Defense Advanced Research Projects AgencyTagged Content List

Technologies for Trustworthy Computing and Information

Confidence in the integrity of information and systems

Showing 29 results for Trust RSS
As computing devices become more pervasive, the software systems that control them have become increasingly more complex and sophisticated. Consequently, despite the tremendous resources devoted to making software more robust and resilient, ensuring that programs are correct—especially at scale—remains a difficult and challenging endeavor. Unfortunately, uncaught errors triggered during program execution can lead to potentially crippling security violations, unexpected runtime failure or unintended behavior, all of which can have profound negative consequences on economic productivity, reliability of mission-critical systems, and correct operation of important and sensitive cyber infrastructure.
The February 2011 Federal Cloud Computing Strategy released by the U.S. Chief Information Officer reinforces the United States Government’s plans to move information technology away from traditional workstations and toward cloud computing environments. Where compelling incentives to do this exist, security implications of concentrating sensitive data and computation into computing clouds have yet to be fully addressed. The perimeter defense focus of traditional security solutions is not sufficient to secure existing enclaves. It could be further marginalized in cloud environments where there is a huge concentration of homogeneous hosts on high-speed networks without internal checks, and with implicit trust among hosts within those limited perimeter defenses.
Cloud computing provides computing capabilities as a service rather than a product. Advantages to this include reduced costs and maintenance, and increased flexibility, availability and scalability. Cloud computing, however, also presents some potentially significant security issues. In particular, vulnerabilities could include compromise of data security and loss of key information. Any computer or web-friendly device connected to the Internet could gain unauthorized access to pools of computing power, applications, or files – compromising information security in cloud-computing environments.
The goal of the Safer Warfighter Communications (SAFER) program is to develop technology that will enable safe, resilient communications over the Internet, particularly in situations in which a third-party is attempting to discover the identity or location of the end users, or block the communication. The technology developed through the program will also provide the quality of service (QoS) required to support applications such as instant messaging, electronic mail, social networking, streaming video, voice over Internet protocol (VoIP), video conferencing and other media that promote effective communication.
It is easy to reverse engineer software today. An attacker generally requires no more than a basic debugger, a compiler and about a day's effort to de-obfuscate code that has been obfuscated with the best current methods. The reason for the relative ease is that program obfuscation is primarily based on "security through obscurity" strategies, typified by inserting passive junk code into a program’s source code. Existing program obfuscation methods also do not have quantifiable security models, and so it is difficult even to measure how much security is gained by a given obfuscation effort.