I'm on a team that will be participating in the upcoming qualifier for the finals. I'd be happy to answer any questions about the challenge (that I know the answers to), though not any about our specific techniques ;)
This is a neat idea, nicely presented. The proposal appeals to a wide audience by explaining the defensive significance of the tools it asks participants to develop. Is there any reason to think that people who were directly or indirectly involved in proposing this challenging are also interested in offensive applications, and chose not to talk about them?
>> Is there any reason to think that people who were directly or indirectly involved in proposing this challenging are also interested in offensive applications, and chose not to talk about them?
Sorry, I didn't actually go through the entire scrolling graphics thing, I just read the explanation of the idea. I'll agree that that part didn't add to my understanding and I didn't intend to praise it.
It's a buzzword with an vision that can have a positive but also a negative outcome for our society.
For example: The nest thermostat learns your behavior and selects your favorite temperature depending the day of time, the ambient light, ... it learns with you - and actually helps to save you energy. The opposite is a "smart meter" forced on you by new regulations that isn't smart at all and doesn't help you to save energy but sends your power usage data (your private life data) in regular intervals over the net to the usual data collectors.
Another example: All Ford automobiles that come with the Sync board computer (2008-2015, Windows CE based) can be optionally set to do the following in the event of a crash (at the time when the airbags go off): use your phone connected via Bluetooth, set a call to the international emergency hotline, speak via the Nuance Text-To-Speech software an emergency text including your current position (car have an inbuilt GPS antenna) and open the microphone so that you can talk with the emergency hotline or at least they can hear the audio if you are unable to speak. On the otherside, some lobbies try to propose in the US/EU a new law where every car has to share its location and some other "metadata" in a short interval (as soon as you turn on your motor) to a central data collector - so that in the event of an accident they know where you are, as they say.
Decide yourself which version of the "Internet of Things" vision you want to have in your everyday life.
^ this is too ambiguous to be meaningful for anyone who isn't familiar with the cyber grand challenge (CGC).
the CGC, as i understand it, is about developing systems which can autonomously detect and patch vulnerabilities[0].
i believe this is interesting for a couple of reasons:
1. a self-repairing system could prevent data breaches (or mitigate damage).
2. this type of system could use its knowledge to attack other systems.
on a somewhat related note, i'm reminded of elon musk's reaction [1] to prof. nick bostrom's book [2], "superintelligence":
"We need to be super careful with AI. Potentially more dangerous than nukes."
though i don't claim to know the motivation/context behind musk's remark, it's easy to envision the dangers associated with a couple of AI's "duking it out" on the interwebs. (CBS's "person of interest" is a fun, fictional series that covers this scenario [3].)
The nest thermostat is a completely different device from an utility smart meter.
For example, I can see smart meters helping provide real time data to the utility about power usage. Utilities are engaged in an enormous task of forescating power demand, which is probably much harder than weather forecasting even (as that is a subtask of demand forecasting!) -- and can net huge savings for the companies; or allowing more fair pricing schemes that discourage usage in times of high demand; etc. That's a real benefit for society.
I don't think there's a need to put a tin foil hat and demand that all personally identifiable information collection be ceased. We instead just have to make sure this info is getting used properly (within the designated scope) with according security for each problem. In other words: scrutiny, not celibacy.
You can twist it how you like but it doesn't make a difference - it's a device that the PR suggests that it helps you save energy and costs. One device (Nest) lives up the dream and is great, the other (smart meters) is the opposite - but it could be a great device too if it would live up the original PR vision.
> enormous task of forescating power demand
Not really, the electrical power transformer stations that are physically located near your home already communicate about the power demand habits to the central power grid network. There is no technical reason to track every single house hold every 15min or every hour.
> provide real time data to the utility
Do you believe it's great that a washing machine is running during the night to save costs for the power company (and maybe you) but keeps you and your neighbors awake and you have to deal with wrinkled laundry in the morning?
One can save energy at home, but the biggest power consumers at home are devices that are used at specific times - and that time cannot be deferred to the night - except one wants to be the slave of his own devices. On the other side a lot of energy could be saved in industrial production by optimizing processes.
