DARPA targets $4.8M to close backdoor security problems

Raytheon BBN Technologies and GrammaTech look to close hidden malicious code threats

DARPA
The Defense Advanced Research Projects Agency has written a check for $4.8 million to Raytheon BBN Technologies and GrammaTech to build software that blocks backdoor security holes in commodity network devices.

The contract falls under DARPA's Vetting Commodity IT Software and Firmware (VET) program which address the threat of malicious code hidden in mobile phones, network routers, computer workstations and other networked devices can be secretly modified to function in unintended ways or spy on users.

Under VET, GrammaTech and Raytheon BBN said they intend to develop tools and techniques to let organizations inspect the network-enabled devices software and firmware and protect them from attack. Raytheon plans to develop techniques that enable analysts to prioritize elements of software and firmware to examine for hidden malicious code. GrammaTech also said it plans to develop the tools that examine the software and firmware to let analysts demonstrate that they do not have exploitable security vulnerabilities.

[IN THE NEWS: Bitcoin's highest highs, lowest lows]

[MORE: Quick look: Inside Amazon's vast distribution business]

"Backdoors, malicious software and other vulnerabilities unknown to the user could enable an adversary to use a device to accomplish a variety of harmful objectives, including the exfiltration of sensitive data and the sabotage of critical operations. Determining the security of every device the Department of Defense uses in a timely fashion is beyond current capabilities," DARPA stated.  VET will look to develop systems that can verify the security of commercial IT devices. IT's growing dependence on the global supply chain makes device, software and firmware security an imperative, DARPA stated.   

According to DARPA, VET is looking to address three technical challenges: 

  • Define malice: Given a sample device, how can DoD analysts produce a prioritized checklist of software and firmware components to examine and broad classes of hidden malicious functionality to rule out?
  • Confirm the absence of malice: Given a checklist of software and firmware components to examine and broad classes of hidden malicious functionality to rule out, how can DoD analysts demonstrate the absence of those broad classes of hidden malicious functionality?
  • Examine equipment at scale: Given a means for DoD analysts to demonstrate the absence of broad classes of hidden malicious functionality in sample devices in the lab, how can this procedure scale to non-specialist technicians who must vet every individual new device used by the Department of Defense prior to deployment?

Follow Michael Cooney on Twitter: nwwlayer8 and on Facebook

Check out these other hot stories:

Navy launches drone from submerged subNational Science Foundation IT guy gets smacked for stealing $94,493 worth of electronic goodies

Foldable, membrane-based orbital telescope could alter space vision

Lightweight Lockheed cryocooler will keep satellite innards on ice

How to shove 50 meters of optical fiber into a microchip

NASA may salvage its planet-hunter spacecraft after all

Tall police SUVs latest tactic in stopping drivers who insist on texting

It will take a (big) village to get humans near Mars by 2018

Google's Vint Cerf defines Internet of Things challenges

NASA, Boeing flaunt high-tech wing that could alter future aircraft design

US intelligence wants to radically advance facial recognition software

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Must read: Hidden Cause of Slow Internet and how to fix it
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.