Galois Awarded $6 Million Office of Naval Research Project To Secure and Optimize Existing DoD Systems

The project will build a toolset enabling new ways of customizing and improving software even after development is complete

Galois today announced that it has been awarded a $6 million (base plus option) contract by the Office of Naval Research (ONR) to build a toolset that will enable DoD and commercial organizations to more easily retrofit legacy systems. The toolset aims to minimize the attack surface and optimize existing software for new environments without requiring vendor cooperation or source code.

For the Verified Debloating and Delaying (VADD) project, Galois is leading a project team that includes SRI International, Stanford University, and the University of Iowa. Galois will be responsible for overall technology development, primarily focused on restructuring compiled applications.

“Today it is very difficult for DoD and other government agencies to retrofit an existing system due to vendor lock-in and the costs and complexities of systems which can take decades to rebuild,” said Dr. Joe Hendrix, Principal Researcher at Galois. “The goal of VADD is to build a toolset that supports efforts by the Office of Naval Research to adapt systems to meet emerging threats.”

The project team will build a toolset for application debloating and delayering that produces optimized binaries from inputs given as existing binaries or source-compiled LLVM bytecode. The solution will integrate formal verification techniques to provide assurance that optimized programs preserve the semantics of the input program. VADD seeks to provide DoD greater flexibility in retrofitting existing systems or building new systems in a modular fashion.

The project will also address the verification and validation challenge of ensuring that transformations do not unintentionally change program behavior, and provide evidence-based formal assurance that the results are correct.

The VADD toolkit will be suited for individuals focused on securing software and operating it for an extended period of time, and who want the technical ability to modify it without re-building from scratch. While DoD applications are an initial focus, the project team believes there will be, over time, commercial applications for system integrators, automotive and other sectors.

For additional information on the VADD project, visit https://galois.com/project/vadd.

The project depicted is sponsored by the Office of Naval Research under Contract No. N68335-17-C-0558. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the Office of Naval Research.

About Galois

Galois has been performing computer science research and development since 1999. With many of the world’s foremost experts in computer science and mathematics and a world-class team of programmers and engineers, Galois is uniquely positioned to take on the world’s most difficult challenges in computer science. Galois is a trusted partner in the defense and intelligence industries, proving the feasibility of cutting-edge research as it applies to critical systems. Technology companies turn to Galois to build reliability, safety, and security into their product development efforts from day one. For additional information, visit https://www.galois.com.