BAE to Protect Digital Files From Cyber Threats

CYBERSECURITY

BAE to Protect Digital Files from Cyber Threats

2/13/2020
By Connie Lee

iStock photo

BAE was recently awarded a contract by the Defense Advanced Research Projects Agency to develop technology for identifying malicious data in electronic documents such as PDF files.

The contract falls under a program dubbed Safe Documents, or SafeDocs, which is intended to prevent vulnerabilities within files and safeguard them from threats such as cyber warfare. The program is run out of DARPA’s Information Innovation Office.

Steve Huntsman, principal investigator for the effort at BAE, said the company’s work will help prevent documents from experiencing malfunctions, such as crashing. Many of these incidents occur when inputs are not processed correctly, he noted.

“The rationale behind the program is that — arguably — most of the vulnerabilities in software are due to inputs that are processed improperly,” Huntsman said. “There are documents that are malformed in some way, and those could result in crashes.”

To fix these problems, the company is developing two primary tools, which are still under research and development.

The first is geared towards encoding data safely into the software by determining the safest syntax to use in electronic data formats. The second is used to help developers avoid input-handling vulnerabilities. This will help stave off cyberattacks, he noted.

“They need to be properly formatted,” he said. “There are attacks against web browsers that are due to malformed inputs. And if you just specify what syntax should be permissible and actually adhere to that, then these attacks don’t have a foothold.”

BAE held a demonstration for the program in December, during which it examined PDF files for vulnerabilities, Huntsman said. An additional event is slated for March.

“The purpose of the demonstration was to use our tools to — at a basic level — determine which inputs were permissible and which ones weren’t,” he said. “I think it’s fair to say that we performed well at the event.”

The company is partnering with American University, he said. Work is taking place in Arlington, Virginia, and Burlington, Massachusetts, according to a BAE news release.

Topics: Cyber, Cybersecurity, Infotech

Comments (0)

Name *

Email *

Comment *

Please enter the text displayed in the image.

Characters *

Legal Notice *

NDIA is not responsible for screening, policing, editing, or monitoring your or another user's postings and encourages all of its users to use reasonable discretion and caution in evaluating or reviewing any posting. Moreover, and except as provided below with respect to NDIA's right and ability to delete or remove a posting (or any part thereof), NDIA does not endorse, oppose, or edit any opinion or information provided by you or another user and does not make any representation with respect to, nor does it endorse the accuracy, completeness, timeliness, or reliability of any advice, opinion, statement, or other material displayed, uploaded, or distributed by you or any other user. Nevertheless, NDIA reserves the right to delete or take other action with respect to postings (or parts thereof) that NDIA believes in good faith violate this Legal Notice and/or are potentially harmful or unlawful. If you violate this Legal Notice, NDIA may, in its sole discretion, delete the unacceptable content from your posting, remove or delete the posting in its entirety, issue you a warning, and/or terminate your use of the NDIA site. Moreover, it is a policy of NDIA to take appropriate actions under the Digital Millennium Copyright Act and other applicable intellectual property laws. If you become aware of postings that violate these rules regarding acceptable behavior or content, you may contact NDIA at 703.522.1820.

I have read the legal notice.