Modern systems involve complex interactions between components acting in concert: vehicles contain hundreds of different computers, actuators, and sensors; online systems involve dynamically scalable suites of coordinated microservices; and even single-board computers involve complex interactions among many pieces of hardware IP, firmware, and system software. Galois’s suite of Rigorous Digital Engineering (RDE) tools are designed to help organizations track the dependencies between their components, understand the why behind their decisions, and provide insight into how they can make their systems better over time. RDE at Galois can also help organizations evolve high-assurance systems that reuse existing off-the-shelf components.
In particular, rigorous digital engineering helps our users:
- Define the domain in which they’re working to create structured, actionable requirements for their systems and concrete, machine-readable, agile models of their systems and system architectures. These artifacts can be used as part of the ongoing conversations between stakeholders about what the system is, what it must do, what it must never do, and what it might do in the future.
- Analyze the requirements and/or system artifacts to ensure that they meet the system’s safety and security goals. In many cases, this analysis involves first refining the requirements from the definition phase based on project-specific trade-offs: for example, “this data must be kept confidential” can be refined to “the data must be encrypted with AES-256/GCM at these points”, and then further refined against the model and component availability to state that “a software encryption capability meeting FIPS 140-2 standards must be added to this device.”
- Verify and validate that your system conforms to your understanding of what it should do. Galois’s deep expertise in both rigorous systems testing and formal verification can be combined with our digital engineering processes to provide you with continuous assurance that your system works and will continue to work, even as it is updated over time.
- Synthesize the results of this entire process into audit/certification-friendly documents for safety, security, and assurance review.
Critically, we recognize that your processes, methodologies, and tools are at the core of your engineering success, so we bring our tools to your platforms: there is no need to reinvent the wheel.
Further, we understand that while some parts of your system are within your control, a lot of it is not. As a result, our tools help you negotiate the best possible compromises between your aspirations and the realities you face. For example:
- In Cyber-Physical Systems: It may be that the perfect solution involves a hardware root of trust, but you simply cannot source the hardware to make that happen. We have implementations based on lighter-weight software solutions and can also provide you alternate controls to mitigate the resultant risk.
- In Microservice Architectures: It may be that a transition to cloud-hosted services can address many of your authentication and key management needs, but you have legacy applications that require an older, on-premises system. We can help you identify the gaps between the two and develop security and reliability mechanisms that allow you to safely continue to use your existing systems while preparing yourself for the future.
- In Safety-Critical Systems: It may be the case that none of your current systems has a strong assurance case, yet you need to fulfill some new safety-critical requirements. We can help you navigate and understand that need and find the most cost-effective means of assuring or replacing critical components of your architecture with new components that help you fulfill your safety requirements.
- In Transitioning to Digital Engineering: It may be the case that you have an existing bent-metal system that includes hardware, firmware, and software with unknown provenance, no architectural specification, and few requirements. We can help you extract your system’s requirements and architecture from existing engineering artifacts. Our tools can lift formal models from these, and we can help you transmute those models into executable specifications—digital twins—of the system you have today and build the system your client wants tomorrow.
Galois provides staged deployment of our RDE process in your organization, typically starting with a short (2-3 month) initial consultation. In this time, we help walk through your existing processes and work with you to identify the small, concrete improvements that can provide the most significant benefit for your money, as well as identify a roadmap for integrating our holistic approach to system assurance into your organization. From our initial consultation, you can either work through the rest of the roadmap on your own, or we can help build custom solutions that pair best-of-breed tooling with custom configurations and custom extensions for your environment.