SlideShare ist ein Scribd-Unternehmen logo

PROCEED and Crowd-Sourced Formal Verification

Michael Scovetta
Michael Scovetta

Presentation from the Colloquium on Future Directions in Cyber Security on Nov 7, 2011.

TechnologieDesign
1 von 9
Downloaden Sie, um offline zu lesen
Drew Dean Program Manager, Information Innovation Office PROCEED and Crowd-sourced Formal Verification DARPA Cyber Colloquium Arlington, VA November 7, 2011 Approved for Public Release, Distribution Unlimited.
Do you trust the cloud? Source: Library of Congress/Flickr Secure communications… Source: General Services Administration Secure storage… Secure computation? Source: Christopher Bowns/Flickr Approved for Public Release, Distribution Unlimited.
PROgramming Computation on EncyrptEd Data (PROCEED) Goal: practical computation on Potential Applications encrypted data without decrypting • Email content-filtering guard between networks with different classification Source: Catherine levels Helzerman /Fickr • Privacy-preserving cloud-based voice over IP service 150 years • Secure cloud-based mapping service that cannot determine your location, route, or destination Babbage Difference Engine 7 Orders of Magnitude Source: Flylogic Engineering LLC; Corbis Intel 80286 5 years Source: Corbis Encrypted NAND Gate Approved for Public Release, Distribution Unlimited.
DARPA’s Newest Cyber Program Crowd Sourced Formal Verification (CSFV) Approved for Public Release, Distribution Unlimited.
The Problem For every 1,000 lines of code, 1 to 5 bugs are introduced. Are there fundamental scientific reasons that specific functions doing better? Application prevent us from No: “There are no intrinsic laws of nature in cyber-security as there are in…physics, chemistry, or biology.” [JASON Report on Science of Cyber-Security, 2010] Approved for Public Release, Distribution Unlimited.
Formal Verification • Formal verification can obtain 0.1 - 0.5 bugs per KLOC, however: • Extremely expensive: software development costs increase by 2x to 100x • seL4 microkernel formal verification took 11 person-years • Fundamental formal verification problems resist automation • Computationally undecidable: Heuristics have improved, but remain incomplete CSFV Source: Corbis Source: morgueFile Approved for Public Release, Distribution Unlimited.
The Concept: Crowd Sourced Formal Verification “Gam e-ify” Geek y Form al Verification Applies game solutions to the original formal verification problem Exploits a large user base requiring no formal verification expertise Code Model Game Source: University of Washington CSFV New Capabilities Verified Code Verified Model Approved for Public Release, Distribution Unlimited.
Scalability to DoD Software Systems Source: 2009 Defense Science Board report ESLOC = Executable Source Lines Of Code Approved for Public Release, Distribution Unlimited.
Contact Information Watch for Special Notice SN 12-17 to be released on FedBizOpps (fbo.gov) Drew Dean Drew.Dean@darpa.mil Approved for Public Release, Distribution Unlimited.

Empfohlen

MPG tech law
MPG tech lawMPG tech law
MPG tech lawAlbert Penilla
 
MPG tech law
MPG tech lawMPG tech law
MPG tech lawAlbert Penilla
 
Art of InfoJacking, Source Conference Seattle, 2011
Art of InfoJacking, Source Conference Seattle, 2011Art of InfoJacking, Source Conference Seattle, 2011
Art of InfoJacking, Source Conference Seattle, 2011Aditya K Sood
 
Social media message flow
Social media message flowSocial media message flow
Social media message flowMary Jo Flynn, MS, CEM
 
The next generation ethernet gangster (part 2)
The next generation ethernet gangster (part 2)The next generation ethernet gangster (part 2)
The next generation ethernet gangster (part 2)Jeff Green
 
eFolder AppAssure Cloud Briefing_Public
eFolder AppAssure Cloud Briefing_PubliceFolder AppAssure Cloud Briefing_Public
eFolder AppAssure Cloud Briefing_PublicDropbox
 
Keys To Creating A Powerful Job Search LinkedIn Profile
Keys To Creating A Powerful Job Search LinkedIn ProfileKeys To Creating A Powerful Job Search LinkedIn Profile
Keys To Creating A Powerful Job Search LinkedIn ProfileIMPACT Hiring Solutions
 
