Formal Methods and the KRACK Vulnerability

On Monday, the KRACK vulnerability to WPA2 was revealed in a paper by Mathy Vanhoef and Frank Piessens. KRACK enables a range of attacks against the protocol, resulting in a total loss of the privacy that the protocol attempts to guarantee. For more technical details on the attack, the website and the Key Reinstallation Attacks […]

Read More

Matterhorn Experience Report

Since August 2016, Galois has been funding the development of Matterhorn, a Haskell terminal client for the MatterMost chat system. Recently, our core development team—Jonathan Daugherty, Jason Dagit and myself—made the first public release of Matterhorn. In this post we’ll discuss our experience building it. All three of us—as well as several other coworkers—were used […]

Read More

Simulating DDoS attacks with ddosflowgen

At Galois, we’ve been investigating new ways to defend against very large distributed denial of service (DDoS) attacks. Under the DHS-funded DDoS Defense program, we’re developing 3DCoP: software that creates a “community of peers” that can detect and mitigate attacks together. We’re interested in attacks that can exceed 1 Tbps (terabits per second) of total […]

Read More

Galois: 2016 highlights

2016 saw a remarkable increase in the awareness and impact of our work in provably secure software and high assurance critical systems. As the year comes to a close, we want to pause and reflect on the intellectual contributions that Galwegians have made as result of that work. Overview This year we partnered with Amazon […]

Read More

Part two: Specifying HMAC in Cryptol

This is the second in a series of three blog posts detailing the use of SAW and Cryptol to prove the correctness of the HMAC implementation in Amazon’s s2n TLS library. Part one: Verifying s2n HMAC with SAW. Part three: Proving Program Equivalence with SAW. In the first post, we described how we proved equivalence between a mathematical description […]

Read More

Part one: Verifying s2n HMAC with SAW

In June 2015, Amazon introduced its s2n library, an open-source TLS library that prioritizes simplicity. A stated benefit of this simplicity is ease of auditing and testing. Galois recently collaborated with Amazon to show that this benefit extends to verifiability by proving the correctness of s2n’s implementation of the keyed-Hash Message Authentication Code (HMAC) algorithm. To construct this […]

Read More

Update: FreeRTOS for Xen on ARM systems

We are pleased to release an updated version of our work on FreeRTOS for Xen on ARM systems. This release extends our port of FreeRTOS 7.6.0 to run on Xen 4.7. Highlights of this update include: Improved compatibility with new versions of Xen by using Xen’s guest device tree to obtain interrupt controller and Xen […]

Read More

Undirector of Engineering

At times, we have advertised to hire a Director of Engineering, but the first line of the job description says “Director of Engineering is a role, not a job title, and we don’t call it Director of Engineering anyhow.” What does that mean? To explain, I’d like to talk about two ideas driving how we […]

Read More

CyberChaff at Reed College

Formaltech, a Galois subsidiary, and Reed are excited to celebrate CyberChaff’s first month of service at Reed. Formaltech’s CyberChaff allows you to deploy low-cost, secure decoy hosts on a network. The hosts alert administrators when an attacker is detected while also slowing down key steps in the attacker’s workflow. In March, Galois and Formaltech engineers […]

Read More