A formal methods safe harbor
Download1117710226-MIT.pdf (4.572Mb)
Other Contributors
Massachusetts Institute of Technology. Institute for Data, Systems, and Society.
Technology and Policy Program.
Advisor
Daniel Weitzner and Adam Chlipala.
Terms of use
Metadata
Show full item recordAbstract
We discuss a problem: Internet of Things devices running software are vulnerable to accidents and exploitation, a technology solution: preventing exploitable bugs by developing machine-checked proofs of software correctness and security, and a policy lever to incentivize adoption of this solution: a safe harbor from FTC unfairness prosecution for manufacturers that use formal methods to guarantee safer, more secure devices. To motivate the potential of formal methods, we present a technical contribution: a formally verified connected lightbulb switch, proven immune to certain types of software exploits. We discuss a framework, the Common Weakness Enumeration, that the FTC and manufacturers could use as a shared language to explain what classes of software vulnerability a manufacturer will defend against. We outline the authority of the FTC in regards to poor data security practices as unfair practices and how our safe harbor would both provide immunity to participants and be updated over time to continue to incentivize ever stronger software protections.
Description
Thesis: S.M. in Technology and Policy, Massachusetts Institute of Technology, School of Engineering, Institute for Data, Systems, and Society, 2019 Cataloged from PDF version of thesis. Includes bibliographical references (pages 77-84).
Date issued
2019Department
Massachusetts Institute of Technology. Institute for Data, Systems, and Society; Massachusetts Institute of Technology. Engineering Systems Division; Technology and Policy ProgramPublisher
Massachusetts Institute of Technology
Keywords
Institute for Data, Systems, and Society., Technology and Policy Program.