Figure Drawing
Figure DrawingFigure Drawing
Figure DrawingrishiB
 

Empfohlen

MPG tech law
MPG tech lawMPG tech law
MPG tech lawAlbert Penilla
 
MPG tech law
MPG tech lawMPG tech law
MPG tech lawAlbert Penilla
 
Art of InfoJacking, Source Conference Seattle, 2011
Art of InfoJacking, Source Conference Seattle, 2011Art of InfoJacking, Source Conference Seattle, 2011
Art of InfoJacking, Source Conference Seattle, 2011Aditya K Sood
 
Social media message flow
Social media message flowSocial media message flow
Social media message flowMary Jo Flynn, MS, CEM
 
The next generation ethernet gangster (part 2)
The next generation ethernet gangster (part 2)The next generation ethernet gangster (part 2)
The next generation ethernet gangster (part 2)Jeff Green
 
eFolder AppAssure Cloud Briefing_Public
eFolder AppAssure Cloud Briefing_PubliceFolder AppAssure Cloud Briefing_Public
eFolder AppAssure Cloud Briefing_PublicDropbox
 
Keys To Creating A Powerful Job Search LinkedIn Profile
Keys To Creating A Powerful Job Search LinkedIn ProfileKeys To Creating A Powerful Job Search LinkedIn Profile
Keys To Creating A Powerful Job Search LinkedIn ProfileIMPACT Hiring Solutions
 
Figure Drawing
Figure DrawingFigure Drawing
Figure DrawingrishiB
 
DigitalPhotoGraphy
DigitalPhotoGraphyDigitalPhotoGraphy
DigitalPhotoGraphyrishiB
 
The Power of Direct Navigation
The Power of Direct NavigationThe Power of Direct Navigation
The Power of Direct Navigationnnanaya2
 
Employee Engagement Handout Full Size
Employee Engagement Handout Full SizeEmployee Engagement Handout Full Size
Employee Engagement Handout Full Sizemorcus
 
Hiring mistake #1 - Inadequate Job Descriptions
Hiring mistake #1 - Inadequate Job DescriptionsHiring mistake #1 - Inadequate Job Descriptions
Hiring mistake #1 - Inadequate Job DescriptionsIMPACT Hiring Solutions
 
Biosimilars 10-21-2010
Biosimilars 10-21-2010Biosimilars 10-21-2010
Biosimilars 10-21-2010briandorn
 
SmartBranding
SmartBrandingSmartBranding
SmartBrandingSmartBranding
 
Significant U.S. cases in 2010
Significant U.S. cases in 2010Significant U.S. cases in 2010
Significant U.S. cases in 2010briandorn
 
Selfportraits
SelfportraitsSelfportraits
SelfportraitsrishiB
 
Proposal Volkswind 170708 Rev Nm
Proposal Volkswind 170708 Rev NmProposal Volkswind 170708 Rev Nm
Proposal Volkswind 170708 Rev NmZagi16
 
Jendela Teknologi
Jendela TeknologiJendela Teknologi
Jendela Teknologinokaki
 
Sculpture Wood and Clay
Sculpture Wood and ClaySculpture Wood and Clay
Sculpture Wood and ClayrishiB
 
TOP-15 ideas by Solodov
TOP-15 ideas by SolodovTOP-15 ideas by Solodov
TOP-15 ideas by SolodovIgor Solodov
 
Biosimilars Law in Flux
Biosimilars Law in FluxBiosimilars Law in Flux
Biosimilars Law in Fluxbriandorn
 
Slides15
Slides15Slides15
Slides15Akmal Wasim
 
If You Don't Like the Game, Hack the Playbook... (Zatko)
If You Don't Like the Game, Hack the Playbook... (Zatko)If You Don't Like the Game, Hack the Playbook... (Zatko)
If You Don't Like the Game, Hack the Playbook... (Zatko)Michael Scovetta
 
OSS Presentation Keynote by Hal Stern
OSS Presentation Keynote by Hal SternOSS Presentation Keynote by Hal Stern
OSS Presentation Keynote by Hal SternOpenStorageSummit
 
