One Article Review
| Source |  GoogleSec |
|---|---|
| Identifiant | 8527971 |
| Date de publication | 2024-06-25 08:57:38 (vue: 2024-06-29 17:06:18) |
| Titre | Hacking for Defenders: Approches to Darpa \\'s Ai Cyber Challenge Hacking for Defenders: approaches to DARPA\\'s AI Cyber Challenge |
| Texte | Oliver Chang, Jonathan Metzman, OSS-Fuzz and Alex Rebert, Security EngineeringThe US Defense Advanced Research Projects Agency, DARPA, recently kicked off a two-year AI Cyber Challenge (AIxCC), inviting top AI and cybersecurity experts to design new AI systems to help secure major open source projects which our critical infrastructure relies upon. As AI continues to grow, it\'s crucial to invest in AI tools for Defenders, and this competition will help advance technology to do so. Google\'s OSS-Fuzz and Security Engineering teams have been excited to assist AIxCC organizers in designing their challenges and competition framework. We also playtested the competition by building a Cyber Reasoning System (CRS) tackling DARPA\'s exemplar challenge. This blog post will share our approach to the exemplar challenge using open source technology found in Google\'s OSS-Fuzz, highlighting opportunities where AI can supercharge the platform\'s ability to find and patch vulnerabilities, which we hope will inspire innovative solutions from competitors. |
| Notes | ★★ |
| Envoyé | Oui |
| Condensat | $cc after because google improving instead the this /proc/self/fd 000 1200+ 2024 a the ability accuracy across acts actually address advance advanced advancements advancing afl aflsyzkaller after against agency agent aithese aithis aixcc alex all also alternative amounts analysis analysisone another apply approach approach: approaches arbitrary are area aren art asking assist augmenting automated based baseline because become been before being bisection blog both break breaking brendan brute buffer bug build building but c/c++ can cannot capabilities careful caused challenge challenges challenges:validating challengesfor chang changes checked checking chose close cloudflare code combine combined come commit competition competitors compilation compile compiled complicated comprehension considered continues control could counters coverage crash crashes crashing created critical crs crucial culprit cyber cybersecurity darpa debug debugging: debuggingonce default defenders defenders: defense delta design designing different difficulties directly discover dmesg doesn dolan done dramatically during easily ecosystem effective efforts either:forcibly emerge enable enabled engineering engineeringthe engines ensure essential even every everyonecollaboration evidence exact example excited executes executing execution exemplar exercise existing expected expects experiments experts exploitability explore failures fake false fds file filter find finding finds first fit fix fixed fixing focus followed following force fork forking forkserver format forward found framework free from function functionality functions fuzz fuzzaixcc fuzzed fuzzer fuzzera fuzzing gavitt general generate generates generating generation get git google grow guided hacking had hard harness harnesses has have help high highlight highlighting highlights history hope hours how however idea identified impactednarrowing improve improving include include/exclude increased indeed infrastructure innovative input inputs inspiration inspire instrumentation integrate interesting interface invalid invest inviting issues iteratively its java jazzer jonathan just kasan kcov kernel key kicked ksan latter leaks legitimate leverages leveraging libfuzzer library/wrapper likely limit limitation limitations limitationsbuilding linked linux llm llms log longer looking made main mainly major make may meaning means memory metzman might misbehave more most necessary need needed new newly next non not nyu obvious off older oliver once one only open opens opportunities options:syzkaller order organizers orjust oss out outcomes over own parsing parts pass passes patch patched patches patchesusing patching path performance pipeline platform playtested pluggable points positives post potential pou pou:the power present prevented produce programs progressively projects promise promising prompt prompts proof provided proving public purpose qemu quickly ran rather reachability reached read reads reasoning rebert receive recently reliable relies representing reproducer required research result resulting reuse revert run running same sanitizer sanitizers script second secure security seed sequence sequences service setting shaped share shared show similar similarly size slow solution solutions some source specific speeds stack stacktrace stacktraces starts state static stdin step step: stored straightforward subtle such suggest suitable supercharge syscalls system systems syzkaller tackling takes teams techniques technology test testing tests them then these through tool toolchains tools top trace traditional traditionally trickier trigger triggers try turn two typically under understanding unless unlock unsupervised until upon use used useless userspace using validation various very virtualized vulnerabilities vulnerability walks way well what where whether which whitepaper whole widespread will within without work worked worsen wrap=main wrapper wrapping year years yet “patching “patching” “patch” |
| Tags | Tool Vulnerability Patching |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.