DARPA explores how to construct self-healing computers by focusing on a key component – the bus

Jan 17, 2025
In an imperfect world, the prospect of having a computer, or any bus-based system, that can defend itself from cyber-attacks and recover from one is not just a pipe dream.
DARPA experts say this capability can become a reality by addressing missing forensic data on the bus – a communication system that transfers data between components – and leveraging advancements in Zero Trust.1
Many critical systems (e.g., Defense Department vehicles with engine control and power steering modules, and personal computers with memory controllers, graphic processing units, disk controllers, etc.) are bus-based systems of systems with implicitly trusted modular components. Simply detecting and alerting of a cyber-attack – as most antivirus software works today – does not sufficiently protect the computer system.
Instead, DARPA wants to develop algorithms that construct self-healing systems. Through the Reclaiming Bus-based Systems During Compromise (Red-C) program, the agency will explore retrofitting firmware to add forensic sensing, which refers to the ability to collect and analyze data for investigative purposes, so the various components can monitor each other like a neighborhood watch. The sensing and monitoring for infection would enable on-system detection, repair, and inoculation.
“The reason these vulnerabilities continue, even in new technology, is because manufacturers build bus systems as a collection of independent black-box components,” said Bernie McShea, DARPA Red-C program manager.
He explained that current threat detection mainly occurs off-system and that monitoring only transactional bus traffic limits the kind of threats one can find.
“We must create better instrumentation and cooperative responses to detect, repair, and inoculate on-system,” said McShea. “Our goal is to produce a collective effect that imposes a cost to the attacker, penalizing the use of an attack, as trying or using the door ensures it is locked next time.”
Recently, DARPA performers instrumented components on a seedling effort, creating a dataset that detected 99% ransomware. Moreover, the data production for that dataset only added 6% additional component computational overhead – not a small feat, according to McShea. Combining the seedling results with prior on-system recovery, such as ransomware remediation of solid state drives2 that showed recovery of files for three days, is an indication of the impact the Red-C program will explore.
Red-C will focus on Peripheral Component Interconnect Express (PCIe) and Compute Express Link (CXL), high-speed interface standards that serve as the backbone for attaching peripherals such as graphics cards, solid-state drives (SSDs), network cards, and other devices that require fast data transfer and low latency. McShea envisions the program will result in a prototype with PCIe/CXL bus architectures that shows it’s possible to detect and recover from attacks in near real-time with negligible impact on the available resources of the components and the bus’s bandwidth.
Through Red-C, McShea will foster a symbiotic community of component developers and algorithm researchers by accurately documenting current algorithmic development in firmware and the remaining open problems.
“By addressing fundamental algorithmic challenges and promoting cooperation between components, DARPA could effectively lower the investment risk for reactive cyber threat mitigations,” said McShea. “The question then becomes, do the benefits outweigh the cost of building Red-C components?”
DARPA will sponsor a Proposers Day on Jan. 28, 2025, which attendees can attend in person or virtually. Participants must register by Jan. 23, 2025. Details and registration info are available at SAM.Gov.
Additional information on Red-C is available via the Broad Agency Announcement at https://sam.gov/opp/6d7d9e282e31451684a0da0430d12ac5/view.
Editor’s Note: The BAA link was added to this update on Jan. 29, 2025.
###
Media with inquiries should contact DARPA Public Affairs at outreach@darpa.mil
[1]DoD Zero Trust Strategy: Zero Trust is the term for an evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets, and resources.
[2] Wang, Xiaohao, Yifan Yuan, You Zhou, Chance C. Coats, and Jian Huang. "Project almanac: A time-traveling solid-state drive." In Proceedings of the Fourteenth EuroSys Conference 2019, pp. 1-16. 2019.