CGC monitor: A vetting system for the DARPA cyber grand challenge
Thompson, Michael F.
MetadataShow full item record
The DARPA Cyber Grand Challenge (CGC) pit autonomous machines against one another in a battle to discover, mitigate, and take advantage of software vulnerabilities. The competitors repeatedly formulated and submitted binary software for execution against opponents, and to mitigate attacks mounted by opponents. The US Government sought confidence that competitors legitimately won their rewards (a prize pool of up to $6.75 million USD), and competitors deserved evidence that all parties operated in accordance with the rules, which prohibited attempts to subvert the competition infrastructure. To support those goals, we developed an analysis system to vet competitor software submissions destined for execution on the competition infrastructure, the classic situation of running untrusted software. In this work, we describe the design and implementation of this vetting system, as well as results gathered in deployment of the system as part of the CGC competition. The analysis system is imple- mented upon a high-fidelity full-system simulator requiring no modifications to the monitored operating system. We used this system to vet software submitted during the CGC Qualifying Event, and the CGC Final Event. The overwhelming majority of the vetting occurred in an automated fashion, with the system automatically monitoring the full x86-based system to detection corruption of operating system execution paths and data structures. However, the vetting system also facilitates investigation of any execution deemed suspicious by the automated process (or indeed any analysis required to answer queries related to the competition). An analyst may replay any software interaction using an IDA Pro plug-in, which utilizes the IDA debugger client to execute the session in reverse. In post-mortem analysis, we found no evidence of attempted infrastructure subversion and further conclude that of the 20 vulnerable software services exploited in the CGC Final Event, half were exploited in ways unintended by the service authors. Six services were exploited due to vulnerabilities accidentally included by the authors, while an additional four were exploited via the author-intended vulnerability, but via an unanticipated path.
The article of record as published may be found at https://doi.org/10.1016/j.diin.2018.04.016In PressThe CGC Monitor is available at https://github.com/mfthomps/ cgc-monitor. Analysis results from CFE, generated by the monitor, are at https://github.com/mfthomps/CGC-Analysis.
Showing items related by title, author, creator and subject.
Fuller, Ashley E. (2008-06);The Non-Intrusive Load Monitor (NILM) is a system that monitors, records and processes voltage and current measurements to establish the operating characteristics of individual loads on a load center from a single aggregate ...
Drusinsky, Doron; Shing, Man-Tak (2003);Run-time monitoring of temporal properties and assertions is used for testing and as a component of execution-based model checking techniques. Traditional run-time monitoring however, is limited to observing sequences ...
Rasmussen, Craig W.; Irvine, Cynthia E.; Dinolt, George W.; Levin, Timothy E. (DARPA DISCEX Conference, April 2003, 2003-04-00);Large complex systems need to be analyzed prior to operation so that those depending upon them for the protection of their information have a well defined understanding of the measures that have been taken to achieve ...