As defensive technologies against cyberattacks mature, adversaries are forced to find new ways to attack computer systems. One of these methods is to create “inputs of coma,” which cause a system to exhaust its processing resources and leave it unavailable for legitimate users. The attackers also can observe network traffic and computational activities in order to deductively infer secret information without having direct access to it.
In order to protect and assure information flows over critical enterprise networks for military and industrial systems, the Defense Advanced Research Projects Agency (DARPA) is making pivotal research investments in breakthrough technologies for national security. CU-Boulder recently received more than $2.8 million from the agency to develop new program analysis techniques and tools for identifying vulnerabilities that are inherent in software algorithms.
Pavol Cerny, assistant professor in the Department of Electrical, Computer and Energy Engineering, leads the research team. Cerny is joined by four researchers from the Department of Computer Science: associate professor John Black, assistant professor Evan Chang, associate professor Sriram Sankaranarayanan and research scientist Ashutosh Trivedi.
The CU-Boulder team will be joined by colleagues from the University of Texas and Kestrel Technology to develop a breakthrough set of tools, called AUDITR, which statically analyzes Java bytecode and automatically uncovers security vulnerabilities in software algorithms that could be exploited. AUDITR will provide security analysts with quick and reliable capabilities to assess vulnerabilities and take the necessary actions to reduce the vulnerabilities prior to attack.
The research will take place over 48 months and in several phases. The project will include simulated attack demonstrations run by DARPA that will allow the team, including graduate students, to test its developments in a simulated cyberattack environment.