Defense Advanced Research Projects AgencyTagged Content List

Technologies for Trustworthy Computing and Information

Confidence in the integrity of information and systems

Showing 23 results for Trust + Cyber RSS
02/12/2013
In the world of network cyber security, the weak link is often not the hardware or the software, but the user. Passwords are often easily guessed or possibly written down, leaving entire networks vulnerable to attack. Mobile devices containing sensitive information are often lost or stolen, leaving a password as the single layer of defense.
12/04/2013
Ever more sophisticated cyber attacks exploit software vulnerabilities in the Commercial Off-the-Shelf (COTS) IT systems and applications upon which military, government and commercial organizations rely. The most rigorous way to thwart these attacks is formal verification, an analysis process that helps ensure that software is free from exploitable flaws and vulnerabilities. Traditional formal methods, however, require specially trained engineers to manually scour software—a process that up to now has been too slow and costly to apply beyond small software components.
| Cyber | Formal | Trust |
08/09/2018
Today, the expeditious delivery of electronic documents, messages, and other data is relied on for everything from communications to navigation. As the near instantaneous exchange of information has increased in volume, so has the variety of electronic data formats–from images and videos to text and maps. Verifying the trustworthiness and provenance of this mountain of electronic information is an exceedingly difficult task as individuals and organizations routinely engage with data shared by unauthenticated and potentially compromised sources.
August 24, 2018, 2:00 PM ET,
DARPA Conference Center
DARPA’s Information Innovation Office is hosting a Proposers Day to provide information to potential applicants on the structure and objectives of the Safe Documents (SafeDocs) program. The aim of SafeDocs is to restore trust in electronic documents and messages by mitigating one of the root causes of the Internet insecurity epidemic: exploitation of software's input-handling weaknesses via complex, maliciously crafted data inputs. The program will research methods to create technological assurance that an electronic document or message automatically checked and found well-formed is safe to open, as well as generate safer document formats that are subsets of the current untrustworthy ones, preserve existing information, and are also safe to open.
| Cyber | Trust |
The current standard method for validating a user’s identity for authentication on an information system requires humans to do something that is inherently unnatural: create, remember, and manage long, complex passwords. Moreover, as long as the session remains active, typical systems incorporate no mechanisms to verify that the user originally authenticated is the user still in control of the keyboard. Thus unauthorized individuals may improperly obtain extended access to information system resources if a password is compromised or if a user does not exercise adequate vigilance after initially authenticating at the console.