Legacy system security
Intel, UC San Diego to Work on Cryptography-Based Cybersecurity Under DARPA Program
The Defense Advanced Research Projects Agency has selected Intel and the University of California, San Diego, to join the Hardening Development Toolchains Against Emergent Execution Engines program.
During the four-year HARDEN program, Intel and UC San Diego will investigate how the company’s Cryptographic Capability Computing system could improve security for legacy and future systems. C3 is a stateless memory safety mechanism that replaces metadata with cryptographic techniques.
Efforts by the organizations will help DARPA understand how attackers could use parts of a modern computing system to negatively impact the entire ecosystem, Intel said.
The HARDEN program will run in three phases. The first two phases will last for 18 months each while the last phase will take a year.
Program participants are expected to produce cryptography-enabled tools and formal security theories.
The effort will be led by Deian Stefan and Dean Tullsen, professors at UC San Diego’s Department of Computer Science and Engineering.
The C3 system is designed to overcome the limitations of capability-based access control mechanisms, which are expensive to use and incompatible with legacy code. It encrypts individual pointers and data objects so old software can still deploy them.
The U.S. government has been ramping up its efforts to adopt cryptography and post-quantum cybersecurity. In December, President Joe Biden signed into law the Quantum Cryptography Cybersecurity Preparedness Act, which requires federal agencies to adopt technologies that can withstand both classical and quantum-enabled decryption.
The HARDEN program was launched as hackers continue to create more complex techniques to overcome platform hardening efforts. According to Intel, current efforts to prevent sophisticated cyberattacks have fallen short, putting current and legacy software at risk.
Tags: cybersecurity Defense Advanced Research Projects Agency Hardening Development Toolchains Against Emergent Execution Engines program Intel University of California San Diego