Games help improve software security

Dec 05, 2013

Ever more sophisticated cyber attacks exploit software vulnerabilities in the Commercial Off-the-Shelf (COTS) IT systems and applications upon which military, government and commercial organizations rely. The most rigorous way to thwart these attacks is formal verification, an analysis process that helps ensure that software is free from exploitable flaws and vulnerabilities. Traditional formal methods, however, require specially trained engineers to manually scour software—a process that up to now has been too slow and costly to apply beyond small software components.

Finding faster, more cost-effective means to perform formal verification is a national security priority, so DARPA's Crowd Sourced Formal Verification (CSFV) program has developed and launched its Verigames web portal (www.verigames.com) offering free online formal verification games. The CSFV games translate players' actions into program annotations and generate mathematical proofs to verify the absence of important classes of flaws in software written in the C and Java programming languages. CSFV aims to investigate whether large numbers of non-experts playing formal verification games can perform formal verification faster and more cost-effectively than conventional processes.

"We're seeing if we can take really hard math problems and map them onto interesting, attractive puzzle games that online players will solve for fun," said Drew Dean, DARPA program manager. "By leveraging players' intelligence and ingenuity on a broad scale, we hope to reduce security analysts' workloads and fundamentally improve the availability of formal verification."

CSFV has developed an automated process that enables the creation of new puzzles for each math problem the program seeks to review. If gameplay does reveal potentially harmful code, DARPA will implement approved notification and mitigation procedures, including notifying the organization responsible for the affected software. Because CSFV verifies open source software that commercial, government and/or Department of Defense systems may use, prompt notification is essential to correct the rapidly and mitigate risk of security breakdowns.

Verigames currently offers five games:

  • CircuitBot: Link up a team of robots to carry out a mission.
  • Flow Jam: Analyze and adjust a cable network to maximize its flow.
  • Ghost Map: Free your mind by finding a path through a brain network.
  • StormBound: Unweave the windstorm into patterns of streaming symbols.
  • Xylem: Catalog species of plants using mathematical formulas.

Because government regulations require adult volunteer participants for this DARPA research program, CSFV games are open only to players ages 18 and up.

Explore further: osCommerce e-commerce software vulnerable to hackers, security researchers find

add to favorites email to friend print save as pdf

Related Stories

Can control theory make software better?

Mar 19, 2013

"Formal verification" is a set of methods for mathematically proving that a computer program does what it's supposed to do. It's universal in hardware design and in the development of critical control software ...

Computer scientists explore secure browser design

Aug 10, 2012

(Phys.org) -- University of California, San Diego computer scientists explored a new approach to secure browser design in a paper presented in August 2012 at the 21st USENIX Security Symposium, the foremost ...

Recommended for you

Hackathon team's GoogolPlex gives Siri extra powers

11 hours ago

(Phys.org) —Four freshmen at the University of Pennsylvania have taken Apple's personal assistant Siri to behave as a graduate-level executive assistant which, when asked, is capable of adjusting the temperature ...

Microsoft CEO is driving data-culture mindset

Apr 16, 2014

(Phys.org) —Microsoft's future strategy: is all about leveraging data, from different sources, coming together using one cohesive Microsoft architecture. Microsoft CEO Satya Nadella on Tuesday, both in ...

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

anonperson
not rated yet Dec 05, 2013
site appears down
Verigames web portal (www.verigames.com)

More news stories

Venture investments jump to $9.5B in 1Q

Funding for U.S. startup companies soared 57 percent in the first quarter to a level not seen since 2001, as venture capitalists piled more money into an increasing number of deals, according to a report due out Friday.

White House updating online privacy policy

A new Obama administration privacy policy out Friday explains how the government will gather the user data of online visitors to WhiteHouse.gov, mobile apps and social media sites. It also clarifies that ...

Hackathon team's GoogolPlex gives Siri extra powers

(Phys.org) —Four freshmen at the University of Pennsylvania have taken Apple's personal assistant Siri to behave as a graduate-level executive assistant which, when asked, is capable of adjusting the temperature ...

Leeches help save woman's ear after pit bull mauling

(HealthDay)—A pit bull attack in July 2013 left a 19-year-old woman with her left ear ripped from her head, leaving an open wound. After preserving the ear, the surgical team started with a reconnection ...

Scientists tether lionfish to Cayman reefs

Research done by U.S. scientists in the Cayman Islands suggests that native predators can be trained to gobble up invasive lionfish that colonize regional reefs and voraciously prey on juvenile marine creatures.