The newest version of Android (Android 6.0 Marshmallow) introduces a significant change in the way mobile apps handle permissions – a change that can cause applications to crash if developers do not test to see if the apps handle permissions properly. To address this app crash risk, Galois today announced the release of Fuse Analyzer: Permissions – a new tool capability that will, among other things, enable Android developers to pinpoint the changes they need to make, for their apps to work on Android 6 properly. Fuse Analyzer is part of Galois’ DARPA-funded tool developed for security analysts to evaluate Android app security.
Dr Joseph Kiniry, Galois’s election systems expert, will be speaking before the Elections Commission of San Francisco today on open source software and the benefits it will bring to elections technology. Dr. Kiniry will also touch on the barriers that have kept open software from manifesting in the elections world until now. The Elections Commission […]
While there are straightforward encryption solutions for data in transit and data at rest, data is usually unencrypted while it is being computed on, leaving it exposed to sophisticated attackers. In this guest blog post on Tripwire’s The State of Security blog, David Archer, research lead at Galois, explores a few methods of computing on data while it remains encrypted that are emerging from academic research and slowly becoming practical.
Dr. Aaron Tomb, research lead in Software Correctness at Galois, delivered the invited talk last Friday, Sept 25, 2015 at SAT 2015, the International Conference on Theory and Applications of Satisfiability Testing. In the talk Dr. Tomb walked through the properties of cryptographic code that are within the reach of existing solvers, and described some of the tools in applying SAT solvers to cryptographic algorithms.
Galois will build a tool that allows users to store and share private information online. The user-centric personal data storage system relies on biometric-based authentication and will be built securely from the ground up. As part of the pilot, Galois will work with partners to develop just-in-time transit ticketing on smart phones and to integrate […]
Defending networks is becoming increasingly harder, as adversaries are advancing far quicker than our defense techniques. In this guest blog post on Tripwire’s The State of Security blog, David Archer, research lead at Galois, talks about some of the reasons behind this asymmetry, and gives a few ideas on how network defense might catch up to the agility of attackers.
In this Software Magazine piece, Galois’ Isaac Potoczny-Jones writes about what vendors can do to build cyber security into their products from the start. “Cyber security should not be an afterthought in the software development process; it should be the first thought. As applications, systems and devices increasingly fall victim to hacks, vendors may be tempted to assume that business users and consumers have become desensitized to the problem. That adding two-factor authorization or offering three months of credit monitoring service will somehow wipe the slate clean with no damage done to brand perception, customer growth, and revenues. This is not the case. Building cyber security into the front end of the software development process is critical to ensuring software works only as intended.”
“Any system, as it gets more complex, the likelihood of a weak link in the chain grows,” said Isaac Potoczny-Jones, computer security expert with Galois. “So as cars get these integrated entertainment systems or wireless features, these open up avenues of attack.”
Soon after the 2014 midterm election, Kiniry and a fellow researcher published a paper that demonstrated how to hack into the PDF-based Internet voting system used by the state of Alaska.Voters there can choose to download and fill out a PDF ballot form and e-mail it back to the election official. This method has also […]