“Zero-day attacks require flaws in software,” Galois’ Wick said. “No matter what your ratio is between lines of code in a system and the number of flaws in a system, less software on a system means less lines of code, which means fewer flaws.”
When systems simply can’t meet existing security mandates, Archer advises developing new mandates from the ground up. “NIST offers a process for security assessment that flows from an understanding of adversarial capabilities, types and sensitivities of data or controls to be protected, and available budget,” Archer said. “Following this process, you can identify potential security risks specific to the system and then develop practices to secure the system against those risks becoming vulnerabilities.”
“Privacy, especially when it comes to data, can be difficult to pin down. Security measures are key, but when done wrong can add to the difficulty, making it hard for authorized users to effectively access the data they need. So the Defense Advanced Research Projects Agency has been funding research efforts to develop technologies that could help bridge troublesome privacy gaps.”
Galois today announced that its TAMBA project has been selected by Defense Advanced Research Projects Agency (DARPA) to measure the privacy, performance and utility of systems for its Brandeis program, which is focused on developing tools and techniques for building systems in which private data may be used only for its intended purpose and no other.
strong encryption is not the real issue that faces law enforcement now. In reality, strong encryption has been available for decades. The real issue that government agencies are facing today is actually easy, default, and ubiquitous crypto. Ease of use and security are both in the interest of the public, and in line with the White House cybersecurity priorities.
We know application security is one of the most important aspects of data security, but if software teams are moving more quickly than ever to push apps out, security and quality assurance needs to be along for the process. The flip side is minimum apps and features could mean less attack surface. To get some answers on the state of mobile app security and securing the MVP, we reached out to Isaac Potoczny-Jones research lead, computer security with a computer security research and development firm Galois.
With DDoS tools and hacking-as-a-service now available for purchase at virtually any Dark Web marketplace and effectively being advertised through public attacks, companies are understandably concerned. Even when caught midstream, it’s difficult to respond before servers start failing and other, more sophisticated attacks take aim at critical corporate data. As a result, dealing with DDoS has become a top priority for organizations like the DHS, which just awarded a $1.7 million contract to tech company Galois in hopes of strengthening DDoS defense.
Galois of Portland announced on Monday this week that the federal government has contracted the company to develop technology capable of countering DDoS attempts — elementary but often successful cyberattacks in which hackers cause a computer system to collapse by subjecting it to a sudden surge in traffic. Individuals ranging from politically-motivated hacktivists to state-sponsored cyberwarriors have relied on DDoS attacks to take entire systems offline. And yet while the lasting effects may be minimal, downtime suffered by the likes of a major financial institution — or, as Galois’ contract suggests, a government agency — may cause immeasurable damages.
Galois today announced it has been awarded a $1.7 million contract by the Department of Homeland Security (DHS) Science and Technology Directorate (S&T) to create technology that is capable of defending against large and sophisticated Distributed Denial of Service (DDoS) attacks. The contract is part of the DHS S&T Cyber Security Division’s larger Distributed Denial of Service Defenses (DDoSD) program.
Adam Wick leads the systems software group at R&D company Galois, Inc. Galois does research in formal methods, programming languages, OS, compiler engineering, and security. Adam has worked in a variety of fields from HW synthesis to web apps, but has recently focused on network and OS security. Amongst his current jobs, he also maintains HaLVM and oversees Galois’ projects using it.