Exploring Usable Security to Improve the Impact of Formal Verification: A Research Agenda

Carolina Carreira
(INESC-ID and IST, University of Lisbon, Portugal)
João F. Ferreira
(INESC-ID and IST, University of Lisbon, Portugal)
Alexandra Mendes
(HASLab, INESC TEC and Universidade da Beira Interior, Portugal)
Nicolas Christin
(Carnegie Mellon University, Pittsburgh, Pennsylvania, USA)

As software becomes more complex and assumes an even greater role in our lives, formal verification is set to become the gold standard in securing software systems into the future, since it can guarantee the absence of errors and entire classes of attack. Recent advances in formal verification are being used to secure everything from unmanned drones to the internet.

At the same time, the usable security research community has made huge progress in improving the usability of security products and end-users comprehension of security issues. However, there have been no human-centered studies focused on the impact of formal verification on the use and adoption of formally verified software products. We propose a research agenda to fill this gap and to contribute with the first collection of studies on people's mental models on formal verification and associated security and privacy guarantees and threats. The proposed research has the potential to increase the adoption of more secure products and it can be directly used by the security and formal methods communities to create more effective and secure software tools.

In Mario Gleirscher, Jaco van de Pol and Jim Woodcock: Proceedings First Workshop on Applicable Formal Methods (AppFM 2021), virtual, 23rd November 2021, Electronic Proceedings in Theoretical Computer Science 349, pp. 77–84.
Published: 16th November 2021.

ArXived at: http://dx.doi.org/10.4204/EPTCS.349.6 bibtex PDF
References in reconstructed bibtex, XML and HTML format (approximated).
Comments and questions to: eptcs@eptcs.org
For website issues: webmaster@eptcs.org