0
0
0
0
0
0
0
0
0
0
0
0
:
0
0
0
0
0
0
0
0
:
0
0
0
0
0
0
0
0
:
0
0
0
0
0
0
0
0
ABOUT

With the coming advent of the Internet of Things, data insecurity is on track to become physical insecurity. The same code that powers today’s networked computers – code that is routinely compromised by attackers – is making its way into our vehicles, our smart homes, our augmented reality, and our connected culture. This future requires fundamentally new thinking about how networked devices will be defended.

Today’s attackers have the upper hand due to the problematic economics of computer security. Attackers have the concrete and inexpensive task of finding a single flaw to break a system. Defenders on the other hand are required to anticipate and deny any possible flaw – a goal both difficult to measure and expensive to achieve. Only automation can upend these economics.

The ultimate test of wits in computer security occurs through open competition on the global Capture the Flag (CTF) tournament circuit. In CTF contests, experts reverse engineer software, probe its weaknesses, search for deeply hidden flaws, and create securely patched replacements. How hard is this work? The recently discovered Heartbleed flaw in OpenSSL went undiscovered by automation for years before experts found it. The discovery of Heartbleed required the same type of reverse engineering excellence that CTFs are designed to hone.

What if a purpose built supercomputer could compete against the CTF circuit’s greatest experts? Such a computer could scour the billions of lines of code we depend on, find and fix the toughest flaws, upend the economics of computer security, and level the playing field between attackers and defenders.

Over the next two years, innovators worldwide are invited to answer the call of Cyber Grand Challenge. Over a series of competition events, the very first prototype CTF-playing systems will be constructed, competed, and selected.

In 2016, DARPA will hold the world’s first all-computer Capture the Flag tournament live on stage co-located with the DEF CON Conference in Las Vegas where automated systems may take the first steps towards a defensible, connected future.

Explore this site to learn more about Cyber Grand Challenge, and help us start a revolution.

1984
 
1994
 
2000
 
2014
 
 
 
THE INTERNET OF THINGS  
 
 
 
 
 
 
 
 
 
 
RULES

If you’re interested in joining or forming a team, the authoritative rules are available directly from the DARPA Competitor Portal.

If you’re in a hurry, here are a few key points:

Cyber Grand Challenge (CGC) is a contest to build high performance computers capable of playing in a Capture-the-Flag style cyber-security competition.

During all competition events, systems will compete on their own with no human involvement.

Scoring during all events is simple: systems will score points based on their ability to Evaluate software, maintain software Availability, and Secure software from the presence of harmful flaws.

During competition events, CGC systems will analyze custom compiled software (written in the C language family) built exclusively for the competition. This software collection (Challenge Binaries) will implement network services built on no currently existing code or protocol. This will challenge competitor systems to utilize general-purpose problem solving techniques.

In 2015, CGC will hold its first qualifying event. A large collection of Challenge Binaries will be distributed by DARPA and systems around the world will race to automatically Secure & Evaluate it. Teams will transmit a secured version of the software collection back to DARPA along with inputs that locate flaws. After completing a DARPA site visit, top finishers receive $750,000 (see official Rules for details) and become eligible for the CGC final event.

In 2016, CGC will hold its final event co-located with the DEF CON Conference in Las Vegas, NV where the competition will take place head to head on a network. Systems will autonomously create network defenses, deploy patches and mitigations, monitor the network, and evaluate the defenses of competitors.

The final competition event will be visualized, narrated, and streamed worldwide. CGC is open at no cost to teams around the world, and the top prize at the final competition event will be $2M.

READ MORE HERE
PLATFORM

The computer you’re using today is running core software, known as an Operating System, to provide basic services such as networking and file storage. Operating Systems grow like cities, with layers built on top of layers. To automatically analyze software running on any modern OS, a “complexity tax” must be paid to navigate the layers of old function, multiple methods, and layered interfaces.

DARPA built DECREE – the DARPA Experimental Cybersecurity Research Evaluation Environment – specifically for the Cyber Grand Challenge. DECREE is an Open Source operating system extension built exclusively for computer security research and experimentation. It includes several features to make it ideal for security experimentation, including:

Simplicity: Where any industry OS such as Linux will have hundreds of OS interface methods (“system calls”), DECREE has just seven, easing the work required to perform automatic identification of program input and output. DECREE also has its own executable format with a single entry point method to lower the barrier to entry for automation research.

Incompatibility: The software which runs in DECREE is custom-built for computer security research. DECREE programs have their own binary format, their own system call paradigm and share no code or protocols with the real world. For this reason, automation research done in DECREE is incompatible with the software that runs our world.

High determinism: Reproducibility is a key aspect of a sound scientific design. While perfect system state replay is impossible without a full system event recorder, DECREE has been designed to allow high determinism and reproducibility given a record of software and inputs. This reproducibility property has been built into DECREE from kernel modifications up through the entire platform stack.

DECREE is Open Source and will remain so in perpetuity as it is an experimentation ecosystem capable of uniting program analysis research, Capture-the-Flag competitions, and other applied research activities.

READ MORE HERE
MILESTONES
TBA
TBA
TBA
TBA
The qualification phase will include two scored events that will be similar to the Cyber Grand Challenge Qualification Event. Participation in Scored Events is optional and success in these events will not be part of CGC scoring. Each Scored Event is an opportunity for competitors to gain an understanding of the format, procedure, and scoring mechanism to be used during the CQE. These events are tentatively scheduled for December 2, 2014 and April 6, 2015.
1
?
?
1
9
?
?
9
7
?
?
7
0
?
?
0
about
overview
rules
platform
milestones