Skip to main content
SpringerLink
Log in

DARPA’s Cyber Grand Challenge (2014–2016)

  • Chapter
  • First Online:
Book cover Counterterrorism and Cybersecurity

Abstract

On June 3, 2014, DARPA (Defense Advanced Research Projects Agency) kicked off the first-ever Cyber Grand Challenge. The Cyber Grand Challenge is simple: we’ve challenged the world to build high-performance computers that can play Capture the Flag (CTF), a computer security competition format pioneered and refined by the hacker community over the past two decades.

The networked civilization we are building is going to need to be able to make strong promises about the safety of software, because it won’t just be guarding our data securityit will be guarding our physical security.

— Mike Walker, DARPA Project Manager (June 3, 2014)

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 54.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    The computer hardware in CTF must fit entirely in a single, standard 19″ 42U rack [24].

  2. 2.

    Figure 16.1 is the Cyber Grand Challenge infrastructure team at the DARPA office building on June 3, 2014. Chris Eagle wrote on reddit: “The photo is our AMA ‘proof’. Many of us brought totems from our former work. The sheep is the mascot of DDTEK, past organizers of DEFCON CTF. The books on her lap are the Federal Acquisition Regulations (FAR) and Defense Federal Acquisitions Supplement (DFARS) (which may be relevant to one of the challenge binaries). The other paper is the front page of the science section of today’s New York Times.”

  3. 3.

    KLEE is a symbolic virtual machine built on top of the LLVM compiler infrastructure, which uses a theorem prover to try to evaluate all dynamic paths through a program in an effort to find bugs and to prove properties of functions. A major feature of KLEE is that it can produce a test case in the event that it detects a bug [26].

  4. 4.

    S2E is a platform for analyzing the properties and behavior of software systems. S2E has been used to develop practical tools for comprehensive performance profiling, reverse engineering of proprietary software, and bug finding for both kernel-mode and user-mode binaries [27].

  5. 5.

    DECREE  = DARPA Experimental Cyber Research Evaluation Environment . DECREE is an open-source extension built atop the Linux operating system. Constructed from the ground up as a platform for operating small, isolated software test samples that are incompatible with any other software in the world—DECREE aims to provide a safe research and experimentation environment for the Cyber Grand Challenge [24].

  6. 6.

    Matt Blaze, Associate Professor of Computer and Information Science at the University of Pennsylvania, is a researcher in the areas of secure systems, cryptography, and trust management (a term that he coined) [28].

  7. 7.

    In computer security, the “weird machine” is a computational artifact where additional code execution can happen outside the original specification of the program.

  8. 8.

    From Rolf Rolles’ LinkedIn profile [23]: Seventeen years of reverse engineering: malware, interoperability, security assessment (including patch diffing), copy protections, exploit development. First researcher to publicly break virtualization obfuscators (older versions of VMProtect; current versions of TheMida CISC VM). Non-trivial C/C++/OCaml reversing tool development, including techniques from compiler theory, program analysis, and formal verification. Was the lead developer of BinDiff in ancient times.

  9. 9.

    From Halvar Flake’s LinkedIn profile [25]: Staff Engineer at Google, Zürich Area, Switzerland. I like to work on challenging problems related to computer security; ideally with a heavy algorithmic / mathematical bent. Technical work: - Reverse engineering of malicious software - Reverse engineering of COTS software - Security analysis of software, vulnerability/exploit development - Engineering of large distributed systems - Large-scale analysis of executable code (large both in terms of volume and individual size) - Static analysis, formal methods - Applying mathematics / statistical inference / “machine learning” to real-world problems.

  10. 10.

    In the paper “Abstract Satisfaction”, Vijay D’Silva, Leopold Haller, and Daniel Kroening introduced a framework for applying abstract interpretation to problems that are NP-hard but decidable, such as satisfiability [29].

  11. 11.

    See, for example, “An Immunological Model of Distributed Detection and Its Application to Computer Security” by Steven Andrew Hofmeyr [30].

  12. 12.

    Figure 16.2.

Bibliography

  1. Walker, Mike and Eagle, Chris. Hi, it’s Mike Walker and Chris Eagle from the DARPA Cyber Grand Challenge. Ask us Anything! [Online] reddit, June 3, 2014. http://www.reddit.com/r/IAmA/comments/277aih/hi_its_mike_walker_and_chris_eagle_from_the_darpa/.

  2. Bratus, Sergey, et al. Exploit Programming: From Buffer Overf lows to “Weird Machines” and Theory of Computation. [Online]; login:, December 2011. http://langsec.org/papers/Bratus.pdf.

  3. Hicks, Michael. Build it, Break it, Fix it: A new security contest. [Online] Maryland Cybersecurity Center, September 17-19, 2013. http://csrc.nist.gov/nice/2013workshop/presentations/day2/d2_trk2_hicks_measuring_software_security_with_contests.pdf.

  4. Flake, Halvar. Checking the boundaries of static analysis. [Online] SyScan (The Symposium on Security for Asia Network) 2013, April 2013. https://docs.google.com/presentation/d/1_Te02rSqn7wuhsmkkluqWhDBoXXFVUL5Mp0dUxH0cVE/edit#slide=id.gbcb101ff_026.

  5. Twin, Alexandra. Glitches send Dow on wild ride. [Online] CNNMoney, May 6, 2010. http://money.cnn.com/2010/05/06/markets/markets_newyork/index.htm.

  6. Eha, Brian Patrick. Is Knight’s $440 million glitch the costliest computer bug ever? [Online] CNNMoney, August 9, 2012. http://money.cnn.com/2012/08/09/technology/knight-expensive-computer-bug/index.html.

