Monday 6 December and Tuesday 7 December, 2010, Austin, Texas, USA

The Fourth Annual Layered Assurance Workshop (LAW 2010)

o  Workshop Description
o  Workshop Committee
o  Workshop Program
o  Registration and Hotel
o  Contacts

This will be the fourth in the Layered Assurance Workshop (LAW) series, sponsored by Air Force Cryptographic Modernization Program Office (CMPO) and Air Force Research Laboratory (AFRL).


Check this web site after the Workshop for links to the proceedings. Access proceedings of previous LAWs from the main LAW web page.


The Fourth Layered Assurance Workshop will be held at the Four Seasons Austin, on Lady Bird Lake (aka "Town Lake"), in Austin, Texas. 

Workshop Background and Description

The Fourth Layered Assurance Workshop (LAW) will be held in Austin, Texas, December 6-7, 2010. The LAW Organizing Committee in conjunction with Applied Computer Security Associates is pleased to have LAW as an affiliated workshop of the 26th Annual Computer Security Applications Conference (ACSAC) December 6-10, 2010. If you have attended a previous meeting of the LAW we believe you will find this year's LAW and ACSAC to provide a greater opportunity for exposure to the latest developments in applied computer security.

LAW has provided a forum for vital exchange, as well as a maturing source of information, focused on key issues relating to the effective and efficient modular construction and certification of assured systems from assured components. It is widely recognized that such an approach is the most promising way to achieve diverse and flexible systems that can be certified quickly and cost effectively. LAW is concerned with the theoretical, engineering, and certification challenges to be met before this goal can be fully realized.

The Workshop concerns itself with the fundamental problems of “compositional assurance” and with a need for principles, methods, and techniques that can be applied to achieve the assurance necessary for security-critical, safety-critical, and mission-critical components and systems.

For the past three years, the Layered Assurance Workshop has grown and evolved. The first LAW in 2007 took an exploratory approach, relying heavily on the participants' input to establish the agenda. The second LAW in 2008 was attended by approximately 80 individuals representing more than 30 distinct organizations. In that Workshop more of the program was established in advance, with several keynote talks chosen from responses to an open invitation, followed by breakout sessions on diverse topics. The third LAW comprised two thematic days with a common structure: morning keynote talks, afternoon panels and breakout sessions. The theme of the first day was programmatic needs of government, while that of the second day was research and development on the problems of layered assurance.

This year, the fourth LAW will include talks by distinguished speakers, panels, discussions and technical training. Attendees are encouraged to participate in ACSAC in addition to LAW. The conjunction of LAW and ACSAC provides increased opportunities for academic and industry participants to contribute in the forum of their choice. Please pass along information about LAW to colleagues who may be interested.

The workshop is unclassified and will be open to all attendees. Please see the ACSAC web site for more information about ACSAC. As a result of the transition to make LAW a permanent ACSAC workshop, there is now a LAW registration fee. This year, to ease the transition for attendees, the LAW sponsors have generously provided a sponsorship for early registrants.

Hotel Reservations and Workshop Registration

Links for hotel reservations and registration for LAW and ACSAC are provided on the ACSAC web site.

LAW registration discounts still available! These are not based on a date - first come, first served.

The registration fee for LAW is $200. To ease the transition for attendees this year, the LAW sponsors have generously provided a sponsorship for early registrants. There are three discount categories (affiliation and status subject to verification): 33 discounts of $100 for government employees, 30 discounts of $80 for industry/academic, and 15 discounts of $100 for full-time students, all available on a first-come, first-served basis. The discount is accessed by a code that is made available during the ACSAC registration process: look for the early bird discount link in the "Special Code" block on the "Contact Information" page. When all the available early bird discounts in each category have been applied, the code will no longer produce a discount.

Workshop Program

Contributed papers will be linked to the program shortly after December 1, prior to the commencement of LAW.
Presentations will be linked to the program shortly after the conclusion of LAW.

The LAW Business Meeting scheduled after the conclusion of sessions on Monday December 6 is open to all interested individuals. Planning for LAW 2011 will commence. Participation is encouraged.

LAW attendees are invited to attend the ACSAC Reception on Tuesday December 7 at 6 PM.

The names of invited speakers and presenting authors are underlined in the Program following.

