HR001118S0040 Computers and Humans Exploring Software Security (CHESS) Frequently Asked Questions

Similar documents
DARPA BAA HR001117S0054 Posh Open Source Hardware (POSH) Frequently Asked Questions Updated November 6, 2017

Computers and Humans Exploring Software Security (CHESS) Program HR001118S0040

Question1: Is gradual technology development over multiple phases acceptable?

DARPA-BAA TRADES Frequently Asked Questions (FAQs) as of 7/19/16

Cyber Grand Challenge DARPA-BAA-14-05

DARPA-BAA EXTREME Frequently Asked Questions (FAQs) as of 10/7/16

DARPA BAA Dispersed Computing Frequently Asked Questions

DARPA BAA HR001117S0054 Intelligent Design of Electronic Assets (IDEA) Frequently Asked Questions Updated October 3rd, 2017

Adapting Cross-Domain Kill-Webs (ACK) HR001118S0043

WARFIGHTER ANALYTICS USING SMARTPHONES FOR HEALTH (WASH) Angelos Keromytis. Proposer s Day 16 May 2017

HR001118S0037 Frequently Asked Questions

29A: Hours may be used as the Base labor increment. 28Q: Are human in the loop solutions of interest for ASKE? 28A: Yes

Q: Do all programs have to start with a seedling? A: No.

27A: For the purposes of the BAA, a non-u.s. individual is an individual who is not a citizen of the U.S. See Section III.A.2 of the BAA.

DARPA 101. Dr. D. Tyler McQuade. August 29, Distribution Statement A (Approved for Public Release, Distribution Unlimited)

DARPA BAA Frequently Asked Questions

Commercial Solutions Opening (CSO) Office of the Secretary of Defense Defense Innovation Unit (Experimental)

Broad Agency Announcement

Commercial Solutions Opening (CSO) Office of the Secretary of Defense Defense Innovation Unit (Experimental)

DARPA-RA Young Faculty Award (YFA) Frequently Asked Questions (FAQs) as of 9/29/2017

HR001118S0027 FREQUENTLY ASKED QUESTIONS PALS

University of San Francisco Office of Contracts and Grants Subaward Policy and Procedures

OUTGOING SUBAWARD GUIDE: INFORMATION FOR UWM PRINCIPAL INVESTIGATORS VERSION 1, JULY 2015

Subrecipient Monitoring Procedures

ECHO BAA Guidelines. Approved for Public Release, Distribution Unlimited

DARPA-RA Young Faculty Award (YFA) Frequently Asked Questions (FAQs) as of 9/8/2017

Saving lives through research and education

DARPA-BAA Common Heterogeneous Integration and IP Reuse Strategies (CHIPS) Frequently Asked Questions. December 19, 2016

Commonwealth Health Research Board ("CHRB") Grant Guidelines for FY 2014/2015

Other Transaction Agreement (OTA) Management Office. Mr. Randal Gaereminck, Director 16 October 2017

Doing Business with DARPA

PROGRAM ANNOUNCEMENT FOR FY 2019 ENVIRONMENTAL SECURITY TECHNOLOGY CERTIFICATION PROGRAM (ESTCP)

Accelerating Commercial Innovation for National Defense

Request for Proposal (RFP)

Broad Agency Announcements. Joseph M. Goldstein

Quickguide to Creating a Proposal in Kuali Coeus

Improv DARPA-BAA Frequently Asked Questions (FAQs) as of 4/6/16

HR001118S0023 FREQUENTLY ASKED QUESTIONS

Broad Agency Announcement Geospatial Cloud Analytics (GCA) STRATEGIC TECHNOLOGY OFFICE HR001118S0004

DARPA-SN Molecular Scaffold Design Collective (MSDC) Frequently Asked Questions (FAQs) as of 4/6/18

REQUEST FOR PROPOSALS THE ROSE HILLS FOUNDATION INNOVATOR GRANT PROGRAM RESEARCH FELLOWSHIP APPLICATION

DARPA-BAA Broad Agency Announcement Blue Wolf Tactical Technology Office DARPA-BAA July 9,

