DARPA News April 10, 2023
For a cyber-attack to be successful, one must conduct a sequence of exploits to move from the initial system access, through privilege escalation and lateral motion steps, until reaching the ultimate target. With processor hardware enhancements, fine-grained software compartmentalization would not significantly impact the system’s speed and efficiency. The challenge, however, is in the billions of lines of existing software, all of which would be impossibly time-consuming to rewrite in safer programming languages. Through its new Compartmentalization and Privilege Management (CPM) program, DARPA is seeking proposals to develop tools that can automatically restructure a software system into many small “compartments” each with a specific function and operating with the least privilege necessary to achieve its goals. The goal is to transform existing systems into resilient ones that prevent most cyber-attack campaigns. Over their lifetimes legacy systems tend to become more unstructured and consequently less compartmentalized. CPM is a four-year program with two phases. Phase 1 will focus on technology development, specifically using the Linux operating system as the test and evaluation suite. Phase 2 will focus on demonstrating scalable capabilities on open-source systems representative of classes of computation important to the Department of Defense… read more. BAA and program details