Skip Navigation
Home | Organization | News/Events | Research | Publications | Destinations | Partnering | Software
SC-05

Sponsered By:

ACM SIGSOFT
SIGSOFT

ACM SIGART
SIGART

SoftCeMent 05

Software Certificate Management 2005

Thanks to all the participants for a successful workshop!

Long Beach, California, USA
November 8, 2005

Software certification demonstrates the reliability, safety, or security of software systems in such a way that it can be checked by an independent authority with minimal trust in the techniques and tools used in the certification process itself. It can build on existing validation and verification (V&V) techniques but introduces the notion of explicit software certificates, which contain all the information necessary for an independent assessment of the demonstrated properties. Software certificates support a product-oriented assurance approach, combining different techniques and forms of evidence (e.g., fault trees, "sign-offs", safety cases, formal proofs, ...) and linking them to the details of the underlying software.

A software certificate management system provides the infrastructure to create, maintain, and analyze software certificates. It combines functionalities of a database (e.g., storing and retrieving certificates) and a make-tool (e.g., incremental re-certification). It can also maintain links between system artifacts (e.g., design documents, engineering data sets, or programs) and different varieties of certificates, check the validity of certificates, provide access to explicit audit trails, enable browsing of certification histories, and enforce system-wide certification and release policies. It can at any time provide current information about the certification status of each component in the system, check whether certificates have been audited, compute which certificates remain valid after a system modification, or even automatically start an incremental recertification.

The main goal of this workshop is to explore new technologies, underlying principles, and general methodologies for supporting software certificate management.

Topics of interest include, but are not limited to:

  • Formalisms and Concepts
    • Techniques for reasoning about certificate hierarchies and dependencies, authorities, properties, policies, or certification services
    • Formalized process models incorporating certification activities
    • Ontologies for concepts and metadata to describe structure and dependencies in developments
  • Tool support
    • Representation methods for software certificates
    • Software certificate databases
    • Integration of existing V & V tools in certificate management systems
    • Software certification environments
    • Security infrastructure
  • Software certification services
    • Certificate construction, editing, and revocation
    • Certificate maintenance and system recertification
    • Auditing
  • Applications
    • Integration into safety-critical development processes (e.g., DO-178B)
    • Specific forms of certification
    • Software and system reconfiguration

Authors are welcome to contact the organizers to discuss the suitability of potential topics.

Submission
Authors are invited to submit a position paper describing their research background and current work or interest in the workshop topics. Short descriptions of implemented relevant systems are acceptable as alternative. Authors of accepted system descriptions are expected to demonstrate their systems during the workshop.

Submissions are restricted to 2000 words or approximately 4 pages. Electronic submissions are mandatory. Preferred formats are PDF or PostScript. Please email your submission to sc05@email.arc.nasa.gov. Reviews and written feedback from the program committee will be returned to the participants.

Important Dates

Submission September 12, 2005
Notification October 5, 2005
Camera-ready October 21, 2005

Organizers

Ewen Denney RIACS/NASA Ames
Bernd Fischer RIACS/NASA Ames
Mark Jones OGI/OSHU
Dieter Hutter DFKI

Program Committee

Ewen Denney RIACS/NASA Ames
Bernd Fischer RIACS/NASA Ames
Sofia Guerra Adelard
Kelly Hayhurst NASA Langley
Connie Heitmeyer Naval Research Laboratory
Dieter Hutter DFKI
Andrew Ireland Heriot-Watt University
Mark Jones OGI/OSHU
Christoph Lüth University of Bremen
William B. Martin National Security Agency
Viswa (Vdot) Santhanam Boeing