DARPA makes bug-spotting fun

A new way to scan several millions of lines of software code for vulnerabilities may have been discovered by the U.S. Department of Defense.

Scanning software for vulnerabilities sounds like a boring job as it involves plenty of checks. However, to liven up things, a group of computer scientists have made a game out of the same, dubbed Xylem.

Additionally, the Defense Advanced Research Projects Agency (DARPA) is instrumental in setting up a website called Verigames. This site offers five free games that can be played online, including Xylem (which is playable on the iPad). The five games are:

CircuitBot: Link up a team of robots to carry out a mission.

Flow Jam: Analyze and adjust a cable network to maximize its flow.

Ghost Map: Free your mind by finding a path through a brain network.

StormBound: Unweave the windstorm into patterns of streaming symbols.

Xylem: Catalog species of plants using mathematical formulas.

Verigames operates similarly to most crowd-sourcing projects, like SETI@homel, which deploys a users' computer to scan for extraterrestrial signals and Fold.it, which invites people to play online puzzles for protein folding.

"We're seeing if we can take really hard math problems and map them onto interesting, attractive puzzle games that online players will solve for fun," said Drew Dean, DARPA program manager, in a statement. "By leveraging players' intelligence and ingenuity on a broad scale, we hope to reduce security analysts' workloads and fundamentally improve the availability of formal verification."

Xylem is an iPad puzzle that will aid programmers in finding "loop invariants," which is an important aspect of software verification. The game has been created by a team led by SRI International and University of California at Santa Cruz, which has embraced "gamification" i.e. the use of game-like mechanics to make daily tasks fun.

This will not only make the process engaging via video games and puzzles, but will also help lower the work load of vulnerability analysts by "an order of magnitude or more."

Xylem will make the task of finding vulnerabilities entertaining, which in turn will make the ordinary consumers more alert and they can spot more bugs.

"The Xylem game leverages crowdsourcing techniques to search for proofs that software programs are free of vulnerabilities," said John Murray, program director in the computer science laboratory at SRI and principal investigator for the overall Chekofv project (short for Crowd-sourced Help with Emergent Knowledge for Optimized Formal Verification). "Pieces of software code are inserted into this engaging puzzle game, where players identify new plant species by spotting patterns in the plants' behavior on the island. The more people that play the game and correctly identify patterns, the more pieces of code are verified that they will work with the rest of the software program - it's like solving a gigantic jigsaw puzzle."

The games have been created in such a manner that when a player solves a puzzle to move to the next level of gameplay, the user is actually generating program annotations and mathematical proofs which are capable of identifying or proving the absence of flaws that exist in software that are written in either Java or C.

DARPA funds the games and Verigames via its Crowd Sourced Formal Verification (CSFV) program. However, because of government regulations pertaining to volunteer participants only 8 people are allowed to play. DARPA, however, hopes to create a game building community that will decrease the number of software errors in the long term.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Tags:DARPA
Join the Discussion
Real Time Analytics