We know that software flaws can create vulnerabilities within a system. But a system’s design often impacts whether a software flaw can be exploited. For example, subtle differences between a system’s ideal design and its implementation can lead to different emergent run-time behaviors. These emergent behaviors can act like a “programmable weird machine” – making […]

The National Cryptologic Museum opened its doors to the public last week. As part of the exhibits, visitors will be able to interact with a quirky little car with a big claim: under the hood, it demonstrates hardware that can thwart many cyberattacks on automobiles. The BESSPIN Vehicle Demonstrator DARPA’s System Security Integration Through Hardware […]

Then the program makes a few stack allocations before the first call to @mk: Conclusion Pointer analysis is a foundational static analysis. We hope you’ve enjoyed learning a bit more about it! More information about cclyzer++ can be found in the project documentation.

We are pleased to announce that Galois is open-sourcing cclyzer++, a new pointer analysis for languages that compile to LLVM, including C and C++.  Pointer analysis is a foundational static analysis with applications to the problems of program optimization, verification, bug finding, and many others. At Galois, we designed cclyzer++ with two main use cases […]

Following our previous blog post, The Next Assembly Line, Galois continues our quest to invent tooling that can transform the DevOps process for developing and maintaining software. One of the unwritten pieces of common knowledge in software is that software rarely meets the models of design as implemented. As such, the notion of utilizing modern, […]

The Challenge At Galois, we verify and assure complex critical systems. Autonomous vehicles are prime examples of complex systems which operate in uncertain and unstructured environments. Autonomous driving decisions use Deep Neural Networks (DNNs) which are data-driven and can react in unsafe ways when faced with out-of-distribution driving scenarios. Rigorously assuring the safety of these systems […]

Galois is open-sourcing MATE, a suite of tools for interactive program analysis with a focus on hunting for bugs in C and C++ code. MATE unifies application-specific and low-level vulnerability analysis using code property graphs (CPGs), enabling the discovery of highly application-specific vulnerabilities that depend on both implementation details and the high-level semantics of target […]

Conclusion You’ve now seen most of the essential features of cclyzer++. The next post will explore some more advanced topics and bring it all together with a larger example.

Galois has long been an advocate of utilizing formal approaches, such as mathematics, models, data, artificial intelligence and more, to build better systems. Galois had the privilege to continue this advocacy by supporting the Dayton Digital Transformation Summit, which took place from August 2 – 4, 2022, in partnership with the Air Force Digital Transformation […]

At the Mining Software Repositories (MSR2022) conference in May, we presented our LAGOON tool resulting from the DARPA SocialCyber AIE, and led a discussion session on reducing complexity of machine learning. LAGOON provides a comprehensive platform for analyzing and investigating open-source software (OSS) communities for potentially malicious contributors. This is accomplished by ingesting multiple types […]