Broad Agency Announcement – Cyber Grand Challenge (CGC): Automated Cyber Reasoning. DARPA-BAA-14-05, Amendment 2, November 27, 2013.
“The Department of Defense (DoD) maintains information systems using a software technology base comprised of Commercial Off The Shelf (COTS) operating systems and applications. This COTS technology base is common to the DoD, industry, and the Defense Industrial Base, and the continual discovery of potential vulnerabilities in this software base has led to a constant cycle of intrusion, compromise discovery, patch formulation, patch deployment and recovery. This defensive cycle is currently performed by highly trained software analysts; it is the role of these analysts to reason about the function of software, identify novel threats and remove them. Manual analysis of code and threats is an artisan process, often requiring skilled analysts to spend weeks or months analyzing a problem. The size of the technology base also contributes to the difficulty of manually discovering vulnerabilities. At the present time, automated program analysis capabilities are able to assist the work of human software analysts. These automation technologies include Dynamic Analysis, Static Analysis, Symbolic Execution, Constraint Solving, Data Flow Tracking, Fuzz Testing, and a multitude of related technologies. In the Cyber Grand Challenge, a competitor will improve and combine these semi-automated technologies into an unmanned Cyber Reasoning System (CRS) that can autonomously reason about novel program flaws, prove the existence of flaws in networked applications, and formulate effective defenses. The performance of these automated systems will be evaluated through head-to-head tournament style competition.The CGC program will draw widespread attention to the technology issues associated with autonomous software comprehension and motivate entrants to overcome technical challenges to realize truly effective autonomous cyber defense. This program will challenge the most capable and innovative companies, institutions, and entrepreneurs to produce breakthroughs in capability and performance.”