DARPA Bug Bounty strengthens military research agency’s security defenses

DARPA Blogs | IEMLabs

The Defense Advanced Research Projects Agency (DARPA) has finalized the results of a recent bug bounty event that tested the effectiveness of new hardware- and firmware-based security technologies. Initially, the bug bounty was set up to evaluate the hardware architectures developed under DARPA’s System Security Integration Through Hardware and Firmware (SSITH) program.

The SSITH program aims to develop security architectures and tools in order to avoid exploitation of common types of hardware vulnerability that can be exploited through software exploits. Researchers from Synack, a crowd-sourced security platform, performed the penetration tests on SSITH technologies. The Finding Exploits to Thwart Tampering or FETT bounty discovered 10 vulnerabilities across 980 processors developed under DARPA’s SSITH program. These ten vulnerabilities included seven critical and three high – with most of the critical vulnerabilities down to interactions between the SSITH hardware, SSITH firmware and the operating system software.

Researchers are still working on the final phase of the SSITH program with the objective of developing tested technologies with bolstered security that will ensure protection against all of the weaknesses from the seven classes of the CWE hardware vulnerability classes that SSITH is focused on.

 

By Hrithik Lall

IEMLabs is an ISO 27001:2013 and ISO 9001:2015 certified company, we are also a proud member of EC Council, NASSCOM, Data Security Council of India (DSCI), Indian Chamber of Commerce (ICC), U.S. Chamber of Commerce, and Confederation of Indian Industry (CII). The company was established in 2016 with a vision in mind to provide Cyber Security to the digital world and make them Hack Proof. The question is why are we suddenly talking about Cyber Security and all this stuff? With the development of technology, more and more companies are shifting their business to Digital World which is resulting in the increase in Cyber Crimes.

Leave a comment

Your email address will not be published.