DARPA, the US military's research and development arm, has announced a programme designed to validate the security of commercial software by harnessing the brainpower of bored gamers across the globe.
DARPA's Verigames project aims to see if an army of gamers can find software vulnerabilities faster and more cheaply than traditional methods.
While the Defence Advanced Research Project Agency may create plenty of bespoke technologies, including the precursor to the modern Internet, it also handles the US military's requirements for commercial, off-the-shelf (COTS) products. The trouble with said products is that it can be difficult to guarantee their security - and doubly-so in a post-Snowden world
in which all closed-source software is to be viewed with an air of suspicion.
DARPA, like many other security research establishments, relies on a process known as formal verification - but the outlay in both compute resources and manpower to do this exhaustively on anything but the simplest software components has proven too much for even DARPA to bear. The answer? Harnessing the power of gamers' boredom.
'We’re seeing if we can take really hard math problems and map them onto interesting, attractive puzzle games that online players will solve for fun,
explained Drew Dean, DARPA manager for the freshly-launched Crowd Sourced Formal Verification Programme. 'By leveraging players’ intelligence and ingenuity on a broad scale, we hope to reduce security analysts’ workloads and fundamentally improve the availability of formal verification.
The system doesn't replace the powerful analysis engines and highly-trained software engineers employed by DARPA, but instead allows untrained gamers to handle the grunt-work while playing browser-based games. Using an engine that automatically turns each verification test into a puzzle, DARPA hopes to let gamers discover potentially-vulnerable code for later review by the experts - and all without ever having to know anything about the software under test.
Currently focusing on open-source software packages, for which DARPA can easily obtain and analyse the source code, the programme promises to boost security for all: any vulnerabilities found by DARPA under the CSFV programme will be communicated to project maintainers for investigation and patching.
The programme, which is launched to the public under the name Verigames, includes five browser-based puzzle titles: Circuitbot, an exploration-based title; Flow Jam, akin to the classic Pipe-Mania but significantly more complex; Ghost Map, a neural-network maze game; StormBound, a symbol-matching title; and Xylem, which appears to the user to be a plant-cataloguing game.
'This is one of the most ambitious development projects in the history of gaming,
' claimed Andrew Keplinger, president of Circuitbot developer Left Brain Games, of DARPA's Verigames. 'Circuitbot synergizes the thrill of interstellar exploration with the tactical decision-making of the strategy genre, while incorporating a hidden real-world crowd-source program that goes unnoticed, because gamers are having fun.
At present, Verigames is little more than a large-scale experiment to discover whether an army of untrained gamers can perform formal verification tasks faster and more cost-effectively than the traditional expert-led methods. Should it prove successful, however, DARPA could well become one of the most prolific publishers of puzzle games around as it seeks to maintain the interest of its volunteer army.
The Verigames portal
is live now, although active participation in the experiment requires signing up to the US Government's volunteer agreement - for which gamers will need to be 18 or above.