2012 04 Analysis Techniques for Mobile OS Security
2012 04 Analysis Techniques for Mobile OS Security2012 04 Analysis Techniques for Mobile OS Security
2012 04 Analysis Techniques for Mobile OS SecurityRaleigh ISSA
 
F5's IP Intelligence Service
F5's IP Intelligence ServiceF5's IP Intelligence Service
F5's IP Intelligence ServiceF5 Networks
 
Future Cities Conference´13 / Peter Steenkiste - "The eXpressive Internet Arc...
Future Cities Conference´13 / Peter Steenkiste - "The eXpressive Internet Arc...Future Cities Conference´13 / Peter Steenkiste - "The eXpressive Internet Arc...
Future Cities Conference´13 / Peter Steenkiste - "The eXpressive Internet Arc...Future Cities Project
 
Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary Intel IT Center
 
14 577
14 57714 577
14 577Chaitanya Ram
 
CONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromCONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromPROIDEA
 

Weitere ähnliche Inhalte

Andere mochten auch

DigitalPhotoGraphy
DigitalPhotoGraphyDigitalPhotoGraphy
DigitalPhotoGraphyrishiB
 
The Power of Direct Navigation
The Power of Direct NavigationThe Power of Direct Navigation
The Power of Direct Navigationnnanaya2
 
Employee Engagement Handout Full Size
Employee Engagement Handout Full SizeEmployee Engagement Handout Full Size
Employee Engagement Handout Full Sizemorcus
 
Hiring mistake #1 - Inadequate Job Descriptions
Hiring mistake #1 - Inadequate Job DescriptionsHiring mistake #1 - Inadequate Job Descriptions
Hiring mistake #1 - Inadequate Job DescriptionsIMPACT Hiring Solutions
 
Biosimilars 10-21-2010
Biosimilars 10-21-2010Biosimilars 10-21-2010
Biosimilars 10-21-2010briandorn
 
Significant U.S. cases in 2010
Significant U.S. cases in 2010Significant U.S. cases in 2010
Significant U.S. cases in 2010briandorn
 
Selfportraits
SelfportraitsSelfportraits
SelfportraitsrishiB
 
Proposal Volkswind 170708 Rev Nm
Proposal Volkswind 170708 Rev NmProposal Volkswind 170708 Rev Nm
Proposal Volkswind 170708 Rev NmZagi16
 
Jendela Teknologi
Jendela TeknologiJendela Teknologi
Jendela Teknologinokaki
 
Sculpture Wood and Clay
Sculpture Wood and ClaySculpture Wood and Clay
Sculpture Wood and ClayrishiB
 
TOP-15 ideas by Solodov
TOP-15 ideas by SolodovTOP-15 ideas by Solodov
TOP-15 ideas by SolodovIgor Solodov
 
Biosimilars Law in Flux
Biosimilars Law in FluxBiosimilars Law in Flux
Biosimilars Law in Fluxbriandorn
 

Andere mochten auch (14)

DigitalPhotoGraphy
DigitalPhotoGraphyDigitalPhotoGraphy
DigitalPhotoGraphy
 
The Power of Direct Navigation
The Power of Direct NavigationThe Power of Direct Navigation
The Power of Direct Navigation
 
Employee Engagement Handout Full Size
Employee Engagement Handout Full SizeEmployee Engagement Handout Full Size
Employee Engagement Handout Full Size
 
Hiring mistake #1 - Inadequate Job Descriptions
Hiring mistake #1 - Inadequate Job DescriptionsHiring mistake #1 - Inadequate Job Descriptions
Hiring mistake #1 - Inadequate Job Descriptions
 
Biosimilars 10-21-2010
Biosimilars 10-21-2010Biosimilars 10-21-2010
Biosimilars 10-21-2010
 
SmartBranding
SmartBrandingSmartBranding
SmartBranding
 
Significant U.S. cases in 2010
Significant U.S. cases in 2010Significant U.S. cases in 2010
Significant U.S. cases in 2010
 
Selfportraits
SelfportraitsSelfportraits
Selfportraits
 
Proposal Volkswind 170708 Rev Nm
Proposal Volkswind 170708 Rev NmProposal Volkswind 170708 Rev Nm
Proposal Volkswind 170708 Rev Nm
 
