Next Generation Technologies Fund – Symbolic Execution for Rapid Threat Analysis (High priority) (expired)
Automated analysis of software binaries through techniques such as symbolic execution has shown potential to be a game-changing technology for computer security. However, current work in this area focuses on vulnerability or bug detection/discovery and is computationally expensive (requiring significant computing resources and/or time for analysis).
A promising new application for symbolic execution is for rapid threat analysis to understand the behaviour of unknown software discovered by incident response teams, to identify potentially malicious code and its consequences. In a military incident response context, knowledge of the effects of malicious software on a wider system is key to determining remedial actions that preserve fight-through.
This requires a new methodology for symbolic and concolic analysis in which a key goal of the process is to accurately model the effect of a binary on the wider system and develop analysis techniques that support this methodology. Importantly, applying symbolic execution as part of incident response requires approaches that can deliver useful results in as little as a few minutes in a computationally efficient manner. This will require new approaches to prioritise the exploration of execution paths during symbolic execution and the development of alternatives or improvements to constraint solvers.
The long-term goal of this research program is to develop symbolic execution techniques that enable portable and practical tools for use in responding to previously unknown cyberattacks as they occur.
This opportunity is open to all registered Australian Universities and Australian Publicly Funded Research Agencies.
- Successful applicants must be able to meet the milestones and timelines outlined in their submission.
- Successful applicants must enter into a Data61 University Collaboration Agreement.
- Successful applicants will enter into the appropriate contracting arrangement within 3 weeks of announcement.
Terms and conditions
Proposals submitted will be assessed equally on the following criteria:
- Alignment to Defence strategy and the project priorities articulated in this document
- Future science criticality
- Collaboration depth (e.g. Collaboration with DST staff, Data61 staff, other universities, an industry partner, etc.)
- Delivery of outcomes (e.g. the ability of the proposal to deliver the agreed outcomes and milestones).
- Game changing potential to Defence
Please limit submissions to no more than 2000 words. Ensure that all contact details, current and potential DST, Data61 collaborators and/or research partner details are on a separate page/covering sheet. The proposals will be de-identified during the selection process to eliminate any potential conflicts of interest.
Defence and Data61 reserves the right to fund all, some or none of the proposals received under this Call for Applications.
Contracts and Intellectual Property
Successful applicants will be required to enter into a Data61 University Collaboration Agreement and a subsidiary Collaborative Research Project Agreement with Data61 in order to access project funding. Data61 will enter into contracts with the lead party in each proposal.
Any IP generated as part of the projects will vest in Data61 unless otherwise agreed, and Defence will receive a license for Commonwealth purposes only.
Any Commonwealth funding contributed to the projects will be paid in accordance with successful completion of milestones and as negotiated by the parties. Where circumstances necessitate it is possible for a small payment to be made upon execution of the agreement and in accordance with Defence procurement rules.
How to apply
Please submit via the DST portal.
Proposals are to be submitted by 4.30pm Australian Eastern Daylight Time (AEDT), 15 August 2018. Only projects submitted via email to Cyber-NGTF@dst.defence.gov.au by the above deadline will be considered in this round.
For further information or assistance, please contact: