Computing Community Consortium Blog

The goal of the Computing Community Consortium (CCC) is to catalyze the computing research community to debate longer range, more audacious research challenges; to build consensus around research visions; to evolve the most promising visions toward clearly defined initiatives; and to work with the funding organizations to move challenges and visions toward funding initiatives. The purpose of this blog is to provide a more immediate, online mechanism for dissemination of visioning concepts and community discussion/debate about them.

DARPA: Automated Program Analysis for Cybersecurity

August 9th, 2011 / in big science, research horizons, resources / by Erwin Gianchandani

DARPA:  Automated Program Analysis for CybersecurityFresh on the heels of announcing a call for social media research, DARPA’s Information Innovation Office (I2O) has issued a solicitation for “innovative research proposals in the area of automated program analysis for cybersecurity.”

From the official broad agency announcement:

Automated program analysis is a fundamentally hard problem. It has been known since the work of Church and Turing in 1936 that virtually any interesting question about the properties of programs is undecidable — that is, it is provably impossible to build an automated program analysis tool that will answer any question about cybersecurity for any program and input with complete accuracy…


Nonetheless, decades of research has shown that it is possible to make practical automated program analysis tools that answer some useful cybersecurity questions for some programs with some useful level of accuracy. The development of such practically useful tools and the discovery of such useful cybersecurity questions will be the primary goal of the Automated Program Analysis for Cybersecurity program. However, we recognize that these practical tools must unavoidably accept false alarms, missed detections, or limit themselves to relatively weak properties. The secondary goal of the Automated Program Analysis for Cybersecurity program will be to assess the boundaries of what is knowable given the necessity of these tradeoffs.


Although the obstacle of scale may be cleared, at least two major challenges remain. The first challenge will be to produce practical tools suitable for deployment in DoD…


The second challenge will be to translate our high-level cybersecurity objectives into properties that are at a sufficiently low level to be proven with automated program analysis tools.

DARPA is limiting the scope of the program to “demonstrating tools and properties designed specifically to keep malicious [Java] code out of DoD Android-based mobile application marketplaces.” It will proceed in three phases, comprising an initial 18-month base period of performance for pursuing the R&D necessary to produce proof-of-concept prototypes followed by two optional phases.

Proposals are due by 12pm EDT on Sept. 6, 2011. DARPA anticipates making about 10 awards at a total of $44.5 million.

For more details, check out the full program announcement, available for download here.

(Contributed by Erwin Gianchandani, CCC Director)

DARPA: Automated Program Analysis for Cybersecurity

Comments are closed.