Galois and Guardtime Federal Awarded $1.8 Million DARPA Contract to Formally Verify Blockchain-Based Integrity Monitoring System
Galois and Guardtime Federal today announced they have jointly been awarded a $1.8 million contract by the Defense Advanced Research Projects Agency (DARPA) to verify the correctness of Guardtime Federal’s Keyless Signature Infrastructure (KSI). The contract will fund a significant effort that aims to advance the state of formal verification tools and all blockchain-based integrity monitoring systems.
Galois is a leader in formal verification, a technique that goes beyond testing and evaluation to provide mathematical assurances that a system works only as intended in all cases. Verifying the correctness of Guardtime Federal’s KSI will demonstrate the scalability and practicality of formal verification methods as a means for establishing trust in critical systems.
Integrity monitoring systems like Guardtime Federal’s KSI detect evidence of advanced persistent threats (APTs) as they work to remain hidden in networks. APTs undermine the security of networks for long periods of time and have been central in many major network breaches. APTs carefully cover their tracks by removing evidence from system log files, adding information to “white-lists” used by security software, and altering network configurations. This project aims to verify the ability of keyless integrity monitoring systems to detect APTs and attest to the ongoing integrity of a system.
“Formal verification has evolved considerably over the past several years, but has only recently matured enough to tackle production-level software,” said Stephen Magill, Research Lead for Software Analysis at Galois. “This collaborative effort seeks to advance our understanding of the role that integrity analysis plays in system security and lead to improvements in formal verification tools and methods that will be applicable to other existing systems.”
“Guardtime Federal sees this formal verification of block chain and keyless infrastructure technology implemented to meet national security challenges as an amazing opportunity for our clients,” said David Hamilton, President of Guardtime Federal. “By subjecting our cyber defense infrastructure to this most sophisticated methodology we will test both typical and exotic boundary conditions enabling further refinements of our defenses for protecting the most precious national security secrets and configurations of operational systems.”
Data breaches cost the economy billions and affect government and private companies alike. One major factor in the severity of a breach is the length of time that the adversary can operate before being detected, which can often be months as they explore a network and identify the most valuable assets and data. Technology such as Guardtime’s KSI can be used to ensure intruders are unable to cover their tracks. Formal verification aims to provide mathematically grounded assurance that the KSI system will not be compromised no matter what the intruder does to subvert it. This provides a much stronger level of assurance than conventional testing, which typically only covers non-malicious or randomly generated data.
Galois has been performing computer science research and development since 1999. With many of the world’s foremost experts in computer science and mathematics and a world-class team of programmers and engineers, Galois is uniquely positioned to take on the world’s most difficult challenges in computer science. Galois is a trusted partner in the defense and intelligence industries, proving the feasibility of cutting edge research as it applies to critical systems. Technology companies turn to Galois to build reliability, safety and security into their product development efforts from day one. For additional information, visit www.galois.com.
About Guardtime Federal
Guardtime Federal has been providing digital integrity infrastructure and products in the US since 2015 with the objective to deliver capabilities originally developed in Europe by Guardtime into the US Government market (e.g. DoD, IC, DHS, and their support industry). Guardtime Federal offers Guardtime mathematics and architecture concepts in high-end tamper resistant hardware to protect industrial block chain software for defense related special purposes exploiting embedded or private networked environments.