The Restricted Access Processor An Example of Formal Verification

The formal verification performed by SYTEK as part of the development and security assurance of NASA´s Restricted Access Processor (RAP) represents important progress toward the verification of medium-scale and large-scale systems in the real world. It is interesting primarily because it was large, rigorous and meaningful and was successfully completed within its original budget. The experience helps show what can really be done with reasonable resources to verify the security properties of fairly complex systems. The RAP can be added to the short list of formally verified systems. Its successes and blind alleys provide lessons for those considering verification of the security of other systems, and the statistics of the RAP verification effort provide a data point for those interested in the practicality of formal techniques.