Skip to content

DARPA Information Innovation Office – Compartmentalization and Privilege Management (CPM) – HR001123S0028

Home / Funding Opportunity / DARPA Information Innovation Office – Compartmentalization and Privilege Management (CPM) – HR001123S0028

DARPA Information Innovation Office – Compartmentalization and Privilege Management (CPM) – HR001123S0028

twitterlinkedin

DARPA is soliciting innovative proposals in the following technical areas:

  1. automated compartmentalization
  2. privilege enforcement
  3. evaluation support.

Proposed research should investigate innovative approaches that enable revolutionary advances in science, devices, or systems.

The objective of the CPM program is to develop a set of tools, along with supporting hardware and software infrastructure, to automatically restructure legacy complex software systems into performant limited-privilege compartments that prevent initial penetrations from turning into successful cyber-attacks. CPM technology will provide the capability to restructure a system into one that would prevent such campaigns from moving beyond their initial penetration.

The first phase of the CPM program will use an open-source Unix-like operating system (OS) (eg Linux, FreeBSD) as the target system for testing and evaluation. The choice of target OS is limited to widely used members of the Unix family of operating systems and does not include security-enhanced variants such as SELinux and L4Linux. Given the size of the code base for these operating systems, rather than targeting least-privilege compartmentalization of the entire operating system, the Government will select one or more OS subsystems to be used for measurement and evaluation. The second phase of the program will focus attention on applying the tools and capabilities to securing open-source user-space applications (eg web browser, web server, database management system).

DARPA anticipates funding multiple technical approaches and performers for TAs 1 and 2 and making a single TA3 award. Each proposal may address any single TA or a combination of TA1 and TA2. Proposers may submit multiple proposals.

CPM is planned as a 48-month program with a 30-month Phase 1 and an 18-month Phase 2.
Phase 1 will focus on technology development, specifically using a Unix-like OS such as Linux as the test and evaluation suite. Phase 2 will focus on scaling the technologies and will add userspace programs to the test and evaluation suite.

Full proposals due 6 June 2023.

Read more


Documentation for download

Broad Agency Announcement HR001123S0028-Amendment-01

You may be also interested in ...