SlideShare uma empresa Scribd logo

PROCEED and Crowd-Sourced Formal Verification

Michael Scovetta
Michael Scovetta

Presentation from the Colloquium on Future Directions in Cyber Security on Nov 7, 2011.

TecnologiaDesign
1 de 9
Baixar para ler offline
Drew Dean Program Manager, Information Innovation Office PROCEED and Crowd-sourced Formal Verification DARPA Cyber Colloquium Arlington, VA November 7, 2011 Approved for Public Release, Distribution Unlimited.
Do you trust the cloud? Source: Library of Congress/Flickr Secure communications… Source: General Services Administration Secure storage… Secure computation? Source: Christopher Bowns/Flickr Approved for Public Release, Distribution Unlimited.
PROgramming Computation on EncyrptEd Data (PROCEED) Goal: practical computation on Potential Applications encrypted data without decrypting • Email content-filtering guard between networks with different classification Source: Catherine levels Helzerman /Fickr • Privacy-preserving cloud-based voice over IP service 150 years • Secure cloud-based mapping service that cannot determine your location, route, or destination Babbage Difference Engine 7 Orders of Magnitude Source: Flylogic Engineering LLC; Corbis Intel 80286 5 years Source: Corbis Encrypted NAND Gate Approved for Public Release, Distribution Unlimited.
DARPA’s Newest Cyber Program Crowd Sourced Formal Verification (CSFV) Approved for Public Release, Distribution Unlimited.
The Problem For every 1,000 lines of code, 1 to 5 bugs are introduced. Are there fundamental scientific reasons that specific functions doing better? Application prevent us from No: “There are no intrinsic laws of nature in cyber-security as there are in…physics, chemistry, or biology.” [JASON Report on Science of Cyber-Security, 2010] Approved for Public Release, Distribution Unlimited.
Formal Verification • Formal verification can obtain 0.1 - 0.5 bugs per KLOC, however: • Extremely expensive: software development costs increase by 2x to 100x • seL4 microkernel formal verification took 11 person-years • Fundamental formal verification problems resist automation • Computationally undecidable: Heuristics have improved, but remain incomplete CSFV Source: Corbis Source: morgueFile Approved for Public Release, Distribution Unlimited.
The Concept: Crowd Sourced Formal Verification “Gam e-ify” Geek y Form al Verification Applies game solutions to the original formal verification problem Exploits a large user base requiring no formal verification expertise Code Model Game Source: University of Washington CSFV New Capabilities Verified Code Verified Model Approved for Public Release, Distribution Unlimited.
Scalability to DoD Software Systems Source: 2009 Defense Science Board report ESLOC = Executable Source Lines Of Code Approved for Public Release, Distribution Unlimited.
Contact Information Watch for Special Notice SN 12-17 to be released on FedBizOpps (fbo.gov) Drew Dean Drew.Dean@darpa.mil Approved for Public Release, Distribution Unlimited.

Recomendados

MPG tech law
MPG tech lawMPG tech law
MPG tech law
Albert Penilla
 
MPG tech law
MPG tech lawMPG tech law
MPG tech law
Albert Penilla
 
Art of InfoJacking, Source Conference Seattle, 2011
Art of InfoJacking, Source Conference Seattle, 2011Art of InfoJacking, Source Conference Seattle, 2011
Art of InfoJacking, Source Conference Seattle, 2011
Aditya K Sood
 
Social media message flow
Social media message flowSocial media message flow
Social media message flow
Mary Jo Flynn, MS, CEM
 
The next generation ethernet gangster (part 2)
The next generation ethernet gangster (part 2)The next generation ethernet gangster (part 2)
The next generation ethernet gangster (part 2)
Jeff Green
 
eFolder AppAssure Cloud Briefing_Public
eFolder AppAssure Cloud Briefing_PubliceFolder AppAssure Cloud Briefing_Public
eFolder AppAssure Cloud Briefing_Public
Dropbox
 
Keys To Creating A Powerful Job Search LinkedIn Profile
Keys To Creating A Powerful Job Search LinkedIn ProfileKeys To Creating A Powerful Job Search LinkedIn Profile
Keys To Creating A Powerful Job Search LinkedIn Profile
IMPACT Hiring Solutions
 
