2016 Cyber Grand Challenge

Cyber Grand Challenge (CGC)
Time 9:00 am to 8:00 pm[1]
Duration Eleven hours[1]
Date August 4, 2016[1]
Venue Paris Hotel & Conference Center[2]
Location Las Vegas, Nevada[2]

The 2016 Cyber Grand Challenge (CGC) was a challenge created by The Defense Advanced Research Projects Agency (DARPA) in order to develop automatic defense[3] systems that can discover, prove, and correct software flaws in real-time.[2] The final event was held on August 4, 2016 at the Paris Hotel & Conference Center in Las Vegas, Nevada.[2] The event placed machine versus machine in what is called the first "world's first automated network defense tournament."[4]

The Cyber Grand Challenge corresponded with the 24th DEF CON hacker convention and resembled in structure the computer security game called "capture the flag" that is typically played by groups of humans racing to find a file or secret protected on the other's network.[4] It features, however, a more standardized vulnerability-proving system, in which all exploits and patched binaries are submitted and evaluated by the referee infrastructure.[5] Challenge Binaries run on the 32-bit Intel x86 architecture, albeit with a simplified ABI.[6]

Background

Races develop between criminals attempting to abuse vulnerabilities and analysts who assess, remediate, check, and deploy a patch before significant damage can be done.[3] Experts adhere to a process that involves complicated reasoning followed by manual creation of each security signature and software patch, a technical process that requires months and dollars.[3] This has resulted in various software insecurities favoring attackers.[2][3] Devices such as smart televisions, wearable technologies, and high-end home appliances that are connected to the internet aren't always produced with security in mind and moreover utility systems, power grids, and traffic lights could be more susceptible to attacks, says the DARPA.[4]

To help overcome these challenges, DARPA launched in 2014 [7] the Cyber Grand Challenge: a two-year competition seeking to create automatic defensive systems capable of reasoning about flaws, formulating patches and deploying them on a network in real time. The competition was split into two main events: an open qualification event to be held in 2015 and a final event in 2016 where only the top seven teams from the qualifiers could participate. The winner of the final event would be awarded $2 million and the opportunity to play against humans in the 24th DEF CON capture the flag competition.[8]

CGC Qualification Event (CQE)

The CGC Qualification Event (CQE) was held on June 3, 2015 and lasted for 24 hours.[9] CQE had two tracks: a funded-track for seven teams selected by DARPA based on their proposals (with an award up to $750,000 per team) and an open-track where any self-funded team could participate. Over 100 teams registered internationally and 28 reached the Qualification Event.[10] During the event, teams were given 131 different programs and were challenged with finding vulnerabilities as well as fixing them automatically while maintaining performance and functionality. Collectively, all teams managed to identify vulnerabilities in 99 out of the 131 provided programs.[11] After collecting all submissions from competitors, DARPA ranked all teams based on their patching and vulnerability-finding ability.

The top seven teams and finalists in alphabetical order were:[12]

Upon qualification, each one of the above seven teams received $750,000 in funding to prepare for the final event.

CGC Final Event (CFE)

The CGC Final Event (CFE) was held on August 4, 2016 and lasted for 11 hours.[3] During the final event, finalists saw their their machines face against each other in a fully automatic capture-the-flag competition.[4] Each of the seven qualifying teams competed for the top three positions that would share almost $4 million in prize money.[4]

Final Results

The winning systems of the Cyber Grand Challenge (CGC) Final Event were:

  1. "Mayhem"[13] - developed by David Brumley, ForAllSecure, Carnegie-Mellon-University of Pittsburgh, Pa. - $2 million
  2. "Xandra" - developed by TECHx, GrammaTech Inc., Ithaca, N.Y., and Charlottesville, Va. - $1 million
  3. "Mechanical Phish" - developed by Shellphish, UC Santa Barbara, Ca. - $750,000

The other competing systems were

References

External links

This article is issued from Wikipedia - version of the 11/29/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.