Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

M&A Tracker

DARPA Seeks Software Obfuscation Proposals for SafeWare Project

Secure Code

In a broad agency announcement published last week, the Defense Advanced Research Projects Agency (DARPA) informed researchers that it is looking for innovative proposals in the area of software obfuscation.

Secure Code

In a broad agency announcement published last week, the Defense Advanced Research Projects Agency (DARPA) informed researchers that it is looking for innovative proposals in the area of software obfuscation.

Obfuscation is highly important in software development because it allows developers to distribute their programs while making sure that the source code can’t be viewed.

For the project dubbed “SafeWare” DARPA is seeking innovative approaches in the development of new mathematical foundations and implementation paths for provably-secure software obfuscation. The agency has highlighted that research primarily resulting in “evolutionary improvements” to existing methods will not be taken into consideration.

“The goal of the SafeWare research effort is to drive fundamental advances in the theory of program obfuscation and to develop highly efficient and widely applicable program obfuscation methods with mathematically proven security properties,” DARPA said.

SafeWare focuses on a total of four distinct technical areas (TAs): Mathematical Foundations of Program Obfuscation (TA1), Implementation of Program Obfuscation (TA2), Proof-of-Principle Demonstrations (TA3), and Testing, Evaluation and Research Integration (TA4). DARPA anticipates awarding one or more grants for the TAs 1-3, and one for T4.

The agency has pointed out that each proposal must target only one TA. Those interested in more than one area must submit multiple proposals, one for each TA.  

The proposed method must meet certain conditions, including the requirement that a successful de-obfuscation attack can only be carried out by solving a computationally hard mathematical problem, not losing its effectiveness if it’s fully understood by an adversary, general purpose applicability to standard program types, and it must not be dependent of special hardware or other physical resources.

Selected researchers will be required to deliver technical papers and reports, computer code and pseudocode (only for TA2 and TA3), summaries of relevant program obfuscation research (only for TA4), slide presentations, quarterly progress reports, and a final report that summarizes the overall project.

The closing date for applications is November 18. Additional information on SafeWare is available in the broad agency announcement published on the Federal Business Opportunities (FBO) website.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.