DARPA's New Cyber Grand Challenge – the Development of Self-healing Software

DARPA has announced a new competition for the development of automatic flaw detection and remediation software
DARPA has announced a new competition for the development of automatic flaw detection and remediation software

A Grand Challenge is effectively an ambitious policy objective. DARPA uses the term for its competitions designed to spur the development of new and revolutionary technology. For example, the DARPA Grand Challenge was a competition designed to foster the development of fully autonomous ground vehicles with the ultimate aim of making a substantial part of US ground military forces autonomous by 2015. In commercial terms, it is the 'driverless car.'

It was, says program manager Mike Walker, "the dawn of the self-driving car revolution." But now DARPA wants to repeat that success with a new Challenge: the Cyber Grand Challenge, aimed at developing self-healing software. "Today," said Walker, "our time to patch a newly discovered security flaw is measured in days. Through automatic recognition and remediation of software flaws, the term for a new cyber attack may change from zero-day to zero-second.”

By definition, a zero-day vulnerability is probably known only to the attacker, but is certainly undefended. Any zero-day exploit is inevitably, therefore, a surprise attack, and is likely to achieve its purpose before the victims can even marshal their defenses. 

The DARPA Cyber Grand Challenge is designed to change the very nature of the cyber battlefield by automatically finding and remediating software flaws before they can be found by attackers. “The growth trends we’ve seen in cyber attacks and malware point to a future where automation must be developed to assist IT security analysts,” explained Dan Kaufman, director of DARPA’s Information Innovation Office.

The competition will commence with a qualifying event in which a collection of software must be analyzed, and software flaws automatically identified and repaired. From here a selection of the top competitors will be invited to take part in the Cyber Grand Challenge finals, slated for early to mid-2016. The winning team will receive a cash prize of $2 million. Second place will receive $1 million, and third place will receive $750,000.

Details of the competition can be found in a Broad Agency Announcement, where the competition's purpose is described as "a series of competition events to test the abilities of a new generation of fully automated cyber defense systems. During a final competition event, automated Cyber Reasoning Systems will compete against each other in real time. This event will be held in a public setting and documented for research purposes."

The competition is open to anyone able to field a capable system (unfunded), or via a funded track in which DARPA will award contracts to organizations fielding the most compelling presentations. Full details are available on the Cyber Grand Challenge website.

What’s Hot on Infosecurity Magazine?