HILT 2018 Workshop on Languages and Tools for Ensuring Cyber-Resilience in Critical Software-Intensive Systems
This is the fifth in the HILT series of conferences and workshops focused on the use of High Integrity Language Technology to address challenging issues in the engineering of software-intensive critical systems. HILT 2018 will focus on addressing cybersecurity and cyber-resilience issues that arise in real-time, embedded, and/or safety-critical systems. Submissions are encouraged describing theoretical and practical efforts related to the use of safe languages, formal methods, model-based development, and advanced static analysis to identify and mitigate cybersecurity vulnerabilities in software-intensive systems. The workshop will bring together academic, industrial, and government researchers and practitioners focused on the use of these advanced language technology and tools, with a particular focus on addressing the growing cybersecurity threats.
Keynotes at HILT 2018
Common Vulnerabilities Enumeration (CVE), Common Weakness Enumeration (CWE), and Common Quality Enumeration (CQE) – Attempting to systematically catalog the safety and security challenges for modern, networked, software-intensive systems.
DARPA’s new Cyber-Assured Systems Engineering (CASE) Program – Motivations, Challenges, and Technical Approaches to addressing cyber-resilience in critical software-intensive systems
Workshop on Languages and Tools for Ensuring Cyber-Resilience in Critical Software-Intensive Systems
As part of SPLASH 2018, November 5 & 6, 2018, Boston, MA, USA
Sponsored by ACM SIGAda
The High Integrity Language Technology (HILT) 2018 Workshop is focused on the cyber-resilience needs of critical software systems, where such a system must be trusted to maintain a continual delivery of services, as well as ensuring safety in its operations. Such needs have common goals and shared strategies, tools, and techniques, recognizing the multiple interactions between security and safety.
We encourage papers and extended abstracts relating to:
- Language features that can be used to build security and/or safety into software-intensive systems; Approaches to apply effectively the emerging technologies of AI and Machine Learning in critical software systems;
- Mechanisms that can be used to understand, certify, and manage systems that are “data driven,” relying on “soft code,” where control flow and algorithms are expressed using data rather than “hard code” expressed directly in programming languages;
- Extending contract-based programming to specifying security resistance and resilience properties as well as safety and/or correctness properties;
- Strategies to minimize risk when applying complex software requirements to cyber-physical systems;
- Modeling and/or programming language features and analysis techniques that aid in code analysis and verification and that increase the level of abstraction and expressiveness;
- Language features that support continuous requirements maturation to support evolving needs, particularly in cyber-physical systems, while ensuring that security and safety properties are preserved.
This workshop is designed as a forum for communities of researchers and practitioners from academic, industrial, and governmental settings, to come together, share experiences, and forge partnerships focused on integrating and deploying tool and language combinations to address the challenges of building cyber-resilient software-intensive systems. The workshop will be a combination of presentations and panel discussions, with one or more invited speakers.
Attendees wishing to present at the workshop should prepare full papers (approx. 6-8 pages), or extended abstracts (approx. 2-4 pages) for their proposed presentations, and the workshop program committee will select presentations and organize them into sessions. Other interested participants are welcome to register for the HILT 2018 Workshop as part of their SPLASH 2018 registration.
Aug 1now Aug 17: Papers or Extended abstracts due; Sep 1now Sep 17: Notification of submissions accepted for presentation Oct 1now Oct 10: Final submissions due
- Nov 5&6: Workshop as part of SPLASH 2018
Please submit papers and extended abstracts, by Aug 17, 2018, on HotCRP: https://hilt18.hotcrp.com/
- Bill Bail, MITRE
- Tucker Taft, AdaCore, Inc
- Dirk Craeynest, ACM SIGAda International Representative, KU Leuven
- Drew Hamilton, Chair, ACM SIGAda, Mississippi State University, CCI
- Clyde Roby, Secretary-Treasurer, ACM SIGAda, Institute for Defense Analyses
- Alok Srivastava, Editor, ACM Ada Letters, Engility Corp.
- Ricky E. Sward, Past Chair, ACM SIGAda, MITRE
- SPLASH 2018: http://www.splashcon.org
- HILT 2018 Information: http://sigada.org/conf/hilt2018
- HILT 2018 Submissions: https://hilt18.hotcrp.com/
- ACM SIGAda: http://sigada.org
Written with StackEdit.
Mon 5 NovDisplayed time zone: Guadalajara, Mexico City, Monterrey change
08:30 - 10:00
|Welcome to the HILT 2018 Workshop
|CVE, CWE, CQE and all that -- enumerating the security and safety challenges for networked softwareKeynote
Robert A. Martin The MITRE Corporation
10:30 - 12:00
|Programming Language Systems for Developing Cyber Resilient Software
David A. Wheeler IDA
|Cyber-Resilience: What does it really mean, and how do we design it into our systems?
Deborah Bodeau The MITRE Corporation
13:30 - 15:00
|Tool support for Confidentiality by Construction
S: Tobias Runge TU Braunschweig, S: Ina Schaefer Technische Universität Braunschweig, Alexander Knüppel TU Braunschweig, Germany, Loek Cleophas Eindhoven University of Technology (TU/e) and Stellenbosch University, Derrick Kourie Stellenbosch University, Bruce Watson Stellenbosch University; and Centre for AI Research, CSIR
|Panel on Language-based Security
15:30 - 17:00
|SPARK by Example: an introduction to formal verification through the standard C++ library
|Soundness of a Dataflow Analysis for Memory Monitoring
|Minimal Specifications for Detecting Security Vulnerabilities
|6:30PM HILT Banquet at Legal Seafoods, Park Plaza, preceded by SIGAda EC meeting from 5:15 to 6:15PM
Tue 6 NovDisplayed time zone: Guadalajara, Mexico City, Monterrey change
08:30 - 10:00
|SIGAda Awards and Sponsor Intros
|SAFECode.org and Secure Software Development Practices
Eric Baize SAFECode / Dell
|DARPA CASE program, motivation and challengesKeynote
Raymond Richards DARPA
10:30 - 12:00
|SpeAR – Using a formal specification language for safety and security
Lucas Wagner Rockwell Collins
|Architecture-level security in a safety-critical system
13:30 - 15:00
|Who decides what is allowed? User Interactions and Permissions Use on Android
Jeffrey S. Foster Tufts University
|A Language for Programmable Hardware Security
Chris Casinghino Draper Laboratory
15:30 - 17:00
|Security Showcae -- Modernizing Static Analysis Tools to Facilitate Integrations
Paul Anderson GrammaTech, Inc
|Security Showcase -- Ensuring Cyber Resilience through Entropy-Augmented Replication
Mario Troiani Virtual Software Systems
|Security Showcase -- SPARK Formal Verification for Security