[TYPES] *Extended Deadline* ASE WS "Software Certificate Management"

[Bernd Fischer]

[Types can serve as software certificates and typing systems as means of 
constructing certificates. Rich type systems can be used to represent 
much of the information which is of interest in a certification context. 
We are interested in any application of type systems to the problems and 
concerns of software certification.]


                   C A L L   F O R   P A P E R S


           *** Extended Deadline: September 12, 2005 ***

                       ASE Workshop on 

            Software Certificate Management (SoftCeMent)

                  http://ti.arc.nasa.gov/sc05/
                        November 8, 2005
                     Long Beach, California


Software certification demonstrates the reliability, safety, or security of
software systems in such a way that it can be checked by an independent
authority with minimal trust in the techniques and tools used in the
certification process itself. It can build on existing validation and
verification (V&V) techniques but introduces the notion of explicit software
certificates, which contain all the information necessary for an independent
assessment of the demonstrated properties. Software certificates support a
product-oriented assurance approach, combining different techniques and
forms of evidence (e.g., fault trees, "sign-offs", safety cases, formal
proofs, ...) and linking them to the details of the underlying software. 

A software certificate management system provides the infrastructure to
create, maintain, and analyze software certificates. It combines
functionalities of a database (e.g., storing and retrieving certificates)
and a make-tool (e.g., incremental re-certification). It can also maintain
links between system artifacts (e.g., design documents, engineering data
sets, or programs) and different varieties of certificates, check the
validity of certificates, provide access to explicit audit trails, enable
browsing of certification histories, and enforce system-wide certification
and release policies. It can at any time provide current information about
the certification status of each component in the system, check whether
certificates have been audited, compute which certificates remain valid
after a system modification, or even automatically start an incremental
recertification. 

The main goal of this workshop is to explore new technologies, underlying
principles, and general methodologies for supporting software certificate
management.

Topics of interest include, but are not limited to:

  * Formalisms and Concepts

      - Techniques for reasoning about certificate hierarchies and
        dependencies, authorities, properties, policies, or
        certification services
      - Formalized process models incorporating certification activities
      - Ontologies for concepts and metadata to describe structure and
        dependencies in developments

  * Tool support

      - Representation methods for software certificates
      - Software certificate databases
      - Integration of existing V&V tools in certificate management systems
      - Software certification environments
      - Security infrastructure

  * Software certification services

      - Certificate construction, editing, and revocation
      - Certificate maintenance and system recertification
      - Auditing

  * Applications

      - Integration into safety-critical development processes 
        (e.g., DO-178B)
      - Specific forms of certification
      - Software and system reconfiguration

More details can be found on the workshop webpage
http://ti.arc.nasa.gov/sc05. Authors are welcome to contact the
organizers to discuss the suitability of potential topics.


Submission:

Authors are invited to submit a position paper describing their
research background and current work or interest in the workshop
topics.  Short descriptions of implemented relevant systems are
acceptable as alternative. Authors of accepted system descriptions are
expected to demonstrate their systems during the workshop.

Submissions are restricted to 2000 words or approximately 4
pages. Electronic submissions are mandatory. Preferred formats are PDF
or PostScript. Please email your submission to
sc05 at email.arc.nasa.gov. Reviews and written feedback from the program
committee will be returned to the participants.



Important Dates:

  Submission       September 12, 2005
  Notification     October 5, 2005
  Camera-ready     October 21, 2005


Organizers:

  Ewen Denney      RIACS/NASA Ames
  Bernd Fischer    RIACS/NASA Ames
  Mark Jones       OGI/OSHU
  Dieter Hutter    DFKI


Program Committee:

  Sofia Guerra             Adelard
  Kelly Hayhurst           NASA Langley
  Connie Heitmeyer         Naval Research Laboratory
  Andrew Ireland           Heriot-Watt University
  Christoph Lueth          University of Bremen
  William B. Martin        National Security Agency
  Viswa (Vdot) Santhanam   Boeing


--
------------------------------------------------------------------------
Bernd Fischer              USRA/RIACS, Robust Software Engineering Group
M/S 269-2                                       fisch at email.arc.nasa.gov
NASA Ames Research Center         http://ase.arc.nasa.gov/people/fischer
Moffett Field, CA 94035, USA           +1(650)604-2977  fax 4036  rm 234