DARPA’s announcement last October that it would sponsor a $2 million contest, challenging academics and security industry stalwarts to come up with an automated network defense system, has already attracted 35 entrants and a high-profile venue to stage the tournament finale.
The final stage of the DARPA Cyber Grand Challenge will be held during DEF CON 2016, with qualifying events scheduled in the interim.
The teams, seven of which were announced yesterday: For All Secure; GrammaTech; Lekkertech; SIFT; SRI; Trail of Bits; University of California Berkeley; will design and build high-performance computers used during the challenge.
Teams are being tasked with building automated security systems that will be able to defend themselves against attack as those attacks are launched.
DARPA said yesterday that registration is open through Nov. 2. Teams can enter in one of two tracks available in the challenge. The Open Track is for self-funded teams, while a Proposal Track will be made up of teams invited and given seed funding by DARPA. This track will be played out in an open competition next June at a qualification event, DARPA said.
Appropriately with the competition happening at DEF CON, home of one of the security industry’s most recognizable and longest running Capture the Flag contests, DARPA said the Cyber Grand Challenge will follow a similar format.
“That approach requires that competitors reverse engineer software created by challenge organizers and locate and heal its hidden weaknesses in a live network competition,” DARPA said in a statement.
Competitors will have two years to build these self-defending systems before they compete head-to-head in Las Vegas; DARPA plans to develop a visualization system in order for spectators to watch the event live and over the Internet.
“Today’s security methods involve experts working with computerized systems to identify attacks, craft corrective patches and signatures and distribute those correctives to users everywhere—a process that can take months from the time an attack is first launched,” said Mike Walker, DARPA program manager. “The only effective approach to defending against today’s ever-increasing volume and diversity of attacks is to shift to fully automated systems capable of discovering and neutralizing attacks instantly.”
DARPA also announced yesterday that it was releasing an open-source extension for the Linux operating system called DECREE. The extension is a platform for running small software test samples, essentially giving competitors a research environment for work to be used in the challenge.
DARPA announced the Cyber Grand Challenge in late October, and said at the time that the systems would not scan for and identify system vulnerabilities, but patch them on the fly.
“Today, our time to patch a newly discovered security flaw is measured in days,” Walker said. “Through automatic recognition and remediation of software flaws, the term for a new cyberattack may change from zero-day to zero-second.”
DARPA said at the time also that it will score entries on how well systems protect hosts, identify flaws and keep software running. In addition to the first prize, runners-up would get $1 million and third place $750,000.