Issue No. 02 - March/April (2018 vol. 16)
Anh Nguyen-Tuong , University of Virginia
David Melski , GrammaTech
Jack W. Davidson , University of Virginia
Michele Co , University of Virginia
William Hawkins , University of Virginia
Jason D. Hiser , University of Virginia
Derek Morris , Microsoft
Ducson Nguyen , GrammaTech
Eric Rizzi , GrammaTech
On 4 August 2016, DARPA conducted the final event of the Cyber Grand Challenge (CGC). The challenge in CGC was to build an autonomous system capable of playing in a capture-the-flag hacking competition. The final event pitted the systems from seven finalists against each other, with each system attempting to defend its own network services while proving vulnerabilities in other systems' defended services. Xandra, our automated cyber reasoning system, took second place overall in the final event. Xandra placed first in security (preventing exploits), second in availability (keeping services operational and efficient), and fourth in evaluation (proving vulnerabilities in competitor services). Xandra also drew the least power of any of the competitor systems. In this article, we describe the high-level strategies applied by Xandra, their realization in Xandra's architecture, the synergistic interplay between offense and defense, and finally, lessons learned via post-mortem analysis of the final event.
computer network security,
A. Nguyen-Tuong et al., "Xandra: An Autonomous Cyber Battle System for the Cyber Grand Challenge," in IEEE Security & Privacy, vol. 16, no. 2, pp. 42-51, 2018.