0
0
0
0
0
0
0
0
0
0
0
0
:
0
0
0
0
0
0
0
0
:
0
0
0
0
0
0
0
0
:
0
0
0
0
0
0
0
0
ABOUT

With the coming advent of the Internet of Things, data insecurity is on track to become physical insecurity. The same code that powers today’s networked computers – code that is routinely compromised by attackers – is making its way into our vehicles, our smart homes, our augmented reality, and our connected culture. This future requires fundamentally new thinking about how networked devices will be defended.

Today’s attackers have the upper hand due to the problematic economics of computer security. Attackers have the concrete and inexpensive task of finding a single flaw to break a system. Defenders on the other hand are required to anticipate and deny any possible flaw – a goal both difficult to measure and expensive to achieve. Only automation can upend these economics.

The ultimate test of wits in computer security occurs through open competition on the global Capture the Flag (CTF) tournament circuit. In CTF contests, experts reverse engineer software, probe its weaknesses, search for deeply hidden flaws, and create securely patched replacements. How hard is this work? The recently discovered Heartbleed flaw in OpenSSL went undiscovered by automation for years before experts found it. The discovery of Heartbleed required the same type of reverse engineering excellence that CTFs are designed to hone.

What if a purpose-built computer could compete against the CTF circuit’s greatest experts? Such a computer could scour the billions of lines of code we depend on, find and fix the toughest flaws, upend the economics of computer security, and level the playing field between attackers and defenders.

Over the next two years, innovators worldwide are invited to answer the call of Cyber Grand Challenge. Over a series of competition events, the very first prototype CTF-playing systems will be constructed, competed, and selected.

In 2016, DARPA will hold the world’s first all-computer Capture the Flag tournament live on stage co-located with the DEF CON Conference in Las Vegas where automated systems may take the first steps towards a defensible, connected future.

Explore this site to learn more about Cyber Grand Challenge, and help us start a revolution.

The Internet revolution began on the desktop, and as computers grew up, malware did too. Malware can attack our data and our privacy, but fortunately, it’s been stuck on the desktop for decades.

Now, however, the place of networked computers in our world is changing.
1994
THE INTERNET OF THINGS
What started out as a network of information appliances is turning into a global internetwork of smart devices.
From cars that can drive us to work on their own to devices that help us manage our homes, networked computers are now being relied upon to peform the heavy lifting of civilization.
Computers are on track to mediate our reality, change the way we interact, and become part of our human organism.
This change raises a critical question: are today's networked computers safe enough to trust with this responsibility?
 
There are benefits and advantages to the connected society we are building. But we are building this connected society on top of a computing infrastructure we haven’t learned to secure.
 
There’s evidence to show that while digital insecurity is growing, it is also making its way into devices we can’t afford to doubt.
 
Some of the hardest problems in computer security are the basis of a global competition between experts: Capture the Flag. Cyber Grand Challenge has adopted this format, challenging fully automated systems to reverse engineer unknown software, then locate and heal its weaknesses in a live network competition.

Cyber Grand Challenge seeks to someday make software safety the expert domain of machines.
RULES

If you’re interested in joining or forming a team, the authoritative rules are available directly from the DARPA Competitor Portal.

If you’re in a hurry, here are a few key points:

Cyber Grand Challenge (CGC) is a contest to build high-performance computers capable of playing in a Capture-the-Flag style cyber-security competition.

During all competition events, systems will compete on their own with no human involvement.

Scoring during all events is simple: systems will score points based on their ability to Evaluate software, maintain software Availability, and Secure software from the presence of harmful flaws.

During competition events, CGC systems will analyze custom compiled software (written in the C language family) built exclusively for the competition. This software collection (Challenge Binaries) will implement network services built on no currently existing code or protocol. This will challenge competitor systems to utilize general-purpose problem-solving techniques.

In 2015, CGC will hold its first qualifying event. A large collection of Challenge Binaries will be distributed by DARPA and systems around the world will race to automatically Secure & Evaluate it. Teams will transmit a secured version of the software collection back to DARPA along with inputs that locate flaws. After a successful DARPA site visit, top finishers receive $750,000 (see official Rules for details) and become eligible for the CGC final event.

In 2016, CGC will hold its final event co-located with the DEF CON Conference in Las Vegas, NV, where the competition will take place head to head on a network. Systems will autonomously create network defenses, deploy patches and mitigations, monitor the network, and evaluate the defenses of competitors.

The final competition event will be visualized, narrated, and streamed worldwide. CGC is open at no cost to teams around the world, and the top prize at the final competition event will be $2M.

READ MORE HERE
PLATFORM

The computer you’re using today is running core software, known as an Operating System, to provide basic services such as networking and file storage. Operating Systems grow like cities, with layers built on top of layers. To automatically analyze software running on any modern OS, a “complexity tax” must be paid to navigate the layers of old function, multiple methods, and layered interfaces.