REQUEST FOR WHITE PAPERS BAA TOPIC 4.2.1: ADAPTIVE INTELLIGENT TRAINING TECHNOLOGIES Research and Development for Multi-Agent Tutoring Approaches

EFFICIENCY MAINE TRUST REQUEST FOR PROPOSALS FOR TECHNICAL SERVICES TO DEVELOP A SPREADSHEET TOOL

Commonwealth of Pennsylvania

Saving lives through research and education

Release Date: Tuesday, March 14, 2017 Deadline for Submissions: Friday, April 14, 2017

Future Attribute Screening Technology (FAST) Demonstration Laboratory

WARFIGHTER MODELING, SIMULATION, ANALYSIS AND INTEGRATION SUPPORT (WMSA&IS)

OFFICE OF THE CIO STANDARD: 001 EFFECTIVE DATE: DECEMBER 03, 2007 INFORMATIONAL VERSION: 1.0

Request for Solutions: Distributed Live Virtual Constructive (dlvc) Prototype

REQUEST FOR PROPOSALS FOR PENSION ADMINISTRATION AND FINANCIAL SYSTEMS CONSULTING SERVICES

REQUEST FOR PROPOSALS JAMES H. ZUMBERGE FACULTY RESEARCH & INNOVATION FUND ZUMBERGE INDIVIDUAL RESEARCH AWARD

Request for Proposals:

Quality Management Plan

Trigger / Timing / Frequency: When a new award is received by the University and OSP determines that the award can be accepted.

Office of TWU s Hub for Women in Business Faculty Research Program

DARPA. Doing Business with

PROPOSAL INSTRUCTIONS

Student Technology Fee Proposal Guidelines Reviewed October 2017

Title: DRIVe EZ-BAA Solicitation Number: BAA SOL C Street SW Washington, DC 20201

Technical Questions and Answers for RFP-DEM Florida Statewide Comprehensive Risk Assessment and Vulnerability Analysis

Improv DARPA-BAA Frequently Asked Questions (FAQs) as of 4/29/16

AN OVERVIEW OF CLINICAL STUDY TASKS AND ACTIVITIES

PURCHASING DEPARTMENT

RFP No. FY2017-ACES-02: Advancing Commonwealth Energy Storage Program Consultant

Doing Business with DARPA

GUIDELINES FOR PREPARATION AND SUBMISSION OF NAVY STTR PHASE II PROPOSALS

FW: C5 Request for White Papers - C5-17-RWP Unmanned Aerial Vehicle (UAV) Developments for Undersea Applications. Members:

Commonwealth Health Research Board [CHRB] Grant Guidelines and Application Instructions for FY 2019/2020

BUTTE COUNTY DEPARTMENT OF WATER AND RESOURCE CONSERVATION REQUEST FOR PROPOSALS TO

Saving lives through research and education

Broad Agency Announcement

AUR Research and Education Foundation Strategic Alignment Grant

Hello. National Grants Management Association Monthly Training November 16, Eric J. Russell, CIA, CGAP, CGMS, MPA Crowe Horwath LLP

INDUSTRY DAY Real-time Full Spectrum Cyber Science & Technology ONR Contracts Proposal Preparation

Request for Proposals (RFP) for Police Body Worn Camera Systems and Video Storage Solutions For City of Boulder City, Nevada

Community Engagement Mini Grant Program

Company Formation Application Guidelines

OHIO TURNPIKE AND INFRASTRUCTURE COMMISSION

MUSC Center for Global Health Request for Applications (RFA) for Faculty Pilot Project Grants

Systematizing Confidence in Open Research and Evidence (SCORE)

California State University Program for Education and Research in Biotechnology (CSUPERB) 2017 CURRICULUM DEVELOPMENT GRANT PROGRAM SAMPLE

Small Grant Application Guidelines & Instructions

General Procurement Requirements

REQUEST FOR QUALIFICATIONS G ELLUCIAN (Datatel) COLLEAGUE CONVERSION TO MS SQL AND RELATED UPGRADES PROJECT

Sole Source/ Proprietary Request Form

Phnom Penh, Cambodia preferred, but work can be done remotely. Location : Application Deadline : July 20 th, Languages Required : English

