Can You Trust Your C Compiler?

If you are writing a hello world program, you probably aren’t too concerned about how the compiler translates your source code to machine code. However, if your code runs on something that people’s lives depend on, you will want to be a bit pickier and use something like the COMPCERT compiler.  It’s a formally verified compiler, meaning there is a mathematical proof that what you write in C will be correctly translated to machine code. The compiler can generate for PowerPC, ARM, RISC-V, and x86, accepting a subset of ISO C 99 with a few extensions. While it doesn’t produce …read more

Continue reading Can You Trust Your C Compiler?

Automated tools for applying formal methods to verify security policy in existing software

I am new to the Formal Methods arena, but I feel I have an educated grasp on its applications. However, I only seem to encounter formal methods as applied to the development process, as the software is created.

I’d like to b… Continue reading Automated tools for applying formal methods to verify security policy in existing software

What is the best formal method to prove the privacy (anonymity) of a security protocol

I am studying about TOR. I require to formally verify that the involved protocols provide anonymity. However, I could not find a suitable formalism of anonymity. If there exist any formulation/property that denotes privacy? Y… Continue reading What is the best formal method to prove the privacy (anonymity) of a security protocol