Galois today announced it has been awarded a $6 million contract under a Defense Advanced Research Projects Agency (DARPA) program to develop a system to detect Advanced Persistent Threat (APT) cyber attacks in increasingly complex enterprise network and system environments.
Seven experts, including Galois Rigorous Software Engineering Lead Joe Kiniry, weigh in on the current use and practice of formal methods in cybersecurity. “FM researchers are pursuing two complementary paths. The bulk of the community continues to focus on foundations (what I call “pure FM”), while the rest of the community looks for opportunities to […]
Galois today announced that it has been awarded a $10 million contract by the Defense Advanced Research Projects Agency (DARPA) Cyber Fault-tolerant Attack Recovery (CFAR) program to make security vulnerabilities lurking in military and commercial legacy, embedded and other mission critical systems code bases unexploitable.
“For example one of the classic security vulnerabilities is a buffer overrun error which allows one function or data to come in and overwrite memory where its not supposed to, and that can be exploited by a hacker. So Galois developed languages that allow us to produce software that doesn’t have these types of memory vulnerabilities. We have used this language to reverse engineer a lot of the functionality on our research platforms, Boeing did the same thing on the unmanned little bird that they flew,”
Formaltech, a Galois subsidiary, and Reed are excited to celebrate CyberChaff’s first month of service at Reed. Formaltech’s CyberChaff allows you to deploy low-cost, secure decoy hosts on a network. The hosts alert administrators when an attacker is detected while also slowing down key steps in the attacker’s workflow. In March, Galois and Formaltech engineers installed CyberChaff on a core Reed network during Reed’s Spring Break, and have been slowly expanding the CyberChaff presence since then. During this period, Reed has been able to use CyberChaff to detect and address anomalies on their network.
Portland, OR – Galois today announced the launch of Free & Fair, a pioneering election technology company that offers high assurance, open source software and systems that enable truly verifiable, transparent and secure elections. Free & Fair intends to fundamentally change the way election technology is created and deployed, reducing costs for taxpayers while allowing […]
Most jurisdictions today are using election technology developed in the 1990s, and the typical voting system is running an operating system that is no longer vendor-supported, no longer has security updates (which couldn’t be applied anyway because of certification requirements) and relies on technology that wasn’t considered “cutting edge” even when it was purchased.
Enterprises are not willing to concede that extracting the full value of user data and preserving data privacy is an either/or proposition, and for that reason there is increased interest in implementing a personal data service (PDS).
The project is important, Ringle emphasized, because it will help “change the balance between the aggressors and the defenders.” “We are sitting ducks in a way. By banding together, by having these colleges and universities work with another and with Galois, it gives us a leg up. We can’t make the gap disappear entirely, but if we can close it so that we can react almost as fast as they can launch attacks, then that mitigates the damage that their attacks can do, and that makes us much more powerful in terms of defending our campuses and all the data that we manage.”
“Zero-day attacks require flaws in software,” Galois’ Wick said. “No matter what your ratio is between lines of code in a system and the number of flaws in a system, less software on a system means less lines of code, which means fewer flaws.”
We take pride in personally connecting with all interested partners, collaborators and potential clients. Please email us with a brief description of how you would like to be connected with Galois and we will do our best to respond within one business day.