A formal methods safe harbor
Author(s)Wood, Clark,S. M.Massachusetts Institute of Technology.
Massachusetts Institute of Technology. Institute for Data, Systems, and Society.
Technology and Policy Program.
Daniel Weitzner and Adam Chlipala.
MetadataShow full item record
We discuss a problem: Internet of Things devices running software are vulnerable to accidents and exploitation, a technology solution: preventing exploitable bugs by developing machine-checked proofs of software correctness and security, and a policy lever to incentivize adoption of this solution: a safe harbor from FTC unfairness prosecution for manufacturers that use formal methods to guarantee safer, more secure devices. To motivate the potential of formal methods, we present a technical contribution: a formally verified connected lightbulb switch, proven immune to certain types of software exploits. We discuss a framework, the Common Weakness Enumeration, that the FTC and manufacturers could use as a shared language to explain what classes of software vulnerability a manufacturer will defend against. We outline the authority of the FTC in regards to poor data security practices as unfair practices and how our safe harbor would both provide immunity to participants and be updated over time to continue to incentivize ever stronger software protections.
Thesis: S.M. in Technology and Policy, Massachusetts Institute of Technology, School of Engineering, Institute for Data, Systems, and Society, 2019Cataloged from PDF version of thesis.Includes bibliographical references (pages 77-84).
DepartmentMassachusetts Institute of Technology. Institute for Data, Systems, and Society; Massachusetts Institute of Technology. Engineering Systems Division; Massachusetts Institute of Technology. Technology and Policy Program
Massachusetts Institute of Technology
Institute for Data, Systems, and Society., Technology and Policy Program.