Event RPE: The Gaps in the Armor
RPE: The Gaps in the Armor
Date: TBD, 2019 | Location: DreamPort Facility in Columbia MD
Wikipedia claims the word 'armor' is dated from 1297 and is described as "mail, defensive covering worn in combat". The concept of armor has evolved for more than seven hundred years into systems like our soldiers use today such as the United States Army Interceptor Body Armor and the Plate Carrier Generation III. Any wearable technology which keeps a soldier safe while weighing less than current armor carriers is an exciting proposition. These platforms carry small arms protective inserts (SAPI) ballistic plates to stop a variety of projectiles but it is impossible to cover the entire body leaving gaps that place the wearer at risk.
One of the interest areas of the team here at DreamPort is the application of low-power, lightweight mobile computing platforms to solve today's and tomorrow's problems especially those that can empower our warfighters. What kinds of armor are available for a mobile device when it is deployed? In this RPE, we will be looking for complete solutions to host a series of software packages or solutions to 'harden' a software product on a mobile computing platform. DreamPort will provide the software that must run (e.g. website, database, etc.) while the participants must choose the execution platform, hardware configuration (aside from battery power, solution must run on battery) and then they must take every possible step to harden their solution against attackers both physical and electronic (e.g. offensive cyber exploitation). Participants will be given three main ingredients to 'bake' their solution:
- Software Deployment Instructions
From here, the will be given a small number of computing platforms (e.g. Raspberry Pi and others) and they must choose one (choose wisely) and finally a variety of ingredients (e.g. environmental sensors, wire, solder) that they can add to their solution. Not every ingredient will be useful, the participants should choose carefully.
The software participants deploy will have vulnerabilities in the source code which they may not remove. Instead, participants will have the option to add software hardening to their solution after which they must deploy their completed product onto our battlefield where it will be subject to exploitation attempts by DreamPort personnel. Their final solution must provide the same interfaces a user would see if they used a virtualized or bare-metal server deployment of the same packages (e.g. the website must remain available).
Participants may design automated response actions if their solution detects attacks provided, they store some evidence of the attack for later review.
Participants will be evaluated on the following criteria:
- Did their solution provide the software interfaces during exploit attempts?
- Did their solution run on battery power?
- Did their solution prevent the software vulnerabilities from being exploited?
- Did their solution respond to physical attacks?
- Vulnerability Scanning
- Soldering, Basic Wiring (Power, Ground, I2C)
DreamPort isn't looking for a fully functional product, instead we are searching for the set of hardware and software modifications made to offer a resilient software platform that could run in the field. Specifically, we want to identify:
- Which computing platform was chosen?
- What modifications were made to the hardware platform?
- What software alterations were added to the solution?
- What responsive actions were added to the solution?