DARPA Looks For Backdoors, Malware In Tech Products

[InfoSec News <alerts () infosecnews org>]

http://www.informationweek.com/security/vulnerabilities/darpa-looks-for-backdoors-malware-in-tec/240143043

By Mathew J. Schwartz
InformationWeek
December 03, 2012

Does commercial, off-the-shelf software or hardware contain built-in 
backdoors to give foreign attackers direct access to corporate or 
government networks, or pose some other type of information security 
risk? The Department of Defense wants to find out.

The Defense Advanced Research Projects Agency (DARPA) Thursday published 
details of its new Vetting Commodity IT Software and Firmware (VET) 
program, which the agency said is designed to find "innovative, 
large-scale approaches to verifying the security and functionality of 
commodity IT devices -- those commercial information technology devices 
bought by DOD -- to ensure they are free of hidden backdoors and 
malicious functionality."

DARPA's new program seeks to overcome three current, related technical 
challenges associated with that task: identifying which capabilities in 
a device could be malicious; using that list as a checklist to assess if 
any given device actually is malicious; and then using that knowledge to 
allow a non-technical expert to test every instance of every device 
before it gets rolled out in a Department of Defense network.

"DOD relies on millions of devices to bring network access and 
functionality to its users," said DARPA program manager Tim Fraser in a 
statement. "Rigorously vetting software and firmware in each and every 
one of them is beyond our present capabilities, and the perception that 
this problem is simply unapproachable is widespread. The most 
significant output of the VET program will be a set of techniques, tools 
and demonstrations that will forever change this perception."

[...]


______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org