A pdf of the program is here.
Monday December 6
07:30-08:30 BREAKFAST
Welcome and Opening Remarks
        Rance DeLong, Consultant
        Gordon Uchenick, Coverity
        Carolyn Boettcher, Raytheon
09:00-10:00 Keynote:
        Software Assurance:  Enabling Software Resilience
        and Mitigating Supply Chain Risk

                Joe Jarzombek
                Director for Software Assurance
                National Cyber Security Division
                U.S. Department of Homeland Security
                paper      slides
10:00-10:30 BREAK
10:30-12:00 Invited Talks:
        Applying a Compositional Method to Incrementally Prove
        Critical Properties of an Airlock System
                Elizabeth Leonard
                Naval Research Laboratory
                paper      slides

         On Components and Composition in  Constructing
         and Certifying
Secure Software
               Constance Heitmeyer
               Naval Research Laboratory
                paper      slides

12:00-13:30 LUNCH
Contributed Papers and Discussion:
        Trust Distribution Diagrams: Theory and Application
                Michael Locasto, University of Calgary;
                Steven Greenwald, Consultant; and
                Sergey Bratus, Dartmouth College
                paper      slides

        Boundary Flow Modeling
                Richard Neely
                Märzen Group LLC
                paper      slides

Invited Talk:
        Incremental Verification and Validation of System Architecture
        for Software Reliant Systems Using the AADL
                Bruce Lewis
                US Army ARMDEC, Redstone Arsenal
                paper      slides
Contributed Papers:
        Affordable, Fact-Oriented Assurance with OMG standards
                Nikolai Mansourov and Djenana Campara,
                KDM Analytics
                paper      slides

        Redefining Static Analysis: A Standards Approach
                Rama Moorthy and Mike Oara,
                Hatha Systems
                paper      slides
17:30-18:00 LAW Business Meeting and LAW 2011 Planning
Tuesday December 7
07:30-08:30 BREAKFAST
08:30-09:00 Prefatory Remarks
        Rance DeLong
09:00-10:00 Keynote:
        What is Assurance?
                John Rushby
                Program Director - Formal Methods and Dependable Systems
                SRI International
                paper      slides
10:00-10:30 BREAK
10:30-11:30 Invited Talk:
        Commercial Hardware Assurance -- Validation of the VIA Nano
                Warren A. Hunt, Jr.
                University of Texas at Austin
                paper      slides
Contributed Paper:
        Capabilities Revisited: A Holistic Approach to Bottom-to-Top
        Assurance of Trustworthy Systems
                Peter Neumann, SRI International; and
                Robert Watson, Cambridge University
                paper      slides
12:00-13:30 LUNCH
Contributed Papers and Discussion:
        Separation Kernel Protection Profile Revisited:
        Choices and Rationale
                Timothy E. Levin, Thuy D. Nguyen, Cynthia E. Irvine,
                Naval Postgraduate School; and
                Michael McEvilley, MITRE
                paper      slides

        An Evaluation and Certification Scheme for MILS
                Rance DeLong
                The Open Group
                paper      slides

Contributed Papers and Discussion:
        A Data-Centric Approach for Modular Assurance
                Gabriela Ciocarlie, Heidi Schubert and Rose Wahlin,
                Real-Time Innovations
                paper      slides

        State-of-the-Art in System-of-Systems Security for
        Crisis Management

                Kashif Kifayat, Abdullahi Arabo, Oliver Drew, Madjid Merabti,
                David Llewellyn-Jones, and Qi Shi,
                Liverpool John Moores University; and
                Adrian Waller, Rachel Craddock, and Glyn Jones
                Thales Research and Technology
                paper      slides

        A Security Scheme for Home Networked Appliances
                Mazhar Ul Hassan, Madjid Merabti and David Llewellyn-Jones,
                Liverpool John Moores University
                paper      slides

Closing Remarks

LAW Organizing Committee

George Abrego
Carolyn Boettcher
Joyce Brookins
Air Force Cryptographic Modernization Program Office (CMPO)
Rance J. DeLong LynuxWorks, Santa Clara University, consultant
Thomas Hui
Air Force Cryptographic Modernization Program Office (CMPO)
Michael Putney
Wilmar Sifre
AFRL Information Directorate, Computing Architectures Branch

Contact: Workshop Chairman

Rance J. DeLong -- LynuxWorks, Santa Clara University, Consultant