More than incremental thinking needed.
The system assurance problem is multifaceted and can be best analyzed from a game-theoretical point of view. On one hand, we have all the effort put in to provide security. On the other hand, a much easier task, is to exploit weaknesses – even a single vulnerability can cause havoc in an otherwise perfectly built system. In general, any system comes with attack surfaces that can be taken advantage of. Most security solutions in fact add more attack surfaces. The balance is clearly in favor of an adversary. The fundamental problems that BlueRiSC’s innovations address are related to these above aspects.
(i) Foundational Security
How to build trust without increasing attack surfaces? In fact, we would want to have a solution that reduces them. BlueRiSC innovations focus on so called roots of trust to address this in unique ways. Its software approach for mobile devices carefully balances usability with security. Its softcore secure processor cores support unique instruction sets and features per device, for ironclad security in embedded systems with FPGAs.
(ii) Proactive vs Reactive
The majority of so called zero-day attacks go unnoticed. The Heartbleed vulnerability that was at the core of Internet servers could have been exploited without anyone ever knowing. It was a silent vulnerability that left no system change. Solutions that simply look for change do not work. Solutions that are reactive to a known threat are always behind. BlueRiSC innovates in fundamental approaches that can characterize vulnerabilities and heal them without knowing the actual threat.
(iii) Not Overburdening Users
Have you seen the security approaches that ask questions for a user to agree to? They don’t work because after a while users simply ignore them and answer randomly.
(iv) Convenience in Insertion
BlueRiSC has a binary-level insertion suite and program analysis technology to facilitate both analysis and insertion.
Several of the BlueRiSC technologies are patented.