Xandra: An autonomous cyber battle system for the Cyber Grand Challenge

Xandra in Las Vegas

Abstract

On 4 August 2016, DARPA conducted the final event of the Cyber Grand Challenge (CGC). The challenge in CGC was to build an autonomous system capable of playing in a capture-the-flag hacking competition. The final event pitted the systems from seven finalists against each other, with each system attempting to defend its own network services while proving vulnerabilities in other systems' defended services. Xandra, our automated cyber reasoning system, took second place overall in the final event. Xandra placed first in security (preventing exploits), second in availability (keeping services operational and efficient), and fourth in evaluation (proving vulnerabilities in competitor services). Xandra also drew the least power of any of the competitor systems. In this article, we describe the high-level strategies applied by Xandra, their realization in Xandra’s architecture, the synergistic interplay between offense and defense, and finally, lessons learned via post-mortem analysis of the final event.

Publication
In IEEE Security & Privacy, 2018
Anh Nguyen-Tuong
Anh Nguyen-Tuong
Principal Scientist
Jack W. Davidson
Jack W. Davidson
Professor of Computer Science

Jack Davidson is an ACM and IEEE Fellow. His research interests include compilers, programming languages, computer architecture, embedded systems, and computer security. His current research interests are focused on the areas of computer security, run-time management of applications running on multi-core systems, and computer science education.

Jason D. Hiser
Jason D. Hiser
Principal Scientist