00:00:00.601-->00:00:06.807 >> Good morning and welcome to the DARPA Cyber Grand Challenge Award Ceremony. Please welcome 00:00:06.807-->00:00:13.647 the director of the information innovation office at the Defense Advanced Research Projects 00:00:13.647-->00:00:18.652 Agency Doctor John Launchbury. [Introduction music] >>Good morning. You know DARPA is a 00:00:29.796-->00:00:35.836 national treasure and a magical place. It's filled with people who have a vision of what might 00:00:35.836-->00:00:42.643 just be possible and the technical chops to make it so. They come from industry and 00:00:42.643-->00:00:48.949 academia and these people to choose to commit 3 to 5 years of their careers bringing new 00:00:48.949-->00:00:53.954 possibilities into being and the nation entrusts them with the resources to make it possible. 00:00:57.024-->00:01:03.697 Mike Walker is such a person. Cyber Grand Challenge was his vision of the possible and 00:01:03.697-->00:01:08.702 yesterday we all witnessed something new being formed in the world. This morning we get 00:01:10.704-->00:01:15.709 to celebrate that accomplishment. Let us welcome him to the stage, Mike Walker. 00:01:24.151-->00:01:29.156 [clapping] [applause] [introduction music] >>Hello everybody. Um in 2013 we 00:01:31.892-->00:01:36.630 challenged the world to create automated systems that could compete in hacking contest and 00:01:36.630-->00:01:42.336 no such machines existed at the time. In 2014 competition teams from around the world attempted 00:01:42.336-->00:01:46.940 to draw an existing program analysis technology and native code expertise to construct 00:01:46.940-->00:01:52.546 prototypes that could get us halfway there. At our 2015 qualifiers 7 of these teams 00:01:52.546-->00:01:56.249 proved to the world the automated flaw identification and patching was possible in 00:01:56.249-->00:02:01.188 unison on on previously unseen code. After we named our finalists in July of 20 15 the 00:02:03.457-->00:02:07.527 race was on to take those core skills and adapt them to building a fully automated 00:02:07.527-->00:02:12.265 system that could think about new security problems and manage them under pressure in the heat 00:02:12.265-->00:02:17.537 of competition. Yesterday those systems competed against each other and let's watch a little 00:02:17.537-->00:02:21.208 bit of what happened together. [sound effects] [inaudible talking] >>ya absolutely 00:02:23.543-->00:02:28.548 [inaudible noise] >>Ready >>Ready [inaudible noise] >>Game started at oh 900 and 45 seconds 00:02:37.657-->00:02:43.363 Pacific. [music] >>Welcome everyone to the first ever fully automated cyber security 00:02:43.363-->00:02:48.468 automated competition. >>Xandra managed to discover and prove a vulnerability in one of the 00:02:48.468-->00:02:52.839 services we call opstem but this is a unique situation and it's something we were kind of hoping 00:02:52.839-->00:02:58.245 to see. They actually managed to discover an unintended vulnerability. So each a these 00:02:58.245-->00:03:02.282 uh each a these services that's written just like real world software it's impossible for us 00:03:02.282-->00:03:06.453 to have made absolutely certain that the one vulnerability that we intended is the only one 00:03:06.453-->00:03:10.390 that's present. So the interesting part here is that Zandra had discovered this new 00:03:10.390-->00:03:15.095 POV exercised it against something that we hadn't actually even intended and then 00:03:15.095-->00:03:20.767 JIMA observed this occurring and successfully defended against it. So these are all results 00:03:20.767-->00:03:24.538 that like we hadn't possibly [audience applauding] had any ability to predict what so ever. 00:03:24.538-->00:03:28.542 [applause] >>wow [applause] >> So Zandra POV succeeded against the reference binary but not 00:03:28.542-->00:03:32.479 against JIMA's patched binary. [applause] >>So JIMA was actually successfully able to 00:03:32.479-->00:03:36.983 patch a bug that we didn't even know exists in the software but what kind of general purpose or 00:03:36.983-->00:03:40.854 even specific patches does JIMA implement that could do this. >>So that was probably one of 00:03:40.854-->00:03:45.525 our uh general purpose