SafeDocs program launches aiming to share electronic data safely
ARLINGTON, Va. Defense Advanced Research Projects Agency (DARPA) officials launched a new program dubbed Safe Documents (SafeDocs), which aims to improve software's ability to detect and reject invalid or maliciously crafted input data, without impacting the key functionality of new and existing electronic data formats.
“With today’s online risk environment, allowing software to interact with untrusted electronic documents and messages is akin to downloading and running untrusted programs on your computer,” explains Sergey Bratus, the DARPA Information Innovation Office (I2O) program manager leading SafeDocs. “To create a safer internet, we must first create safer electronic documents. Through SafeDocs, we are looking for ways to reduce the complexity of electronic document exchange and minimize the means of exploitation for all malicious actors–from cybercriminals to nation states.”
SafeDocs seeks to create technological assurance that an electronic document or message is automatically checked and safe to open, while also generating safer document formats that are subsets of current, untrustworthy versions. To accomplish its goals, the program will focus on two primary technical research thrusts.
- The first thrust seeks to develop methodologies and tools for capturing and defining human-intelligible, machine-readable descriptors of electronic data formats. To do this, researchers will explore means of extracting the de facto syntax of existing data formats and identifying each format’s simpler subset that can be parsed safely and unambiguously, and used in verified programming without impacting the format’s essential functionality.
- Under the second technical thrust, researchers will create software construction kits for building secure, verified parsers, using the simplified format subsets where the existing format’s inherent complexity or ambiguity has been reduced for safety. Parsers, which are used to break data inputs down into manageable objects for further processing, can contain exploitable flaws and behaviors. Research under this thrust will strive to create the methodologies and tools needed to build high-assurance and verifiable parsers for new and existing data formats to help reduce the technology’s chances of compromise.
To learn more about the program, DARPA officials scheduled a Proposers Day on August 24. For additional information, click here. A full description of the program will be made available in a forthcoming Broad Agency Announcement.