Mind the Gap: Formal Verification and the Common Criteria (Discussion Paper)

9 pages•Published: May 15, 2012

Bernhard Beckert, Daniel Bruns and Sarah Grebing

Abstract

It is a common belief that the rise of standardized software certification schemes like the Common Criteria (CC) would give a boost to formal verification, and that software certification may be a killer application for program verification. However, while formal models are indeed used throughout high-assurance certification, verification of the actual implementation is not required by the CC and largely neglected in certification practice - despite the great advances in program verification over the last decade.

In this paper we discuss the gap between program verification and CC software certification, and we point out possible uses of code-level program verification in the CC certification process.

Keyphrases: certification, common criteria, program verification

In: Markus Aderhold, Serge Autexier and Heiko Mantel (editors). VERIFY-2010. 6th International Verification Workshop, vol 3, pages 4-12.

Links:	https://easychair.org/publications/paper/PM
	https://doi.org/10.29007/w9b3

BibTeX entry

@inproceedings{VERIFY-2010:Mind_Gap_Formal_Verification,
  author    = {Bernhard Beckert and Daniel Bruns and Sarah Grebing},
  title     = {Mind the Gap: Formal Verification and the Common Criteria (Discussion  Paper)},
  booktitle = {VERIFY-2010. 6th International Verification Workshop},
  editor    = {Markus Aderhold and Serge Autexier and Heiko Mantel},
  series    = {EPiC Series in Computing},
  volume    = {3},
  publisher = {EasyChair},
  bibsource = {EasyChair, https://easychair.org},
  issn      = {2398-7340},
  url       = {/publications/paper/PM},
  doi       = {10.29007/w9b3},
  pages     = {4-12},
  year      = {2012}}

Download PDF Open PDF in browser