Hi everyone,
I’m relatively new to Alloy and formal verification, but my core background is in offensive cyber-security and web/mobile security research.
I’m looking to bridge the gap between practical security engineering and rigorous formal logic. Specifically, I am starting a project to build an Alloy specification for OAuth 2.0/2.1 and OIDC mobile-native integration architectures (focusing on modeling custom URI schemes, deep links, and OS-level intent handoffs to verify them against structural logic flaws).
Is anyone currently working on web protocol modeling, or interested in collaborating on formal security specifications? I’d love to team up, bounce ideas, or learn together.