Figure Drawing
Figure DrawingFigure Drawing
Figure Drawing
rishiB
 

Recomendados

MPG tech law
MPG tech lawMPG tech law
MPG tech law
Albert Penilla
 
MPG tech law
MPG tech lawMPG tech law
MPG tech law
Albert Penilla
 
Art of InfoJacking, Source Conference Seattle, 2011
Art of InfoJacking, Source Conference Seattle, 2011Art of InfoJacking, Source Conference Seattle, 2011
Art of InfoJacking, Source Conference Seattle, 2011
Aditya K Sood
 
Social media message flow
Social media message flowSocial media message flow
Social media message flow
Mary Jo Flynn, MS, CEM
 
The next generation ethernet gangster (part 2)
The next generation ethernet gangster (part 2)The next generation ethernet gangster (part 2)
The next generation ethernet gangster (part 2)
Jeff Green
 
eFolder AppAssure Cloud Briefing_Public
eFolder AppAssure Cloud Briefing_PubliceFolder AppAssure Cloud Briefing_Public
eFolder AppAssure Cloud Briefing_Public
Dropbox
 
Keys To Creating A Powerful Job Search LinkedIn Profile
Keys To Creating A Powerful Job Search LinkedIn ProfileKeys To Creating A Powerful Job Search LinkedIn Profile
Keys To Creating A Powerful Job Search LinkedIn Profile
IMPACT Hiring Solutions
 
Figure Drawing
Figure DrawingFigure Drawing
Figure Drawing
rishiB
 
DigitalPhotoGraphy
DigitalPhotoGraphyDigitalPhotoGraphy
DigitalPhotoGraphy
rishiB
 
The Power of Direct Navigation
The Power of Direct NavigationThe Power of Direct Navigation
The Power of Direct Navigation
nnanaya2
 
Employee Engagement Handout Full Size
Employee Engagement Handout Full SizeEmployee Engagement Handout Full Size
Employee Engagement Handout Full Size
morcus
 
Hiring mistake #1 - Inadequate Job Descriptions
Hiring mistake #1 - Inadequate Job DescriptionsHiring mistake #1 - Inadequate Job Descriptions
Hiring mistake #1 - Inadequate Job Descriptions
IMPACT Hiring Solutions
 
Biosimilars 10-21-2010
Biosimilars 10-21-2010Biosimilars 10-21-2010
Biosimilars 10-21-2010
briandorn
 
SmartBranding
SmartBrandingSmartBranding
SmartBranding
SmartBranding
 
Significant U.S. cases in 2010
Significant U.S. cases in 2010Significant U.S. cases in 2010
Significant U.S. cases in 2010
briandorn
 
Selfportraits
SelfportraitsSelfportraits
Selfportraits
rishiB
 
Proposal Volkswind 170708 Rev Nm
Proposal Volkswind 170708 Rev NmProposal Volkswind 170708 Rev Nm
Proposal Volkswind 170708 Rev Nm
Zagi16
 
Jendela Teknologi
Jendela TeknologiJendela Teknologi
Jendela Teknologi
nokaki
 
Sculpture Wood and Clay
Sculpture Wood and ClaySculpture Wood and Clay
Sculpture Wood and Clay
rishiB
 
TOP-15 ideas by Solodov
TOP-15 ideas by SolodovTOP-15 ideas by Solodov
TOP-15 ideas by Solodov
Igor Solodov
 
Biosimilars Law in Flux
Biosimilars Law in FluxBiosimilars Law in Flux
Biosimilars Law in Flux
briandorn
 
Slides15
Slides15Slides15
Slides15
Akmal Wasim
 
If You Don't Like the Game, Hack the Playbook... (Zatko)
If You Don't Like the Game, Hack the Playbook... (Zatko)If You Don't Like the Game, Hack the Playbook... (Zatko)
If You Don't Like the Game, Hack the Playbook... (Zatko)
Michael Scovetta
 
OSS Presentation Keynote by Hal Stern
OSS Presentation Keynote by Hal SternOSS Presentation Keynote by Hal Stern
OSS Presentation Keynote by Hal Stern
OpenStorageSummit
 
