Affiliation:
1. University of Northern Iowa, Cedar Falls, IA, USA
Abstract
Computers are nearly ubiquitous in modern society with uses from maintaining friendships and monitoring homes to managing money and coordinating health care. As the roles of a computer continue to expand, so to does the threat posed by cyberattacks. An important challenge for today's software engineers is to build secure software and help neutralize these threats. Formal methods have long been suggested as an excellent way to build secure software but have not been widely adopted for this purpose. The "conventional wisdom" has suggested several reasons for this slow adoption, including a steep learning curve, difficulty in augmenting existing systems, and lack of tools with security-specific abstractions. Our hypothesis, however, is that applying a small and easy to learn subset of the techniques available today could significantly decrease software vulnerabilities and reduce the risk of cyberattacks. In this paper, we discuss the motivation for our hypothesis and discuss our ongoing experiment to test it.
Publisher
Association for Computing Machinery (ACM)
Reference23 articles.
1. Magdy S. Abadir Kenneth L. Albin John Havlicek Narayanan Krishnamurthy and Andrew K. Martin. 2003. Formal Verification Successes at Motorola. Formal Methods in System Design 22 2 (01 Mar 2003) 117--123. https://doi.org/10.1023/A: 1022917321255 Magdy S. Abadir Kenneth L. Albin John Havlicek Narayanan Krishnamurthy and Andrew K. Martin. 2003. Formal Verification Successes at Motorola. Formal Methods in System Design 22 2 (01 Mar 2003) 117--123. https://doi.org/10.1023/A: 1022917321255
2. Paul E. Black Lee Badger Barbara Guttman and Elizabeth Fong. 2016. Dramatically Reducing Software Vulnerabilities. Paul E. Black Lee Badger Barbara Guttman and Elizabeth Fong. 2016. Dramatically Reducing Software Vulnerabilities.
3. US National Security Agency Center for Assured Software (CAS). 2017. Juliet Test Suite. https://samate.nist.gov/SRD/testsuite.php US National Security Agency Center for Assured Software (CAS). 2017. Juliet Test Suite. https://samate.nist.gov/SRD/testsuite.php
4. Temporal Mode-Checking for Runtime Monitoring of Privacy Policies
5. David R. Cok. 2011. OpenJML: JML for Java 7 by Extending OpenJDK. In NASA Formal Methods Mihaela Bobaru Klaus Havelund Gerard J. Holzmann and Rajeev Joshi (Eds.). Springer Berlin Heidelberg Berlin Heidelberg 472--479. David R. Cok. 2011. OpenJML: JML for Java 7 by Extending OpenJDK. In NASA Formal Methods Mihaela Bobaru Klaus Havelund Gerard J. Holzmann and Rajeev Joshi (Eds.). Springer Berlin Heidelberg Berlin Heidelberg 472--479.
Cited by
1 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献