In the beginning of this month (4. – 7. August) in Paris Hotel, Las Vegas, was a Cyber Grand Challenge by DARPA, the US military’s research-and-development arm.
The idea of this competition is to create bot supercomputer that can discover, identify and provide security patches in real-time. So basically identify computer virus as anti-virus protection program, de-bug and fix code – something that usually developers do – after the test of fix in test environment – a system administrator deploys needed fix to infected computer.
The idea is pretty impressive, the winner of the challenge is company ForAllSecure (won the 2 million dollar prize).
From hardware point of view contestants needed to develop a high power bot, with water-cooling system. The bots had installed almost one hundred programs created for the contest.
To quote Technology Review + link– how did the challenge look:
“Those programs were loosely modeled on packages that might be found on a Web server and intentionally designed with security flaws. Each team’s bot earned points for fixing flaws in programs in its care, keeping them running, and probing the programs of other teams to identify unfixed vulnerabilities. Bots didn’t get to see the programs they had to look after before the contest.”
The bots needed to fix some of the classic well-known famous flaws: Morris Worm (from 1988) and Heartbleed bug (2014), SQL slammer.
The winner of the competition is bot Mayhem as Business Insider – link reports:
“Mayhem — which ultimately won the event — was built by ForAllSecure, a Pittsburgh, Pennsylvania-based startup founded by Carnegie Mellon alums. Much like their competition, the team led by Dr. David Brumley worked for two years to build a system that would be able to run through the challenges all while being able to react to the unforeseen, like running out of disk space. One of those issues propped up about halfway through the competition. Mayhem — with a commanding lead over its competitors — started to crash and burn. “We noticed that Mayhem didn’t work as intended,” Alex Rebert, cofounder of ForAllSecure, told Business Insider. “I think we noticed the issue at 2 or 3 p.m. The whole rest of the day we were just depressed, thinking we would lose.” Fortunately for Mayhem, its early success in finding and patching vulnerabilities kept it high up on the leaderboard, while later challenges it sat out proved difficult for the other six teams. After 95 rounds of bug hunting and all-machine hacking, Mayhem was the champion, with “Xandra” not far behind.”
Is that a good solution for network security? Well I think for now dual firewall in DMZ network would do the trick for critical systems. But event and challenge in Las Vegas is more of a good opportunity for technology companies and start-ups to promote their work. We will see what the future brings.
Have a nice day!