DARPA program aims to strengthen cybersecurity via automation
NewsJuly 10, 2023
ARLINGTON, Va. The Defense Advanced Research Projects Agency (DARPA) launced a program it calls the Intelligent Generation of Tools for Security (INGOTS) initiative, which intends to identify and fix high-severity, chainable computer vulnerabilities using new techniques driven by program analysis and artificial intelligence (AI) to measure vulnerabilities within complex systems like web browsers and mobile operating systems.
The DARPA announcement explains that sophisticated cyberattacks link multiple vulnerabilities to bypass security measures and compromise critical, high-value devices, yet valuable resources are often allocated to less severe issues while critical vulnerabilities go unfixed. This situation occurs because the metrics used today fail to capture numerous nuanced factors that differentiate a harmless software flaw from a potent vulnerability.
Perri Adams, INGOTS program manager in DARPA's Information Innovation Office, said of the program: "In an attack paradigm where exploitability depends on the emergent behavior of vulnerability combination, risk depends on understanding the complex relationships between neighboring vulnerabilities. Rather than develop a fully automatic process, we want to create a computer-human pipeline that seamlessly allows human intervention in order to fix high-severity vulnerabilities before an attack."
According to the DARPA release, successful INGOTS research will improve the software and hardware resiliency of pervasive commercial devices by rapidly identifying and prioritizing their most dangerous flaws. DARPA says that the INGOTS program will last three years and have two phases: Phase 1 will focus on exploring, designing, developing, and demonstrating tools and techniques; while Phase 2 will focus on maturing and refining these tools and techniques and expanding their coverage across vulnerability and exploitation classes. For each phase, DARPA will run intermediate meetings, hackathons, and demonstrations; the successful conclusion of the program will conclude with an evaluation in collaboration with government partners.