Cyber Grand Challenge Revisited - Building Autonomous Secure and Resilient Systems
The exploitation of security vulnerabilities in software can affect large groups of people and lead to massive financial damages. Up to now, the process of finding and countering bugs, hacks, and other cyber-threats has primarily been a craftmanship: professional bug hunters and security professionals work endless hours, inspecting vast amounts of source code to find and repair vulnerabilities that adversaries could otherwise exploit. This is a slow and tedious battle that is in danger of not being able to keep up with the pace at which cyber-threats materialize.
To help overcome these challenges, DARPA launched the Cyber Grand Challenge, a competition to create automatic defensive systems that are capable of reasoning about flaws, formulating patches and deploying them on a network in real-time. Although the challenge focused on penetration testing and associated patching, we recognize that the techniques, tools, and tactics employed by the competitors in this challenge are of great interest to our data-driven research on building secure and resilient software systems.
Data-driven software engineering aims to use the wealth of data produced during software development and operation to support its development, maintenance, and evolution. Concretely, we apply machine learning and data mining techniques on software engineering data (such as source code, versioning histories, issue tracking, build & test logs, operational data) to derive actionable insights.
The goal of this project would be first to do a systematic survey of the literature, techniques, tools, and tactics employed by competitors in DARPA's Cyber Grand Challenge. In the next step, you would use selected techniques, tools, and tactics to develop a prototype autonomous secure and resilient system that can be used as the basis for future research in this area.
- application of data science in a software engineering context
- proficiency with implementing and evaluating data-driven software engineering techniques and prototypes
- gain appreciation for the state of the art in automated defensive and offensive security
- experience with working in an exciting and active research environment
- excellent opportunities to publish your research results in the form of a scientific publication
- interested in defensive and offensive security, resilience
- interested in machine learning, in particular machine learning for security and resilience
- preferably knowledge of python, R and LaTeX.