DARPA, BBN Technologies and the Cyber Imperative for CPM

Share
A key challenge in implementing CPM is maintaining system efficiency while enhancing security
US Defense Advanced Research Projects Agency (DARPA) is tapping BBN Technologies to usher in its Compartmentalization and Privilege Management programme

In an era where cyber threats loom large over national security, the US Defense Advanced Research Projects Agency (DARPA) has taken a significant step towards bolstering digital defences. 

The agency's latest initiative, the Compartmentalization and Privilege Management (CPM) programme, aims to revolutionise how cybersecurity is approached particularly for legacy software systems that form the backbone of many critical infrastructures.

Helping them reach their goals, RTX's BBN Technologies has been awarded a contract to support DARPA's CPM programme. 

This collaboration marks a crucial juncture in the ongoing battle against cyber threats, as it seeks to address vulnerabilities that have long plagued complex software systems. 

The CPM Programme: a new paradigm in cyber resilience

The CPM programme represents a paradigm shift in cybersecurity strategy. Rather than focusing solely on keeping attackers out, it aims to minimise the damage they can do once they've gained access. 

This approach is rooted in the understanding that in today's complex digital landscape, even a single vulnerability can compromise an entire system.

DARPA's vision for CPM is to develop tools that can automatically restructure software systems into smaller, secure compartments. 

Each compartment would have a specific function and operate with the least privilege necessary to achieve its goals. 

Youtube Placeholder

This fine-grained compartmentalisation would significantly enhance cyber resilience by preventing initial breaches from escalating into full-scale attacks.

“Today's complex attack surfaces and increasingly sophisticated cyberattacks mean that even a single point of vulnerability can compromise an entire system,” says Aaron Paulos, BBN Principal Investigator.

The ARC Tool - automated cybersecurity

To realise DARPA's vision, BBN is developing the Analysis and Restructuring for Containment (ARC) tool. 

This innovative technology is designed to automatically analyse large code bases and construct smaller, secure compartments. 

By applying the principle of least privilege at a sub-programme level, ARC ensures that only the minimum access necessary is granted for code to execute.

“Our solution will enhance the security of critical software systems while preserving performance, which is essential for maintaining operational readiness. The goal is to create compartments that isolate risks, making systems more resistant to cyberattacks,” says Aaron.

The development of ARC is particularly significant in the context of legacy systems. As DARPA notes, 'Legacy systems over their lifetimes tend to become more unstructured and consequently less compartmentalised'. 

The goal of CPM, and by extension ARC, is to transform these existing systems into resilient ones that can thwart most cyber-attack campaigns, even if an adversary gains a foothold.

Balancing security and performance

A key challenge in implementing CPM is maintaining system efficiency while enhancing security. 

To address this, ARC will generate solutions that balance multiple objectives. Some parts of a software application may require performant access, while others might introduce significant exposure to risk. 

The tool will enable system administrators to selectively apply security measures to those areas deemed most critical, effectively managing the trade-offs between performance and security.

“Today's complex attack surfaces and increasingly sophisticated cyberattacks mean that even a single point of vulnerability can compromise an entire system.” 

Aaron Paulos, BBN Principal Investigator

This approach aligns with DARPA's recognition that 'With processor hardware enhancements, fine-grained software compartmentalisation would not significantly impact the system's speed and efficiency'. 

It's a crucial consideration, given that the billions of lines of existing software would be impossibly time-consuming to rewrite in safer programming languages.

The road ahead

The CPM programme is structured as a four-year initiative with two phases. The first phase will focus on technology development, using the Linux operating system as the test and evaluation suite. The second phase will demonstrate scalable capabilities on open-source systems representative of classes of computation important to the Department of Defense.

As BBN Technologies embarks on this ambitious project, it brings to bear a wealth of experience in cybersecurity and software analysis. 

The team intends to integrate capabilities that use automated programme analysis, verifiable programme restructuring, and automated reasoning to develop effective security solutions.

By addressing the vulnerabilities in legacy systems, DARPA and BBN are laying the groundwork for a more secure digital future. 

As cyber threats continue to evolve, the lessons learned and technologies developed through this initiative could prove invaluable in safeguarding critical infrastructure and national security interests.

******

Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024

******

Cyber Magazine is a BizClik brand

Share

Featured Articles

SonicWall and CrowdStrike Unite for SMB Security Service

SonicWall partners with endpoint protection specialist CrowdStrike to offer managed detection and response capabilities through managed service providers

FS-ISAC CISO Talks Cyber Strategies for Financial Providers

FS-ISAC CISO JD Denning explains the cyber strategies financial providers need to adopt in order to stay afloat in the wave of cyber attacks

Darktrace Reports 692% Surge in Black Friday Cyber Scams

AI cybersecurity firm Darktrace reveals increase in brand impersonation attacks targeting retailers, with holiday-themed phishing attacks rising 327%

KnowBe4 Launches AI Agents to Counter Phishing Threats

Technology & AI

Gen Reports 614% Rise in Command Prompt Manipulation Scams

Cyber Security

SAVE THE DATE – Cyber LIVE London 2025

Cyber Security