The Future of Cyber-autonomy

Presented as part of the 2018 HCSS conference.

BIO

David Brumley is the CEO and co-founder of ForAllSecure, and a Professor at Carnegie Mellon University in ECE and CS. ForAllSecure's mission is to make the world's software safe, and they develop automated techniques to find and repair exploitable bugs to make this happen.  Prof. Brumley previously was the Director of CyLab, the CMU Security and Privacy Institute. Brumley's honors include a United States Presidential Early Career Award for Scientists and Engineers (PECASE) from President Obama, a 2013 Sloan Foundation award and numerous best paper awards. Prof. Brumley is also advisor and a founding member of PPP, one of the world's most elite competitive hacking teams.

ABSTRACT

My vision is to automatically check and defend the world's software from exploitable bugs.  In order to achieve this vision, I am building technology that shifts the attack/defend game away from the current manual approaches for finding and fixing software security vulnerabilities to fully autonomous cyber reasoning systems.

In this talk, I will describe the DARPA Cyber Grand Challenge, the first effort to create a fully autonomous cyber security system. I'll focus on Mayhem, built by ForAllSecure. Mayhem  can find new vulnerabilities, generate exploits, and self-heal off-the-shelf software. Mayhem is the result of 10 years of academic research and 2 years of commercial development. Mayhem competed and won a $2 million dollar prize in the US Cyber Grand Challenge competition co-hosted at DEFCON 2016.  I will describe how Mayhem works, the Cyber Grand Challenge competition, and how Mayhem fared against the world's best hacking teams.  I will also describe how Mayhem, and other autonomous systems like it, will change the security landscape in the next decade.