Research and Development company Galois and Guardtime Federal have announced they have jointly been awarded a $1.8 million contract by the Defense Advanced Research Projects Agency to verify the correctness of Guardtime’s Keyless Signature Infrastructure. The contract will fund an attempt to advance the state of formal verification tools and all blockchain-based integrity monitoring systems.
Galois provides formal verification, a technique that goes beyond testing and evaluation to provide mathematical assurances that a system works only as intended in all cases. Verifying the appropriateness of the Keyless Signature Infrastructure will demonstrate the scalability and practicality of formal verification methods as a means for establishing trust in critical systems.
Integrity monitoring systems such as Guardtime’s Keyless Signature Infrastructure detect evidence of advanced persistent threats as they work to remain hidden in networks. These threats undermine the security of networks for long periods of time and have been central in many major network breaches. They are also hard to detect as they remove evidence from system log files, add information to “white-lists” used by security software, and alter network configurations. This project hopes to verify the ability of keyless integrity monitoring systems to detect advanced persistent threats and attest to the ongoing integrity of a system.
Stephen Magill, Research Lead for Software Analysis at Galois, said: “Formal verification has evolved considerably over the past several years, but has only recently matured enough to tackle production-level software. This collaborative effort seeks to advance our understanding of the role that integrity analysis plays in system security and lead to improvements in formal verification tools and methods that will be applicable to other existing systems.”
President of Guardtime Federal, David Hamilton remarked: “Guardtime sees this formal verification of blockchain and Keyless Signature Infrastructure technology implemented to meet national security challenges as an amazing opportunity for our clients. By subjecting our cyber defense infrastructure to this most sophisticated methodology we will test both typical and exotic boundary conditions enabling further refinements of our defenses for protecting the most precious national security secrets and configurations of operational systems.”
Data breaches cost the economy billions and. One major factor in the severity of a breach is the length of time that the adversary can operate before being detected, which can often be months as they explore a network and identify the most valuable assets and data.
The difficulty of detecting a breach in the system is a significant factor in the amount of money that is lost which can run into the billions, affecting both government and private companies. Technology such as Guardtime’s Keyless Signature Infrastructure can be used to ensure intruders are unable to evade detection.