Jendela Teknologi
Jendela TeknologiJendela Teknologi
Jendela Teknologi
 
Sculpture Wood and Clay
Sculpture Wood and ClaySculpture Wood and Clay
Sculpture Wood and Clay
 
TOP-15 ideas by Solodov
TOP-15 ideas by SolodovTOP-15 ideas by Solodov
TOP-15 ideas by Solodov
 
Biosimilars Law in Flux
Biosimilars Law in FluxBiosimilars Law in Flux
Biosimilars Law in Flux
 
Slides15
Slides15Slides15
Slides15
 

Ähnlich wie PROCEED and Crowd-Sourced Formal Verification

If You Don't Like the Game, Hack the Playbook... (Zatko)
If You Don't Like the Game, Hack the Playbook... (Zatko)If You Don't Like the Game, Hack the Playbook... (Zatko)
If You Don't Like the Game, Hack the Playbook... (Zatko)Michael Scovetta
 
OSS Presentation Keynote by Hal Stern
OSS Presentation Keynote by Hal SternOSS Presentation Keynote by Hal Stern
OSS Presentation Keynote by Hal SternOpenStorageSummit
 
2012 04 Analysis Techniques for Mobile OS Security
2012 04 Analysis Techniques for Mobile OS Security2012 04 Analysis Techniques for Mobile OS Security
2012 04 Analysis Techniques for Mobile OS SecurityRaleigh ISSA
 
F5's IP Intelligence Service
F5's IP Intelligence ServiceF5's IP Intelligence Service
F5's IP Intelligence ServiceF5 Networks
 
Future Cities Conference´13 / Peter Steenkiste - "The eXpressive Internet Arc...
Future Cities Conference´13 / Peter Steenkiste - "The eXpressive Internet Arc...Future Cities Conference´13 / Peter Steenkiste - "The eXpressive Internet Arc...
Future Cities Conference´13 / Peter Steenkiste - "The eXpressive Internet Arc...Future Cities Project
 
Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary Intel IT Center
 
CONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromCONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromPROIDEA
 
Symantec Endpoint Protection 12
Symantec Endpoint Protection 12Symantec Endpoint Protection 12
Symantec Endpoint Protection 12Symantec
 
stackArmor - Security MicroSummit - McAfee
stackArmor - Security MicroSummit - McAfeestackArmor - Security MicroSummit - McAfee
stackArmor - Security MicroSummit - McAfeeGaurav "GP" Pal
 
Omkar revankar resume
Omkar revankar resume Omkar revankar resume
Omkar revankar resume OmkarRevankar1
 
Building a Modern, Scalable Cyber Intelligence Platform with Apache Kafka | J...
Building a Modern, Scalable Cyber Intelligence Platform with Apache Kafka | J...Building a Modern, Scalable Cyber Intelligence Platform with Apache Kafka | J...
Building a Modern, Scalable Cyber Intelligence Platform with Apache Kafka | J...HostedbyConfluent
 
Cisco open network environment
Cisco open network environmentCisco open network environment
Cisco open network environmentdeepers
 
Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...
Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...
Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...Cloudera, Inc.
 
Achieve AI-Powered API Privacy using Open Source
Achieve AI-Powered API Privacy using Open SourceAchieve AI-Powered API Privacy using Open Source
Achieve AI-Powered API Privacy using Open SourceGianluca Brigandi
 
Securing broker less publish subscribe systems using identity-based encryption
Securing broker less publish subscribe systems using identity-based encryptionSecuring broker less publish subscribe systems using identity-based encryption
Securing broker less publish subscribe systems using identity-based encryptionLeMeniz Infotech
 
Cisco Presentation 1
Cisco Presentation 1Cisco Presentation 1
Cisco Presentation 1changcai
 
A Fully Anonymous Attribute-Based Encryption to Control Cloud Data Access and...
A Fully Anonymous Attribute-Based Encryption to Control Cloud Data Access and...A Fully Anonymous Attribute-Based Encryption to Control Cloud Data Access and...
A Fully Anonymous Attribute-Based Encryption to Control Cloud Data Access and...Pawan Arya
 

Ähnlich wie PROCEED and Crowd-Sourced Formal Verification (20)