Next time one buys a device check the energy rating - but be smart and cautious as some very energy efficient rated devices like new electric kettles and vacuum cleaners consume less power by using less Watt which means physically it takes longer to boil the water or the vacuum cleaner is less efficient as the engine is less powerful and it takes longer to clean your home.
Far better for the environment is to install photovoltaic panels near your home yourself. Especially then an electric car makes a lot of sense.
> it's a device that the PR suggests that it helps you save energy and costs.
I think being able to see your usage broken down to more than one reading per quarter can definitely help. You can then change your behaviour and see the improvements very quickly. One product many of the companies hand out with smart meters is something that sits there and tells you how much you're using right now. I can easily see that making people realise just how much they're using while not realising it, and turning some things off.
> but be smart and cautious as some very energy efficient rated devices like new electric kettles and vacuum cleaners consume less power by using less Watt which means physically it takes longer to boil the water or the vacuum cleaner is less efficient as the engine is less powerful and it takes longer to clean your home.
While you do need to check, you can definitely get lower powered kettles and vacuums (particularly the latter) that are as good or better. The EU has come around to regulating vacuums because many were just putting uselessly big motors in that did nothing really helpful for actually cleaning, but used loads of energy since people see a higher power and think it's automatically a better vacuum.
>I don't think there's a need to put a tin foil hat and demand that all personally identifiable information collection be ceased. We instead just have to make sure this info is getting used properly (within the designated scope) with according security for each problem
Smart meters are a great example of what can go wrong. Before pot growers were busted based on how much energy they used. The new smart meters can pick up individual devices based on their usage patterns. It can tell how many lights you are running, what kind, when, etc... All of this information is already being analyzed and used to catch people.
At some point, seemingly innocuous devices might be able leverage access to ambiant sounds and shared AC circuits to compromise local wireless networks in unconventional ways.
Will be interesting but a distraction from real INFOSEC work. DARPA and NSF have been leading the way with programs investing in real security. All kinds of results from SAFE processor to CHERI capability architecture to self-diversifying systems to inherently secure programming have come from this. Their HACMS work, for example, was even integrated into a UAV software.
It's that sort of work that's really delivering and needs more support. Smart people at institutions with good grant writers should stay watching all the DARPA and NSF security funding announcements. Plenty of money going around to solve fundamental problems. Great results so far that just need more development and adoption. And more bright men and women in the trenches fighting the rest of the hard problems.
I wonder , are those technologies scalable to micro-controllers ? because there the problem of backward compatibility is significantly reduces - as long as you supply a tcp/ip stack and an efficient compiler, the rest of the code is relatively easy , in many cases.
Yes, actually. Heck, the very limited PDP-1 was a capability machine of sorts. Most microcontrollers run circles around it. The simplest of the new schemes check small tags with hardware that runs in parallel to the processor. Essentially, the processor executes the instruction and the result is not written unless parallel unit says "All good." This should have little performance, latency, and chip area overhead. I'm not saying every microcontroller of every cost and such can be done this way: probably just mid- to high-end microcontrollers will be secure by design.
Also, there's long been chips design to run languages that are type- or memory-safe by design. Sandia Labs recently made a high assurance processor for a Java subset: the Sandia Secure Processor (SSP) or "Score" processor. It doesn't allow new code in production mode, resists all kinds of errors, has assured tool sets, has a converter from legacy Java to its, speaks JVM natively with associated benefits, uses asynchronous interrupts for determinism, and is fabbed in a rad-hard process. They aimed at safety & assurance over throughput so the specs are 25Mhz from 35,000 logic gates (110K with memory). Their ASSET framework and its high assurance design also led to amazing feet of 3 weeks from synthesis to working ASIC with no timing errors. They said similar projects normally take 6 to 18 months (!!!).
In closing, the above is evidence embedded can benefit. Yet, two in embedded just popped into my mind: CodeSEAL and smartcards. CodeSEAL combines custom hardware with a processor to (a) encrypt and hash memory pages to stop leaks or attacks outside SOC; (b) control flow whitelist produced by compiler to block all attempts to hijack it. MicroSEMI sells this commercially. Other one is smartcards: microcontrollers with strongly assured hardware, firmware, VM's, and so on for small prices. I should've thought of them first because they kind of answer the whole question, don't they?
