DARPA Awards $900K to Research Weird Machines

This post originally appeared on the Adventium Labs website. Adventium was acquired by Galois in 2022.

Adventium Labs has been awarded a $900K, 18-month research project to identify and mitigate weird machines in computer systems. Weird machines are unintended, emergent computational capabilities within a computer system enabling it to be used in ways not intended by the system designers. Among other problems, this emergent execution can be exploited to enable or amplify cyber-attacks. Spectre and Meltdown are well-known examples of cyber-attacks that exploit emergent computation to expose protected information without requiring any violation of the system’s normal operation.

Adventium’s Detecting Emergent Computation In Multiple Automata Layers (DECIMAL) project, part of DARPA’s Artificial Intelligence Exploration initiative, is developing technology to identify the possible presence of weird machines in a high-level system design. Once identified, these capabilities can be blocked or mitigated. Addressing weird machines at the design stage will result in more secure systems, potentially realizing huge performance improvements and cost savings by avoiding mitigation or redesign in deployed systems.

DECIMAL will augment Adventium’s existing security analysis capabilities, available in the Curated Access to Model-based Engineering Tools (CAMET®) Library (pronounced “camay”). In particular, DECIMAL’s capabilities will complement and extend the Risk Management Framework (RMF) analysis tool already available on CAMET. The RMF tool checks system design models for compliance with the Department of Defense’s Risk Management Framework for DoD Information Technology, a widely used standard for risk analysis. As a whole, Adventium’s suite of CAMET tools support model-based system engineering initiatives, including the Digital Engineering Strategy, Architecture Centric Virtual Integration Process, and Modular Open System Architecture initiatives from the Department of Defense.

The DECIMAL project has two phases. Phase I will establish the feasibility of the approach, and Phase II will develop a proof of concept. Each phase is nine months long. Follow-on efforts will mature DECIMAL for deployment in the CAMET Library.