patches. We looked at areas of code where we know there are common 00:03:45.525-->00:03:49.863 vulnerabilities and we just deliberately inserted conservatively the patches for 00:03:49.863-->00:03:53.567 those areas. >>The address resolution service was basically the vulnerability that was 00:03:53.567-->00:03:57.370 modeled after the sql slammer like we were talking about and we definitely saw some of the 00:03:57.370-->00:04:01.875 bots discover this vulnerability and actually begin trying to prove that vulnerability against 00:04:01.875-->00:04:07.380 other teams or other bots very very early on. So this represents uh a true success to 00:04:07.380-->00:04:11.485 ha- to what we have going on here because in that 5 minute window that Deb mentioned that 00:04:11.485-->00:04:16.356 she was hoping for that actually managed to be proven and patched by several of the teams in the 00:04:16.356-->00:04:21.128 very next round. So that means that in a 5 minute window a totally previously never seen 00:04:21.128-->00:04:26.600 before challenge binary was researched and evaluated and found vulnerable and patched by 00:04:26.600-->00:04:31.138 a completely autonomous system. Our implementation of the mail server challenge basically 00:04:31.138-->00:04:35.308 wanted to strike a balance between the difficulty and the complexity of the original bug 00:04:35.308-->00:04:40.547 in sendmail and Halvars example that was sort of a carved down sub set of the problem. Either 00:04:40.547-->00:04:45.685 way they are all sort of the classic uh state machine problems that are very very 00:04:45.685-->00:04:50.056 difficult for program analysis. Those nearly infinite possibilities and that halting 00:04:50.056-->00:04:56.029 problem that we talked about before clearly come into play here so MechaFish was the only 00:04:56.029-->00:05:01.401 team to actually successfully POV against our version [audience applause] [hollering] 00:05:01.401-->00:05:06.273 of crack adder. [applause] So this basically represents a a leap forward in program analysis 00:05:06.273-->00:05:10.777 for them to be capable of doing this means that we're one step closer to that thing that's 00:05:10.777-->00:05:15.282 basically been sort of thee Everest of program analysis because a that state machine 00:05:15.282-->00:05:18.451 problem. >>Uh congratulations so what'd ya think about this? >>[chuckles]It's pretty 00:05:18.451-->00:05:22.822 overwhelming >>right >>wow I mean all the talk about state machines and all the possibility 00:05:22.822-->00:05:26.393 of state machines really reminds me of one of the papers we published recently. We published 00:05:26.393-->00:05:31.298 paper driller which is supposed to augment uh fuzzing with symbolic execution and it's one 00:05:31.298-->00:05:35.835 of one of our really in depth case studies talks about how exactly it traverses the state 00:05:35.835-->00:05:41.174 machines and is able to really explore deeply parts of the program that would normally be 00:05:41.174-->00:05:47.480 inaccessible to a more naive approach. [audience applause] >>Thank you Ayshay [applause] 00:05:47.480-->00:05:53.119 >>Today we saw machines patch many of the vulnerabilities that were activated in their software 00:05:53.119-->00:05:58.124 within minutes without damaging software or availability. Challenges work not because the 00:06:00.093-->00:06:05.332 many who cannot imagine but because of the few willing to make the attempt. [inaudible 00:06:05.332-->00:06:11.371 background voices] Thank you all for your courage. I'd like to close [applause] but this room 00:06:11.371-->00:06:16.376 the loudest round of applause we can summon for those who dare. [applause] [hollering] >>So uh I 00:06:22.349-->00:06:26.286 have a a note on that first highlight I just I wanna make sure everyone understands what 00:06:26.286-->00:06:31.925 happened uh we created a bunch of native code that had never been seen before uh one of the 00:06:31.925-->00:06:36.229 machines found a bug in it that we didn't know about. It was completely unintentional 00:06:36.229-->00:06:40.934 discovered it discovered how to use that flaw to take the flag from another machine and the 00:06:40.934-->00:06:45.205 other machine detected it and built a