Galois awarded $2.7M Navy contract to develop new cyber resilience capability

Galois, based in Portland, OR, announced on July 10 that it has been awarded a $2.7 million contract by the Office of Naval Research (ONR) to leverage software brittleness for cyber defense.

Modern military systems involve a vast array of software, which serves as an attractive target for adversaries. Protecting this software is challenging, as it often runs on legacy hardware that lacks modern cyber defenses. Furthermore, many software defense techniques impose unacceptable overheads for embedded and real time systems, which form the core of control systems for most air, ground, and naval vehicles.

With this project, Galois aims to harden control systems by using binary rewriting to add brittleness to legacy binaries. Brittleness causes programs to fail fast when under attack, which allows systems to quickly detect and disrupt cyber attacks and revert to known-good states. Coupled with the fault tolerance mechanisms that support critical systems, brittleness adds resilience to cyber systems. Galois aims to further develop and leverage its research on brittle software as a cyber defense to protect Navy-relevant software systems against control flow integrity attacks, code injection attacks, memory corruption, and overflow vulnerabilities.

“An adversary can wreak havoc if they gain control of a sensitive software system that is operationally-sensitive,” said Dr. Tristan Ravitch, Galois’ principal investigator on the project. “Many traditional cyber defenses strive to keep systems running when cyber attacks are detected.  Our approach aims to improve overall system resilience by triggering built-in system recovery methods as quickly as possible.  This allows the system to seamlessly restart in a known-good state while denying the attacker access to a running system.”

Each project phase will add new capabilities in the main research thrust areas: 1) new methods for adding brittleness to binaries 2) efficiency of brittle code, and 3) assurance through verification.

By the end of the project, Galois aims for the tool to be suitable for evaluation on Navy-relevant systems. Galois will identify suitable evaluation targets in coordination with the Office of Naval Research and Naval Surface Warfare Center.

Source: Galois