2012 04 Analysis Techniques for Mobile OS Security
2012 04 Analysis Techniques for Mobile OS Security2012 04 Analysis Techniques for Mobile OS Security
2012 04 Analysis Techniques for Mobile OS Security
Raleigh ISSA
 
F5's IP Intelligence Service
F5's IP Intelligence ServiceF5's IP Intelligence Service
F5's IP Intelligence Service
F5 Networks
 
Future Cities Conference´13 / Peter Steenkiste - "The eXpressive Internet Arc...
Future Cities Conference´13 / Peter Steenkiste - "The eXpressive Internet Arc...Future Cities Conference´13 / Peter Steenkiste - "The eXpressive Internet Arc...
Future Cities Conference´13 / Peter Steenkiste - "The eXpressive Internet Arc...
Future Cities Project
 
Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary
Intel IT Center
 
14 577
14 57714 577
14 577
Chaitanya Ram
 
CONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromCONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin Nystrom
PROIDEA
 

Mais conteúdo relacionado

Destaque

DigitalPhotoGraphy
DigitalPhotoGraphyDigitalPhotoGraphy
DigitalPhotoGraphy
rishiB
 
The Power of Direct Navigation
The Power of Direct NavigationThe Power of Direct Navigation
The Power of Direct Navigation
nnanaya2
 
Selfportraits
SelfportraitsSelfportraits
Selfportraits
rishiB
 
Jendela Teknologi
Jendela TeknologiJendela Teknologi
Jendela Teknologi
nokaki
 
Sculpture Wood and Clay
Sculpture Wood and ClaySculpture Wood and Clay
Sculpture Wood and Clay
rishiB
 

Destaque (14)

DigitalPhotoGraphy
DigitalPhotoGraphyDigitalPhotoGraphy
DigitalPhotoGraphy
 
The Power of Direct Navigation
The Power of Direct NavigationThe Power of Direct Navigation
The Power of Direct Navigation
 
Employee Engagement Handout Full Size
Employee Engagement Handout Full SizeEmployee Engagement Handout Full Size
Employee Engagement Handout Full Size
 
Hiring mistake #1 - Inadequate Job Descriptions
Hiring mistake #1 - Inadequate Job DescriptionsHiring mistake #1 - Inadequate Job Descriptions
Hiring mistake #1 - Inadequate Job Descriptions
 
Biosimilars 10-21-2010
Biosimilars 10-21-2010Biosimilars 10-21-2010
Biosimilars 10-21-2010
 
SmartBranding
SmartBrandingSmartBranding
SmartBranding
 
Significant U.S. cases in 2010
Significant U.S. cases in 2010Significant U.S. cases in 2010
Significant U.S. cases in 2010
 
Selfportraits
SelfportraitsSelfportraits
Selfportraits
 
Proposal Volkswind 170708 Rev Nm
Proposal Volkswind 170708 Rev NmProposal Volkswind 170708 Rev Nm
Proposal Volkswind 170708 Rev Nm
 
Jendela Teknologi
Jendela TeknologiJendela Teknologi
Jendela Teknologi
 
Sculpture Wood and Clay
Sculpture Wood and ClaySculpture Wood and Clay
Sculpture Wood and Clay
 
TOP-15 ideas by Solodov
TOP-15 ideas by SolodovTOP-15 ideas by Solodov
TOP-15 ideas by Solodov
 
Biosimilars Law in Flux
Biosimilars Law in FluxBiosimilars Law in Flux
Biosimilars Law in Flux
 
Slides15
Slides15Slides15
Slides15
 

Semelhante a PROCEED and Crowd-Sourced Formal Verification

OSS Presentation Keynote by Hal Stern
OSS Presentation Keynote by Hal SternOSS Presentation Keynote by Hal Stern
OSS Presentation Keynote by Hal Stern
OpenStorageSummit
 
Future Cities Conference´13 / Peter Steenkiste - "The eXpressive Internet Arc...
Future Cities Conference´13 / Peter Steenkiste - "The eXpressive Internet Arc...Future Cities Conference´13 / Peter Steenkiste - "The eXpressive Internet Arc...
Future Cities Conference´13 / Peter Steenkiste - "The eXpressive Internet Arc...
Future Cities Project
 
CONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromCONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin Nystrom
PROIDEA
 
Symantec Endpoint Protection 12
Symantec Endpoint Protection 12Symantec Endpoint Protection 12
Symantec Endpoint Protection 12
Symantec
 
stackArmor - Security MicroSummit - McAfee
stackArmor - Security MicroSummit - McAfeestackArmor - Security MicroSummit - McAfee
stackArmor - Security MicroSummit - McAfee
Gaurav "GP" Pal
 
Building a Modern, Scalable Cyber Intelligence Platform with Apache Kafka | J...
Building a Modern, Scalable Cyber Intelligence Platform with Apache Kafka | J...Building a Modern, Scalable Cyber Intelligence Platform with Apache Kafka | J...
Building a Modern, Scalable Cyber Intelligence Platform with Apache Kafka | J...
HostedbyConfluent
 
Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...
Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...
Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...
Cloudera, Inc.
 
Cisco Presentation 1
Cisco Presentation 1Cisco Presentation 1
Cisco Presentation 1
changcai
 

Semelhante a PROCEED and Crowd-Sourced Formal Verification (20)

If You Don't Like the Game, Hack the Playbook... (Zatko)
If You Don't Like the Game, Hack the Playbook... (Zatko)If You Don't Like the Game, Hack the Playbook... (Zatko)
If You Don't Like the Game, Hack the Playbook... (Zatko)
 
OSS Presentation Keynote by Hal Stern
OSS Presentation Keynote by Hal SternOSS Presentation Keynote by Hal Stern
OSS Presentation Keynote by Hal Stern
 
2012 04 Analysis Techniques for Mobile OS Security
2012 04 Analysis Techniques for Mobile OS Security2012 04 Analysis Techniques for Mobile OS Security
2012 04 Analysis Techniques for Mobile OS Security
 
F5's IP Intelligence Service
F5's IP Intelligence ServiceF5's IP Intelligence Service
F5's IP Intelligence Service
 
Future Cities Conference´13 / Peter Steenkiste - "The eXpressive Internet Arc...
Future Cities Conference´13 / Peter Steenkiste - "The eXpressive Internet Arc...Future Cities Conference´13 / Peter Steenkiste - "The eXpressive Internet Arc...
Future Cities Conference´13 / Peter Steenkiste - "The eXpressive Internet Arc...
 
Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary
 
14 577
14 57714 577
14 577
 
CONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromCONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin Nystrom
 
Symantec Endpoint Protection 12
Symantec Endpoint Protection 12Symantec Endpoint Protection 12
Symantec Endpoint Protection 12
 
stackArmor - Security MicroSummit - McAfee
stackArmor - Security MicroSummit - McAfeestackArmor - Security MicroSummit - McAfee
stackArmor - Security MicroSummit - McAfee
 
Omkar revankar resume
Omkar revankar resume Omkar revankar resume
Omkar revankar resume
 
Enterprise API Security & Data Loss Prevention - Intel
Enterprise API Security & Data Loss Prevention - IntelEnterprise API Security & Data Loss Prevention - Intel
Enterprise API Security & Data Loss Prevention - Intel
 
Building a Modern, Scalable Cyber Intelligence Platform with Apache Kafka | J...
Building a Modern, Scalable Cyber Intelligence Platform with Apache Kafka | J...Building a Modern, Scalable Cyber Intelligence Platform with Apache Kafka | J...
Building a Modern, Scalable Cyber Intelligence Platform with Apache Kafka | J...
 
Cisco open network environment
Cisco open network environmentCisco open network environment
Cisco open network environment
 
Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...
Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...
Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...
 
Achieve AI-Powered API Privacy using Open Source
Achieve AI-Powered API Privacy using Open SourceAchieve AI-Powered API Privacy using Open Source
Achieve AI-Powered API Privacy using Open Source
 
Emc keynote 0945 1030
Emc keynote 0945 1030Emc keynote 0945 1030
Emc keynote 0945 1030
 
Securing broker less publish subscribe systems using identity-based encryption
Securing broker less publish subscribe systems using identity-based encryptionSecuring broker less publish subscribe systems using identity-based encryption
Securing broker less publish subscribe systems using identity-based encryption
 
Cisco Presentation 1
Cisco Presentation 1Cisco Presentation 1
Cisco Presentation 1
 
A Fully Anonymous Attribute-Based Encryption to Control Cloud Data Access and...
A Fully Anonymous Attribute-Based Encryption to Control Cloud Data Access and...A Fully Anonymous Attribute-Based Encryption to Control Cloud Data Access and...
A Fully Anonymous Attribute-Based Encryption to Control Cloud Data Access and...
 

