This is a followup to our previous post, which introduces our research exploring new strategies for protecting legacy applications on the DARPA CFAR program. Briefly, our approach is to generate variants of a target application that behave the same when given benign input but different when given malicious input. Then we run a set of […]
Read More
On the DARPA CFAR program, the Galois “RADSS” team is developing new ways to mitigate memory corruption attacks against legacy C/C++ systems without requiring finding and fixing each individual bug. CFAR is about “Cyber Fault-tolerant Attack Recovery” and our general approach is: Given some application to defend, generate multiple variants of that application such that […]
Read More
Motivation The c2rust project exists to help bridge the fact that there is a lot of valuable software written in C and that there have been great strides in making safer and more-reliable programming languages since C was designed. Rust offers many modern improvements for C while still preserving the low-level control that makes it […]
Read More
This article originally appeared in the Spring 2018 edition of the U.S. Cybersecurity Magazine Much of cyber defense today relies on the same approach used in kinetic defense over the last few thousand years. We use hard perimeters (firewalls) to repel attacks, sentries (IDSs) to trigger incident response, and carefully guarded entry points (VPNs, websites) to […]
Read More
Earlier this month, the Paparazzi team released Secure pprzlink, an encrypted communication protocol for UAVs. While developing Secure pprzlink was a community effort, Galois supported Secure Pprzlink in part as an internal research project I was involved in, and in part as my innovation week project. Secure Pprzlink is an encrypted version of pprzlink. Pprzlink […]
Read More
2017 brought continued growth in concern about the trustworthiness of computing systems. The breadth of our work at Galois has grown correspondingly. We opened a third office in Dayton, Ohio, grew past 70 employees, and continue to actively hire. We are grateful to our partners and clients that have helped us successfully develop the projects […]
Read More
This article originally appeared in the Summer 2017 edition of the U.S. Cybersecurity Magazine More and more computation is being outsourced to public clouds such as Amazon’s GovCloud and Elastic Compute Cloud, RackSpace, and others. It’s the new “gig” economy for computer hardware. These cloud computers can be just as vulnerable as any other computer, […]
Read More
On Monday, the KRACK vulnerability to WPA2 was revealed in a paper by Mathy Vanhoef and Frank Piessens. KRACK enables a range of attacks against the protocol, resulting in a total loss of the privacy that the protocol attempts to guarantee. For more technical details on the attack, the website and the Key Reinstallation Attacks […]
Read More
Since August 2016, Galois has been funding the development of Matterhorn, a Haskell terminal client for the MatterMost chat system. Recently, our core development team—Jonathan Daugherty, Jason Dagit and myself—made the first public release of Matterhorn. In this post we’ll discuss our experience building it. All three of us—as well as several other coworkers—were used […]
Read More
At Galois, we’ve been investigating new ways to defend against very large distributed denial of service (DDoS) attacks. Under the DHS-funded DDoS Defense program, we’re developing 3DCoP: software that creates a “community of peers” that can detect and mitigate attacks together. We’re interested in attacks that can exceed 1 Tbps (terabits per second) of total […]
Read More