Slashdot Mirror
DARPA Makes Finding Software Flaws Fun
alphadogg writes "The U.S. Department of Defense may have found a new way to scan millions of lines of software code for vulnerabilities: by turning the practice into a set of video games and puzzles and having volunteers do the work. Having gamers identify potentially problematic chunks of code could help lower the work load of trained vulnerability analysts by 'an order of magnitude or more,' said John Murray, a program director in SRI International's computer science laboratory who helped create one of the games, called Xylem. DARPA has set up a site, called Verigames, that offers five free games that can be played online or, in Xylem's case, on an Apple iPad."
Yeah, but when I exploit a buggy drone and fly it into your own units, the same DoD says "that's not funny". ;/ Make up your minds already!
Ezekiel 23:20
Welcome null null ( Logout )
not such a new idea: Doom as an Interface for Process Management: http://www.cs.unm.edu/~dlchao/flake/doom/chi/chi.html
I'm disappointed they do not have the game 'Global Thermonuclear War'.
Finding bugs is ALWAYS fun!
What's even more fun is that Tesla Roadster you were able to buy by selling the bugs you find to intelligence agencies, rather than reporting them to the vendor and being sued under the DMCA for reverse engineering their product.
Here's a link to a single page version of the article.
'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
These puzzles are definitely interesting. I had a chance to get on and play the preliminaries of the pipe game about two hours ago from a college terminal. I get home to continue my "work" and the site is 505'd. I'm guessing it may have been simply slashdotted. If that's the case, then I've lost a bit of confidence in the project.
It sort of reminds me of that scene in "Sneakers" when the guys roll by to get the box back from the "NSA", and the building is being torn down. Which raises the question, if I can imagine using a site to quickly test a population sample's IQ and then to run like heck with the results, then is there a feasible reason to do so?
"Stratigraphically the origin of agriculture and thermonuclear destruction will appear essentially simultaneous" -- Lee
If you've tried playing any of those "games" then you'd know they are not fun at all. Just a big fail.
I agree that the one "game" I played didn't keep me enthralled once the novelty wore off, but it seems to me that there is the *seed* of something that could be fun, for given definitions of "fun". For example, suppose that these games were games-within-a-game, which one could play to win points or "gold" to use in the larger game. Consider it a form of grinding.
I worked on Xylem when I was a grad student at UCSC. I was not on the team when it launched, so my info may be out of date.
What players are being asked to do is find loop invariants for code. The invariants are hard for a computer to come up with (and be useful), but are easier to check given certain bounds. So there is no predetermined win state, each answer is checked server-side to see if it holds up within the bounds (or, if the answer is already known, the cache hit is returned). If the invariant is complex and holds, it gets scored highly. If it's trivial and holds, it gets a lower score. If it doesn't hold, the instance where it doesn't hold is returned to the player.
Does this help?
DARPA funded the project, and DARPA fund lots of projects. I think a debate about whether DARPA is good or bad is pretty out-of-scope for this particular work: we made a game that might show how software verification could be crowdsourced.
The games do try to be fun, that's why none of them are "look at this loop and write an invariant". Xylem dresses up the problem statement as logic puzzles that surround the growth of exotic plants. I don't have an iPad to play the final version of Xylem on, but we tried hard to come up with a compelling game.
I don't believe the expected player base really cares about whether the project was funded by DARPA or not. I understand if you don't, but I think you would also have to stop using the Internet if you have such an issue with DARPA funded projects :)
The game you are referring to is Foldit. http://fold.it/portal/ I played it a bit back when it came out and it was an interesting game. It has even been used to find some protein folding solutions that had previously stumped the existing tools used to look for solutions. It doesn't beat the traditional science in every instance (or probably even that many) but having an extra tool in the toolbox never hurts, especially when it is a tool that can be used by thousansds of players with time to kill instead of a handful of highly trained specialists with very limited time.
I think this is a really interesting idea. A poster above who was a grad student who worked on an earlier version of this game pointed out that the goal of these was to find loop invariants in the software (basically a proof by induction that a loop does what you think it does).
With the recent revelations about the NSA backdooring common encryption code I have wanted people to work on something like this to try to 'prove' various software does what it says on the box (PGP, linux kernel, tor, etc). I am glad to hear that there is research being done in this area and hope it succeeds and gets applied to some of the important open source software in use today. Let the unwashed masses do most of the grunt work proving the simple bits like loop invariants and use that to free up the specialist developers to look at the rest of the program.
-AndrewBuck