MUSC Center for Global Health Request for Applications (RFA) for Faculty Pilot Project Grants

AES Competitive Grants FY 2017 Request for Proposals

Sponsored Projects Accounting For Grants and Contracts

Outgoing Subaward Guide and F-A-Qs

Venture Development Fund Request for Proposals

1 INTERNAL AUDIT SERVICES RFP

THE UNIVERSITY OF TEXAS AT ARLINGTON OFFICE OF GRANT AND CONTRACT SERVICES CLOSE-OUT PROCEDURE

Policy on Principal Investigators Duties and Responsibilities on Sponsored Projects

REQUEST FOR PROPOSAL FOR. Document Management System for a Tribal Governmental Organization PROPOSAL NO. FY2012/041

ACCOMPLISHMENTS: What was done? What was learned?

2016 Major Automated Information System Annual Report

Department of Defense INSTRUCTION. SUBJECT: In-House Laboratory Independent Research (ILIR) and Independent Exploratory Development (IED) Programs

Transcription:

HR001118S0040 Computers and Humans Exploring Software Security (CHESS) Frequently Asked Questions As of May 29, 2018 Q41: The provided definition of HSR is intervention or interaction with a living person that would not be occurring under usual circumstances is considered human subjects research. Does interaction include conversations, such as those during knowledge elicitation events? A41: The Government can only determine whether an interaction or intervention is considered HSR within the context of a full proposal. Q40: For joint proposals, can an HSR protocol that was approved for use by one team member institution be leveraged by other team member institutions without further IRB approval or action? A40: Each institution performing HSR work must have their protocol reviewed by an IRB who holds an assurance. An IRB may review work for a different institution, if the IRB agrees to do so. We recommend that you submit a plan as part of your proposal with the IRB's agreement memo to review other institution's protocols and what the plan is to deal with review of a collaborative project. You may find additional information on Human Use at DARPA at this link: http://www.darpa.mil/work with us/for small businesses/human animal research. As of May 23, 2018 Q39: May a team submit multiple proposals to TA2, potentially focused on different tasks? A39: Teams may submit multiple proposals to TA2 focusing on different tasks. Proposals for both may be selected for funding. It should be clear that the efforts are separate, and proposed in a way that does not assume availability of the other effort, in the case that only one is selected for funding. Q38: Please clarify how the Statement of Work (SOW) should define the periods of performance. Should it be per calendar year or per fiscal year? A38: The SOW should be defined per calendar year and assume a start date of November 1, 2018. Q37: Are Other Transaction Authority (OTA) vehicles allowed? A37: Per page 3 of the BAA, the types of instruments that may be award are procurement contracts or cooperative agreements. This includes, but is not limited to fixed price and cost reimbursement procurement contracts. Q36: Is there any guidance on proposers submitting as team members on multiple proposals, potentially over multiple TAs? A36: There is no guidance on how to team together or write a proposal. Submitting on multiple teams/proposals/tas is permitted under the BAA. However, conflicts of interest exist between TAs, so the Government has the latitude to make partial selections if necessary to deconflict potentially selectable proposals. Based on selected performers, the Government will seek to reduce duplicate effort and address any overleveraged personnel during contract negotiations.

