Layered Assurance Workshop

Workshop Background and Description

LAW is a unique opportunity for interchange on the topic of compositional (or modular) assurance. It is founded on the bold proposition that it is possible to build assured systems from compositions of previously assured components, while being able to derive the system level properties (e.g., safety & security) systematically from the properties of the components. LAW spans the theoretical, engineering, and certification challenges to be met in making compositional assurance for such systems a reality.

We say "layered" assurance, rather than compositional assurance, to encompass the multiple aspects of assurance for component composition, incremental certification (incremental cost for incremental changes), and leveraging assurance effort within a product family (i.e., assurance that is robust in the face of the variations typical among members of a product line).

The LAW Organizing Committee in cooperation with Applied Computer Security Associates is pleased to announce that LAW 2012 will again be held as an affiliated workshop of the 28th Annual Computer Security Applications Conference (ACSAC).

LAW is concerned with the fundamental problems of compositional assurance, and with a need for principles, methods, and techniques applicable to achieve the assurance necessary for security-critical, safety-critical, and mission-critical components and systems. LAW spans the theoretical, engineering, and certification challenges to be met in making compositional assurance for such systems a reality.


Download 2012 Proceedings


PDF: Program | Invited Speakers

Monday Dec 3rd 2012

7:30 - 8:45BREAKFAST
8:30 - 8:45Welcome and Opening Remarks
Rance DeLong, Santa Clara University, LAW General Chair
Gabriela Ciocarlie, SRI International, LAW Program Chair
8:45 - 10:00Keynote:
Wolfgang Paul - Hypervisor Verification and Theory of Multi Core Systems
10:00 - 10:30BREAK
10:30 - 12:00Contributed Papers
Using Architecture to Reason about Information Security - Stephen Chong and Ron van der Meyden
Lessons Learned While Building a High Assurance Smart Card Operating System - Paul Karger, Suzanne McIntosh, Elaine Palmer, David Toll and Sam Weber
Dynamic Cascade Vulnerability Checks in Real-World Networks - Adrian Waller, Rachel Craddock, Sarah Pennington, David Llewellyn-Jones, Madjid Merabti, Qi Shi and Bob Askwith
12:00 - 13:30LUNCH
13:30 - 15:00Panel: CRASH/MRC (Clean-slate design of resilient adaptive secure hosts/ Mission-oriented Resilient Clouds) DARPA programs with Howie Shrobe (Defense Advanced Research Projects Agency)
Howie Shrobe, DARPA
Peter Neumann, SRI International
Nirav Dave, SRI International
Greg Sullivan, BAE Systems
Zhong Shao, Yale
15:00 - 15:30BREAK
15:30 - 16:45Invited Talk: Structuring safety and assurance cases: "Divide and conquer" or "Divide and fall"? - Robin Bloomfield
16:45 -17:45Contributed Papers
Towards Formal Evaluation of a High-Assurance Guard - Mark R. Heckman, Roger R. Schell and Edwards E. Reed
Composing Cross Domain Solutions - Ashish Gehani and Gabriela F. Ciocarlie
17:45 - 18:30LAW Business Meeting and LAW 2013 Planning

Tuesday Dec 4th 2012

7:30 - 8:30BREAKFAST
8:30 - 8:45Day 2 Opening Remarks
8:45 - 10:00Keynote: Rebranding the Concept of Assurance NIST Special Publication 800-53, Revision 4 - Ron Ross
10:00 - 10:30BREAK
10:30 - 12:00Panel: HACMS (High-Assurance Cyber Military Systems) DARPA program with Kathleen Fisher (Defense Advanced Research Projects Agency)
Kathleen Fisher, DARPA
John Rushby, SRI International
Darren Cofer, Rockwell Collins
12:00 - 13:30LUNCH
13:30 -15:00Contributed Papers
Information Assurance Certification with EDICT-IA - Brian LaValley and Chris Walter
Secure Service Composition Adaptation Based on Simulated Annealing - Bo Zhou, David Llewellyn-Jones, Qi Shi, Muhammad Asim, Madjid Merabti and David Lamb
Atomizer: Fast, Scalable and Lightweight Heap Analyzer for Virtual Machines in a Cloud Environment - Salman Javaid, Aleksandar Zoranic, Irfan Ahmed and Golden G. Richard
15:00 - 15:30BREAK
15:30 - 16:45Invited Talk: Software Assurance: Enabling Enterprise Resilience through Security Automation and Software Supply Chain Risk Management - Joe Jarzombek
16:45 - 17:15WIP
Towards Safety Assurance of Trusted Autonomy in Air Force Flight Critical Systems [paper]
- Enhanced Analysis (EA) - Jon Hoffman, AFRL
- Run Time Assurance (RTA) - Matt Clark, AFRL
- Systems of Systems Certification (SoSC) - Brian Hulbert, LinQuest for AFRL
- Compositional Verification of Elliptic Curve Cryptography - John Launchbury
17:15 - 17:45Discussion
17:45 - 18:00Closing Remarks
18:00 - 20:00Reception


Sean Barnum, MITRE
Gabriela F. Ciocarlie, SRI International
Rance J. DeLong, Santa Clara University
Nick Mansourov, KDM Analytics
Peter G. Neumann, SRI International
Olin Sibert, Oxford Systems
Gordon Uchenick, Coverity


LAW is seeking corporate sponsors.


Rance J. DeLong -- Santa Clara University -- Workshop Chair
Gabriela Ciocarlie -- SRI International -- Program Chair
Peter G. Neumann -- SRI International -- Panel Chair
Christoph Schuba -- Oracle Corp. -- Proceedings Chair

Additional ACSA Events:
NSPW – New Security Paradigms Workshop
LASER – Learning from Authoritative Security Experiment Results