Defense Advanced Research Projects AgencyTagged Content List

Cyber

Relating to digital systems and information

Showing 110 results for Cyber RSS
The Department of Defense (DoD) maintains information systems that depend on Commercial off-the-shelf (COTS) software, Government off-the-shelf (GOTS) software, and Free and open source (FOSS) software. Securing this diverse technology base requires highly skilled hackers who reason about the functionality of software and identify novel vulnerabilities.
The growth of the internet-of-things (IoT) and network-connected composed systems (e.g., aircraft, critical-infrastructure, etc.) has led to unprecedented technical diversity in deployed systems. From consumer IoT devices developed with minimal built-in security, which are often co-opted by malware to launch large distributed denial of service (DDoS) attacks on internet infrastructure, to remote attacks on Industrial Control System (ICS) devices, these newly connected, composed systems provide a vast attack surface. While the diversity of functionality and the scope of what can now be connected, monitored, and controlled over the Internet has increased dramatically, economies of scale have decreased platform diversity.
Unreliable software places huge costs on both the military and the civilian economy. Currently, most Commercial Off-the-Shelf (COTS) software contains about one to five bugs per thousand lines of code. Formal verification of software provides the most confidence that a given piece of software is free of errors that could disrupt military and government operations. Unfortunately, traditional formal verification methods do not scale to the size of software found in modern computer systems. Formal verification also currently requires highly specialized engineers with deep knowledge of software technology and mathematical theorem-proving techniques.
| Cyber | Formal | Trust |
Embedded computing systems are ubiquitous in critical infrastructure, vehicles, smart devices, and military systems. Conventional wisdom once held that cyberattacks against embedded systems were not a concern since they seldom had traditional networking connections on which an attack could occur. However, attackers have learned to bridge air gaps that surround the most sensitive embedded systems, and network connectivity is now being extended to even the most remote of embedded systems.
| Cyber | Formal | Trust |
The rapid pace of innovation in software and hardware over the past three decades has produced computational systems that, despite security improvements, remain stubbornly vulnerable to attack. Although clean-sheet design can produce fundamental security improvements that gradually diffuse into the installed base, this process can take years.