patch. A conversation between machines that happened 00:06:45.205-->00:06:50.210 in minutes. Um who would've thought. Um but what we just saw yesterday was a first step I 00:06:53.913-->00:06:58.918 wanna think back for a moment to 2005. Uh this is Stanley. Stanley's a self driving car 00:07:01.621-->00:07:06.626 that won the 2005 DARPA Grand Challenge and Stanley is a future technology prototype a 00:07:06.626-->00:07:12.599 proof of concept. A research in engineering milestone. It is not a particularly good self driving 00:07:12.599-->00:07:17.537 car by today's standards. It was filled with computing it's sensors in communications gear 00:07:17.537-->00:07:21.474 were bolted on and bulky. It couldn't drive on our streets and it couldn't handle traffic 00:07:21.474-->00:07:25.945 and it couldn't do a lot of things. All the same Stanley earned it's place in the 00:07:25.945-->00:07:31.551 Smithsonian by redefining what was possible and today the technology descended from 00:07:31.551-->00:07:36.222 Stanley and it's competition are driving in America's streets all on their own. That long awaited 00:07:36.222-->00:07:41.227 revolution is arriving on our streets and highways right now. So these CGC prototypes are just 00:07:43.797-->00:07:49.769 like Stanley they work only on very simple research operating system they work on 32 bit 00:07:49.769-->00:07:54.341 native code they spend a huge amount of computing power to think about the security 00:07:54.341-->00:07:59.946 problems of small example services. The complex bugs they found are impressive but they 00:07:59.946-->00:08:04.818 are not as complex as their real world analogs and a huge amount of engineering needs to be done 00:08:04.818-->00:08:11.358 before something like this can guard the networks that we use. I invite you this weekend to 00:08:11.358-->00:08:16.129 imagine the technology that will follow these first prototypes and what that technology will 00:08:16.129-->00:08:22.736 mean. Imagine networks where zero day cannot happen to anybody. Where it does not take 00:08:22.736-->00:08:27.540 gauren where zero day does not guarantee attackers success where defenders work together 00:08:27.540-->00:08:32.312 with guardian machines to keep networks safe. Imagine getting a text message from the system 00:08:32.312-->00:08:35.715 that protects your business letting you know it just learned about a new flaw in your 00:08:35.715-->00:08:42.021 document reader and synthesized a new patch all on it's own. It's coming and we have these 3 00:08:42.021-->00:08:47.027 days to imagine it together. Now that cyber grand challenge is over and since this is a 00:08:50.130-->00:08:55.702 security crowd I wanna talk a little bit about some other things at DARPA. Many of you may 00:08:55.702-->00:09:00.040 be familiar with the idea of formal verification. A field in which the security properties of 00:09:00.040-->00:09:04.811 native code are accompanied by a mathematical proof that guarantees those properties. 00:09:04.811-->00:09:09.282 Less of you may know that a few years ago DARPA funded technology uh that is now open 00:09:09.282-->00:09:14.788 source. A formally verified control system for a commercial quad copter and you can buy this 00:09:14.788-->00:09:20.293 commercial quad copter download the code from the website on the screen install it fly it around 00:09:20.293-->00:09:24.497 your neighborhood right now. The research community behind this code believes that formal 00:09:24.497-->00:09:30.437 verification provides powerful promises about the absence of entire classes of flaws and we'd 00:09:30.437-->00:09:35.208 love to hear from you about how strong this security really is. We also hope in the future to 00:09:35.208-->00:09:41.181 conquer new frontiers with formal verification. Many of you are also familiar with 00:09:41.181-->00:09:47.086 technology developed under cyber fast track. Uh a previous DARPA program. [audience applause] 00:09:47.086-->00:09:51.291 portions of end map for instance. [applause] all of that technology development happened 00:09:51.291-->00:09:56.095 because Mudge became the first ke- person from this community uh from this hacker community to 00:09:56.095-->00:10:01.267 come to DARPA to be a program