  7. Yousuf, Hibah. Facebook trader: Nasdaq ‘blew it’. [Online] CNNMoney, May 21, 2012. http://money.cnn.com/2012/05/21/markets/facebook-nasdaq/index.htm.

  8. —. UBS lost $356 million on Facebook, suing Nasdaq for it. [Online] CNNMoney, July 31, 2012. http://buzz.money.cnn.com/2012/07/31/ubs-loss-facebook-ipo/.

  9. Hasegawa, Toshiro, Nohara, Yoshiaki and Ikeda, Yumi. Tokyo System Errors Underscore Decline in Japan’s Equity Market. [Online] Bloomberg, August 7, 2012. http://www.bloomberg.com/news/2012-08-07/second-system-error-in-seven-months-halts-tokyo-derivative-trade.html.

  10. Rooney, Ben. Spanish stocks halted for 5 hours due to trading glitch. [Online] CNNMoney, August 6, 2012. http://buzz.money.cnn.com/2012/08/06/spain-stocks-trading-glitch/.

  11. Pagliery, Jose. Drug site Silk Road wiped out by Bitcoin glitch. [Online] CNNMoney, February 14, 2014. http://money.cnn.com/2014/02/14/technology/security/silk-road-bitcoin/.

  12. Arnold, Douglas N. Some disasters attributable to bad numerical computing. [Online] University of Minnesota, August 26, 1998. https://www.ima.umn.edu/~arnold/disasters/disasters.html.

  13. —. The Patriot Missile Failure. [Online] University of Minnesota, August 23, 2000. https://www.ima.umn.edu/~arnold/disasters/patriot.html.

  14. Office of Public Affairs. Patriot Missile Defense: Software Problem Led to System Failure at Dhahran, Saudi Arabia. [Online] U.S. Government Accountability Office, February 4, 1992. http://www.gao.gov/products/IMTEC-92-26.

  15. Walker, Mike. Could a purpose built supercomputer play DEF CON Capture the Flag? [Online] U.S. Department of Defense, November 14, 2013. https://cgc.darpa.mil/Competitor_Day_CGC_Presentation_distar_21978.pdf.

  16. Lee, Newton. Counterterrorism and Cybersecurity. New York : Springer Science + Business Media, 2013.

    Google Scholar 

  17. Hofmeyr, Steven Andrew. “An Immunological Model of Distributed Detection and Its Application to Computer Security. s.l. : University of theWitwatersrand, 1999.

    Google Scholar 

  18. DM2: An Algorithm for Diagnostic Reasoning that Combines Analytical Models and Experiential Knowledge. Lee, Newton. 1988, International Journal of Man-Machine Studies, pp. 643-670.

    Google Scholar 

  19. Berwaner, Mary. The Problem of Diagnostic Aiding. s.l. : The Defense Technical Information Center, 1989.

    Google Scholar 

  20. HI-CFG: Construction by Binary Analysis, and Application to Attack Polymorphism. Caselden, Dan, et al. s.l. : ESORICS’13: European Symp. on Research in Comp. Security, 2013, ESORICS 2013: European Symposium on Research in Computer Security.

    Google Scholar 

  21. Song, Dawn, et al. BitBlaze: A New Approach to Computer Security via Binary Analysis. s.l. : Proceedings of the 4th International Conference on Information Systems Security, 2008.

    Google Scholar 

  22. Server Protection through Dynamic Patching. Nicolas, Loriant, Segura-Devillechaise, Marc and Menaud, Jean-Marc. s.l. : Proceedings of the 11th Pacific Rim International Symposium on Dependable Computing, 2005. pp. 343-349.

    Google Scholar 

  23. Rolles, Rolf. Rolf Rolles: Principal at Stealth-Mode Startup. [Online] LinkedIn. [Cited: January 4, 2015.] https://www.linkedin.com/in/rolfrolles.

  24. Cyber Grand Challenge. Frequently Asked Questions. [Online] DARPA, November 14, 2014. https://cgc.darpa.mil/CGC_FAQ_v10.pdf.

  25. Flake, Halvar. Halvar Flake: Staff Engineer at Google. [Online] LinkedIn. [Cited: January 4, 2015.] https://www.linkedin.com/profile/view?id=4969287.

  26. Lattner, Chris. The LLVM Compiler Infrastructure. [Online] University of Illinois at Urbana-Champaign. [Cited: January 4, 2015.] http://llvm.org/.

  27. Dependable Systems Lab. S2E: Selective Symbolic Execution. [Online] École Polytechnique Fédérale de Lausanne (EPFL). [Cited: January 4, 2015.] https://sites.google.com/site/dslabepfl/proj/s2e.

  28. Wikipedians. Matt Blaze. [Online] Wikipedia, April 1, 2014. http://en.wikipedia.org/wiki/Matt_Blaze.

  29. D’Silva, Vijay, Haller, Leopold and Kroening, Daniel. Abstract satisfaction. [Online] ACM Digital Library, January 2014. http://dl.acm.org/citation.cfm?id=2535868.

  30. Hofmeyr, Steven Andrew. An Immunological Model of Distributed Detection and Its Application to Computer Security. [Online] ACM Digital Library, May 1999. http://dl.acm.org/citation.cfm?id=929186.

Download references

Author information

Authors and Affiliations

  1. Newton Lee Laboratories, LLC, Tujunga, CA, USA

    Newton Lee

Authors
  1. Newton Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Newton Lee .

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this chapter

Cite this chapter

Lee, N. (2015). DARPA’s Cyber Grand Challenge (2014–2016). In: Counterterrorism and Cybersecurity. Springer, Cham. https://doi.org/10.1007/978-3-319-17244-6_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-17244-6_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-17243-9

  • Online ISBN: 978-3-319-17244-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation