Defending networks is becoming increasingly harder, as adversaries are advancing far quicker than our defense techniques. In this guest blog post on Tripwire’s The State of Security blog, David Archer, research lead at Galois, talks about some of the reasons behind this asymmetry, and gives a few ideas on how network defense might catch up to the agility of attackers.
In this Software Magazine piece, Galois’ Isaac Potoczny-Jones writes about what vendors can do to build cyber security into their products from the start. “Cyber security should not be an afterthought in the software development process; it should be the first thought. As applications, systems and devices increasingly fall victim to hacks, vendors may be tempted to assume that business users and consumers have become desensitized to the problem. That adding two-factor authorization or offering three months of credit monitoring service will somehow wipe the slate clean with no damage done to brand perception, customer growth, and revenues. This is not the case. Building cyber security into the front end of the software development process is critical to ensuring software works only as intended.”
“Any system, as it gets more complex, the likelihood of a weak link in the chain grows,” said Isaac Potoczny-Jones, computer security expert with Galois. “So as cars get these integrated entertainment systems or wireless features, these open up avenues of attack.”
Soon after the 2014 midterm election, Kiniry and a fellow researcher published a paper that demonstrated how to hack into the PDF-based Internet voting system used by the state of Alaska.Voters there can choose to download and fill out a PDF ballot form and e-mail it back to the election official. This method has also […]
“For those who might recall an alarming story recently from “60 Minutes” regarding the potential for motor vehicles, smart homes and drones to be hacked, Galois’s new secure software might assuage such concerns. The tech company from Oregon recently announced it has developed “the world’s most secure [drone] software.””
“We’ve developed a new programming language that is provably free from those vulnerabilities,” Lee Pike, cyber-physical systems research lead for Galois, said in a statement. “The approach is to transition the programming language we’ve developed, called Ivory, to Boeing so that they can rewrite their systems.”
“If you caught CBS’ “60 Minutes” on Sunday, you got a glimpse of some of the work generated by downtown Portland-based Galois.”
“All kinds of experimental systems have been designed in the last 15 years,” said Joseph Kiniry, the principal investigator at the technology firm Galois who is researching the possibility of end-to-end verifiable online voting with the Overseas Vote Foundation. “But in general researchers are quite conservative about proposing that their system is ready for primetime. […]
John Launchbury, who founded Galois in 1999, is headed to Washington, D.C., this summer as project manager for the Information Innovation Office at the Defense Advanced Research Projects Agency (DARPA). Launchbury, previously the CEO of Galois, has left the company and is currently a research professor at Willamette University.