Q35: Will proposals to TA1 or TA2 that only address a subset of the source code languages, compiled binary targets and/or vulnerability classes be viewed less favorably than more comprehensive proposals? A35: No, the Government has no preference on how many of the target source code languages, compiled binary targets or vulnerability classes are addressed by each proposal. The Government anticipates that the combined CHESS system will address all listed research areas through the collaborative efforts of all performers. Proposed efforts addressing a subset of these research areas will be integrated into the CHESS system by the TA5 performer. Proposed cost should be appropriate relative to the research area coverage of each proposed effort. As of May 2, 2018 Q34: I noticed the Electronic Submission System is requiring me to enter a dollar value when submitting my abstract. Since Cost is not required for the abstract, what should I enter? A34: Unfortunately, the system requires some number to be placed into the cost field. Enter any numerical value to satisfy the system s requirement, and DARPA will ignore that information for abstract processing. Q33: The online submission cover sheet template for the CHESS abstract requires a "Proposed Cost". Does this require high level detail or is it an estimate that may change with the detailed full proposal? A33: No cost data of any kind is required for CHESS abstracts. The focus of the abstracts should be on technical approach. The Proposed Cost field in the DARPA BAA Submission Website may be left blank or marked as N/A for any abstract submissions. Q32: Is an approved accounting system a requirement for selection? A32: No, an approved accounting system is not a requirement to be selected. Please thoroughly review the BAA and clearly structure the proposed SOW and milestone deliverables such that the Government can clearly understand the proposed technical approach. These milestone deliverables should be more substantial than a status report. Q31: If proposed development for TA1 or TA2 is also part of a public program analysis toolset, will TA4 be allowed to leverage these developments at evaluations? A31: This is a valid concern and will be addressed by the Government on a case by case basis. Q30: What level of technical expertise are CHESS human collaborators expected to have? A30: Human collaborators will fall into one of the classes of human subjects described in Section I.B of the BAA. Proposals may involve one or more of these classes of human collaborator. Q29: Should performers without clearances plan to attend the demonstration events? A29: TA5 performer team members with and without clearances should plan to attend the demonstration events. Demonstration events may involve unclassified presentations and discussions relevant to TA5 team members without clearances. Only TA5 team members should plan to attend demonstrations, no other TAs should plan to attend. Q28: Should part time students hired by university performers attend the kickoff, hackathon and evaluation events? A28: All significant technical contributors to the CHESS program should attend the kickoff, hackathon and evaluation events. In addition to promoting open technical exchange between

performers, these events will serve as PI meetings. It is up to the proposer to determine the appropriate attendees and include their travel costs in the proposal. Q27: Should TA1 propose specific novel representations or experiments to help determine what representations work best given target users and/or vulnerabilities? A27: TA1 proposers should describe how their approach will address the challenges described in the BAA. Q26: What should be included in an abstract? A26: Each abstract should only address a single TA and shall not exceed a maximum of 5 pages including the cover sheet and all figures, tables, and charts. Proposers submitting abstracts are encouraged to keep their submissions succinct and focused on their technical goals, technical plan and a high level statement of work. See Section IV.B of the BAA for more details. Q25: Are combined proposals incorporating both TA1 and TA2 allowed? A25: No. Per the BAA, Each abstract and proposal submitted against this solicitation shall address only one (1) TA. Organizations may submit multiple abstract/proposals to any one TA, or they may propose to multiple TAs. Q24: How many Challenge Sets should be provided by TA3 at each milestone? A24: TA3 proposers should provide as many Challenge Sets as they believe will best address the CHESS program requirements. Q23: Are university students in scope as test subjects? A23: Yes, provided the students meet the criteria of at least one class of human subjects described in Section I.B of the BAA, and all test interactions are part of an IRB approved protocol. Q22: How many TA1 and TA2 awards will there be? A22: The Government anticipates multiple awards in TA1 and TA2. Q21: Will having physically distributed teams be viewed unfavorably? A21: No, but a poorly documented management plan to mitigate any potential weaknesses in the proposed approach may be viewed unfavorably. Q20: Are compiled binary targets limited to desktop/server hardware features, or should nontraditional hardware features such as cyber physical sensors be considered. A20: The Government team will work with TA3 to ensure the Challenge Set corpora will be representative of the diversity and complexity of real world software. Q19: What is the best approach for submitting a joint proposal, including government entities? A19: The Government cannot answer how best to submit a proposal. What is important for any government agency is to justify that you can legally propose against and receive funding under this BAA. Q18: Is there a preference for industry led or university led teams? A18: The Government has no preference, whatever is most appropriate for your technical approach. Q17: Is there a preferred team size or limit on the number of organizations on a team? A17: The Government has no preference. It is up to the proposer to determine what is most appropriate for the proposed technical approach.

