‘Galahad’ tool lets cyber researchers monitor apps in the public cloud
With the goal of supporting cyberdefense research for the intelligence community, the University of Texas at San Antonio has launched new open-source software, called Galahad, designed to securely run desktop applications in the public cloud.
Named after the Arthurian knight who secured the Holy Grail, Galahad was developed by cyberdefense software developer Star Lab Corp. over the last 18 months for the Intelligence Advanced Research Projects Activity — a division of the Office of National Intelligence — which is responsible for leading research in the government intelligence community.
“This software is an overlay which is deployed in the public cloud,” Farhan Patwa, assistant director of UTSA’s Institute for Cyber Security, told EdScoop. “If you’re not able to leverage [public cloud] because of security, this solution enables you to do that.”
Building out a private cloud infrastructure, while being more secure, demands a lot of resources from an organization. On the other hand, the public cloud is frequently marketed as a cost-effective, user-friendly and easily accessible solution. Public cloud providers, such as Amazon Web Services, spend millions of dollars on solutions to improve their cloud systems, said Patwa, and with Galahad, organizations are able to take advantage of these well-designed systems, without compromising on security.
By strictly defining the roles of various applications and using machine-learning algorithms, Galahad is able to detect abnormal activity, like malware, and reduce the risk associated with public cloud use.
“The big thing that it provides is a vast array of logging mechanisms which help to mitigate any kind of attacks and be able to check, in real time, any intrusions that are happening,” he said.
For example, if a user opens a web browser and clicks through several links, Galahad monitors the application’s processes, then compares it against a profile of the application’s typical activity level. Any detected abnormalities in the application will then be relayed to the administrator in real time.
“Another great aspect of this software is that it has so many facets, you can tie in a lot of different types of research,” said James Benson, a technology research analyst at ICS.
Because Galahad is open-source, faculty and students researchers are able to get a more transparent look into how the software functions and can modify it if needed. This allows researchers to collect data from all levels of the application stack while running an experiment, which is crucial to evaluate the performance of the cybersecurity solutions being tested in the user environment.
“One of the main things that is harder for us to do as an institution is to get data out of software,” Patwa said. Unlike Galahad, most security software and digital platforms don’t pull back the curtain on how they function, he said. However, performance metrics are needed to answer many important research questions.
For example, he explained that if a researcher were to develop a new access control framework, the solution can be run through Galahad to better understand how it might affect other aspects of the system running in the user environment.
By using Galahad as a test bed for research at UTSA, researchers are able to experiment with new cybersecurity solutions and gain a deeper knowledge of their real-world functionality. Galahad creates a user-friendly research ecosystem, Patwa said.
“The whole point of open-sourcing was that we can get collaboration from different universities,” Patwa said. “We know other universities are looking for the same thing.”
By collaborating with other institutions, not only will students be better prepared for the challenges of the workforce after graduation, but the software itself will improve and be better suited to create secure user environments, he said.
“The more people who we have who understand and want to contribute to the software, the better it is,” Patwa said. “If we just think about our university and try to develop it, we’re only going to be able to get so far.”