U.S. military researchers will brief industry later this month on a new project to safeguard military trusted computing systems and networks from cyber attacks that exploit unauthenticated or potentially compromised electronic documents send in a variety of electronic data formats.
Officials of the U.S. Defense Advanced Research Projects Agency (DARPA) in Arlington, Va., will brief industry from 2 to 5 p.m. on 24 Aug. 2018 on the upcoming Safe Documents (SafeDocs) program.SafeDocs seeks radical improvements in software's ability to reject invalid and maliciously crafted input data safely, while preserving the look and feel of relatively old electronic data formats. Industry briefings will be at the DARPA Conference Center, 675 N. Randolph St., in Arlington, Va.DARPA researchers want the SafeDocs contractors to build knowledge of electronic document, message, and streaming formats, as well as nature of their security vulnerabilities.Electronic documents are ubiquitous and essential to all aspects of modern life, DARPA researchers point out. Individuals and organizations must engage routinely with electronic documents from a variety of unauthenticated or potentially compromised electronic documents and data formats. Even if today's cyber security measures can authenticate the sender, the data itself may come from an untrusted source.Internet users expect to receive pictures, charts, spreadsheets, maps, audio, and video with a click of a button. Still, the complexity of managing such electronic data makes the recipient software vulnerable to cyber attack. This situation is unsustainable, DARPA experts claim.[Native Advertisement]To alleviate these kinds of problems, DARPA wants SafeDocs contractors to help restore trust in electronic documents and messages by mitigating one of the root causes of the Internet insecurity epidemic -- the exploitation of software's input-handling weaknesses by complex, maliciously crafted data inputs.Today’s risks of allowing software to interact with untrusted electronic documents and messages approach those of downloading and running untrusted programs, experts say.The SafeDocs program will look for ways of assuring that electronic documents are safe to open. The goal is creating computer systems and networks that are more secure and faster to run and test.The program’s multi-pronged approach will combine extracting de facto syntax of electronic document formats, and identifying a simple syntax subset to verify programming while preserving the document's look and feel. It also will create software construction kits for building secure and verified parsers, as well as translators for converting formats to this subset.DARPA researchers want to make these parser construction kits available to industry programmers who understand the syntax of electronic data formats but lack the theoretical background in verified programming. These tools will help guide the syntactic design of new formats by making verification-friendly format syntax easy to express.