DARPA program aims to find, shut backdoor malware holes in commercial IT devices

DARPA program looks to determine, validate security of every networked device.

It is likely every security IT person's nightmare: the new mobile phone, network router or computer they just tied into the network actually has a secret backdoor that lets the malicious users or governments have unfettered access to the company's assets.

That sort of fear is behind a new program researchers at the Defense Advanced Research Projects Agency (DARPA) will discuss on December 12th known as the Vetting Commodity IT Software and Firmware (VET). VET will look to develop systems that can verify the security of commercial IT devices. IT's growing dependence on the global supply chain makes device, software and firmware security an imperative, DARPA stated.   

IN THE NEWS: Gartner: Top 10 strategic technology trends for 2013

"Backdoors, malicious software and other vulnerabilities unknown to the user could enable an adversary to use a device to accomplish a variety of harmful objectives, including the exfiltration of sensitive data and the sabotage of critical operations. Determining the security of every device the Department of Defense uses in a timely fashion is beyond current capabilities," DARPA stated.

According to DARPA, VET will address three technical challenges: 

  • Define malice: Given a sample device, how can DoD analysts produce a prioritized checklist of software and firmware components to examine and broad classes of hidden malicious functionality to rule out?
  • Confirm the absence of malice: Given a checklist of software and firmware components to examine and broad classes of hidden malicious functionality to rule out, how can DoD analysts demonstrate the absence of those broad classes of hidden malicious functionality?
  • Examine equipment at scale: Given a means for DoD analysts to demonstrate the absence of broad classes of hidden malicious functionality in sample devices in the lab, how can this procedure scale to non-specialist technicians who must vet every individual new device used by the Department of Defense prior to deployment?

"DoD relies on millions of devices to bring network access and functionality to its users," said Tim Fraser, DARPA program manager in a statement. "Rigorously vetting software and firmware in each and every one of them is beyond our present capabilities, and the perception that this problem is simply unapproachable is widespread. The most significant output of the VET program will be a set of techniques, tools and demonstrations that will forever change this perception."

MORE: Gartner: 10 critical IT trends for the next five years

Follow Michael Cooney on Twitter: nwwlayer8 and on Facebook

Check out these other hot stories:

IRS needs bigger weapons to fight exploding identity theft-related tax refund fraud schemes

DEA issues extortion scam warning involving Internet drug buys

Sandia Lab celebrates original "Mr. Clean" the clean room inventor

Cyber Monday bust: US law enforcement joins in world-wide seizure of 132 domain names

NASA paint kills that new car smell, saves satellites too

DARPA wants army of networked amateur astronomers to watch sky for space junk

NASA fires-up experimental space Internet for robot control

Astronomers find Super Earth that could support life - 42 light years away

US Navy outfits destroyers with potential $30 million worth of Gigabit Ethernet

DARPA seeks smart camera would blend visible, infrared images into a single shot

NASA shifts vital computer tasks onboard long-running Mars Odyssey satellite

Copyright © 2012 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022