“Underhanded C" Contest Highlights Challenges For Nuclear Arms Control Verification Technologies

Linus Åkesson of Lund, Sweden named winner of the 2015 Underhanded C Contest sponsored by Nuclear Threat Initiative

WASHINGTON, DC—Linus Åkesson has been named the winner of the 2015 Underhanded C Contest. This year’s contest, based on concerns about nuclear arms control monitoring and verification technologies, challenged programmers to solve a simple data processing problem by writing innocent-looking C code, while covertly implementing a malicious function. This year, for the first time, contest organizer Scott Craver, Ph.D., associate professor of electrical and computer engineering at Binghamton University, partnered with NTI.

The winner was selected based on a number of criteria including brevity, readability and plausible deniability of the intended error.  Åkesson will receive $1,000 and is featured on the Underhanded C contest page, along with the runners-up.

“The code Mr. Åkesson developed looks completely innocent, simple, short and readable, and it misbehaves under realistic conditions that can be engineered by an adversary,” said Professor Craver. “His approach is extraordinarily clever, and demonstrates how an inspector might be fooled into believing he’s looking at a real nuclear warhead that is, in fact, a fake. For all of these reasons, Mr. Åkesson’s program is our winner for the 2015 Underhanded C contest.”

Previous Underhanded C contests have challenged participants to write source code that easily passes visual inspection by other programmers, but includes hidden functionality that causes the code to miscount votes, shave money from financial transactions or leak information to an eavesdropper.

Today, there are no standards for writing and reviewing code for arms control verification applications. Random selections, blind buys and reverse engineering are all strategies to increase an inspector’s confidence in the integrity of the hardware, but there is no consensus on how best to develop trusted software.

“Mr. Åkesson’s submission shows the importance of authenticating software for arms control verification and monitoring,” said Page Stoutland, Ph.D. and NTI’s vice president for scientific and technical affairs. “This type of malicious program, in the real world, could let states take credit for disarmament without actually disarming.”

In addition to the Underhanded C Contest, NTI is working to address the implications of computer-based attacks on systems critical for nuclear security and safety.

About the Nuclear Threat Initiative

The Nuclear Threat Initiative (NTI) is a non-profit, non-partisan organization working to protect our lives, livelihoods, environment and quality of life now and for future generations from the growing risk of catastrophic attacks from weapons of mass destruction and disruption (WMDD)—nuclear, biological, radiological, chemical and cyber. Founded in 2001 by Sam Nunn and philanthropist Ted Turner, NTI is guided by a prestigious, international board of directors. Joan Rohlfing serves as president.

About the Underhanded C Contest

Founded by Scott Craver, a professor of electrical and computer engineering at Binghamton University, the Underhanded C Contest challenges computer programmers to write software with malicious functionality that could pass informal code review.  It serves as an intellectual challenge, as well as a demonstration of the difficulty of writing secure software.

NTI CONTACT: Cathy Gwin, 202-454-7706, gwin@nti.org

February 3, 2016
About

This year’s contest, based on concerns about nuclear arms control monitoring and verification technologies, challenged programmers to solve a simple data processing problem by writing innocent-looking C code, while covertly implementing a malicious function.

People
Dr. Page Stoutland, PhD
Dr. Page Stoutland, PhD

Vice President, Scientific and Technical Affairs