Tech talk: An Overview of Emerging Cybersecurity Policy and Law

abstract: Why is cybersecurity such a hard problem? The US government, its citizens, and the organizations that write software are all on the same team, but in many cases, our interests are just not aligned. For instance, there have been endless political and social disagreements about the best way to share cyber threat intelligence without […]

Read More

Applying Cryptol and SAW to Minilock Primitives

To commemorate the public release of the Software Analysis Workbench (SAW), it seemed fitting to blog about some recent work specifying algorithms in Cryptol and proving properties, leveraging SAW along the way. Cryptol, Galois’s domain specific language for describing cryptographic algorithms, has frequently been demonstrated over individual algorithms and toy problems. Our blog is covered […]

Read More

Announcing the Software Analysis Workbench

We are pleased to announce a public preview of the Software Analysis Workbench. The Software Analysis Workbench (SAW) provides the ability to formally verify properties of code written in C, Java, and Cryptol. It leverages automated SAT and SMT solvers to make this process as automated as possible, and provides a scripting language, called SAW […]

Read More

Tech talk: The CH2O project: making sense of the C standard

abstract: CH2O is the PhD project of Robbert Krebbers and has as its goal a formal version of the ISO standard of the C programming language. A problem with this is that the C standard is fundamentally inconsistent. There are three versions of the CH2O semantics: a (small step) operational semantics, an executable semantics, and […]

Read More

Tech talk: High Tech Amateur Rockets at PSAS

abstract: Portland State Aerospace Society (PSAS) is a student aerospace engineering project at Portland State University. We’re building ultra-low-cost, open source rockets that feature some of the most sophisticated amateur rocket avionics systems anywhere. Learn some of the history of the group, why steering a rocket is very, very hard, and what we’re doing to […]

Read More

Tech talk: From Haskell to Hardware via CCCs

abstract: For the last several years, speed improvements in computing come mainly from increasing parallelism. Imperative programming, however, makes parallelization very difficult due to the many possible dependencies implied by effects. For decades, pure functional programming has held the promise of parallel execution while retaining the very simple semantics that enables practical, rigorous reasoning. This […]

Read More

Tech Talk: Rust, its FFI, and PAM

abstract: Jesse has been using Rust to write a PAM module. He will tell us about what he has learned about working with Rust, and about getting Rust’s lifetime-checking to mesh with external C functions. bio: Jesse Hallett is a research engineer at Galois. He has extensive experience in web and high-level programming; but has […]

Read More

The “FREAK” TLS/SSL flaw, and related thoughts

“Formal verification methods…should be considered the prime choice for verification of complex and mission-critical software ecosystems.” New vulnerabilities in the software infrastructure we all depend on for privacy are discovered frequently. Thus it was not surprising when an INRIA, MSR, and IMDEA team announced discovery of a significant TLS/SSL vulnerability. The surprise in this announcement was […]

Read More

On the promises of technology for elections: Joe Kiniry speaks at the Voting and Elections Summit

Earlier this month, the Ninth Annual Voting and Elections Summit examined the most critical and persistent issues surrounding U.S. elections and voter participation. Joe Kiniry, Galois’ election systems expert, gave a talk on the promises of technology to increase the transparency and trustworthiness of elections. Dr. Kiniry discussed the trade-offs that election officials face when […]

Read More