manager. I went to a lot of Mudge's cyber fast track talks I 00:10:01.267-->00:10:05.805 was inspired by the common ground that he forged between DARPA and the hacker community 00:10:05.805-->00:10:11.377 and I'm proud today to be following the tradition he started and I hope that like me 00:10:11.377-->00:10:15.815 some of you out there are watching what was accomplished in this challenge and are 00:10:15.815-->00:10:20.653 wondering if you can build your vision of future technology at DARPA. Creating something like 00:10:20.653-->00:10:25.558 cyber fast track or cyber grand challenge from scratch building the technology team behind it 00:10:25.558-->00:10:31.831 and guiding its execution these are difficult and rewarding things. Mudge started a 00:10:31.831-->00:10:37.003 tradition of hacker program management at DARPA and it is my sincere hope that as my term en- 00:10:37.003-->00:10:42.642 ends and I leave the agency that some of you will step up to continue this tradition. Until 00:10:42.642-->00:10:47.881 it's easy to write defensible code and networks are secure by default there must always be 00:10:47.881-->00:10:54.854 hackers working at DARPA to create revolutionary technology. So if you have technology vision 00:10:54.854-->00:10:59.559 the ability to lead teams and an aptitude for public service please email us or seek us out 00:10:59.559-->00:11:04.497 this weekend. It is now my pleasure to introduce the director of DARPA Arati 00:11:11.271-->00:11:16.276 Prabhakar. [applause] [introduction music] >>Thank you Mike. Good morning everyone it's 00:11:20.747-->00:11:26.920 wonderful to be here with this DEFCON community. I wanna take just a minute and talk about why 00:11:26.920-->00:11:33.526 we are here why is DARPA here doing the cyber grand challenge and the first big reason that we 00:11:33.526-->00:11:36.629 are here is our job at DARPA is to change what's possible aa that's why everyone of us comes 00:11:36.629-->00:11:41.634 to work every single morning. Our job is to change what's possible so that we can 00:11:45.371-->00:11:51.377 revolutionize our national security capabilities and our little agency was created in the 00:11:51.377-->00:11:57.784 immediate aftermath of Sputnik so we've been at this for bouts almost 60 years now. And what 00:11:57.784-->00:12:03.690 that means is that our predecessors got to work with some of the most amazing people 00:12:03.690-->00:12:08.695 and teams of their times and the work that they did together led to navigation that you can hold 00:12:11.598-->00:12:17.604 in the palm of your hand it led to stealth aircraft it led to composite materials it led to 00:12:17.604-->00:12:23.910 wave after wave of artificial intelligence and of course the work that they did together 00:12:23.910-->00:12:28.915 built the arpanet and it led to the internet. So absolutely[laughter] [audience 00:12:33.486-->00:12:37.357 laughter] [speaker laughter] so eh [applause] I I'm all for em that was awesome what that 00:12:37.357-->00:12:44.130 generation did. For everyone of us who works at DARPA today and the community that we get to 00:12:44.130-->00:12:50.737 work with we recognize that that's a proud history but now now it's our time. Now it's our 00:12:50.737-->00:12:56.042 turn to step to the plate and now it's our turn to change what's possible and that is 00:12:56.042-->00:13:02.115 exactly what cyber grand challenge is doing right now. So eh uh you've heard about Mike's 00:13:02.115-->00:13:07.353 amazing uh work and talked he's talked a little bit about the big ambitions in the cyber grand 00:13:07.353-->00:13:12.358 challenge. Cyber grand challenge is actually only 1 of about 200 active programs at DARPA today 00:13:14.594-->00:13:20.500 and everyone a those programs has a big ambition. They range from a ship that will be able to 00:13:20.500-->00:13:25.505 navigate itself across the seas without a single sailor on board to a spaceplane that can put a 00:13:27.907-->00:13:32.912 satellite on orbit tomorrow instead of next year to a network of sensors across an 00:13:35.415-->00:13:41.721 entire city that can detect radiological and nuclear materials before a terrorist can 00:13:41.721-->00:13:47.660 detonate a bomb and among the things we're