Jump to content

Attacking Formally Verified Software


Recommended Posts

Is the system you will be testing built on bare metal ground up with formally verified components (kind of like what is described in the above blog post) or is it formally verified software running in a COTS OS? If the software is running in a non-formally verified OS (pretty much any COTS OS), I'd attack the OS and use that to get after the software. Also, is the software using any non-verified libraries under the covers? If so you could go after those libraries. I'm interested in what you are testing (prior to getting into cyber security I worked on safety critical systems using semi-formal methods, specifically Cleanroom software engineering).

Link to comment
Share on other sites

Not actually working on anything on this atm, just interested in people's experience. I also work with formal methods. Obviously all formal methods has assumptions it builds on top of (it's not magic no-bug juice), but I was curious if anyone here had actually attacked a partially formalized system and what the experience was like. 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...