A Formal Verification-Based Risk Scoring System for Code-Level Vulnerabilities in Critical Applications

Pavan Paidy

doi:10.14419/yxp00a41

Article Summary Abstract References Full Article How to cite

Authors
- Pavan Paidy FINRA, Maryland, USA https://orcid.org/0009-0007-1759-166X
https://doi.org/10.14419/yxp00a41

Received date: May 8, 2025

Accepted date: June 20, 2025

Published date: July 18, 2025
Cybersecurity, Vulnerability Mitigation, Optimization Model, Risk Reduction, Cost Optimization, Real-world Applications.
Abstract

This paper presents a novel framework for addressing code-level vulnerabilities in critical applications by combining formal verification with risk scoring systems. It ensures the correctness and reliability of code while prioritizing vulnerabilities based on exportability and impact. The approach is applied to high-stakes industries such as healthcare, aerospace, and industrial control, where system failures can have catastrophic consequences. A numerical example demonstrates a 22% reduction in risk (from 1.905 to 1.485) within budgetary constraints. Results show that this combined method offers a robust, cost-efficient solution for improving security, making it practical for real-world deployment. The framework emphasizes risk reduction and cost optimization in resource-constrained environments.
References
1. M. Ndiaye, "Security strengths and weaknesses of blockchain smart contract system: A survey," International Journal of Information and Computer Security, vol. 2022, pp. 1-15, 2022. [Online]. Available: https://www.researchgate.net/profile/Malaw-Ndiaye/publication/360624196_Security_Strengths_and_Weaknesses_of_Blockchain-Smart-Contract-System-A-Survey/links/62824c3590841d5155d7dbb7/Security-Strengths-and-Weaknesses-of-Blockchain-Smart-Contract-System-A-Survey.pdf
2. S. Wang, "Develop and Evaluate a Security Analyzer for Finding Vulnerabilities in Java Programs," MSc Thesis, SSV Lab, 2021. [Online]. Available: https://ssvlab.github.io/lucasccordeiro/supervisions/msc_thesis_songtao.pdf
3. X. Yin, "Echo: Practical formal verification by reverse synthesis," Ph.D. dissertation, University of Virginia, 2012. [Online]. Available: https://scholar.archive.org/work/abev2gi765c7bmqg2r6k52n7by/access/wayback/https://libraetd.lib.virginia.edu/downloads/7s75dc76x?filename=xyin_dissertation.pdf
4. J. Li, G. Lu, Y. Gao, and F. Gao, "A smart contract vulnerability detection method based on multimodal feature fusion and deep learning," Mathematics, vol. 11, no. 23, p. 4823, 2023. [Online]. Available: https://www.mdpi.com/2227-7390/11/23/4823
5. S. Tollec and D. Couroussé, "Exploration of fault effects on formal RISC-V microarchitecture models," in 2022 Workshop on Formal Methods, 2022. [Online]. Available: https://ieeexplore.ieee.org/abstract/document/9933334/
6. G. Chen, "Binary-Level Formal Verification Based Automatic Security Ensurement for PLC in Industrial IoT," in IEEE Dependable and Secure Computing, 2024. [Online]. Available: https://ieeexplore.ieee.org/abstract/document/10720350/
7. Z. Wang, Y. Zhang, Y. Chen, H. Liu, B. Wang, "A survey on programmable logic controller vulnerabilities, attacks, detections, and forensics," Processes, vol. 11, no. 3, pp. 918, 2023. [Online]. Available: https://www.mdpi.com/2227-9717/11/3/918
8. R. Sun, A. Mera, L. Lu, D. Choffnes, "SoK: Attacks on industrial control logic and formal verification-based defenses," in 2021 IEEE European Symposium on Security and Privacy, 2021. [Online]. Available: https://arxiv.org/pdf/2006.04806
9. W. Cui, "Contractcheck: Checking Ethereum smart contracts in fine-grained level," in IEEE Transactions on Software Engineering, 2024. [Online]. Available: https://ieeexplore.ieee.org/abstract/document/10531111/
10. P. Fang, P. Gao, Y. Peng, T. Xie, "VFIX: Facilitating Software Maintenance of Smart Contracts via Automatically Fixing Vulnerabilities," in 2024 IEEE International Conference on Software Maintenance and Evolution (ICSME), 2024. [Online]. Available: https://people.cs.vt.edu/penggao/papers/vfix-icsme24.pdf
11. A. Srivastava and S. Panda, "A Formal Framework for Assessing and Mitigating Emergent Security Risks in Generative AI Models," arXiv preprint arXiv:2410.13897, 2024. [Online]. Available: https://arxiv.org/abs/2410.13897
12. Földvári, F. Brancati, "Preliminary risk and mitigation assessment in cyber-physical systems," in 2023 53rd Annual IEEE, 2023. [Online]. Available: https://ieeexplore.ieee.org/abstract/document/10207083/
13. S. Figueroa-Lorenzo, J. Añorga, "A survey of IIoT protocols: A measure of vulnerability risk analysis based on CVSS," ACM Computing Surveys, vol. 2020. [Online]. Available: https://dl.acm.org/doi/abs/10.1145/3381038
14. M. Ali, A. Ullah, M. R. Islam, R. Hossain, "Assessing software security reliability: Dimensional security assurance techniques," Computers & Security, vol. 2025. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S0167404824005364
15. T. Grimm, D. Lettnin, M. Hübner, "A survey on formal verification techniques for safety-critical systems-on-chip," MDPI Electronics, vol. 7, no. 6, 2020. [Online]. Available: https://www.mdpi.com/2079-9292/7/6/81
