Conference Proceedings

BP: Formal Proofs, the Fine Print and Side Effects

T Murray, Paul Van Oorschot

2018 IEEE Cybersecurity Development (SecDev) | IEEE | Published : 2018

Abstract

Given recent high-profile successes in formal verification of security-related properties (e.g., for seL4), and the rising popularity of applying formal methods to cryptographic libraries and security protocols like TLS, we revisit the meaning of security-related proofs about software. We re-examine old issues, and identify new questions that have escaped scrutiny in the formal methods literature. We consider what value proofs about software systems deliver to end-users (e.g., in terms of net assurance benefits), and at what cost in terms of side effects (such as changes made to software to facilitate the proofs, and assumption-related deployment restrictions imposed on software if these pro..

View full abstract