Defense Advanced Research Projects AgencyTagged Content List


Relating to digital systems and information

Showing 33 results for Cyber + Trust RSS
August 24, 2018, 2:00 PM ET,
DARPA Conference Center
DARPA’s Information Innovation Office is hosting a Proposers Day to provide information to potential applicants on the structure and objectives of the Safe Documents (SafeDocs) program. The aim of SafeDocs is to restore trust in electronic documents and messages by mitigating one of the root causes of the Internet insecurity epidemic: exploitation of software's input-handling weaknesses via complex, maliciously crafted data inputs. The program will research methods to create technological assurance that an electronic document or message automatically checked and found well-formed is safe to open, as well as generate safer document formats that are subsets of the current untrustworthy ones, preserve existing information, and are also safe to open.
| Cyber | Trust |
November 14-16, 2018,
Hilton Washington Dulles Airport
DARPA’s Information Innovation Office is co-hosting the first annual seL4 Summit along with the Air Force Research Laboratory and General Dynamics C4 Systems. seL4 is an open-source, high-assurance, high-performance microkernel; its implementation is formally proven correct against its specification. The three-day seL4 Summit will focus on maturing seL4 kernel technology, stabilizing software distribution, expanding user adoption, and transitioning the technology into various applications. Attendees will also have the opportunity to receive hands-on training for the microkernel.
| Cyber | Formal | Trust |
The current standard method for validating a user’s identity for authentication on an information system requires humans to do something that is inherently unnatural: create, remember, and manage long, complex passwords. Moreover, as long as the session remains active, typical systems incorporate no mechanisms to verify that the user originally authenticated is the user still in control of the keyboard. Thus unauthorized individuals may improperly obtain extended access to information system resources if a password is compromised or if a user does not exercise adequate vigilance after initially authenticating at the console.
To be effective, Department of Defense (DoD) cybersecurity solutions require rapid development times. The shelf life of systems and capabilities is sometimes measured in days. Thus, to a greater degree than in other areas of defense, cybersecurity solutions require that DoD develops the ability to build quickly, at scale and over a broad range of capabilities.
The process of determining that a software system’s risk is acceptable is referred to as “certification.” Current certification practices within the Department of Defense (DoD) are antiquated and unable to scale with the amount of software deployed. Two factors prevent scaling: (a) the use of human evaluators to determine if the system meets certification criteria, and (b) the lack of a principled means to decompose evaluations.
| Cyber | Formal | Trust |