No Cover Image

Book chapter 224 views 91 downloads

Cybersecurity Education and Formal Methods / James H. Davenport, Tom Crick

Communications in Computer and Information Science, Volume: 1301, Pages: 159 - 172

Swansea University Author: Tom Crick

Abstract

Formal methods have been largely thought of in the context of safety-critical systems, where they have achieved major acceptance. Tens of millions of people trust their lives every day to such systems, based on formal proofs rather than "we haven’t found a bug" (yet!); but why is "we...

Full description

Published in: Communications in Computer and Information Science
ISBN: 9783030713737 9783030713744
ISSN: 1865-0929 1865-0937
Published: Cham Springer International Publishing 2021
Online Access: Check full text

URI: https://cronfa.swan.ac.uk/Record/cronfa55027
Tags: Add Tag
No Tags, Be the first to tag this record!
first_indexed 2020-08-19T09:54:51Z
last_indexed 2021-03-17T04:18:38Z
id cronfa55027
recordtype SURis
fullrecord <?xml version="1.0"?><rfc1807><datestamp>2021-03-16T11:51:20.1966953</datestamp><bib-version>v2</bib-version><id>55027</id><entry>2020-08-19</entry><title>Cybersecurity Education and Formal Methods</title><swanseaauthors><author><sid>200c66ef0fc55391f736f6e926fb4b99</sid><ORCID>0000-0001-5196-9389</ORCID><firstname>Tom</firstname><surname>Crick</surname><name>Tom Crick</name><active>true</active><ethesisStudent>false</ethesisStudent></author></swanseaauthors><date>2020-08-19</date><deptcode>EDUC</deptcode><abstract>Formal methods have been largely thought of in the context of safety-critical systems, where they have achieved major acceptance. Tens of millions of people trust their lives every day to such systems, based on formal proofs rather than "we haven&#x2019;t found a bug" (yet!); but why is "we haven&#x2019;t found a bug" an acceptable basis for systems trusted with hundreds of millions of people&#x2019;s personal data?This paper looks at some of these issues in cybersecurity, and the extent to which formal methods, ranging from "fully verified" to better tool support, could help. More importantly, recent policy reports and curricula initiatives appear to recommended formal methods in the limited context of "safety critical applications"; we suggest this is too limited in scope and ambition. Not only are formal methods needed in cybersecurity, the repeated and very public weaknesses of the cybersecurity industry provide a powerful motivation for formal methods.</abstract><type>Book chapter</type><journal>Communications in Computer and Information Science</journal><volume>1301</volume><journalNumber/><paginationStart>159</paginationStart><paginationEnd>172</paginationEnd><publisher>Springer International Publishing</publisher><placeOfPublication>Cham</placeOfPublication><isbnPrint>9783030713737</isbnPrint><isbnElectronic>9783030713744</isbnElectronic><issnPrint>1865-0929</issnPrint><issnElectronic>1865-0937</issnElectronic><keywords>Formal methods; Cybersecurity; Curricula</keywords><publishedDay>11</publishedDay><publishedMonth>3</publishedMonth><publishedYear>2021</publishedYear><publishedDate>2021-03-11</publishedDate><doi>10.1007/978-3-030-71374-4_8</doi><url/><notes/><college>COLLEGE NANME</college><department>Education</department><CollegeCode>COLLEGE CODE</CollegeCode><DepartmentCode>EDUC</DepartmentCode><institution>Swansea University</institution><apcterm/><lastEdited>2021-03-16T11:51:20.1966953</lastEdited><Created>2020-08-19T10:52:27.3567037</Created><path><level id="1">College of Arts and Humanities</level><level id="2">School of Education</level></path><authors><author><firstname>James H.</firstname><surname>Davenport</surname><order>1</order></author><author><firstname>Tom</firstname><surname>Crick</surname><orcid>0000-0001-5196-9389</orcid><order>2</order></author></authors><documents><document><filename>55027__18997__72ae962d919247e58c65c11f11b31c0a.pdf</filename><originalFilename>Davenport-Crick.pdf</originalFilename><uploaded>2021-01-07T15:20:03.3317076</uploaded><type>Output</type><contentLength>212498</contentLength><contentType>application/pdf</contentType><version>Accepted Manuscript</version><cronfaStatus>true</cronfaStatus><copyrightCorrect>true</copyrightCorrect><language>eng</language></document></documents><OutputDurs/></rfc1807>