16. J. Rushby, "Formal methods and the certification of critical systems," CSL SRI, 1993. [Online]. Available: http://www.csl.sri.com/~rushby/papers/csl-93-7.pdf
17. M. H. ter Beek, S. Gnesi, A. Knapp, "Formal methods and automated verification of critical systems," International Journal on Software Tools for Technology Transfer, vol. 20, no. 1, pp. 123-145, 2018. [Online]. Available: https://link.springer.com/article/10.1007/s10009-018-0494-5
18. J. Gu, S. Ni, Y. Zhuang, "A formal model and risk assessment method for security-critical real-time embedded systems," Computers & Security, vol. 2016, pp. 162-178. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S0167404816000079
19. T. Kulik, B. Dongol, P. G. Larsen, and H. D. Macedo, "A survey of practical formal methods for security," in Formal aspects of security, 2022. [Online]. Available: https://dl.acm.org/doi/abs/10.1145/3522582
20. K. Chaganti and P. Paidy, "Strengthening Cryptographic Systems with AI-Enhanced Analytical Techniques," International Journal of Applied Mathematical Research, vol. 14, no. 1, pp. 13-24, 2025. [Online]. Available: https://doi.org/10.14419/fh79gr07
21. K. C. Chaganti, "A Scalable, Lightweight AI-Driven Security Framework for IoT Ecosystems: Optimization and Game Theory Approaches," IEEE Access, vol. 99, pp. 1-1, 2025. [Online]. Available: https://doi.org/10.1109/ACCESS.2025.3558623
22. E. A. Abaku, T. E. Edunjobi, et al., "Theoretical approaches to AI in supply chain optimization: Pathways to efficiency and resilience," International Journal of Information Systems, 2024. [Online]. Available: https://pdfs.semanticscholar.org/cf79/894ddb6db4f58033c3e8736cd3b45ae7dd9f.pdf
23. J. Beckley, "Advanced risk assessment techniques: Merging data-driven analytics with expert insights to navigate uncertain decision-making processes," Int. J. Res. Publ. Rev., 2025. [Online]. Available: https://www.researchgate.net/profile/Jessica-Beckley/publication/390194906_Advanced_Risk_Assessment_Techniques_Merging_Data-Driven_Analytics_with_Expert_Insights_to_Navigate_Uncertain_Decision-Making_Processes/links/680a7090bfbe974b23b989d9/Advanced-Risk-Assessment-Techniques-Merging-Data-Driven-Analytics-with-Expert-Insights-to-Navigate-Uncertain-Decision-Making-Processes.pdf
24. X. Liu and L. Shi, "A dynamic game model for assessing risk of coordinated physical-cyber attacks in an AC/DC hybrid transmission system," Frontiers in Energy Research, 2023. [Online]. Available: https://www.frontiersin.org/journals/energy-research/articles/10.3389/fenrg.2022.1082442/full
25. J. C. Nebel, O. Omego, F. Rahman, "Steganography and Probabilistic Risk Analysis: A Game Theoretical Framework for Quantifying Adversary Advantage and Impact," arXiv preprint arXiv:2412.17950, 2024. [Online]. Available: https://arxiv.org/abs/2412.17950
26. S. Roy, S. Shiva, D. Dasgupta, "A survey of game theory as applied to network security," IEEE 43rd Hawaii International Conference on System Sciences, 2010. [Online]. Available: https://ieeexplore.ieee.org/document/5428673/
27. K. Sharma, A. Mukhopadhyay, "Cyber-risk management framework for online gaming firms: an artificial neural network approach," Information Systems Frontiers, 2023. [Online]. Available: https://link.springer.com/article/10.1007/s10796-021-10232-7
28. D. Ivanov, "Structural dynamics and resilience in supply chain risk management," Springer, 2018. [Online]. Available: https://thuvienso.hoasen.edu.vn/bitstream/handle/123456789/11190/Contents.pdf?sequence=1&isAllowed=y
29. W. A. Brock, K. G. Mäler, C. Perrings, "Resilience and sustainability: the economic analysis of non-linear dynamic systems," Citeseer, 2000. [Online]. Available: https://citeseerx.ist.psu.edu/document?repid=rep1&type=pdf&doi=9c5b9f32788e80e44a8bae2203ab8f97dd03a710
30. M. Heydari, K. K. Lai, Z. Xiaohu, "Risk management in supply chains: using linear and non-linear models," Taylor and Francis, 2019. [Online]. Available: https://www.taylorfrancis.com/books/mono/10.4324/9780429342820/risk-management-supply-chains-kin-keung-lai-mohammad-heydari-zhou-xiaohu
31. M. Zomorodian, S. H. Lai, M. Homayounfar, "Development and application of coupled system dynamics and game theory: A dynamic water conflict resolution method," PLoS ONE, 2017. [Online]. Available: https://journals.plos.org/plosone/article?id=10.1371/journal.pone.0188489
32. X. Guo, J. Yang, Z. Gang, A. Yang, "Research on network security situation awareness and dynamic game based on deep Q learning network," Journal of Internet Technology, 2023. [Online]. Available: https://jit.ndhu.edu.tw/article/view/2892
Downloads
How to Cite
Paidy, P. (2025). A Formal Verification-Based Risk Scoring System for Code-Level Vulnerabilities in Critical Applications. International Journal of Applied Mathematical Research, 14(2), 21-35. https://doi.org/10.14419/yxp00a41
ACM

ACS

APA

ABNT

Chicago

Harvard

IEEE

MLA

Turabian

Vancouver

Download Citation

Endnote/Zotero/Mendeley (RIS)

BibTeX

A Formal Verification-Based Risk Scoring System for Code-Level Vulnerabilities in Critical Applications

Authors

Abstract

References

Downloads

How to Cite