I am truly honored to share that I have been named to MIT Technology Review’s prestigious annual list of Innovators Under 35 as a Pioneer. The award, first given by the magazine in 1999, celebrates young innovators who are poised to be leaders in their fields. Many amazing people have been given this award: Larry Page and Sergey Brin of Google; Mark Zuckerberg of Facebook; Max Levchin of PayPal. I am humbled to be in such great company.
Gideon Lichfield, editor-in-chief of MIT Technology Review, said: “MIT Technology Review inherently focuses on technology first – the breakthroughs and their potential to disrupt our lives. Our annual Innovators Under 35 list is a chance for us to honor the outstanding people behind those technologies. We hope these profiles offer a glimpse into what the face of technology looks like today as well as in the future.”
The award is a recognition of my work on Mayhem – the autonomous cyber reasoning system that competed in and won the DARPA Cyber Grand Challenge. While this award is inherently individual, I would like to recognize the amazing people that poured years of their lives into taking Mayhem from a research idea to the winning system, especially David Brumley, Thanassis Avgerinos, Sang Kil Cha, John Davis, Tyler Nighswander, Ryan Goulden and Ned Williamson. Every single one of them deserves this award as much as I do.
Mayhem: from research project to winning the DARPA Cyber Grand Challenge
Mayhem was originally started by David Brumley, Thanassis Avgerinos, Sang Kil Cha and myself at Carnegie Mellon University. We made advances in the area of formal verification of software programs that allowed our analyses to scale to larger software. Our work won an ACM Distinguished Paper award after finding thousands of bugs in linux software.
Over the past few years, I led the development of the Mayhem Cyber Reasoning System, which culminated in 2016 in two historic events: the DARPA Cyber Grand Challenge, the first all-machine hacking competition, which pitted 7 fully autonomous systems against each other, and DEFCON, which challenged 14 of the best hacking teams against a completely autonomous system.
Mayhem won first place and $2 million in the Cyber Grand Challenge. Mayhem then went on to compete against elite hackers at DEFCON, where it held its ground showing that 1st generation systems are already competitive with the world’s best hackers.
What machines (currently) lack in creativity, they make up for in speed, tenacity & scale. Mayhem analyzes thousands of programs in parallel in a few hours, a task that would take a human many years of tedious work. Mayhem can find thousands of bugs and previously unknown vulnerabilities in a day running on the cloud. In the time it takes an expert to open up a file, an automated system may have looked at hundreds.
Beyond the Cyber Grand Challenge: defending real-world systems
We’re on the cusp of the age of automated computer security reasoning, and we have to adapt the way we think about security accordingly. In a world where cyberattacks are becoming commonplace and are increasingly leveraged by nation states to disrupt weapon development, power grids, and elections, computer security becomes a national security issue. With the shortage of computer security experts and the increasing volume of software in our daily lives, relying solely on human expertise is insufficient and dangerous. Automated computer security tools are a necessity to protect ourselves.
To meet this need, we founded ForAllSecure with the vision to automatically check the world’s software for security vulnerabilities. We are actively working on adapting our cyber-reasoning technology to secure critical systems and infrastructure both in the public and private sector. If you would like to hear more about how Mayhem can be applied to your software, please go to https://forallsecure.com/pilot