Supercomputers give a glimpse of cybersecurity’s automated future

Pro
Source: Stockfresh

8 August 2016

Giant refrigerator-sized supercomputers have battled each other in a virtual contest to show that machines can find software vulnerabilities. The result was that, time and time again, the supercomputers detected simulated flaws in software.

It represents a technological achievement in vulnerability detection, at a time when it can take human researchers on average a year to find software flaws. The hope is that computers can do a better job and perhaps detect and patch the flaws within months, weeks, or even days.

The contest, called the Cyber Grand Challenge, was a step in that direction. The final round of the competition pitted computers from seven teams to play the hacking game “Capture the Flag,” which revolves around detecting software vulnerabilities.

Defcon
All the machines were brought together to compete in Las Vegas at Defcon, a cybersecurity event where human hackers have annually played the Capture the Flag game for years. However, this time, the fully automated computers were the sole participants, and during the competition none of them had any help from their human creators.

To score points, the computers played 96 rounds, in which they authored streams of new code to both prove vulnerabilities existed in software and patch flaws. All of this was done in minutes.

Modified versions of bugs including Heartbleed, Sendmail crackaddr and the Morris Worm were also thrown at the computers, and certain machines detected and repaired them.

Officials at DARPA, the US defence agency that sponsored the contest, said the machines gave a possible glimpse of the future of cybersecurity.

Automation possible
“We’ve proven that this automation is possible,” said Mike Walker, program manager for the Cyber Grand Challenge.

However, it still remains to be seen when these supercomputers might be used in real-world environments. For instance, the machines that played the Capture the Flag game analysed the flaws within a simplified operating system. That is considerably different from scanning a real OS, which is large and often encompasses a whole ecosystem of software products.

Nevertheless, the supercomputers are up to the challenge, said David Brumley, a designer of one of the machines. His unit, called “Mayhem,” was declared the winner in the contest, coming away with the $2 million (€1.8 million) grand prize.

Human reliance
“Cybersecurity has really relied on human effort, and we still need that, but we haven’t done enough to automate,” he said. ForAllSecure, his company in Pennsylvania, has already been using its machine-based detecting techniques to find flaws in Linux.

“We can start making a difference right away,” he said. However, Brumley hopes his technology can get more funding.

“Automation has nowhere to go but get better,” said Walker.

 

 

IDG News Service

Read More:


Back to Top ↑

TechCentral.ie