Q16: Should TA1 place higher emphasis on novel representations, novel augmentations to existing tools or novel workflows entirely? A16: The Government cannot dictate proposed approaches, but all proposed technical approaches should be convincingly justified. Q15: Is machine learning in scope for TA1 or TA2? A15: Any technology that addresses the goals of the CHESS program, and is not specifically disallowed by the BAA, is in scope. Q14: How will inputs and outputs between collaborating TAs be defined and what assumptions can proposers make about these interactions? A14: Please review all sections of the BAA, not just those to which you are considering proposing. This will provide a thorough understanding of the required collaborations, inputs and outputs. Q13: Are techniques for humans assisting in targeted patching in scope? A13: Yes. Computer human collaboration for any of the TA2 tasks is in scope. Q12: Will the artifacts from the CGC be made available for use by performers? A12: Many CGC artifacts (challenge sets, network captures, infrastructure, etc.) are already publically available. CHESS performers will not be given access to any non public CGC artifacts. Q11: Will data from all TA2 performers be available to each individual human collaborator? A11: TA1 approaches may involve any and all data produced by TA2. The specifics of any data aggregation or sharing will be a point of collaboration between TA1 and TA2, per the BAA. Q10: May TA4 performers participate as HSR for TA1? A10: Yes, but TA1 should not assume Government provided access to TA4 performers beyond the collaboration as described in section I.E of the BAA. Q9: Is program analysis that generates a partial solution to be evaluated by a human in scope? A9: Yes, if the proposed technique addresses the criteria of TA1 or TA2. TA1 proposals should convert insights from human observations into measurable, succinct, consistent characteristics of successful vulnerability discovery. TA2 proposals should focus on program analysis techniques that human collaborators can assist with and what level of expertise (expert hacker, novice hacker or non hacker) is required... All proposals must be able to meet the program objectives for vulnerability class coverage and speed. The objectives are described in Section I.E of the BAA. Q8: How will binary patching be evaluated? A8: Per the BAA, Generated patches should address detected vulnerabilities completely and specifically without interfering with normal program behavior. Specific metrics will be determined by TA5 with input from TA2 and TA3. Q7: Does the Government prefer single task TA2 proposals? A7: No, proposers should address both tasks if they believe their approaches to both are strong. Per the BAA, The Government prefers focused proposals on a single TA2 task rather than shallow proposals covering both TA2 tasks. Approaches that address both tasks should be structured as distinct and separable tasks in the SOW. Q6: Can you say something about the sophistication level of the UI you expect for TA1? A6: The sophistication level of the UI should be appropriate for the proposed technical approach. Q5: Are solutions that perform hybrid source and binary analysis without diffing in scope for TA2? A5: Source assisted analysis that involves the compiled binary (hybrid) is in scope, but is considered source assisted. Any analysis techniques that involve diffing are out of scope.

Q4: What does a PoV look like for semantic vulnerabilities? A4: Per the schedule in the BAA, TA3 will provide all other TAs with PoV Specifications describing the qualities and requirements of PoVs for each vulnerability class. While the ultimate responsibility of TA3, the development of the PoV Specifications will be collaborative between all TAs. TA3 will also provide example Challenge Sets, including example PoVs, to all other TAs. Q3: Will TA2 have access to Service Pollers for Challenge Sets? A3: Per the schedule in the BAA, TA2 will be provided example Challenge Sets, including example Service Pollers, for each vulnerability class. During evaluations, TA2 will not be given the evaluation Service Pollers. Q2: What is the overall program funding? A2: The Government will not be releasing that information. Q1: Can a performer be a prime on TA1 or TA2, and also be a subcontractor on TA3, TA4 or TA5, assuming appropriate measures are taken to segment the work? A1: Entities may submit proposals for all five TAs, as primes and/or subcontractors. An entity proposing to both TA1 and TA2 may be selected to work on both TAs. Entities selected for TA3, TA4 or TA5 will not be selected for any other technical area. The decision as to which proposal(s) to consider for award is at the discretion of the Government.

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback