Researchers ask industry to develop trusted computing defenses for embedded computing against cyber attacks

March 31, 2025
Red-C seeks to explore algorithms to construct self-healing systems, by retrofitting firmware for bus components to function as forensic sensors.

ARLINGTON, Va. – U.S. military researchers are asking industry for ways to safeguard bus-based embedded computing systems from cyber attacks.

Officials of the U.S. Defense Advanced Research Projects Agency (DARPA) in Arlington, Va., have issued a broad agency announcement (HR001125S0005) for the Reclaiming Bus-based Systems During Compromise (Red-C) project.

Bus-based forensic sensors

Red-C will enable on-system recovery from cyber attacks by turning bus components into forensic sensors with introspection and peer component monitoring. The project seeks to create what essentially is a neighborhood watch for embedded computing components connected via buses. For this project, DARPA will focus on PCI Express and Compute Express Link (CXL) buses.

Red-C envisions a distributed approach to on-system detection and repair of cyber attacks, and would implement this trusted computing capability on current bus-based hardware via firmware updates.

Related: Trusted computing shields military computers from cyber thieves

Red-C seeks to explore algorithms to construct self-healing systems, by retrofitting firmware for bus components to function as forensic sensors that collectively monitor peers to detect, repair, and inoculate on-system during a cyber attack.

Many bus-based military systems are vulnerable to cascading implicit trust attacks, and system recovery is hindered by the lack of available forensic information, such as knowing which files have been corrupted, but not their original content, DARPA researchers say.

Instrumentation and response

Red-C’s approach to creating self-healing systems has two research focuses: instrumentation and response. Instrumentation seeks to improve bus monitoring by providing sensing of system behavior. Response, meanwhile, seeks to respond to cyber attacks to enable timely mitigation, remediation, and inoculation of the cyber attack.

Red-C seeks to impose a cost to the cyber attacker for exposing vulnerabilities to the defender, thus penalizing attempts to learn, as trying the door may ensure it is locked the next time.

Related: Understanding cyber attacks in embedded computing enables integrators and suppliers to consider options

Red-C will focus on Peripheral Component Interconnect Express (PCIe) and Compute Express Link (CXL) buses, and address three research challenges:

-- develop fine-resolution sensing by instrumenting critical components to monitor each other cooperatively;

-- develop distributed algorithms for components to act independently in a tasks ranging from attack detection to maximal recovery; and

-- demonstrate online bus reclaiming and firmware retrofitting to end cascading implicit trust flaws in modern buses.

Where to send proposals

Companies interested should submit proposals no later than 10 April 2025 to the DARPA BAA Tool online at https://baa.darpa.mil.

Email questions or concerns to DARPA at [email protected]. More information is online at https://sam.gov/opp/7ba3dac395f246df8c6b6a5f1596ffbc/view.

About the Author

John Keller | Editor-in-Chief

John Keller is the Editor-in-Chief, Military & Aerospace Electronics Magazine--provides extensive coverage and analysis of enabling electronics and optoelectronic technologies in military, space and commercial aviation applications. John has been a member of the Military & Aerospace Electronics staff since 1989 and chief editor since 1995.

Voice your opinion!

To join the conversation, and become an exclusive member of Military Aerospace, create an account today!