Today, the speedy delivery of electronic documents, messages, and other data is relied on for personal, commercial and government communications and GPS connections. The ability to conduct these trusted transactions assures our robust economy and national security.
As the near instantaneous exchange of information has increased in volume, so has the variety of electronic data formats–from images and videos to text and maps. Verifying the trustworthiness and origin of this plethora of electronic information is very difficult because individuals and organizations unknowingly often engage with data shared by unauthenticated and potentially compromised sources. Further, the software used to process electronic data is error-prone and vulnerable to exploitation through maliciously crafted data inputs, opening the technology and its underlying systems to compromise, according to DARPA. An attacker’s ability to innovatively deliver unique malware via cyberattacks in electronic documents, messages, and streaming data formats appears unlimited, creating an unsustainable situation for software security.
To reduce the large attack surface created across consumer, enterprise, and critical infrastructure systems and to help tackle the threat posed by unauthenticated and potentially compromised electronic data, DARPA announced a new program called Safe Documents (SafeDocs). The goal of the SafeDocs program is to dramatically improve software’s ability to detect and reject invalid or maliciously crafted input data, without impacting the key functionality of new and existing electronic data formats.
SafeDocs aims to create technological assurance that an electronic document or message is automatically checked and safe to open, while also generating safer document formats that are subsets of current, untrustworthy versions. To accomplish its goals, the program will focus on two primary technical research thrusts, DARPA said.
The first goal is to develop methodologies and tools for capturing and defining human-intelligible, machine-readable descriptors of electronic data formats. To do this, researchers will explore means of extracting the de facto syntax of existing data formats and identifying each format’s simpler subset that can be parsed safely and unambiguously, and used in verified programming without impacting the format’s essential functionality, DARPA explained.
Secondly, researchers will create software construction kits for building secure, verified parsers, using the simplified format subsets where the existing format’s inherent complexity or ambiguity has been reduced for safety. Parsers, which are used to break data inputs down into manageable objects for further processing, can contain exploitable flaws and behaviors. Research under this goal will strive to create the methodologies and tools needed to build high-assurance and verifiable parsers for new and existing data formats to help reduce the technology’s chances of compromise.
Interested proposers have an opportunity to learn more about the SafeDocs program during a Proposers Day, scheduled for Friday, August 24, 2018 from 2:00pm-5:00pm ET at the DARPA Conference Center, located at 675 N. Randolph St., Arlington, Virginia, 22203.
For additional information, see - here. A full description of the program will be made available in a forthcoming Broad Agency Announcement.