If You Don't Like the Game, Hack the Playbook... (Zatko)
If You Don't Like the Game, Hack the Playbook... (Zatko)If You Don't Like the Game, Hack the Playbook... (Zatko)
If You Don't Like the Game, Hack the Playbook... (Zatko)
 
OSS Presentation Keynote by Hal Stern
OSS Presentation Keynote by Hal SternOSS Presentation Keynote by Hal Stern
OSS Presentation Keynote by Hal Stern
 
2012 04 Analysis Techniques for Mobile OS Security
2012 04 Analysis Techniques for Mobile OS Security2012 04 Analysis Techniques for Mobile OS Security
2012 04 Analysis Techniques for Mobile OS Security
 
F5's IP Intelligence Service
F5's IP Intelligence ServiceF5's IP Intelligence Service
F5's IP Intelligence Service
 
Future Cities Conference´13 / Peter Steenkiste - "The eXpressive Internet Arc...
Future Cities Conference´13 / Peter Steenkiste - "The eXpressive Internet Arc...Future Cities Conference´13 / Peter Steenkiste - "The eXpressive Internet Arc...
Future Cities Conference´13 / Peter Steenkiste - "The eXpressive Internet Arc...
 
Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary
 
14 577
14 57714 577
14 577
 
CONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromCONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin Nystrom
 
Symantec Endpoint Protection 12
Symantec Endpoint Protection 12Symantec Endpoint Protection 12
Symantec Endpoint Protection 12
 
stackArmor - Security MicroSummit - McAfee
stackArmor - Security MicroSummit - McAfeestackArmor - Security MicroSummit - McAfee
stackArmor - Security MicroSummit - McAfee
 
Omkar revankar resume
Omkar revankar resume Omkar revankar resume
Omkar revankar resume
 
Enterprise API Security & Data Loss Prevention - Intel
Enterprise API Security & Data Loss Prevention - IntelEnterprise API Security & Data Loss Prevention - Intel
Enterprise API Security & Data Loss Prevention - Intel
 
Building a Modern, Scalable Cyber Intelligence Platform with Apache Kafka | J...
Building a Modern, Scalable Cyber Intelligence Platform with Apache Kafka | J...Building a Modern, Scalable Cyber Intelligence Platform with Apache Kafka | J...
Building a Modern, Scalable Cyber Intelligence Platform with Apache Kafka | J...
 
Cisco open network environment
Cisco open network environmentCisco open network environment
Cisco open network environment
 
Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...
Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...
Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...
 
Achieve AI-Powered API Privacy using Open Source
Achieve AI-Powered API Privacy using Open SourceAchieve AI-Powered API Privacy using Open Source
Achieve AI-Powered API Privacy using Open Source
 
Emc keynote 0945 1030
Emc keynote 0945 1030Emc keynote 0945 1030
Emc keynote 0945 1030
 
Securing broker less publish subscribe systems using identity-based encryption
Securing broker less publish subscribe systems using identity-based encryptionSecuring broker less publish subscribe systems using identity-based encryption
Securing broker less publish subscribe systems using identity-based encryption
 
Cisco Presentation 1
Cisco Presentation 1Cisco Presentation 1
Cisco Presentation 1
 
A Fully Anonymous Attribute-Based Encryption to Control Cloud Data Access and...
A Fully Anonymous Attribute-Based Encryption to Control Cloud Data Access and...A Fully Anonymous Attribute-Based Encryption to Control Cloud Data Access and...
A Fully Anonymous Attribute-Based Encryption to Control Cloud Data Access and...
 

Mehr von Michael Scovetta

Peter Norvig - NYC Machine Learning 2013
Peter Norvig - NYC Machine Learning 2013Peter Norvig - NYC Machine Learning 2013
Peter Norvig - NYC Machine Learning 2013Michael Scovetta
 
Modern Kernel Pool Exploitation: Attacks and Techniques
Modern Kernel Pool Exploitation: Attacks and TechniquesModern Kernel Pool Exploitation: Attacks and Techniques
Modern Kernel Pool Exploitation: Attacks and TechniquesMichael Scovetta
 
Exploitation and State Machines
Exploitation and State MachinesExploitation and State Machines
Exploitation and State MachinesMichael Scovetta
 
Don't Give Credit: Hacking Arcade Machines
Don't Give Credit: Hacking Arcade MachinesDon't Give Credit: Hacking Arcade Machines
Don't Give Credit: Hacking Arcade MachinesMichael Scovetta
 
The Listening: Email Client Backdoor
The Listening: Email Client BackdoorThe Listening: Email Client Backdoor
The Listening: Email Client BackdoorMichael Scovetta
 
DEFCON 18- These Aren't the Permissions You're Looking For
DEFCON 18- These Aren't the Permissions You're Looking ForDEFCON 18- These Aren't the Permissions You're Looking For
DEFCON 18- These Aren't the Permissions You're Looking ForMichael Scovetta
 
Systematic Detection of Capability Leaks in Stock Android Smartphones
Systematic Detection of Capability Leaks in Stock Android SmartphonesSystematic Detection of Capability Leaks in Stock Android Smartphones
Systematic Detection of Capability Leaks in Stock Android SmartphonesMichael Scovetta
 
Consumer Password Worst Practices
Consumer Password Worst PracticesConsumer Password Worst Practices
Consumer Password Worst PracticesMichael Scovetta
 
A collection of examples of 64 bit errors in real programs
A collection of examples of 64 bit errors in real programsA collection of examples of 64 bit errors in real programs
A collection of examples of 64 bit errors in real programsMichael Scovetta
 
Scaling Cyberwarfare (Roelker)
Scaling Cyberwarfare (Roelker)Scaling Cyberwarfare (Roelker)
Scaling Cyberwarfare (Roelker)Michael Scovetta
 
High Assurance Systems (Fisher)
High Assurance Systems (Fisher)High Assurance Systems (Fisher)
High Assurance Systems (Fisher)Michael Scovetta
 
National Cyber Range (Ranka)
National Cyber Range (Ranka)National Cyber Range (Ranka)
National Cyber Range (Ranka)Michael Scovetta
 
Beyond Passwords (Guidorizzi)
Beyond Passwords (Guidorizzi)Beyond Passwords (Guidorizzi)
Beyond Passwords (Guidorizzi)Michael Scovetta
 
Scalable Cyber Deception (Ragsdale)
Scalable Cyber Deception (Ragsdale)Scalable Cyber Deception (Ragsdale)
Scalable Cyber Deception (Ragsdale)Michael Scovetta
 

Mehr von Michael Scovetta (20)

Peter Norvig - NYC Machine Learning 2013
Peter Norvig - NYC Machine Learning 2013Peter Norvig - NYC Machine Learning 2013
Peter Norvig - NYC Machine Learning 2013
 
Android Attacks
Android AttacksAndroid Attacks
Android Attacks
 
Strategic Surprise
Strategic SurpriseStrategic Surprise
Strategic Surprise
 
Stackjacking
StackjackingStackjacking
Stackjacking
 
Modern Kernel Pool Exploitation: Attacks and Techniques
Modern Kernel Pool Exploitation: Attacks and TechniquesModern Kernel Pool Exploitation: Attacks and Techniques
Modern Kernel Pool Exploitation: Attacks and Techniques
 
Exploitation and State Machines
Exploitation and State MachinesExploitation and State Machines
Exploitation and State Machines
 
Don't Give Credit: Hacking Arcade Machines
Don't Give Credit: Hacking Arcade MachinesDon't Give Credit: Hacking Arcade Machines
Don't Give Credit: Hacking Arcade Machines
 
Attacking the WebKit Heap
Attacking the WebKit HeapAttacking the WebKit Heap
Attacking the WebKit Heap
 
The Listening: Email Client Backdoor
The Listening: Email Client BackdoorThe Listening: Email Client Backdoor
The Listening: Email Client Backdoor
 
Smooth CoffeeScript
Smooth CoffeeScriptSmooth CoffeeScript
Smooth CoffeeScript
 
DEFCON 18- These Aren't the Permissions You're Looking For
DEFCON 18- These Aren't the Permissions You're Looking ForDEFCON 18- These Aren't the Permissions You're Looking For
DEFCON 18- These Aren't the Permissions You're Looking For
 
Systematic Detection of Capability Leaks in Stock Android Smartphones
Systematic Detection of Capability Leaks in Stock Android SmartphonesSystematic Detection of Capability Leaks in Stock Android Smartphones
Systematic Detection of Capability Leaks in Stock Android Smartphones
 
