Blog archive

DARPA’s strategy for 100-year software

An axiom of systems design is that the more complex the system, the harder it is to understand and, therefore, the harder it is to manage. When it comes to cybersecurity, that principle is what bad actors rely on to get their malware through enterprise defenses -- where it can then squirrel away vital information or damage essential systems.

The complexity is partially caused the fact that modern software simply does not have the shelf life it used to. Back in the day, software was not expected to change much over a number of years, making it relatively easy to maintain.

Those days are long gone. The pace of innovation today means there is almost constant churn in IT technologies, with the introduction of new processors and devices that require significant changes to operating systems, application software, application programming interfaces (APIs), to mention a few. Use cases for these technologies can also change quickly, which means more modifications to software and system configurations are required.

Now consider future scenarios. With distributed devices and networking driving the Internet of Things, there may be no central point of intelligence.  We may not know what changes are being made to what systems, when, or by whom. How is that a good idea?

What's needed is a new way of looking at software development, aimed at ensuring applications can continue to function as expected in this rapidly changing environment. That’s what the Defense Advanced Research Projects Agency is looking for in a program it calls BRASS, for Building Resource Adaptive Software Systems.

Without some way of ensuring long-term functionality, DARPA warns, it’s not just software running websites or home thermostats that is at risk. “The inability to seamlessly adapt to new operating conditions negatively impacts economic productivity, hampers the development of resilient and secure cyber-infrastructure, raises the long-term risk that access to important digital content will be lost as the software that generates and interprets that content becomes outdated and complicates the construction of autonomous mission-critical programs.”

A new approach to building and maintaining software for the long term will lead to “significant improvements in software resilience, correctness and maintainability,” DARPA maintains. BRASS aims to automate discovery of relationships between computations that happen in IT ecosystems as well as the resources they need and discover techniques that can be used to dynamically incorporate algorithms constructed as adaptations to these ecosystem changes.

DARPA is obviously intent on trying to wrestle this issue of software complexity to the ground. A few months ago it kicked off its Mining and Understanding Software Enclaves (MUSE) program, which is aimed at improving the reliability of mission-critical systems and reducing the vulnerabilities of these large and complex programs to cyber threats. Late last year it outlined another program called Transparent Computing, which intends to provide “high-fidelity” visibility into the interactions of software components, with the goal of better understanding how modern computer systems do what they do.

DARPA has a reputation for blue-sky thinking, which goes along with its mandate of tackling high-risk, high-reward problems. It's not backing down from that in this new line of attack on complexity, since it describes the BRASS program as a way to create software systems that would remain robust and functional “in excess of 100 years.”

When it comes to software, however, it does have a decent track record. After all, in 1973 it kicked off a program to see how it could link various network data packets. That produced the Transmission Control Protocol (TCP) and the Internet Protocol (IP), they begat the ARPANET, the forerunner of the Internet.... and everyone knows what happened then.

Posted by Brian Robinson on Apr 10, 2015 at 12:19 PM

inside gcn

  • IoT security

    A 'seal of approval' for IoT security?

Reader Comments

Mon, Apr 13, 2015

Of course, spyware and such may not work if these interfaces change radically all the time. This means NSA may not be able to continue to break into these systems, nor will others, ie: bad actors. The moral, change systems, early and often.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above


HTML - No Current Item Deck
  • Transforming Constituent Services with Business Process Management
  • Improving Performance in Hybrid Clouds
  • Data Center Consolidation & Energy Efficiency in Federal Facilities