Layered Assurance Workshop

Program, Proceedings and Presentations

Greetings LAW Colleagues,

The 7th Layered Assurance Workshop (LAW) will be held in New Orleans, Louisiana, December 9-10, 2013. The LAW Organizing Committee in conjunction with Applied Computer Security Associates is pleased to announce that LAW will again be held as an affiliated workshop of the 29th Annual Computer Security Applications Conference (ACSAC) December 9-13, 2013. ACSAC will be held at the Hyatt French Quarter, a New Orleans luxury hotel located in the historic French Quarter. The offering of LAW as an ACSAC workshop affords an excellent opportunity to attend two stimulating and informative events in one trip.

LAW has provided a forum for vital exchange, as well as a maturing source of information, focused on key issues relating to the effective and efficient modular construction and certification of assured systems from assured components. It is widely recognized that such an approach is the most promising way to achieve diverse and flexible systems that can be certified quickly and cost effectively. LAW is concerned with the theoretical, engineering, and certification challenges to be met before this goal can be fully realized.

LAW concerns itself with the real-world needs as well as the fundamental problems of compositional assurance and the need for principles, methods, and techniques that can be applied to achieve the assurance necessary for security-critical, safety-critical, and mission-critical components and systems. The theme of LAW this year is Compositional Trustworthiness. The invited speakers will be: Alessandro Cimatti (Fondazione Bruno Kessler, Trento, Italy), Nancy Leveson (Massachusetts Institute of Technology), John Rushby (SRI International), and Zhong Shao (Yale University). Panel sessions will include these among other distinguished guests.

For six years the Layered Assurance Workshop has evolved and grown to nearly 100 attendees. Again this year LAW will comprise two full days of distinguished speakers, contributed papers, discussions, and panels.

LAW attendees are encouraged to participate in ACSAC in addition to LAW. The conjunction of LAW and ACSAC provides increased opportunities for government, academic and industry participants to contribute in the forum of their choice. You are invited to put the dates for LAW and ACSAC on your calendar and to pass this announcement on to other colleagues that you think will be interested but who may not be on our distribution list. Please ask them to inform us of their interest.

The workshop is open to all attendees. Please see the ACSAC web site for more information about ACSAC. Registration for LAW is provided on the ACSAC registration web site. Details concerning LAW submissions, program, registration and sponsorships will be provided on this page in the near future.

Rance J. DeLong, consultant, LAW General Chair
Gabriela Ciocarlie, SRI International, LAW Program Chair
Peter G. Neumann, SRI International, LAW Panels Chair
Christoph Schuba, Oracle Corporation, LAW Proceedings Editor


The Seventh Layered Assurance Workshop (LAW)
9--10 December 2013
New Orleans, Louisiana

The LAW Organizing Committee in cooperation with Applied Computer Security Associates
is pleased to announce that LAW 2013 will again be held as an affiliated workshop of the 29th Annual
Computer Security Applications Conference (ACSAC). 

Theme: Compositional Trustworthiness

LAW is a unique opportunity for interchange on the topic of compositional (or modular) assurance.
It is founded on the bold proposition that it is possible to build assured systems from compositions
of previously assured components, while being able to derive the system level properties
(e.g., safety & security) systematically from the properties of the components.  LAW spans the
theoretical, engineering, and certification challenges to be met in making compositional assurance
for such systems a reality.

We say "layered" assurance to encompass diverse manifestations of combined assurance, including
composition (of assured components), incremental certification (incremental cost for incremental
change), abstraction layers (building upon assurance of lower layers), and polymorphism (common
assurance of variants, such as among members of a product family).

LAW is concerned with the fundamental problems of compositional assurance, and with
a need for principles, methods, and techniques applicable to achieve the assurance
necessary for security-critical, safety-critical, and mission-critical components and systems.
LAW spans the theoretical, engineering, and certification challenges to be met in making
compositional assurance for such systems a reality.

