Development Community

Overview

The Reclaiming Bus-based Systems During Compromise (Red-C) program will explore algorithms to construct self-healing systems, by retrofitting firmware for individual components on a bus to function as forensic sensors that collectively monitor peers to detect, repair, and inoculate on-system during a cyber-attack. Red-C seeks to recover a system after one or more components on the bus have been compromised. Red-C is a late-stage cyber-attack recovery program, wherein even after successful compromise the system integrity can be restored and the antagonist removed in the last act.

A key objective of Red-C is to create a symbiotic community of component developers and algorithm researchers by accurately documenting the state of current algorithmic development, as well as the remaining open problems, providing the greater Computer Science community with the tools and datasets needed to solve fundamental algorithmic challenges in models, which can and should be ported back into Red-C firmware.

DATASET & Environment

The Dataset and Environment function would provide tools and resources for setting up the Red-C development and testing environment. This includes datasets, emulators for PCIe and CXL bus systems, parsers for analyzing bus traffic, and admin tools for managing the development process.

Instrumentation

Each component on a bus has some degree of compute, memory, storage, interconnectivity, etc. and can generate Forensic Observation Data (FOD) which informs component and system states, enabling on-system detection, repair, and inoculation. This area shall rewrite/modify firmware of a component to generate FOD. With respect to the existing hardware of a component, the FOD shall be transmitted on the bus and utilized locally.

Attestation

Attestation focuses on ensuring the neighbors in the neighborhood watch are observant and trustworthy. The aggregation of low-level independent signals that can be gained from instrumentation provides a global perspective, which illuminates system behavior, adding a new level of resolution to bus monitoring.

Detect

Each Red-C enabled component should be leveraged with respect to its hardware resource to contribute to detection, repair and inoculation. Detection should inform the bus-based system user and shall initiate automated responses. Red-C shall pursue automated responses as they present key algorithmic challenges, however limited user interactions could be used in targeted cases.

Repair

Automated on-system repair should recover the maximum functionality of a system, collect vital information that informs strategic patching, and most critically, shall not introduce additional vulnerabilities. Repair strategies should consider restoring system control and ensuring a minimum degradation to the system. Detection and Repair should continue to gain FOD to enable forensic investigation.

Inoculate

Inoculation will automate on-system strategic patch generation, which will change code and/or configurations to remove the attacker’s ability to exploit the initial attack vector. Red-C systems should inoculate all components affected by a cyber-attack via automated methods. Strategic patches may degrade the system in a limited pre-determined manner. In some DoD applications, allowing short term continued function at the risk of long-term system damage may be necessary and should be able to be calibrated.

This website is not a Department of Defense (DoD) or Defense Advanced Research Projects Agency (DARPA) website and is hosted by a third-party non-government entity. Although the host may or may not use this site as additional distribution channels for information, the DoD/DARPA does not exercise editorial control over all information you may encounter.