recommended reading

Pentagon-funded games would crowdsource weapons testing

The Pentagon plans to fork over $32 million to develop "fun to play" computer games that can refine the way weapons systems are tested to ensure they are free from software errors and security bugs, according to a Defense Department solicitation.

The goal is to create puzzles that are "intuitively understandable by ordinary people" and could be solved on laptops, smartphones, tablets and consoles. The games' solutions will be collected into a database and used to improve methods for analyzing software, according to the draft request for proposals put out by the military's venture capital and research arm, the Defense Advanced Research Projects Agency.

As weapons systems have become complex, the military's methods for verifying that the software running on them is glitch-free and secure against hackers has fallen short. Formal verification is the process analysts use, through the application of mathematical theories, to determine if software code is free from bugs. Crowdsourcing this complicated task would help the Pentagon cut costs while it grapples with a shortage of computer security specialists.

"Formal verification has been too costly to apply beyond small, critical software components," the document said. "This is particularly an issue for the Department of Defense because formal verification, while a proven method for reducing defects in software, currently requires highly specialized talent and cannot be scaled to the size of software found in modern weapon systems."

DARPA's three-year experiment, known as Crowdsourced Formal Verification, will address the question: How can developers translate formal verification problems into compelling puzzles people will want to solve?

The agency estimates that it will spend $4.7 million on the project this year.

The games will be released for testing by the public at the end of the program's two research phases. Researchers must provide programming tools that allow robots to play the games. "However, some problems are expected to remain beyond any robot's ability to solve," the solicitation notes. DARPA did not respond to requests for an interview.

The use of crowdsourcing and games to tackle complex, real-world problems has gained traction since players of Foldit, a protein-folding computer game that analyzes possible protein combinations, recently deciphered an AIDS-related enzyme that had baffled scientists for more than a decade. The creation of Foldit by the University of Washington was funded in part by DARPA.

Another game, EteRNA, allows players to design RNA -- or ribonucleic acid -- molecules, creating genetic blueprints that scientists could build on to influence what happens inside living cells and possibly treat diseases in new ways.

"One of the really exciting things is that when we inject a new kind of problem in the world and provide tools to solve that problem, experts at the task just emerge," said Adrien Treuille, an assistant computer science professor at Carnegie Mellon University who has been involved in developing both games.

Security professionals, while intrigued by the potential of DARPA's idea, have reservations about whether the program will meet the ambitious goals.

It would be more cost-effective for the government to focus efforts on ensuring that software is secure while it's being engineered rather than after it has been deployed in systems, said Gary McGraw, chief technology officer at Cigital, a Dulles, Va.-based security consultancy. "It's easier to build something right than to build a broken thing and then have to fix it."

If players know a game is mapped to a weapons system's software, there's the alarming possibility that they could rig its results. "They could collude and play the game to show there are no security problems," said Nasir Memon, director of the Information Systems and Internet Security Laboratory at the Polytechnic Institute of New York University. "How can you trust results from that?"

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov