December 3–7, 2012 | Buena Vista Palace Hotel & Spa | Orlando, Florida, USA

• Program
• Program & Proceedings
• Print Proceedings
• Workshops
•     Cloud Computing
      Workshop (CCW)
•     Layered Assurance
      Workshop (LAW)
• Call for Submissions
• Committees

• About ACSAC
• Past ACSACs
• Mailing List
• Security Bookshelf
• FAQs

2012 Annual Computer Security Applications Conference

Layered Assurance Workshop

Workshop Background and Description

LAW is a unique opportunity for interchange on the topic of compositional (or modular) assurance. It is founded on the bold proposition that it is possible to build assured systems from compositions of previously assured components, while being able to derive the system level properties (e.g., safety & security) systematically from the properties of the components. LAW spans the theoretical, engineering, and certification challenges to be met in making compositional assurance for such systems a reality.

We say "layered" assurance, rather than compositional assurance, to encompass the multiple aspects of assurance for component composition, incremental certification (incremental cost for incremental changes), and leveraging assurance effort within a product family (i.e., assurance that is robust in the face of the variations typical among members of a product line).

The LAW Organizing Committee in cooperation with Applied Computer Security Associates is pleased to announce that LAW 2012 will again be held as an affiliated workshop of the 28th Annual Computer Security Applications Conference (ACSAC).

LAW is concerned with the fundamental problems of compositional assurance, and with a need for principles, methods, and techniques applicable to achieve the assurance necessary for security-critical, safety-critical, and mission-critical components and systems. LAW spans the theoretical, engineering, and certification challenges to be met in making compositional assurance for such systems a reality.

PROCEEDINGS

Download 2012 Proceedings

PROGRAM

PDF: Program | Invited Speakers

Monday Dec 3rd 2012

7:30 - 8:45	BREAKFAST
8:30 - 8:45	Welcome and Opening Remarks Rance DeLong, Santa Clara University, LAW General Chair Gabriela Ciocarlie, SRI International, LAW Program Chair
8:45 - 10:00	Keynote: Wolfgang Paul - Hypervisor Verification and Theory of Multi Core Systems
10:00 - 10:30	BREAK
10:30 - 12:00	Contributed Papers Using Architecture to Reason about Information Security - Stephen Chong and Ron van der Meyden Lessons Learned While Building a High Assurance Smart Card Operating System - Paul Karger, Suzanne McIntosh, Elaine Palmer, David Toll and Sam Weber Dynamic Cascade Vulnerability Checks in Real-World Networks - Adrian Waller, Rachel Craddock, Sarah Pennington, David Llewellyn-Jones, Madjid Merabti, Qi Shi and Bob Askwith
12:00 - 13:30	LUNCH
13:30 - 15:00	Panel: CRASH/MRC (Clean-slate design of resilient adaptive secure hosts/ Mission-oriented Resilient Clouds) DARPA programs with Howie Shrobe (Defense Advanced Research Projects Agency) Howie Shrobe, DARPA Peter Neumann, SRI International Nirav Dave, SRI International Greg Sullivan, BAE Systems Zhong Shao, Yale
15:00 - 15:30	BREAK
15:30 - 16:45	Invited Talk: Structuring safety and assurance cases: "Divide and conquer" or "Divide and fall"? - Robin Bloomfield
16:45 -17:45	Contributed Papers Towards Formal Evaluation of a High-Assurance Guard - Mark R. Heckman, Roger R. Schell and Edwards E. Reed Composing Cross Domain Solutions - Ashish Gehani and Gabriela F. Ciocarlie
17:45 - 18:30	LAW Business Meeting and LAW 2013 Planning

Tuesday Dec 4th 2012

7:30 - 8:30	BREAKFAST
8:30 - 8:45	Day 2 Opening Remarks
8:45 - 10:00	Keynote: Rebranding the Concept of Assurance NIST Special Publication 800-53, Revision 4 - Ron Ross
10:00 - 10:30	BREAK
10:30 - 12:00	Panel: HACMS (High-Assurance Cyber Military Systems) DARPA program with Kathleen Fisher (Defense Advanced Research Projects Agency) Kathleen Fisher, DARPA John Rushby, SRI International Darren Cofer, Rockwell Collins
12:00 - 13:30	LUNCH
13:30 -15:00	Contributed Papers Information Assurance Certification with EDICT-IA - Brian LaValley and Chris Walter Secure Service Composition Adaptation Based on Simulated Annealing - Bo Zhou, David Llewellyn-Jones, Qi Shi, Muhammad Asim, Madjid Merabti and David Lamb Atomizer: Fast, Scalable and Lightweight Heap Analyzer for Virtual Machines in a Cloud Environment - Salman Javaid, Aleksandar Zoranic, Irfan Ahmed and Golden G. Richard
15:00 - 15:30	BREAK
15:30 - 16:45	Invited Talk: Software Assurance: Enabling Enterprise Resilience through Security Automation and Software Supply Chain Risk Management - Joe Jarzombek
16:45 - 17:15	WIP Towards Safety Assurance of Trusted Autonomy in Air Force Flight Critical Systems [paper] - Enhanced Analysis (EA) - Jon Hoffman, AFRL - Run Time Assurance (RTA) - Matt Clark, AFRL - Systems of Systems Certification (SoSC) - Brian Hulbert, LinQuest for AFRL - Compositional Verification of Elliptic Curve Cryptography - John Launchbury
17:15 - 17:45	Discussion
17:45 - 18:00	Closing Remarks
18:00 - 20:00	Reception

PROGRAM COMMITTEE

Sean Barnum, MITRE
Gabriela F. Ciocarlie, SRI International
Rance J. DeLong, Santa Clara University
Nick Mansourov, KDM Analytics
Peter G. Neumann, SRI International
Olin Sibert, Oxford Systems
Gordon Uchenick, Coverity

SPONSORSHIP

LAW is seeking corporate sponsors.

Contacts:

Rance J. DeLong -- Santa Clara University -- Workshop Chair
Gabriela Ciocarlie -- SRI International -- Program Chair
Peter G. Neumann -- SRI International -- Panel Chair
Christoph Schuba -- Oracle Corp. -- Proceedings Chair

Additional ACSA Events:
NSPW – New Security Paradigms Workshop
LASER – Learning from Authoritative Security Experiment Results

Home | Mailing List | FAQs | Privacy Policy | Contact Us

Copyright © 2012 ACSAC