recommended reading

Pentagon-funded games would crowdsource weapons testing

The Pentagon plans to fork over $32 million to develop "fun to play" computer games that can refine the way weapons systems are tested to ensure they are free from software errors and security bugs, according to a Defense Department solicitation.

The goal is to create puzzles that are "intuitively understandable by ordinary people" and could be solved on laptops, smartphones, tablets and consoles. The games' solutions will be collected into a database and used to improve methods for analyzing software, according to the draft request for proposals put out by the military's venture capital and research arm, the Defense Advanced Research Projects Agency.

As weapons systems have become complex, the military's methods for verifying that the software running on them is glitch-free and secure against hackers has fallen short. Formal verification is the process analysts use, through the application of mathematical theories, to determine if software code is free from bugs. Crowdsourcing this complicated task would help the Pentagon cut costs while it grapples with a shortage of computer security specialists.

"Formal verification has been too costly to apply beyond small, critical software components," the document said. "This is particularly an issue for the Department of Defense because formal verification, while a proven method for reducing defects in software, currently requires highly specialized talent and cannot be scaled to the size of software found in modern weapon systems."

DARPA's three-year experiment, known as Crowdsourced Formal Verification, will address the question: How can developers translate formal verification problems into compelling puzzles people will want to solve?

The agency estimates that it will spend $4.7 million on the project this year.

The games will be released for testing by the public at the end of the program's two research phases. Researchers must provide programming tools that allow robots to play the games. "However, some problems are expected to remain beyond any robot's ability to solve," the solicitation notes. DARPA did not respond to requests for an interview.

The use of crowdsourcing and games to tackle complex, real-world problems has gained traction since players of Foldit, a protein-folding computer game that analyzes possible protein combinations, recently deciphered an AIDS-related enzyme that had baffled scientists for more than a decade. The creation of Foldit by the University of Washington was funded in part by DARPA.

Another game, EteRNA, allows players to design RNA -- or ribonucleic acid -- molecules, creating genetic blueprints that scientists could build on to influence what happens inside living cells and possibly treat diseases in new ways.

"One of the really exciting things is that when we inject a new kind of problem in the world and provide tools to solve that problem, experts at the task just emerge," said Adrien Treuille, an assistant computer science professor at Carnegie Mellon University who has been involved in developing both games.

Security professionals, while intrigued by the potential of DARPA's idea, have reservations about whether the program will meet the ambitious goals.

It would be more cost-effective for the government to focus efforts on ensuring that software is secure while it's being engineered rather than after it has been deployed in systems, said Gary McGraw, chief technology officer at Cigital, a Dulles, Va.-based security consultancy. "It's easier to build something right than to build a broken thing and then have to fix it."

If players know a game is mapped to a weapons system's software, there's the alarming possibility that they could rig its results. "They could collude and play the game to show there are no security problems," said Nasir Memon, director of the Information Systems and Internet Security Laboratory at the Polytechnic Institute of New York University. "How can you trust results from that?"

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

    Download
  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

    Download
  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

    Download

When you download a report, your information may be shared with the underwriters of that document.