October 14, 2022
ARLINGTON, Va. The Defense Advanced Research Projects Agency (DARPA) has launched what it calls the Hardening Development Toolchains Against Emergent Execution Engines (HARDEN) program, in which it has selected teams to create practical tools that will prevent the exploitation of embedded computer systems by disrupting exploit patterns. used by would-be cyber attackers and depriving attackers of emerging execution engines.
DARPA HARDEN’s announcement details the phenomenon colloquially described as “strange machines”; Simply translated, the phrase means that a system’s design and functionality can inadvertently help an attacker exploit the system in ways never intended, as benign, unrelated functionality across the system is unintentionally added to a unexpected or emergent execution engine that is ready to execute attackers’ exploits.
Sergey Bratus, HARDEN program manager at DARPA’s Office of Information Innovation, said of the program, “Strange machines can provide enormous benefits to attackers who successfully uncover and control emerging behaviors. of their targets. HARDEN aims to negate these advantages, by combining ethical hackers’ growing understanding of how attackers turn parts of modern computer systems against the whole with the pioneering formal methods and automated software analysis developed with support from DARPA. It stands to reason that ethical hackers and non-traditional artists play a key role in HARDEN.
DARPA describes the cyberthreat as one of attackers targeting software that runs when computers start up so they can evade security protections before they are activated. This initial software provides the “root of trust” for the rest of the system, meaning that compromising these parts of a system destroys its reliability. HARDEN is poised to apply its combination of insights gained through working with ethical hackers, mathematical models, and automation to secure critical parts of systems root of trust.
The program will last 48 months; The work carried out by the HARDEN teams will cover several major technical areas, such as the development of tools allowing software developers to take emergent behaviors into account and the creation of emergent execution models. Several of the participants chosen to be part of the HARDEN teams are direct descendants of DARPA’s Cyber Fast Track program and Cyber Grand Challenge, both of which have reached out to the ethical hacking community and helped diversify and grow their ranks.