The answer, according to DARPA and some researchers, is to combine forces with smart systems.
“I want to make sure that everyone can check the security of the software they’re using,” said David Brumley, CEO of ForAllSecure, in a video interview “I want to make sure that the person who buys a smart refrigerator knows it’s not going to be a new avenue for someone to steal their credit card numbers. That they can install a new app on their phone and they don’t have to worry about it stealing their contacts.”
ForAllSecure’s system uses a two-pronged approach, combining two autonomous systems.
One system generates deep paths in the software searching for flaws. A second system is a fast directed fuzzer, a technique for testing software that can generate proof that a flaw exists and then begin the patching process.
Combining the two autonomous systems is more powerful than either technique is alone, according to ForAllSecure.
“It’s a much faster way of searching through programs than by hand,” said Tyler Nighswander, a software engineer with ForAllSecure. “There is a lot of creativity and almost art in crafting exploits and doing that sort of thing, so the real solution is a two-pronged approach where you have computers and humans working together.”
Brumley, however, doesn’t foresee computers, even autonomous systems, replacing people in all areas of cybersecurity.
“I look at computers freeing us from mundane tasks,” he said. “You always want that human spark of creativity, and that’s something the computer will never have. I look at [the Cyber Grand Challenge] as upping the bar so we can focus more on those abstract concepts, as people, and let the computer worry about the details.”
Sign up for Computerworld eNewsletters.