DARPA built DECREE – the DARPA Experimental Cybersecurity Research Evaluation Environment – specifically for the Cyber Grand Challenge. DECREE is an Open Source operating system extension built exclusively for computer security research and experimentation. It includes several features to make it ideal for security experimentation, including:

Simplicity: Where any industry OS such as Linux will have hundreds of OS interface methods (“system calls”), DECREE has just seven, easing the work required to perform automatic identification of program input and output. DECREE also has its own executable format with a single entry point method to lower the barrier to entry for automation research.

Incompatibility: The software that runs in DECREE is custom-built for computer security research. DECREE programs have their own binary format, their own system call paradigm and share no code or protocols with the real world. For this reason, automation research done in DECREE is incompatible with the software that runs our world.

High determinism: Reproducibility is a key aspect of a sound scientific design. While perfect system state replay is impossible without a full system event recorder, DECREE has been designed to allow high determinism and reproducibility given a record of software and inputs. This reproducibility property has been built into DECREE from kernel modifications up through the entire platform stack.

DECREE is Open Source and will remain so in perpetuity as it is an experimentation ecosystem capable of uniting program analysis research, Capture-the-Flag competitions, and other applied research activities.

Please see the source code on GitHub Here

READ MORE HERE
MILESTONES
TBA
TBA
TBA
TBA
The qualification phase will include two scored events that will be similar to the Cyber Grand Challenge Qualification Event. Participation in Scored Events is optional and success in these events will not be part of CGC scoring. Each Scored Event is an opportunity for competitors to gain an understanding of the format, procedure, and scoring mechanism to be used during the CQE. These events are tentatively scheduled for December 2, 2014 and April 6, 2015.
TEAMS
Syracuse, NY
0day - Syracuse, NY
No team data available
Fiendfyre - Rome, New York
No team data available
TechXicians - Ithaca, New York
TechXicians is comprised of leading software analysis experts from GrammaTech, Inc. and the University of Virginia. GrammaTech has a proven track record of transitioning advanced research into commercial products and features, including CodeSonar, their flagship static analysis software, as well as advanced prototypes such as PEASOUP. UVA brings additional deep expertise in automatic program analysis, repair, and protection, and is a partner in the development of PEASOUP. Team members include Dr. David Melski (PI), Dr. Evan Driscoll, and Jeff Hayes, from GrammaTech; and Professors Jack Davidson (UVA PI) and John Knight and Doctors Anh Nguyen-Tuong, Jason Hiser, and Michele Co, from the University of Virginia. Dr. Melski is Vice President of Research at GrammaTech, where he has overseen a seven-fold increase in GrammaTech’s sponsored research. He received his Ph.D. in Computer Science from the University of Wisconsin in 2002, where his research interests included static analysis, profiling, and profile-directed optimization. Professor Davidson has over 30 years’ experience in developing compilers and system software (commercial and academic). His early work in compilers formed the basis for intermediate representation used in the GCC compilers. His current research interests focus on run-time systems and cyber security and he is principal investigator on several major projects in these areas. Together, the members of TechXicians bring a unique approach to cyber-security, with automatic and adaptive defense technologies for network services that utilize the analysis of program binaries. The resulting technology will include: • Autonomous cyber-reasoning that dynamically adapts to allocate resources in response to evolving circumstances • Automated analysis, repair, and protection of binaries • New techniques for generating and executing multi-stage exploits
Trail of Bits - New York City, NY
Founded in 2012, Trail of Bits enables clients to make better strategic defense decisions with its world-class experience in security research. Combining continuous monitoring of modern attackers' techniques, tools and incentives with proprietary research and data, we provide timely, specific and effective risk advice. We serve a small number of the world's most advanced enterprise security organizations. We believe that agile intrusion response and intelligence-driven defenses guided by in-depth understanding of real world attackers' tools, techniques, and procedures are the best strategies for the security-conscious enterprise.
y3ukhon - New York, NY
No team data available
Vienna, Austria
0x539 - Vienna, Austria
No team data available
San Francisco, CA
Akatsuki - Carmel, CA
https://plus.googleapis.com/112075234745697168565/posts
