Technical specification
Bifrost is an offline inspection kiosk for removable media. This page describes the platform, the architecture, the guarantees it offers, and the scanning capabilities it runs. For sales or technical enquiries, get in touch.
Platform
Bifrost runs on secure hardware — portable or fixed. The platform is commercial off-the-shelf, hardened and locked to operate in a single role. Customers can choose the form factor that suits their environment; both are built to the same standard and run the same image.
Boot architecture
Bifrost boots from a sealed Linux live ISO. Operation is non-persistent: no disk writes, no swap partition, no persistent state of any kind. Read-only protection is enforced at every layer — the boot media is hardware write-protected, the target media passes through a hardware write-blocker, and the operating system’s root filesystem is an immutable squashfs mounted from RAM.
Key properties:
- Linux live ISO — fresh every boot
- Non-persistent operation — RAM only, no disk writes
- Hardware-enforced read-only — at every layer
Media handling
The boot media is sealed and hardware write-protected, eliminating the possibility of tampering with the scanning environment itself. Target media — the USB sticks, SD cards, or other removable devices being inspected — is always mounted through a hardware write-blocker, so nothing Bifrost does can modify the media being scanned. Chain of custody is preserved.
Scanning capabilities
Bifrost runs a pipeline of inspection phases, each contributing to the final report:
- Multi-engine malware scanning — signature-based detection using a curated, auditable engine.
- YARA-rule heuristics — rule-based detection of malware families, techniques, and known-bad patterns, with a curated ruleset maintained through the managed update pipeline.
- Known-good hash matching — files matching a comprehensive known-good hash corpus are marked benign, dramatically reducing review time on large media.
- Capability and string analysis — executables are inspected for suspicious capabilities, embedded strings, and packing indicators.
- Format-aware unpacking — archives, compressed files, and common office document formats are unpacked and their contents inspected recursively.
- Keyword and content inspection — configurable keyword sets search for classification markers and policy-relevant content, with per-session profiles.
Threat model
Bifrost is designed to inspect removable media that may carry malware, unauthorised content, or classification-marked data. The threat model assumes:
- The target media may contain active malware, including novel or weaponised payloads.
- The target media may have been tampered with in transit or at the source.
- The operator is trusted but not privileged — they can run scans and read reports, but cannot modify the scanning environment or disable protections.
- The physical environment may be classified; no data may leave the device.
Bifrost explicitly does not detonate samples, execute suspect binaries, or perform reverse engineering. Those tasks belong to a dedicated analysis environment downstream.
ISM controls addressed
Bifrost is built against the Australian Government Information Security Manual (ISM). The following controls are directly addressed:
| Control | Topic | How Bifrost addresses it |
|---|---|---|
| ISM-0351 | Sanitisation of volatile memory | RAM is overwritten and sanitised on shutdown |
| ISM-0352 | Sanitisation for SECRET/TS | Conformant wipe procedure before power-off |
| — | Air gap enforcement | No network interfaces of any kind |
| — | Supply-chain integrity | Sealed, signed boot images through a managed pipeline |
Additional control mapping is available under NDA to evaluation customers.
Signature and rule updates
Bifrost is air-gapped by design. Updates to the signature engine and rule sets are delivered only through a complete, sealed system image — never over the wire. A managed update pipeline produces fresh images on a regular cadence, and customers receive sealed boot media as part of their support agreement. There is no network-attached update path, by construction.
Sovereign supplier
Bifrost is designed and built in Australia. The product, its support, and the managed update pipeline are all operated under Australian jurisdiction. This is relevant for government and defence buyers evaluating supply-chain risk and data-sovereignty requirements.
Licensing and third-party components
Bifrost makes use of established open-source scanning engines. These engines are independently auditable by the broader security community — a property we consider a feature for buyers evaluating trust. Third-party components are kept isolated via process boundaries, keeping copyleft licence obligations cleanly scoped.
Questions?
Technical, procurement, or compliance questions are welcome. Get in touch — we respond within two business days.