The U.S. Defense Advanced Research Projects Agency's (DARPA's) Vetting Commodity IT Software and Firmware (VET) program aims to develop systems that can verify the security of commercial IT devices. "Backdoors, malicious software, and other vulnerabilities unknown to the user could enable an adversary to use a device to accomplish a variety of harmful objectives, including the exfiltration of sensitive data and the sabotage of critical operations," according to DARPA.
VET will develop a method for Department of Defense (DoD) analysts to produce a prioritized checklist of software and firmware components and broad classes of hidden malicious functionality. The VET program also will help DoD analysts demonstrate the absence of those broad classes of hidden malicious functionality.
Finally, VET will determine how this procedure can scale to non-specialist technicians who must verify every new device used by the DoD. "The most significant output of the VET program will be a set of techniques, tools, and demonstrations that will forever change this perception" that the problem of vetting software and firmware on the millions of devices on DoD networks is unapproachable, says DARPA's Tim Fraser.
From Network World
View Full Article
Abstracts Copyright © 2012 Information Inc., Bethesda, Maryland, USA
No entries found