Every day there are multiple reports from government, state municipalities, and corporates about their being hacked, held for ransomware or becoming victims of denial of service (DoS), phishing, malware, trojans, and a whole array of other cyberattacks. All cyberattacks result from the systems talking with the outside world where it is not meant to communicate. There is a need to have a solution that can effectively safeguard the systems or mitigate the risk.
Meetings at Spaceport America, Virgin Galactic’s human spaceflight headquarters, and common work interest on suborbital space tourism got the innovators together to work on their idea of solving the cybersecurity challenge through innovation. In a virtual interaction, the Co-founders of Fraisos spoke to Minu Sirsalewala, Editorial Consultant at CISO MAG, and shared their mission, vision, and solution, as it appraises a non-traditional IPO as its next growth step.
Fraisos is a U.S. based company founded in 2017 through a Department of Defense Small Business Innovation Research (SBIR) Program. It believes it discovered the solution to the government’s cybersecurity challenges based on its next-generation cyber-defense innovation.
Also Read: Rags to Riches! The Evolution of Ransomware Operators
A common love for innovation and technical expertise in semiconductors, computer science and hardware engineering, mathematics, physics, electrical engineering, and U.S. Government programs brought the three founding members, Dr. Lindsay O’Brien Quarrie, Dr. Lawrence John Dickson, and Robert Montgomery Fryer, together to collaborate and offer solutions to cybersecurity challenges.
Dr. Lindsay O’Brien Quarrie, the Chief Executive and Technology Officer (CETO), articulated, “The challenges basically come from an excess of complexity, allowing communication to penetrate to places where it isn’t supposed to. The solution we came up with is to impose simplicity and force communication to happen only with those communication partners as intended by the actual needs of the program. We have devised a way to apply a simple old technology from the 1980s, called Communicating Sequential Processes, the Best Way of Doing Parallel Programming. A book that I published in 2014 described a very simple approach to it, using standard software. And, it gives you a hardware-software equivalent if applied correctly.”
Elaborating on the technique, Quarrie shares that this technology fits in well with the current scenario due to the hardware-software equivalent. The software can be made to behave exactly like an isolated piece of hardware communicating through a point-to-point link; it’s one intrinsically subordinated operating system.
On the software side, it is like putting a wrapper around your system, monitoring the communications, and restricting the communication – both internal and external.
“The advantage here is that when there are updates and a new version releases, there is no need to look at the binary code of the program. The solution will ensure that there is no access to the actual kernel of the device, and any attempt at execution of non-approved activity will be denied,” explained Quarrie.
There is a direct cost implication when there are version upgrades, there is a restriction and futile costs are avoided both on upgrades and security. The system has the intelligence to identify which upgrade is required and what app needs to be on the system, thereby ensuring no communication from within, which could open a window and make the system vulnerable to any cyberattack.
The isolation approach is about securing the critical parts of the system by controlling the access in a simplified way. This allows securing the system at multiple levels without compromising its performance and efficiency. As a result, it reduces cyber defense’s total implementation and maintenance costs by avoiding version skew.
The products and service offerings include defined systems, formally and physically verified cyber defense (maps to physical reality) for embedded systems, smartphones, tablets, laptops, desktops, industrial controls, medical devices, and all embedded systems that boots and their associated systems. Quarrie opines, “We deal in realism, and run counter to the trend of abstraction and avoidance of detail. This enables us to be strong in the whole area of computer programming and design that has ‘gone fallow’ due to an increasing monoculture of trendy, ultra-abstract languages. We can step in wherever necessary, to get a tight grip on a device’s actual behavior (100% of the time, not just 99%). This includes strict security in the age of ransomware.”
Math and the Physical Sciences provide many ways to look at a large array of problems. These basics, plus a large dose of innovation, often illuminate an approach outside the mainstream and where new opportunities can be found. This is true, especially since technology provides many new tools to apply to old problems.
A Quantum Proof cyber defense, based on realism — rejects the abstraction trend and insists on verifiable, simple, predictable device behavior. “Components in our designs communicate according to explicit protocols which are exposed and not hidden, thus imposing restrictions that make security and predictability possible and understandable.”
Dr. Lawrence John Dickson’s book, Crawl-Space Computing (Amazon, 2014), is inspired by the classic computing paradigm, Communicating Sequential Processes (CSP), its implementation in the language OCCAM, the 1980-1995 era Transputer chip, and the product series. This is the basic premise on which the three members built their solution, with a mission for the consumers to take back control of the computer and the embedded systems. The consumer is the custodian and true owner, versus the hacker owning you.
A property that is central to all their design: Hardware-Software Equivalence (HSE), means that it is formally verifiable that software written in this way is equivalent to hardware devices communicating by point-to-point data-passing channels. (It is related to Rushby’s separation kernels but more general.)
This opens up a massive variety of design approaches that behave predictably. As overly-abstracted devices run into walls of failure and malware, our mission is to uphold this ‘countercultural’ alternative that can solve the same problems clearly and understandably. HSE allows us to devise approaches that combine an outer CSP-type structure (the Finite Resource Allocator, or FRA) with inner ring-fenced nodes using standard computing tools (the Intrinsically Subordinate Operating Systems, or ISOSs), thus giving a shortcut to understandable effectiveness and explaining the company name FRAISOS (Finite Resources Allocator Intrinsically Subordinated Operating Systems).
With a vision to create a niche in the cyber security market, Fraisos is actively building its customer base with targeted research and production projects, emphasizing government customers, especially military and local government, protecting cities, municipalities, large and small businesses.
Quarrie emphasizes, “We have a simple, common-sense approach and tools. Predictability, reliability, and security of complex computing devices have been failing around the edges, and our approach solves this and makes clear the reason why it is solved.”
With a professional market evaluation of $155.1 M from Foresight Valuation in Silicon Valley, Fraisos’s principal investor is Space Sciences Corporation, from the research and development domain.
The current reality is that hackers can penetrate through these existing methods because the existing approach consists of layers and patches with holes for gaining access and are mostly “whack a mole.”
Quarrie echoes, “We are innovative by opposing complexity, where we try to make things more simple, not more complex. A system can be as complex as they like, but when they get to the outside world, they get to it through a very simple interface and a well-defined way of communication that’s been known since the 1980s. For example, take any classic car — we can still do a complex task without computers. But the task gets subdivided into simple components that interact with each other in a well-defined fashion. And that’s the path we’re taking. And there’s a lot of room for that path to be taken in the future.
Complexity causes disaster, and a lot of rocket ships have blown up. Fraisos believes in going ‘Back to the Future,’ and essentially being future proof at the same time.”
———————————————————————————————
References
Multiple Peer reviewed Formal Verification Proofs and acceptance Validated by IEEE Computer Society, COPA 2021, NSA, DoD.
Competitive SBIR awards Phase I and Phase II.
Follow-up in the N152-087 (Secure Electronic Kneeboard Across Multiple Security Levels on COTS Devices).
Founders of the new IEEE Concurrent Processes Architectures (IEEE COPA) and Embedded Systems group stepped in when CPA went offline due to COVID-19 and published a peer-reviewed conference proceeding in 2021.
Disclaimer
Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.
About the Author:
About the Interviewer
Minu Sirsalewala is an Editorial Consultant at CISO MAG. She writes news features and interviews.
The post Harness Your System, No More a ‘Whack-a–Mole’ appeared first on CISO MAG | Cyber Security Magazine.
Click to Open Code Editor