Contributed Papers

TOPICS OF INTEREST for LAW contributed papers:

The workshop theme and primary topic of interest is: Compositional Trustworthiness.
Other topics of interest include:

  • theoretical foundations for compositional and incremental assurance
  • compositional and incremental certification
  • modular assurance cases
  • case studies and challenges from diverse application domains (e.g. aerospace, critical infrastructures, automotive, medical, defense, mobile)
  • combining methods of assurance (multi-legged assurance)
  • component-based and compositional interpretations of hazards, verification, and assurance arguments
  • composability of component properties, to achieve system security and safety
  • compositional verification
  • examples of assurance cases for security, safety, correctness
  • metrics for measuring safety and security
  • standards for assessing assurance of safety and security properties
  • processes, procedures, tools that would simplify assurance
  • arguments for product families
  • role of architecture and the relationship of architecture to assurance of system properties
  • theory, tools and techniques to support compositional and incremental assurance
  • impediments to compositional assurance, such as properties that defy composition or architectures that thwart compositional assurance
  • legal aspects and politics of assurance

The preceding list of topics is not intended to be exhaustive. Submissions are encouraged
on any topics that prospective authors consider relevant to the Layered Assurance Workshop.
Whenever possible, papers should relate their content to the Workshop theme, Compositional Trustworthiness.


Peter G. Neumann of SRI International will again organize and chair lively and thought-provoking panel
sessions. Attendees willing to participate in a panel, or wanting to submit a proposal to organize and chair
a panel session should contact Peter Neumann at Panel proposals should include
a list of qualified likely panel participants.

Expanded Emphasis on Works-in-Progress

In addition to distinguished invited speakers, contributed papers and panels, the LAW program will
include a Work-in-Progress (WIP) session, to provide an opportunity to present relevant ongoing
work without writing a full paper. In the spirit of a workshop, we would really like to encourage LAW
participants to share their ongoing work. The WIP session provides the opportunity to present
in a format that is more structured than off-the-cuff, but without with the formality of a contributed
paper, and potentially with more time for questions and discussion.

WIP session slots will be a maximum of 20 minutes in length, including presentation, questions and
discussion It is expected that a pdf of the presentation will be contributed to the LAW proceedings.
Please submit your proposals for Work-in-Progress presentations to the LAW Program Chair,
Gabriela Ciocarlie at by October 1, 2012. Proposals should consist of a
one page abstract. Notification will be made by October 16. Presentation pdfs are due December 1.


Contributed paper submissions due:  extended to September 13, 2013
Notification of paper acceptance/rejection: September 30, 2013
Final papers due:  Oct. 18, 2013

WIP presentation proposals due: October 1, 2013
WIP proposal acceptance/rejection: October 16, 2013
WIP presentations due: December 1, 2013

LAW will be held: 9--10 December 2013


Since LAW is a workshop rather than a conference or symposium, submissions do not
have to be entirely novel, but they do have to be interesting.
We request that submitted papers be a minimum of 5 pages and a maximum of 10 pages (2500 - 5000
words). Papers exceeding the limit will be truncated for review.

Please ensure that your submission is a PDF file  (including all references and appendices) 
generated according to the ACM instructions at
using the template Option 2 "WITH permission block". Committee members are not required to read the appendices. 

To submit a paper, please go to


Authors are expected to give a 30 minute presentation of their paper at the Workshop,
and are requested to provide their presentation slides at the time of the workshop for
publication on the LAW web page.

We will operate under a "No Paper, No Podium" and "No Podium, No Paper" policy.
As we now publish an integrated proceedings we must have your final paper by the Oct. 18, 2013 deadline.


Speakers with accepted papers will be required to register for LAW. Registration may be
done at the ACSAC 2013 web site, . One need not register for ACSAC
to register for LAW.


LAW will not publish paper proceedings, however, there will be a single proceedings volume
(pdf) with serial page numbering to facilitate citations. Proceedings and speakers' presentation
slides will be published on the LAW 2013 web page the week that LAW is held and will be
archived there indefinitely. By submitting a paper an author agrees to online publication
of the final version of the paper and presentation material if the paper is accepted.


Gabriela F. Ciocarlie, SRI International
Rance J. DeLong, consultant
Ashish Gehani, SRI International
Peter G. Neumann, SRI International
Olin Sibert, Oxford Systems
Gordon Uchenick, Coverity


LAW welcomes corporate sponsorship. Interested enterprises please contact

Additional ACSA Events:
NSPW – New Security Paradigms Workshop
LASER – Learning from Authoritative Security Experiment Results