spelling 2021-03-16T11:51:20.1966953 v2 55027 2020-08-19 Cybersecurity Education and Formal Methods 200c66ef0fc55391f736f6e926fb4b99 0000-0001-5196-9389 Tom Crick Tom Crick true false 2020-08-19 EDUC Formal methods have been largely thought of in the context of safety-critical systems, where they have achieved major acceptance. Tens of millions of people trust their lives every day to such systems, based on formal proofs rather than "we haven’t found a bug" (yet!); but why is "we haven’t found a bug" an acceptable basis for systems trusted with hundreds of millions of people’s personal data?This paper looks at some of these issues in cybersecurity, and the extent to which formal methods, ranging from "fully verified" to better tool support, could help. More importantly, recent policy reports and curricula initiatives appear to recommended formal methods in the limited context of "safety critical applications"; we suggest this is too limited in scope and ambition. Not only are formal methods needed in cybersecurity, the repeated and very public weaknesses of the cybersecurity industry provide a powerful motivation for formal methods. Book chapter Communications in Computer and Information Science 1301 159 172 Springer International Publishing Cham 9783030713737 9783030713744 1865-0929 1865-0937 Formal methods; Cybersecurity; Curricula 11 3 2021 2021-03-11 10.1007/978-3-030-71374-4_8 COLLEGE NANME Education COLLEGE CODE EDUC Swansea University 2021-03-16T11:51:20.1966953 2020-08-19T10:52:27.3567037 College of Arts and Humanities School of Education James H. Davenport 1 Tom Crick 0000-0001-5196-9389 2 55027__18997__72ae962d919247e58c65c11f11b31c0a.pdf Davenport-Crick.pdf 2021-01-07T15:20:03.3317076 Output 212498 application/pdf Accepted Manuscript true true eng
title Cybersecurity Education and Formal Methods
spellingShingle Cybersecurity Education and Formal Methods
Tom, Crick
title_short Cybersecurity Education and Formal Methods
title_full Cybersecurity Education and Formal Methods
title_fullStr Cybersecurity Education and Formal Methods
title_full_unstemmed Cybersecurity Education and Formal Methods
title_sort Cybersecurity Education and Formal Methods
author_id_str_mv 200c66ef0fc55391f736f6e926fb4b99
author_id_fullname_str_mv 200c66ef0fc55391f736f6e926fb4b99_***_Tom, Crick
author Tom, Crick
author2 James H. Davenport
Tom Crick
format Book chapter
container_title Communications in Computer and Information Science
container_volume 1301
container_start_page 159
publishDate 2021
institution Swansea University
isbn 9783030713737
9783030713744
issn 1865-0929
1865-0937
doi_str_mv 10.1007/978-3-030-71374-4_8
publisher Springer International Publishing
college_str College of Arts and Humanities
hierarchytype
hierarchy_top_id collegeofartsandhumanities
hierarchy_top_title College of Arts and Humanities
hierarchy_parent_id collegeofartsandhumanities
hierarchy_parent_title College of Arts and Humanities
department_str School of Education{{{_:::_}}}College of Arts and Humanities{{{_:::_}}}School of Education
document_store_str 1
active_str 0
description Formal methods have been largely thought of in the context of safety-critical systems, where they have achieved major acceptance. Tens of millions of people trust their lives every day to such systems, based on formal proofs rather than "we haven’t found a bug" (yet!); but why is "we haven’t found a bug" an acceptable basis for systems trusted with hundreds of millions of people’s personal data?This paper looks at some of these issues in cybersecurity, and the extent to which formal methods, ranging from "fully verified" to better tool support, could help. More importantly, recent policy reports and curricula initiatives appear to recommended formal methods in the limited context of "safety critical applications"; we suggest this is too limited in scope and ambition. Not only are formal methods needed in cybersecurity, the repeated and very public weaknesses of the cybersecurity industry provide a powerful motivation for formal methods.
published_date 2021-03-11T04:09:59Z
_version_ 1718458987080318976
score 10.844586