Mais de Michael Scovetta

Peter Norvig - NYC Machine Learning 2013
Peter Norvig - NYC Machine Learning 2013Peter Norvig - NYC Machine Learning 2013
Peter Norvig - NYC Machine Learning 2013
Michael Scovetta
 
Modern Kernel Pool Exploitation: Attacks and Techniques
Modern Kernel Pool Exploitation: Attacks and TechniquesModern Kernel Pool Exploitation: Attacks and Techniques
Modern Kernel Pool Exploitation: Attacks and Techniques
Michael Scovetta
 
Exploitation and State Machines
Exploitation and State MachinesExploitation and State Machines
Exploitation and State Machines
Michael Scovetta
 
Don't Give Credit: Hacking Arcade Machines
Don't Give Credit: Hacking Arcade MachinesDon't Give Credit: Hacking Arcade Machines
Don't Give Credit: Hacking Arcade Machines
Michael Scovetta
 
The Listening: Email Client Backdoor
The Listening: Email Client BackdoorThe Listening: Email Client Backdoor
The Listening: Email Client Backdoor
Michael Scovetta
 
DEFCON 18- These Aren't the Permissions You're Looking For
DEFCON 18- These Aren't the Permissions You're Looking ForDEFCON 18- These Aren't the Permissions You're Looking For
DEFCON 18- These Aren't the Permissions You're Looking For
Michael Scovetta
 
Systematic Detection of Capability Leaks in Stock Android Smartphones
Systematic Detection of Capability Leaks in Stock Android SmartphonesSystematic Detection of Capability Leaks in Stock Android Smartphones
Systematic Detection of Capability Leaks in Stock Android Smartphones
Michael Scovetta
 

Mais de Michael Scovetta (20)

Peter Norvig - NYC Machine Learning 2013
Peter Norvig - NYC Machine Learning 2013Peter Norvig - NYC Machine Learning 2013
Peter Norvig - NYC Machine Learning 2013
 
Android Attacks
Android AttacksAndroid Attacks
Android Attacks
 
Strategic Surprise
Strategic SurpriseStrategic Surprise
Strategic Surprise
 
Stackjacking
StackjackingStackjacking
Stackjacking
 
Modern Kernel Pool Exploitation: Attacks and Techniques
Modern Kernel Pool Exploitation: Attacks and TechniquesModern Kernel Pool Exploitation: Attacks and Techniques
Modern Kernel Pool Exploitation: Attacks and Techniques
 
Exploitation and State Machines
Exploitation and State MachinesExploitation and State Machines
Exploitation and State Machines
 
Don't Give Credit: Hacking Arcade Machines
Don't Give Credit: Hacking Arcade MachinesDon't Give Credit: Hacking Arcade Machines
Don't Give Credit: Hacking Arcade Machines
 
Attacking the WebKit Heap
Attacking the WebKit HeapAttacking the WebKit Heap
Attacking the WebKit Heap
 
The Listening: Email Client Backdoor
The Listening: Email Client BackdoorThe Listening: Email Client Backdoor
The Listening: Email Client Backdoor
 
Smooth CoffeeScript
Smooth CoffeeScriptSmooth CoffeeScript
Smooth CoffeeScript
 
DEFCON 18- These Aren't the Permissions You're Looking For
DEFCON 18- These Aren't the Permissions You're Looking ForDEFCON 18- These Aren't the Permissions You're Looking For
DEFCON 18- These Aren't the Permissions You're Looking For
 
Systematic Detection of Capability Leaks in Stock Android Smartphones
Systematic Detection of Capability Leaks in Stock Android SmartphonesSystematic Detection of Capability Leaks in Stock Android Smartphones
Systematic Detection of Capability Leaks in Stock Android Smartphones
 
