Friday, July 15, 2016

Tabula Rosa Systems Blog For 7/15/2016 - A MUST Read Regarding DARPA And The Next Great Advance In Network Security



ON A GIANT flat-screen TV in an old Emeryville, California warehouse, a floating orb fires red, blue, pink, and yellow beams into a honeycomb of hexagonal blocks. The blocks are black, white, and gray, but as the beams hit them, they change—flashing, fading, absorbing color. And when they do, scores tally just above.
On the same screen, from adjacent windows, three commentators provide additional color, as if this was a videogame championship. “You can see who’s being owned, and who’s doing the owning,” says one, a theoretical physicist named Hakeem Oluseyi.
But this isn’t a videogame. The other two commentators are veteran white-hat hackers, experts at reverse-engineering software in search of security holes. The slick-bald guy (with the ponytail in back) is Visi, and the thin one with the hipster beard is HJ, short for Hawaii John. No other names given. They’re hackers.
All this is dress rehearsal for a $55 million hacking contest put on by Darpa, the visionary research wing of the US Defense Department. The contest is called the Cyber Grand Challenge, and it’s set for early August. Seven teams will compete inside seven supercomputers erected in a ballroom at the Paris hotel in Las Vegas, each unleashing artificially intelligent software that will defend one machine—and virtually attack the rest.
No one has ever really deployed a bot like that—software that can, completely on its own, find and repair security holes in real time. If these bots reach maturity, it would be a fundamental shift in computer security. But none of that is visual. So, to prove it can work, Darpa is going all Tron, visually recreating what goes on inside those seven machines. It’s not enough to have bots play Capture the Flag. You need to see it. “What’s happening inside the central processing unit? What’s happening inside the memory?” says Mike Walker, the veteran white-hat hacker turned Darpa program manager who oversees the Grand Challenge. “That’s what we’re trying to do here.”
Inside the Grid
On the TV, Oluseyi, Visi, and HJ are describing that Tron-like visualization, a software universe Darpa built in tandem with voidAlpha, a videogame company. VoidAlpha works out of this reclaimed warehouse, and Walker is here too. He and his Darpa team arrived in Emeryville last week so they could hone the visualization and try it out.
This isn’t the first time the security community has tried to build useful visualizations of what goes on inside a computer network. In fact, there’s a whole sub-community devoted to network visuals. But for Visi and HJ, Darpa has captured the art of reverse engineering in an unprecedented way. “This has never been available, even to reverse engineers using the most cutting edge tools,” Visi says.
For decades, human hackers, including Visi and HJ, have played Capture the Flag, the oldest, biggest, and most famous hacking contest. But the Cyber Grand Challenge is for bots, and Darpa wants to bring these bots into the wider world. Having this kind of visualization helps people understand how that might work—and it can help them build better bots. “A Grand Challenge is about starting technology revolutions,” Walker says. “That’s partially through the development of new technology, but it’s also about bringing a community to bear on the problem.”
Plus, it looks cool. For people who watched Jeff Bridges ride a light cycle around a computer-generated vision of a circuit board (twice!), or watched Angelina Jolie, in Hackersmess around inside a supercomputer called Gibson (we see what you did there, and no doubt @GreatDismal did, too), the idea of getting to see what’s actually happening in the soul of a machine is more than tantalizing.
The Physical and the Virtual
The competition’s wardrobe-sized supercomputers are already at the Paris, sitting quietly in storage. They arrived at the end of June. And in the coming weeks, a team led by Darpa contractor Sean O’Brien will forklift them into an 83,000 square-foot ballroom and onto a clear plexiglass stage.
That transparency is literal and metaphoric. The visible air gap between the machine and everything else in the room ensures that data will only travel to the outside world on CDs carried by a robotic arm. “No networking cable will cross the air gap,” O’Brien says.
That way, everyone—even the most skeptical and paranoid hacker among the crowd at Def Con—will know the competition is on the up-and-up. Even the contestants, the seven teams that spent the last two years designing the bots, will sit outside the air gap.
As these contestants watch, the bots will go to work inside the machines, analyzing and defending software they’ve never seen before. They’ll look for security vulnerabilities in their own machine. They’ll scramble to patch those vulns and keep their systems running. And at the same time, they’ll strive to show Darpa’s referees they can exploit holes in the other machines. That’s how Capture the Flag works—except for the bots.
Click to Open Overlay GalleryDarpa tests the supercomputers—enormous racks of servers—that serve as the playing field fothe Cyber Grand Challenge. DARPA
Closing the Window
Traditionally, finding and patching security holes is a human talent. But machines are playing an ever expanding role. Google, for instance, is building sweeping systems that can identify vulns via fuzz testing, a technique that involves throwing random inputs at a piece of software. Google’s system can simultaneously fuzz dozens of Android phones, and it’s using deep neural networks—networks of hardware and software that can learn by analyzing vast amounts of data—to gradually learn what sort of fuzzing is likely to work and what’s not.
At least, that’s the idea. These kinds of systems are a long way from handling the whole process on their own. They don’t identify and patch holes in software while people are using it. And they’re certainly not in the toolkit of the average online company. “This a long ways off,” says Orion Hindawi, CEO of Tanium, a security company just down the road from today’s dress rehearsal. “It’s an extremely expensive way to solve the problem.”
But with the Cyber Grand Challenge, DARPA is aiming for all that. It seeks bots that can identify and patch vulns in the moment—without any human intervention. “We’re trying to close the window to a minute,” Walker says. “Or seconds.” In the same way self-driving cars have improved enormously since they picked their way through a Grand Challenge obstacle course in the Mojave desert, Walker hopes the bots will get better, eventually outperforming humans. The battle in Las Vegas might be the first time people are just an audience for AIs fighting for hacker supremacy, but it won’t be the last.
Nerd Detector
To a certain subset of the population, the idea of real-life Tron is enough of a sell. “You could use this as a nerd detector,” Oluseyi says during practice commentary. But Tron was a fantasy. Come on, a security program that looks like the commander of Babylon 5? What are the odds?
With the Cyber Grand Challenge, the visual metaphor is more literal. One view is akin to an arena. That’s still very Tron-like, but instead of light cycles and flying discs, you get those honeycombs of hexagons. The hexagons represent real software services running inside the supercomputers. And the colored beams hitting the hexagons show data flowing into those services, including data from the bots. The audience can see when a bot finds a hole, when it patches the hole, when a bot accidentally breaks the service, when the service is inaccessible because a patch is taking too long, and so on.
What’s more, Darpa’s visualization can drill down and really look at those streams of data—about 84,000 attempts at reverse engineering over an eight-hour contest. This is called the “trace view.” It can actually demonstrate what each bot is doing—what code is executing when. “It literally shows the execution flow of data being given to a program,” Visi says, “and what the program is doing with that data.” Matt Wynn, one of the voidAlpha designers that built the visualization, believes the company could turn this into a bone fide debugger, something engineers could use hone and debug code in the real world.
From afar, the trace view looks almost like a wire fence rolled up into cylinder. But up close, you can see the route of the moving data. A code loop—when a service executes the same routine over and over again—looks like a loop, a developing spiral. For Visi, this is what sets Darpa’s project apart. It can show you what’s happening inside the machine over time. It’s not a snapshot. It’s a narrative.
Human and Machine
If you’re not a hacker, this is still hard to grasp—at least initially. But that’s why Darpa hired commentators. It’s all about taking what’s inside the head of someone like Visi—a seasoned reverse engineer—and showing it to everyone. “There’s a distinct need to get that fusion of knowledge and understanding out to a larger audience,” he says. When reverse engineering, he mentally visualizes the hack, and Darpa wants to visualize it for real. It wants to give everyone else that same image.
The image on screen is beautiful. It’s intriguing. And, ultimately, it’s enlightening. But it still looks small. And it shouldn’t. It should show the enormity of the task—the massive amounts of code and traffic those bots will deal with. That’s why Darpa brought in Oluseyi, the physicist. On the Internet, he’s known for a TED talk on infinity. “Program analysis,” Walker says, “is a duel with the infinite.” And Oluseyi is here to make sure we all see it.
   Good Netiquette And A Green Internet To All! 

