PROCEED and Crowd-Sourced Formal Verification

1,449 views
1,347 views

Published on

Presentation from the Colloquium on Future Directions in Cyber Security on Nov 7, 2011.

Published in: Technology, Design
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,449
On SlideShare
0
From Embeds
0
Number of Embeds
149
Actions
Shares
0
Downloads
8
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

PROCEED and Crowd-Sourced Formal Verification

  1. 1. Drew DeanProgram Manager, Information Innovation OfficePROCEED and Crowd-sourced Formal Verification DARPA Cyber Colloquium Arlington, VA November 7, 2011 Approved for Public Release, Distribution Unlimited.
  2. 2. Do you trust the cloud? Source: Library of Congress/FlickrSecure communications… Source: General Services Administration Secure storage… Secure computation? Source: Christopher Bowns/Flickr Approved for Public Release, Distribution Unlimited.
  3. 3. PROgramming Computation on EncyrptEd Data (PROCEED) Goal: practical computation on Potential Applications encrypted data without decrypting • Email content-filtering guard between networks with different classification Source: Catherine levels Helzerman /Fickr • Privacy-preserving cloud-based voice over IP service 150 years • Secure cloud-based mapping service that cannot determine your location, route, or destinationBabbage Difference Engine 7 Orders of Magnitude Source: Flylogic Engineering LLC; Corbis Intel 80286 5 years Source: Corbis Encrypted NAND Gate Approved for Public Release, Distribution Unlimited.
  4. 4. DARPA’s Newest Cyber ProgramCrowd Sourced Formal Verification (CSFV) Approved for Public Release, Distribution Unlimited.
  5. 5. The Problem For every 1,000 lines of code, 1 to 5 bugs are introduced.Are there fundamental scientific reasons that specific functions doing better? Application prevent us from No: “There are no intrinsic laws of nature in cyber-security as there are in…physics, chemistry, or biology.” [JASON Report on Science of Cyber-Security, 2010] Approved for Public Release, Distribution Unlimited.
  6. 6. Formal Verification• Formal verification can obtain 0.1 - 0.5 bugs per KLOC, however: • Extremely expensive: software development costs increase by 2x to 100x • seL4 microkernel formal verification took 11 person-years • Fundamental formal verification problems resist automation • Computationally undecidable: Heuristics have improved, but remain incomplete CSFV Source: Corbis Source: morgueFile Approved for Public Release, Distribution Unlimited.
  7. 7. The Concept: Crowd Sourced Formal Verification “Gam e-ify” Geek y Form al VerificationApplies game solutions to the original formal verification problemExploits a large user base requiring no formal verification expertise Code Model Game Source: University of Washington CSFV New Capabilities Verified Code Verified Model Approved for Public Release, Distribution Unlimited.
  8. 8. Scalability to DoD Software Systems Source: 2009 Defense Science Board report ESLOC = Executable Source Lines Of Code Approved for Public Release, Distribution Unlimited.
  9. 9. Contact InformationWatch for Special Notice SN 12-17 to be released on FedBizOpps (fbo.gov) Drew Dean Drew.Dean@darpa.mil Approved for Public Release, Distribution Unlimited.

×