Consumer Password Worst Practices
Consumer Password Worst PracticesConsumer Password Worst Practices
Consumer Password Worst Practices
 
HTML5 Web Security
HTML5 Web SecurityHTML5 Web Security
HTML5 Web Security
 
A collection of examples of 64 bit errors in real programs
A collection of examples of 64 bit errors in real programsA collection of examples of 64 bit errors in real programs
A collection of examples of 64 bit errors in real programs
 
Scaling Cyberwarfare (Roelker)
Scaling Cyberwarfare (Roelker)Scaling Cyberwarfare (Roelker)
Scaling Cyberwarfare (Roelker)
 
High Assurance Systems (Fisher)
High Assurance Systems (Fisher)High Assurance Systems (Fisher)
High Assurance Systems (Fisher)
 
National Cyber Range (Ranka)
National Cyber Range (Ranka)National Cyber Range (Ranka)
National Cyber Range (Ranka)
 
Beyond Passwords (Guidorizzi)
Beyond Passwords (Guidorizzi)Beyond Passwords (Guidorizzi)
Beyond Passwords (Guidorizzi)
 
Scalable Cyber Deception (Ragsdale)
Scalable Cyber Deception (Ragsdale)Scalable Cyber Deception (Ragsdale)
Scalable Cyber Deception (Ragsdale)
 

Último

Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 

Último (20)

Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 

PROCEED and Crowd-Sourced Formal Verification

  • 1. Drew Dean Program Manager, Information Innovation Office PROCEED and Crowd-sourced Formal Verification DARPA Cyber Colloquium Arlington, VA November 7, 2011 Approved for Public Release, Distribution Unlimited.
  • 2. Do you trust the cloud? Source: Library of Congress/Flickr Secure communications… Source: General Services Administration Secure storage… Secure computation? Source: Christopher Bowns/Flickr Approved for Public Release, Distribution Unlimited.
  • 3. PROgramming Computation on EncyrptEd Data (PROCEED) Goal: practical computation on Potential Applications encrypted data without decrypting • Email content-filtering guard between networks with different classification Source: Catherine levels Helzerman /Fickr • Privacy-preserving cloud-based voice over IP service 150 years • Secure cloud-based mapping service that cannot determine your location, route, or destination Babbage Difference Engine 7 Orders of Magnitude Source: Flylogic Engineering LLC; Corbis Intel 80286 5 years Source: Corbis Encrypted NAND Gate Approved for Public Release, Distribution Unlimited.
  • 4. DARPA’s Newest Cyber Program Crowd Sourced Formal Verification (CSFV) Approved for Public Release, Distribution Unlimited.
  • 5. The Problem For every 1,000 lines of code, 1 to 5 bugs are introduced. Are there fundamental scientific reasons that specific functions doing better? Application prevent us from No: “There are no intrinsic laws of nature in cyber-security as there are in…physics, chemistry, or biology.” [JASON Report on Science of Cyber-Security, 2010] Approved for Public Release, Distribution Unlimited.
  • 6. Formal Verification • Formal verification can obtain 0.1 - 0.5 bugs per KLOC, however: • Extremely expensive: software development costs increase by 2x to 100x • seL4 microkernel formal verification took 11 person-years • Fundamental formal verification problems resist automation • Computationally undecidable: Heuristics have improved, but remain incomplete CSFV Source: Corbis Source: morgueFile Approved for Public Release, Distribution Unlimited.
  • 7. The Concept: Crowd Sourced Formal Verification “Gam e-ify” Geek y Form al Verification Applies game solutions to the original formal verification problem Exploits a large user base requiring no formal verification expertise Code Model Game Source: University of Washington CSFV New Capabilities Verified Code Verified Model Approved for Public Release, Distribution Unlimited.
  • 8. Scalability to DoD Software Systems Source: 2009 Defense Science Board report ESLOC = Executable Source Lines Of Code Approved for Public Release, Distribution Unlimited.
  • 9. Contact Information Watch for Special Notice SN 12-17 to be released on FedBizOpps (fbo.gov) Drew Dean Drew.Dean@darpa.mil Approved for Public Release, Distribution Unlimited.