DARPA, the R&D branch of the US Department of Defense, is holding the first qualification event today in its Cyber Grand Challenge. The goal of the Cyber Grand Challenge is find ways to automate computers to reverse engineer and understand security flaws in software, with this Challenge being held ‘capture the flag’-style. The final event is scheduled for July 17th with a $2 million prize for the finalist and $750,000 for those advancing beyond the qualifying events.
Some of the hardest problems in computer security are the basis of a global competition between experts: Capture the Flag. Cyber Grand Challenge has adopted this format, challenging fully automated systems to reverse engineer unknown software, then locate and heal its weaknesses in a live network competition.
Cyber Grand Challenge seeks to someday make software safety the expert domain of machines.
The main Cyber Grand Challenge website is at cybergrandchallenge.com with a portal for competitors at cgc.darpa.mil/default.aspx. The full rules are available from cgc.darpa.mil (PDF).
Cyber Grand Challenge (CGC) is a contest to build high-performance computers capable of playing in a Capture-the-Flag style cyber-security competition.
During all competition events, systems will compete on their own with no human involvement.
Scoring during all events is simple: systems will score points based on their ability to Evaluate software, maintain software Availability, and Secure software from the presence of harmful flaws.
During competition events, CGC systems will analyze custom compiled software (written in the C language family) built exclusively for the competition. This software collection (Challenge Binaries) will implement network services built on no currently existing code or protocol. This will challenge competitor systems to utilize general-purpose problem-solving techniques.
In 2015, CGC will hold its first qualifying event. A large collection of Challenge Binaries will be distributed by DARPA and systems around the world will race to automatically Secure & Evaluate it. Teams will transmit a secured version of the software collection back to DARPA along with inputs that locate flaws. After a successful DARPA site visit, top finishers receive $750,000 (see official Rules for details) and become eligible for the CGC final event.
In 2016, CGC will hold its final event co-located with the DEF CON Conference in Las Vegas, NV, where the competition will take place head to head on a network. Systems will autonomously create network defenses, deploy patches and mitigations, monitor the network, and evaluate the defenses of competitors.
The final competition event will be visualized, narrated, and streamed worldwide. CGC is open at no cost to teams around the world, and the top prize at the final competition event will be $2M.