| | |
Summary: Formal, Informal, and Null Methods
Position statement on formal methods and security
for NRC workshop on trustworthiness
Mart'in Abadi
Digital Equipment Corporation
Systems Research Center
ma@pa.dec.com
January 23, 1997
There is a considerable body of work on specification and verification
methods, and on their application to security. (See for example Gasser's
book [Gas88] for a review of the state of the art in 1988.) Although it now
seems plausible that one can build useful, formallyverified secure systems,
this is seldom done, and we may guess that it will not be done to any large
extent in either academia or industry in the near future.
It often seems that even informal methods are rarely applied for guaran
teeing or evaluating the security of common systems and components. Even
security gear often lacks specification, formal or informal. For example, one
can find documents that describe the workings of the SSL protocol [FKK96]
and others that describe some of its shortcomings and suggest improve
ments [WS96], but to my knowledge none that details the guarantees that
|