Special Bulletin - My just released book

"You're Hired. Super Charge our Email Skills in 60 Minutes! (And Get That Job...) 

is now on sales at 

Great Reasons for Purchasing Netiquette IQ
·         Get more email opens.  Improve 100% or more.
·         Receive more responses, interviews, appointments, prospects and sales.
·         Be better understood.
·         Eliminate indecisin.
·         Avoid being spammed 100% or more.
·         Have recipient finish reading your email content. 
·         Save time by reducing questions.
·         Increase your level of clarity.
·         Improve you time management with your email.
·        Have quick access to a wealth of relevant email information.
Enjoy most of what you need for email in a single book.


**Important note** - contact our company for very powerful solutions for IP
 management (IPv4 and IPv6, security, firewall and APT solutions:

Another Special Announcement - Tune in to my radio interview,  on Rider University's station, I discuss my recent book, above on "Your Career Is Calling", hosted by Wanda Ellett.   

In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” has just been published and will be followed by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:

In addition to this blog, I maintain a radio show on BlogtalkRadio  and an online newsletter via have established Netiquette discussion groups with Linkedin and  Yahoo I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and I have been contributing to the blogs Everything Email and emailmonday . My work has appeared in numerous publications and I have presented to groups such as The Breakfast Club of NJ and  PSG of Mercer County, NJ.

I am the president of Tabula Rosa Systems, a “best of breed” reseller of products for communications, email, network management software, security products and professional services.  Also, I am the president of Netiquette IQ. We are currently developing an email IQ rating system, Netiquette IQ, which promotes the fundamentals outlined in my book.

Over the past twenty-five years, I have enjoyed a dynamic and successful career and have attained an extensive background in IT and electronic communications by selling and marketing within the information technology marketplace.Anyone who would like to review the book and have it posted on my blog or website, please contact me

No comments:

Post a Comment