addition to prestige, there is a lot of money at stake, money that can be used to further improve these systems.
The idea of creating a program that can cure itself in case of a problem is not new, and there is still a long way to go before we see it come true, but it is small steps like this that will make it possible.