Tortuga Logic has raised $2 million in seed funding from Eclipse Ventures to help in their effort to maintain chip-level system security. Based in Palo Alto, the company plans to use the cash to build products that will find “lurking vulnerabilities” on computer hardware.
The founders, Dr. Jason Oberg, Dr. Jonathan Valamehr, Professor Ryan Kastner of UC San Diego, and Professor Tim Sherwood of UC Santa Barbara, have decades of experience in system security and received a grant from the National Science Foundation for initial commercialization.
“There is an enormous amount of software-based cybersecurity companies in the world but with the advent of autonomous vehicles, growing complexity of mobile devices, and trust issues in the supply chain for military applications there is a gaping whole in how the industry approaches cybersecurity—specifically the hardware,” said Oberg.
Think of the software like the dust sensor on a high end DSLR camera. The system can sense and manage faults on the hardware and prevent software from exploiting hardware holes.
“Hardware vulnerabilities have been successfully exploited to completely compromise a modern computing system,” said Oberg. “Rectifying a security vulnerability that has already been shipped or worse, has been exploited, can cost exorbitant amounts of money to resolve. Unlike software, hardware cannot be patched and in many cases requires a more expensive solution such as a recall.”
The team saw that security was an “afterthought” and by patching the most dangerous holes they are able to improve system security considerably.
The company makes and sells a “a suite of hardware design tools to identify security vulnerabilities throughout the design of a semiconductor” and already have customers in aerospace and defense.
“When it comes to cybersecurity companies, the key differentiation between us and other players is that we focus on the underlying chips rather than focusing on software,” said Oberg. “When it comes to internal teams at large companies creating their own teams to solve this problem, we have special technology that allows us to automate the process of finding security vulnerabilities, whereas most internal teams do not have any automation.”