Post by daleko on Aug 4, 2016 16:12:14 GMT -5
These grad students want to make history by crushing the world’s hackers
On Thursday, Giovanni Vigna and his team of graduate students from the University of California, Santa Barbara will power up a supercomputer in the ballroom at the Paris Las Vegas hotel, sit back and make history. At least he hopes.
Vigna, a faculty member at UCSB where he runs the school’s Center for CyberSecurity, and his team, Shellphish, are taking part in a hacking competition called the Cyber Grand Challenge (CGC) and sponsored by the mad scientists at the government’s Defense Advanced Research Projects Agency’s (DARPA). You know, the folks who helped create the internet, pushed the development of self-driving cars and hosted a competition where a bunch of robots fell down … a lot? That’s DARPA.
The CGC won’t give us self-driving Ferraris or accident-prone robots, but it could see the dawn of intelligent computer programs that can protect our personal devices and even government facilities against cyber attacks. We’re talking about programs that can hunt for, fix and patch the kinds of software vulnerabilities hackers use to create viruses in mere seconds.
Read more: The world’s best hackers are taking over Vegas at DEF CON 24
To put that in perspective, it currently takes human cyber security experts up to a year to find previously unknown software vulnerabilities, create patches for them and send out those patches to users. In the meantime, hackers can use those software vulnerabilities to break into everything from email accounts to power plants.
These vulnerabilities are the inevitable result of humans creating the programs we use every day. See, every piece of software you use has been programmed by human hands. And every once in awhile, a mistake slips by. A hacker’s mission is to find those flaws hiding in the millions of lines of code that make up a single program and exploit them to sneak into a user’s computer.
Vigna and Shellphish, though, are hoping their software can spot these flaws before the hackers and fix them before they can be exploited.
“If you write a program that does this, you have a program that is able to analyze another program and identify, exploit and patch vulnerabilities. It is going to push the limits of what can be done autonomously,” Vigna explained.
shellphishView photos
The Shellphish team logo
More
The CGC is made up of seven teams including Shellphish that will each try to prove that their software and way of thinking is the best bet to improve our cyber security. The CGC is using a familiar hacking game to test the teams’ programs called capture the flag (CTF). But whereas you probably played CTF on the playground, this version is played entirely inside of the teams’ computers.
In a normal game of hacker-style CTF, participating teams are given identical computers with similar software flaws. Each team is then tasked with finding those flaws on their own systems, patching them and then exploiting them on their opponents’ systems. At the CGC, however, all of this will happen inside of supercomputers so powerful they need to be cooled by industrial air conditioners.
“What DARPA tried to do is say: ‘Okay, let’s take the human out of the loop. If we don’t have the super good uber hacker and only have automated tools that have to work without any human intervention, who’s going to be best?” Vigna explained.
Vigna helped found the Shellphish team at UCSB in 2005 with a group of students. Since then, many of his students have gone on to be professors and internet security professionals.
But as older students graduate and move on from the team, Vigna said, more fresh faces come on board. The team working on the software for CGC is comprised of 13 people each of whom has one or more tasks to focus on to ensure the program works the way they think it should.
