Advertisement
Subscribe to our daily newsletter.
Subscribe

DARPA makes hardware bug bounty platform open source

The agency hopes that the system will help white-hat hackers to spot flaws in chip designs.

By

DARPA's new Toolbox Initiative offers non-production licenses for the latest and greatest tech to performers, like chips and processors.

Defense Advanced Research Projects Agency (DARPA) has made its hardware vulnerability disclosure platform for white-hat hackers open source.

The platform, known as Finding Exploits to Thwart Tampering (FETT), was first launched last year, and the agency hopes that moving to an open-source structure will help ethical hackers to spot flaws with chip design and aid the creation of new processor prototypes.

The system virtualizes hardware and firmware, giving hackers a full range of access to chip designs before they are produced and installed into agency systems.

“We see value in making this research available to the broader [research and development] community for testing and evaluating processor designs to ensure they are robust and secure,” said Keith Rebello, the DARPA program manager leading FETT’s parent program, System Security Integration Through Hardware and firmware (SSITH). “Our aim is for researchers and developers to leverage the SSITH security evaluation framework to help create a common security benchmark that can be used to compare secure processor designs.”

Advertisement

DARPA teamed up with penetration testing company Synack to supply and vet hackers and software company Galois to build the platform. DARPA called the platform a “first-of-its-kind infrastructure” to virtually crowdsource the analysis of future processor technologies and find security gaps before chips are finalized as a means to break the so-called “patch-and-pray” cycle.

The types of exploits the program hopes ethical hackers will find before adversaries do are common classes of hardware vulnerabilities exploited through software that target electronic systems in a chip.

“It’s not about patching the vulnerabilities, it’s about preventing the exploit,” Synack CTO Mark Kuhr told CyberScoop when the program launched.

DARPA has also moved to an open-source structure for the baseline RISC-V processor designs used by the SSITH program. The designs provide a jumping-off point for developers and allow prototypes to be tested in a virtual environment before being produced.

Advertisement
Advertisement

More Like This

Advertisement

Top Stories

Advertisement

More Scoops

Staff Sgt. Alek Albrecht participates in a Network War Bridge Course at the 39th Information Operations Squadron Sept. 19, 2014, Hurlburt Field, Fla. Albrecht is practicing to hack into a simulated network to better understand what techniques real hackers may use when attempting to infiltrate Air Force networks. Air Force Space Command provides trained and ready cyber forces to the warfighter through 24th Air Force. Albrecht is a Air Force Network Operations and Security Center enterprise network technician. (U.S. Air Force photo/Airman 1st Class Krystal Ardrey)

Air Force hackathon puts real data on open source code

The hackathon was the first of its kind. The broader goal is to "attack the ATO," the chief digital transformation officer said.
By Jackson Barnett

Latest Podcasts

DARPA makes hardware bug bounty platform open source

Darryl Peek on Elastic’s role in enhancing public sector search and data analytics with AI and Google collaboration

Danny Werfel on How Automation has Enhanced his Agency’s Operations.

ManTech leaders discuss innovation and security with Google technologies

Tech

Defense

Cyber

Acquisition