Guess it doesn't hurt to spread more info on high assurance security tech. ;)
Thanks! Very interesting, especially the sandia rapid development tool.Could be really useful in creating low-cost mcu's.
I've looked through a few of the examples, and they are useful, but they require a different toolset from what real-time engineers use(JVM/CodeSEAL), and you probably need to certify your code in order to get eal6+ for your system. All those are big barriers for penetration, which probably creates less incentive for mcu companies to develop eal6+ mcu's with rich peripherials which will appeal to the market.
Do you see a way out of this ? maybe using rust(or some other language), an eal6+ certified RTOS and an eal6+ mcu , would enable people creating secure real-time systems without need of certification?
The toolset differences are a huge barrier to market penetration. It's why technically superior, but architecturally different, products of the past were ignored to our loss. Itanium, with its advanced security, is a recent example. Not all are like that, though. There are a number that just protect pointers, do segments, do address space protection (see INTEGRITY-178B), or vary the granularity of the protection for legacy compatibility. These tend to support a modified UNIX/Linux kernel and/or GCC modifications. Things are otherwise the same. So, there's potential in those.
I found the following looking into embedded use and what works with similar tools. This tagging scheme [1] integrates with RTEMS and C albeit with more complexity than some. The guarded pointers [2] from mid-90's probably would work well with microcontrollers given embedded code is often fairly static, esp safety-critical schemes. The critiques shouldn't apply as much except cost of extra bits. The SAFE architecture's PUMP [3] does arbitrary policies with costs that might put it outside of microcontroller range (high end? mid-range?). One can even use the old Burrough's model where 2 tags bits per word are used to ID pointers and code. Writes to either generate an interrupt for security system to approve based on context. Again, embedded is static enough that there should be no such interrupts in normal operation if pointer-arithmetic is avoided, right?
Feel free to give your thoughts on these in terms of microcontrollers or low-cost microprocessors.
The guarded pointers look great , and both them and the Burrough model could work well for micro-controllers, and suffer a relatively small penatly. The SAFE-PUMP would probably need a relatively new manufacturing process to make economical sense for medium-end microcontroller or would be fitting for a high-end microcontroller.
>> Again, embedded is static enough that there should be no such interrupts in normal operation if pointer-arithmetic is avoided, right?
I think when calling a function and pushing stuff into the stack ,you'll need such interrupts, and maybe in other situations.I'm no sure though, i'm just an hobbyist in embedded, but pretty interested in the industry - and the tension between the fact that everybody says internet-of-things-security is a big issue with no solution and on the other hand ,the availability highly secure research and working systems.
Lmao. My initial reaction exactly. DARPA's writers are usually better than this if it's something open to the public. Other times, they do it on purpose. Maybe they got mixed up on which style to use.
Where would silicon valley, and the world in general, be without DARPA? Not that I am trying to support any big brother agenda, but it's hard to deny that your smartphone and computer owe at least some part of their existence to efforts on the part of the US defense budget. Again, I am not trying to take sides, I just find it shortsighted to cast a disapproving eye on government projects....or at least funding.
Just agreeing here on the part about DARPA. It's possible, though, that you have no idea just how much DARPA was involved. Despite my research, I just now stumbled onto the Strategic Computing Initiative which shows most of the coolest stuff I studied was all tied to DARPA. Most people haven't heard of it despite it being much more useful than the other Strategic Initiative they know about. Link below for your enjoyment.
Yes, in the immediate sense of the story, you're right. But when I look into my crystal ball, I see so many of these machines running continually that it becomes an internet that hands control of itself to the US government (and any of our "allies" paying the ante of, say, forty F-35s, or whatever newfangled hardware they build to burn up on the runway).
> The Skynet Funding Bill is passed. The system goes on-line August 4th, 1997. Human decisions are removed from strategic defense. Skynet begins to learn at a geometric rate. It becomes self-aware at 2:14 a.m. Eastern time, August 29th. In a panic, they try to pull the plug.
