Visible to the public Reasoning with Assurance Arguments under Uncertainty – Composing Formal and Non-Formal

A significant challenge in automating certification of software intensive complex computing systems is information heterogeneity that runs the gamut from non-formal artifacts such as safety analyses, operational guidance, unit tests, and simulation runs to, more recently, formal artifacts. An emerging approach to certification of such software systems is the use of assurance cases to provide goal-based arguments supported by evidence.


Visible to the public Affix: Binary Model Generation for Static Analysis

Static analysis and dynamic analysis are the yin and yang of program analysis. Static analysis has the benefit that it can reason about many, or all, runs of a program at once. However, to do that it must abstract aspects of the programs semantics. For large or complicated programs, the resulting imprecision can lead to an intolerable number of false-positive alarms. Dynamic analysis reasons about particular program executions precisely, using a (perhaps automatically generated) test suite.


Visible to the public ACE Assurance, Composed, and Explained

The state-of-the-art in systems assurance is based on testing, simulation and certification, and it is currently incorporating formal verification for some of the system's components. Formal verification has a limited use at present because it calls for a clean slate design and development, which are not always possible or practical, and because it is computationally challenging for large systems. Therefore, formal verification is commonly constrained to single software or hardware components that can be adequately modeled.


Visible to the public Integrated Data Space Randomization and Control Reconfiguration for Securing Cyber-Physical Systems

Cyber-Physical Systems (CPS) have been increasingly subject to cyber-attacks including code Non-control data attacks have become widely popular for circumventing authentication mechanisms in websites, servers, and personal computers. Moreover, in the context of Cyber-Physical Systems (CPS) attacks can be executed against not only authentication but also safety. With the tightly coupled nature between the cyber components and physical dynamics, any unauthorized change to safety-critical variables may cause damage or even catastrophic consequences.


Visible to the public Practical Application of SPARK to OpenUxAS: Initial Results

Formal methods provide powerful tools for the analysis of complex software, enabling engineers to establish assurance of high quality in their software. The SPARK language and tools build upon the foundation of Ada and allow engineers to program not only their software, but also their specifications and their proofs. SPARK thus provides engineers a practical, industrial strength formal method.


Visible to the public  SecureWorld St.Louis
Sep 18, 2019 9:00 am - Sep 19, 2019 5:00 pm EDT

"For over 17 years, we've stayed on top of global IT security issues and shared the critical knowledge and tools needed to protect against ever-evolving threats. Through our network of industry experts, thought leaders, practitioners, and solution providers, we collaborate to produce leading-edge, relevant content and educational opportunities."