DARPA's first bug bounty: Find vulnerabilities in hardware-based security

[InfoSec News <alerts () infosecnews org>]

https://gcn.com/articles/2020/06/15/darpa-ssith-bug-bounty.aspx

By Susan Miller
GCN.com
June 15, 2020

The Defense Advanced Research Projects Agency is inviting security researchers
to find vulnerabilities in its System Security Integration Through Hardware and
Firmware systems.

Launched in 2017, SSITH aims to secure electronic systems with hardware security
architectures and tools that protect against common classes of hardware
vulnerabilities regularly exploited through software. DARPA’s first bug bounty
program, called the Finding Exploits to Thwart Tampering (FETT) program, will be
held in partnership with the Department of Defense’s Defense Digital Service and
Synack, a crowdsourcing security company.

Participants will try to penetrate the SSITH hardware security schemes developed
by researchers at SRI International, the University of Cambridge, the
Massachusetts Institute of Technology, the University of Michigan and Lockheed
Martin. Their approaches generally involve providing the hardware with more
information about what the attacking software is trying to do so it can become
an active participant in its own defense, DARPA officials said. The SSITH
development teams are working with Galois, a computer science research and
development company, to move the hardware instances systems to the cloud for the
evaluations.

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_