Consumer Password Worst Practices
Consumer Password Worst PracticesConsumer Password Worst Practices
Consumer Password Worst Practices
 
HTML5 Web Security
HTML5 Web SecurityHTML5 Web Security
HTML5 Web Security
 
A collection of examples of 64 bit errors in real programs
A collection of examples of 64 bit errors in real programsA collection of examples of 64 bit errors in real programs
A collection of examples of 64 bit errors in real programs
 
Scaling Cyberwarfare (Roelker)
Scaling Cyberwarfare (Roelker)Scaling Cyberwarfare (Roelker)
Scaling Cyberwarfare (Roelker)
 
High Assurance Systems (Fisher)
High Assurance Systems (Fisher)High Assurance Systems (Fisher)
High Assurance Systems (Fisher)
 
National Cyber Range (Ranka)
National Cyber Range (Ranka)National Cyber Range (Ranka)
National Cyber Range (Ranka)
 
Beyond Passwords (Guidorizzi)
Beyond Passwords (Guidorizzi)Beyond Passwords (Guidorizzi)
Beyond Passwords (Guidorizzi)
 
Scalable Cyber Deception (Ragsdale)
Scalable Cyber Deception (Ragsdale)Scalable Cyber Deception (Ragsdale)
Scalable Cyber Deception (Ragsdale)
 

Kürzlich hochgeladen

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 

Kürzlich hochgeladen (20)

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 

PROCEED and Crowd-Sourced Formal Verification

  • 1. Drew Dean Program Manager, Information Innovation Office PROCEED and Crowd-sourced Formal Verification DARPA Cyber Colloquium Arlington, VA November 7, 2011 Approved for Public Release, Distribution Unlimited.
  • 2. Do you trust the cloud? Source: Library of Congress/Flickr Secure communications… Source: General Services Administration Secure storage… Secure computation? Source: Christopher Bowns/Flickr Approved for Public Release, Distribution Unlimited.
  • 3. PROgramming Computation on EncyrptEd Data (PROCEED) Goal: practical computation on Potential Applications encrypted data without decrypting • Email content-filtering guard between networks with different classification Source: Catherine levels Helzerman /Fickr • Privacy-preserving cloud-based voice over IP service 150 years • Secure cloud-based mapping service that cannot determine your location, route, or destination Babbage Difference Engine 7 Orders of Magnitude Source: Flylogic Engineering LLC; Corbis Intel 80286 5 years Source: Corbis Encrypted NAND Gate Approved for Public Release, Distribution Unlimited.
  • 4. DARPA’s Newest Cyber Program Crowd Sourced Formal Verification (CSFV) Approved for Public Release, Distribution Unlimited.
  • 5. The Problem For every 1,000 lines of code, 1 to 5 bugs are introduced. Are there fundamental scientific reasons that specific functions doing better? Application prevent us from No: “There are no intrinsic laws of nature in cyber-security as there are in…physics, chemistry, or biology.” [JASON Report on Science of Cyber-Security, 2010] Approved for Public Release, Distribution Unlimited.
  • 6. Formal Verification • Formal verification can obtain 0.1 - 0.5 bugs per KLOC, however: • Extremely expensive: software development costs increase by 2x to 100x • seL4 microkernel formal verification took 11 person-years • Fundamental formal verification problems resist automation • Computationally undecidable: Heuristics have improved, but remain incomplete CSFV Source: Corbis Source: morgueFile Approved for Public Release, Distribution Unlimited.
  • 7. The Concept: Crowd Sourced Formal Verification “Gam e-ify” Geek y Form al Verification Applies game solutions to the original formal verification problem Exploits a large user base requiring no formal verification expertise Code Model Game Source: University of Washington CSFV New Capabilities Verified Code Verified Model Approved for Public Release, Distribution Unlimited.
  • 8. Scalability to DoD Software Systems Source: 2009 Defense Science Board report ESLOC = Executable Source Lines Of Code Approved for Public Release, Distribution Unlimited.
  • 9. Contact Information Watch for Special Notice SN 12-17 to be released on FedBizOpps (fbo.gov) Drew Dean Drew.Dean@darpa.mil Approved for Public Release, Distribution Unlimited.