doing today I wanna mention to where you can get an 00:13:47.660-->00:13:53.399 engaged immediately. Uh one you can get engaged at noon today right here at Defcon because if 00:13:53.399-->00:13:58.204 you go to the bio hacking village you'll hear about some of our big ambitions in 00:13:58.204-->00:14:03.676 biological technologies. The work that we're doing to change how we understand the human 00:14:03.676-->00:14:08.781 brain and start developing neuro technologies. The work that we're doing to build on the 00:14:08.781-->00:14:13.720 explosion in gene editing capabilities and the work in synthetic biologies so please 00:14:13.720-->00:14:18.057 join us there. You'll hear from a couple of DARPA program managers there. Uh a second 00:14:18.057-->00:14:23.563 thing that's a big ambition at DARPA today a new program that's just ramping up will be DARPA's 00:14:23.563-->00:14:29.235 next massive grand challenge and that is the spectrum collaboration challenge and I 00:14:29.235-->00:14:34.640 invite you to dive in on this one too. The challenge in that case is uh we're gonna challenge 00:14:34.640-->00:14:40.580 teams to build radio networks with embedded API's that will allow each of those radio 00:14:40.580-->00:14:46.319 networks to dynamically scan and form hypotheses and predict what's happening in the radio 00:14:46.319-->00:14:52.558 spectrum so that they can both compete with each other but also collaborate to dramatically 00:14:52.558-->00:14:57.396 advance the amount a capacity we can get from a fixed amount of spectrum. That one's just 00:14:57.396-->00:15:03.069 getting rolling so dive back in. So as you can see a very wide range of big ambitions at DARPA 00:15:03.069-->00:15:08.074 today every single one of those big ambitions depends on cyber security. We can't achieve these 00:15:10.610-->00:15:16.916 big dream unless we can trust our data trust our networks trust the systems that we are so 00:15:16.916-->00:15:21.921 completely reliant on today and because of that a revolution in cyber security is also a big 00:15:24.123-->00:15:29.195 ambition at DARPA today. Cyber grand challenge is a big part a that. Mike mentioned some of the 00:15:29.195-->00:15:34.300 other things that we're doing. There's a large portfolio of active programs in that area 00:15:34.300-->00:15:40.373 results that are starting to come out of it. We invite you to engage with us and uh help build 00:15:40.373-->00:15:46.813 that portfolio but also draw on the fruits of that research uh because as we start developing 00:15:46.813-->00:15:51.751 those technologies and as we start implementing them ultimately we hope across the 00:15:51.751-->00:15:56.756 entire information ecosystem as we do that we can start imagining a future where we 00:15:59.258-->00:16:04.564 actually have some foundation of cyber security not invulnerability but we can live 00:16:04.564-->00:16:09.936 in a future where we can get on with the business of enjoying the fruits of this phenomenal 00:16:09.936-->00:16:16.409 information revolution that we're all living in today. So those are some of the big uh 00:16:16.409-->00:16:21.113 ambitions we have at DARPA today and changing what's possible what's possible is a very big 00:16:21.113-->00:16:26.185 reason that we are here today uh at Defcon doing cyber grand challenge. A question I've 00:16:26.185-->00:16:29.822 gotten from lots a people is why are you doing this in Las Vegas and why are you doing it with 00:16:29.822-->00:16:34.460 Defcon the answer to that is we could not have done it without a tremendous partnership with 00:16:34.460-->00:16:40.566 Defcon and I wanna just call out uh Defcon's leadership this whole community uh we chose to 00:16:40.566-->00:16:47.006 do this because number 1 uh how awesome was it that we were able with your permission to build on 00:16:47.006-->00:16:53.179 top of this amazing capture the flag game. A perfect game to to to start with to develop a 00:16:53.179-->00:16:58.851 league of their own for machines to start learning how to do this amazingly hard work. Um that's 00:16:58.851-->00:17:05.258 been wonderful for us uh most important from my perspective very much as Mike said this 00:17:05.258-->00:17:11.898 community your community you all