Invited talk: Applying Satisfiability to the Analysis of Cryptography

Dr. Aaron Tomb, research lead in Software Correctness at Galois, delivered the invited talk last Friday, Sept 25, 2015 at SAT 2015, the International Conference on Theory and Applications of Satisfiability Testing. In the talk Dr. Tomb walked through the properties of cryptographic code that are within the reach of existing solvers, and described some of the tools in applying SAT solvers to cryptographic algorithms.

Read More

NSTIC commits $3.7 million to new round of identity pilot programs

ZDNet

Galois will build a tool that allows users to store and share private information online. The user-centric personal data storage system relies on biometric-based authentication and will be built securely from the ground up. As part of the pilot, Galois will work with partners to develop just-in-time transit ticketing on smart phones and to integrate […]

Permalink

Asymmetric Network Defense: Guest blog post by David Archer

The State of Security

Defending networks is becoming increasingly harder, as adversaries are advancing far quicker than our defense techniques. In this guest blog post on Tripwire’s The State of Security blog, David Archer, research lead at Galois, talks about some of the reasons behind this asymmetry, and gives a few ideas on how network defense might catch up to the agility of attackers.

Permalink

Strategies for Building Cyber Security into Software Development

Software Magazine

In this Software Magazine piece, Galois’ Isaac Potoczny-Jones writes about what vendors can do to build cyber security into their products from the start. “Cyber security should not be an afterthought in the software development process; it should be the first thought. As applications, systems and devices increasingly fall victim to hacks, vendors may be tempted to assume that business users and consumers have become desensitized to the problem. That adding two-factor authorization or offering three months of credit monitoring service will somehow wipe the slate clean with no damage done to brand perception, customer growth, and revenues. This is not the case. Building cyber security into the front end of the software development process is critical to ensuring software works only as intended.”

Permalink

Secure drone software evades hackers

GCN.COM

“For those who might recall an alarming story recently from “60 Minutes” regarding the potential for motor vehicles, smart homes and drones to be hacked, Galois’s new secure software might assuage such concerns. The tech company from Oregon recently announced it has developed “the world’s most secure [drone] software.””

Permalink

Pentagon wants unhackable drone helicopters by 2018

Engadget

“We’ve developed a new programming language that is provably free from those vulnerabilities,” Lee Pike, cyber-physical systems research lead for Galois, said in a statement. “The approach is to transition the programming language we’ve developed, called Ivory, to Boeing so that they can rewrite their systems.”

Permalink