Galois and Guardtime announced they have jointly been awarded a $1.8 million contract by the Defense Advanced Research Projects Agency (DARPA) to verify the correctness of Guardtime’s KSI® system. The contract will fund a significant effort that aims to advance the state of formal verification tools and all blockchain-based integrity monitoring systems.
Integrity monitoring systems like Guardtime’s KSI detect evidence of advanced persistent threats (APTs) as they work to remain hidden in networks. APTs undermine the security of networks for long periods of time and have been central in many major network breaches. APTs carefully cover their tracks by removing evidence from system log files, adding information to “white-lists” used by security software, and altering network configurations. This project aims to verify the ability of keyless integrity monitoring systems to detect APTs and attest to the ongoing integrity of a system.
Data breaches cost the economy billions and affect government and private companies alike.One major factor in the severity of a breach is the length of time that the adversary can operate before being detected, which can often be months as they explore a network and identify the most valuable assets and data.
Technology such as Guardtime’s KSI can be used to ensure intruders are unable to cover their tracks. Formal verification aims to provide mathematically grounded assurance that the KSI system will not be compromised no matter what the intruder does to subvert it. This provides a much stronger level of assurance than conventional testing, which typically only covers non-malicious or randomly generated data.