• Information Titlte Banner
  • Office Ribbon 6
     

  • Verigames Portal Offers the Chance to Do Serious IT Security While Playing Online

    December 04, 2013

    Games funded through the Crowd Sourced Formal Verification (CSFV) program aim to help improve software security by analyzing code through players’ actions 

    Ever more sophisticated cyber attacks exploit software vulnerabilities in the Commercial Off-the-Shelf (COTS) IT systems and applications upon which military, government and commercial organizations rely. The most rigorous way to thwart these attacks is formal verification, an analysis process that helps ensure that software is free from exploitable flaws and vulnerabilities. Traditional formal methods, however, require specially trained engineers to manually scour software—a process that up to now has been too slow and costly to apply beyond small software components.

    Finding faster, more cost-effective means to perform formal verification is a national security priority, so DARPA’s Crowd Sourced Formal Verification (CSFV) program has developed and launched its Verigames web portal (www.verigames.com) offering free online formal verification games. The CSFV games translate players’ actions into program annotations and generate mathematical proofs to verify the absence of important classes of flaws in software written in the C and Java programming languages. CSFV aims to investigate whether large numbers of non-experts playing formal verification games can perform formal verification faster and more cost-effectively than conventional processes.

    “We’re seeing if we can take really hard math problems and map them onto interesting, attractive puzzle games that online players will solve for fun,” said Drew Dean, DARPA program manager. “By leveraging players’ intelligence and ingenuity on a broad scale, we hope to reduce security analysts’ workloads and fundamentally improve the availability of formal verification.”

    CSFV has developed an automated process that enables the creation of new puzzles for each math problem the program seeks to review. If gameplay does reveal potentially harmful code, DARPA will implement approved notification and mitigation procedures, including notifying the organization responsible for the affected software. Because CSFV verifies open source software that commercial, government and/or Department of Defense systems may use, prompt notification is essential to correct the software rapidly and mitigate risk of security breakdowns.

    Verigames currently offers five games:

    • CircuitBot: Link up a team of robots to carry out a mission.
    • Flow Jam: Analyze and adjust a cable network to maximize its flow.
    • Ghost Map: Free your mind by finding a path through a brain network.
    • StormBound: Unweave the windstorm into patterns of streaming symbols.
    • Xylem: Catalog species of plants using mathematical formulas.

    Because government regulations require adult volunteer participants for this DARPA research program, CSFV games are open only to players ages 18 and up. 

    # # #

    Associated images posted on www.darpa.mil and video posted at www.youtube.com/darpatv may be reused according to the terms of the DARPA User Agreement, available here: http://go.usa.gov/nYr.  

    Tweet @darpa

  • Media Queries

    Please direct all media queries to Outreach@darpa.mil 

  • Images

    DARPA’s Crowd Sourced Formal Verification (CSFV) program developed and launched its Verigames web portal. Verigames offers free online games to help with formal verification, which confirms the absence of certain software flaws or bugs. CSFV aims to investigate whether large numbers of non-experts can perform formal verification faster and more cost-effectively than conventional processes. 

    Click for High-Resolution Image
    DARPA’s Crowd Sourced Formal Verification (CSFV) program developed and launched its Verigames web portal. Verigames offers free online games to help with formal verification, which confirms the absence of certain software flaws or bugs. CSFV aims to investigate whether large numbers of non-experts can perform formal verification faster and more cost-effectively than conventional processes.

     

  • Additional Info

Share this page: