Defense Advanced Research Projects AgencyTagged Content List

Cyber

Relating to digital systems and information

Showing 27 results for Cyber + Trust RSS
The process of determining that a software system’s risk is acceptable is referred to as “certification.” Current certification practices within the Department of Defense (DoD) are antiquated and unable to scale with the amount of software deployed. Two factors prevent scaling: (a) the use of human evaluators to determine if the system meets certification criteria, and (b) the lack of a principled means to decompose evaluations.
| Cyber | Formal | Trust |
The Clean-Slate Design of Resilient, Adaptive, Secure Hosts (CRASH) program will pursue innovative research into the design of new computer systems that are highly resistant to cyber-attack, can adapt after a successful attack to continue rendering useful services, learn from previous attacks how to guard against and cope with future attacks, and can repair themselves after attacks have succeeded. Exploitable vulnerabilities originate from a handful of known sources (e.g., memory safety); they remain because of deficits in tools, languages and hardware that could address and prevent vulnerabilities at the design, implementation and execution stages.
| Cyber | Trust |
Unreliable software places huge costs on both the military and the civilian economy. Currently, most Commercial Off-the-Shelf (COTS) software contains about one to five bugs per thousand lines of code. Formal verification of software provides the most confidence that a given piece of software is free of errors that could disrupt military and government operations. Unfortunately, traditional formal verification methods do not scale to the size of software found in modern computer systems. Formal verification also currently requires highly specialized engineers with deep knowledge of software technology and mathematical theorem-proving techniques.
| Cyber | Formal | Trust |
Embedded computing systems are ubiquitous in critical infrastructure, vehicles, smart devices, and military systems. Conventional wisdom once held that cyberattacks against embedded systems were not a concern since they seldom had traditional networking connections on which an attack could occur. However, attackers have learned to bridge air gaps that surround the most sensitive embedded systems, and network connectivity is now being extended to even the most remote of embedded systems.
| Cyber | Formal | Trust |
Embedded systems form a ubiquitous, networked, computing substrate that underlies much of modern technological society. Such systems range from large supervisory control and data acquisition (SCADA) systems that manage physical infrastructure to medical devices such as pacemakers and insulin pumps, to computer peripherals such as printers and routers, to communication devices such as cell phones and radios, to vehicles such as airplanes and satellites. Such devices have been networked for a variety of reasons, including the ability to conveniently access diagnostic information, perform software updates, provide innovative features, lower costs, and improve ease of use.
| Cyber | Formal | Trust |