DARPA program aims to make network-connected systems less vulnerable

ARLINGTON, Va. The Defense Advanced Research Projects Agency (DARPA) has launched a new program it calls Configuration Security (ConSec) that aims to develop a system to automatically generate, deploy, and manage inherently more secure configurations of components and subsystems for end-use in military platforms.

officials say that many consumer, industrial, and military players are turning to inexpensive, commodity off-the-shelf (COTS) devices with general-purpose designs that are applicable for a range of functionalities and deployment options.

“With commodity devices, software and configuration settings now govern behaviors that were physically impossible in special-purpose hardware, creating risks and increasing system vulnerability,” said Jacob Torrey, program manager in DARPA’s Information Innovation Office (I2O). “Certain functionality built into COTS components may not be necessary for all users or applications, and unwanted functionality can be hard to detect and turned off. For instance, an unneeded maintenance or diagnostic service left enabled could create an opportunity for an attacker to circumvent other security controls and use the system’s as-deployed functionality to generate a malicious effect. This opaqueness is creating challenges for system operators who must rely on component configurations to reduce attack surfaces created by unnecessary functionality.”

DARPA is asking researchers to develop models and functional specifications of systems based on human-friendly information formats – including checklists, operating manuals, and other written human standard operating procedures (SOPs) – together with an analysis of the system’s underlying components’ hardware and firmware. Input from these models and analyses will help to determine how settings in a component’s configuration space might affect its functionality, how human behavior affects system behavior, and system uses in both operational and mission contexts. Torrey expects that the program will roll out in three phases over the next three-and-a-half years.

The deadline for proposals for the ConSec program is February 8, 2018; additional details about the program can be found at the DARPA Broad Agency Announcement.

Topics covered in this article