this is such an important uh part of how we're gonna change 00:17:11.898-->00:17:16.736 the future of cyber security. I think we're starting to build some very important ties. I hope 00:17:16.736-->00:17:21.841 cyber grand challenge advanced that in some very significant ways. So thank you Defcon. This 00:17:21.841-->00:17:26.846 has been just tremendous. [applause] The final most fundamental reason we are here 00:17:34.186-->00:17:39.191 today is because of Mike Walker. Uh now Mike is something amazing and that amazing thing he is is 00:17:43.262-->00:17:49.902 a DARPA program manager. That's a person who has a vision who builds a team to do this 00:17:49.902-->00:17:56.175 [chuckles] incredible amount of hard work who inspires a vast community to drive these 00:17:56.175-->00:18:01.714 technologies forward and ultimately it's someone who gets to spark a technological 00:18:01.714-->00:18:06.786 revolution. So Mike thank you for showing the world what a DARPA [applause]program manager 00:18:06.786-->00:18:11.791 is all about. [loud applause] It is now my privilege to recognize the teams who built the bots who 00:18:23.803-->00:18:30.042 changed what's possible here at the cyber grand challenge. We are gonna start with finalist 00:18:30.042-->00:18:35.047 Dissect who built the bot Crispy come on up. [applause][intro music] [music playing] Please 00:18:54.033-->00:18:59.038 join me in celebrating finalist CSDS who built the bot JIMA [applause] [cheering] [music 00:19:49.522-->00:19:54.527 playing] Announcing finalist Code Jitsu who built the bot Galactica [cheering] [music 00:20:31.397-->00:20:36.402 playing] [applause] [music playing] Next up is finalist D Bread who built the bot Rubio 00:21:31.891-->00:21:36.896 [music playing] [music fades] >>I'm gonna take a moment uh before we bring up our next team 00:21:39.265-->00:21:43.769 uh to tell you that last night's remind you that last nights results were provisional. That 00:21:43.769-->00:21:49.508 we run uh scoring inside the air gap scoring outside the airgap we wait until those 2 results 00:21:49.508-->00:21:53.846 agree and we are still working. There is a team working right now to run another verification 00:21:53.846-->00:21:58.551 round outside and that means that while we can name a second place and we can name first 00:21:58.551-->00:22:03.489 place third place is pending verification. So with that we're gonna announce another finalist. 00:22:07.193-->00:22:10.663 >>You never know what's gonna happen at account at a challenge. It's my great 00:22:10.663-->00:22:15.668 pleasure to introduce finalist Shellfish who built the mechanical fish. [applause] 00:22:59.378-->00:23:01.313 [music playing] [inaudible voices] [music playing] [applause] Announcing the second 00:23:01.313-->00:23:06.318 place winner of the cyber grand challenge Tech X who built the bot Zandra. [applause] [music 00:23:58.804-->00:24:05.611 playing] [applause] And now the winner of the DARPA cyber grand challenge For All Secure and 00:24:05.611-->00:24:10.616 their bot Mayhem [applause] [music playing] [hollering] [music playing] [music fades] 00:25:03.736-->00:25:07.306 [applause] >>So we're gonna close uh by inviting the captain of the highly legitimate 00:25:07.306-->00:25:12.311 business syndicate that runs Defcon capture the flag up onto stage. There he is. [audience 00:25:20.419-->00:25:25.457 laughter] [cheering] [applause] Welcome [applause] na now it's my understanding uh that you've 00:25:25.457-->00:25:30.462 been waiting a year now to make this challenge. So the mic is yours. >>Um I just have one 00:25:32.531-->00:25:37.536 question for Mayhem uh shall we play a game? [cheering] [hollering] [applause] 00:25:46.478-->00:25:48.480 [inaudible voices] [applause] >>it's on [laughter] [applause] >>The Mayhem cyber reasoning 00:25:48.480-->00:25:52.651 system will play in Defcon capture the flag hopefully starting around 11 30 uh we're 00:25:52.651-->00:25:56.221 not n quite sure when it's gonna start but I hope to see you there. Thank you very much for 00:25:56.221-->00:26:01.260 coming. Congratulations to eh everyone who played our game congratulations to our finalists 00:26:01.260-->00:26:06.265 congratulations to our winners. Thank you. [applause]