Billings - San Francisco, CA
No team data available
DeFENCE - Menlo Park, CA
No team data available
Eagle Software and Consulting - Sunnyvale, CA
No team data available
lekkertech - San Francisco, CA
Team members include: Willem Pinckaers @_dvorak_ Ralf-Philipp Weinmann @esizkur Window Snyder @window lekkertech.net comsecuris.com
Securisea - San Francisco, CA
No team data available
Tachyons - Foster City, CA
No team data available
Tinfoil - Palo Alto, CA
No team data available
Los Angeles, CA
Able Actual - Los Angeles, CA
No team data available
Shellphish - Santa Barbara, CA
Shellphish started out at UC Santa Barbara, and spread out a little. In addition to Santa Barbara, we have expanded into Boston (Massachusetts, USA), Alpes-Maritimes (France), London (UK), and all sorts of other exotic locations. We enjoy surfing, walks on the beach, and pwning noobs. More information about Shellphish can be found at http://shellphish.net.
Team DESCARTES - Los Angeles, California
DESCARTES (Distributed Expert Systems for Cyber Analysis, Reasoning, Testing, Evaluation, and Security)
True Vision Robotics - Atascadero, California
No team data available
Kansas City, KS
ARDIS3 - Kansas City, KS
ARIDS3 is a transdisciplinary applied research community that expands the boundaries of cyber and information technology security. Its aim is to discover, comprehend, and apply the common fundamental principles in complex physical, computational, and social systems that underlie many of the most profound problems of autonomous networks and systems facing society today. ARDIS will explore Crowd Sourcing techniques to compete in the Grand Challenge. "The savage lives simply through ignorance and idleness or laziness, but the philosopher lives simply through wisdom." [Journal, 1 September 1853]
Plainfield, NJ
aut vincere aut mori - Plainfield, NJ
No team data available
Binary Bandage - Columbia, MD
No team data available
Deep Red - Arlington, VA
No team data available
Delaware State University - Dover, Delaware
No team data available
Octoleaf - Ashburn, VA
www.octoleaf.com
Miami, Florida
Bach - Miami, Florida
No team data available
Cheyyar, Tamil Nadu/India
BI Beats - Cheyyar, Tamil Nadu/India
Linked In Profile https://www.linkedin.com/pub/balaji-bi/51/ba6/535 Twitter handler @Balaji_BI Facebook Profile https://www.facebook.com/csebbi
SF+ - Bangalore, India
No team data available
Massapequa, NY USA
BinaryOverride - Massapequa, NY USA
No team data available
CSecurity - Jersey City, NJ
No team data available
Las Vegas, Nevada
BlackHydrogen - Las Vegas, Nevada
No team data available
Cairo, Egypt
blanq - Cairo, Egypt
No team data available
Taipei, Taiwan
c7 - Taipei, Taiwan
No team data available
Gardner, MA
cquick197 - Gardner, MA
No team data available
Mike Smith - Glenmont, NY
No team data available
Baton Rouge, LA
Crunch's Candy Truck - Baton Rouge, LA
No team data available
Echo Mirage - Lufkin, TX
No team data available
Washington, Indiana
CYBERDIST - Washington, Indiana
No team data available
Nerdwell - Smithfield, KY
No team data available
RecalcIT - Smithfield, KY
No team data available
Moscow, Idaho
CSDS - Moscow, Idaho
No team data available
Tunis, Tunisia
Deadhead - Tunis, Tunisia
No team data available
Gandhinagar, India
DFIA - Gandhinagar, India
No team data available
Athens, GA
disekt - Athens, GA
No team data available
Milano, Italy
erionbrahimi - Milano, Italy
No team data available
Pittsburgh, PA
ForAllSecure - Pittsburgh, PA
No team data available
Grand Prairie, TX
Futurama - Grand Prairie, TX
No team data available
Minneapolis, MN
FuzzBOMB - Minneapolis, MN
No team data available
Bangkok, Thailand
Gaara - Bangkok, Thailand
No team data available
Houston, TX
Garuda - Houston, TX
No team data available
SIGILL - Houston, Texas
No team data available
The Black Team - Houston, TX
No team data available
vrdx - Houston, Texas
No team data available
Ho Chi Minh City, Vietnam
GinVlad - Ho Chi Minh City, Vietnam
No team data available
Benguazi, Libya
jnemard - Benguazi, Libya
No team data available
Berkley, MI
JT Computer - Berkley, MI
No team data available
Khon Kaen, Thailand
KittyDev Team - Khon Kaen, Thailand
No team data available
Rapid City, South Dakota
lcmafia - Rapid City, South Dakota
No team data available
Stargard, Poland
Mikolaj Roszak - Stargard, Poland
Team name : Mikolaj Roszak Facebook: https://www.facebook.com/roszak.mikolaj Twitter: https://twitter.com/mikolajroszak
Canterbury, UK
MioBand - Canterbury, UK
No team data available
TURKEY
noble Turkish - TURKEY
No team data available
Haifa, Isarel
ooxa - Haifa, Isarel
No team data available
Gilbert
Protector - Gilbert
No team data available
KAUNAS, Lithuania
RIT - KAUNAS, Lithuania
www.rit.lt
Pasadena, CA
Smartificial Intelligence - Pasadena, CA
No team data available
Hales Corners, Wisconsin
The Lone Processor - Hales Corners, Wisconsin
No team data available
Mumbai, India
venomoushackers - Mumbai, India
No team data available
Denver, CO
WMTS - Denver, CO
No team data available
1
?
?
1
9
?
?
9
7
?
?
7
0
?
?
0
Home
about
overview
rules
platform
milestones
teams
Press
Contact
Register
DARPA