Title | Lessons learned in game development for crowdsourced software formal verification |
Publication Type | Conference Paper |
Year of Publication | 2015 |
Authors | Dean D, Guarino S, Eusebi L, Keplinger A, Pavlik T, Watro R, Cammarata A, Murray J, McLaughlin K, Cheng J, Maddern T |
Conference Name | 3GSE: USENIX Summit on Gaming, Games, and Gamification in Security Education |
Date or Month Published | August |
Conference Location | Washington, DC |
Abstract | The history of formal methods and computer security research is long and intertwined. Program logics that were in theory capable of proving security properties of software were developed by the early 1970s. The development of the first security models gave rise to a desire to prove that the models did, in fact, enforce the properties that they claimed to, and that an actual implementation of the model was correct with respect to its specification. Optimism reached its peak in the early to mid-1980s, and the peak of formal methods for security was reached shortly before the publication of the Orange Book, where the certification of a system at class A1 required formal methods. Formal verification of software was considered the gold standard evidence that the software enforced a particular set of properties. Soon afterwards, the costs of formal methods, in both time and money, became all too apparent. Mainstream computer security research shifted focus to analysis of cryptographic protocols, policies around cryptographic key management, and clever fixes for security problems found in contemporary systems. |
Downloads | https://homes.cs.washington.edu/~mernst/pubs/csfv-lessons-3gse2015.pdf PDF
|
Citation Key | DeanGEKPWCMMCM2015 |