Securely Taking On New Executable Stuff Of Uncertain Provenance

Workshop meeting agenda, 6 August 2008

[Workshop location and logistics]

The goal is to study whether it is possible to securely run software of uncertain provenance, improving the assurance and substantially reducing the cost of certifying security properties of mission-critical software systems. Questions of interest include:

The day will be structured mostly as short position statements from participants (10 minutes plus time for short questions), followed by longer discussion periods. It's important to keep position statements short so we have time for substantive discussions. Also, please think about the questions above in preparing your position statement.

Schedule, August 6

8:30–8:45 Welcome (Andrew Myers)

8:00–9:00 Preliminary study briefing (Andrew Myers)

9:00–12:00 Discussion

12:00–1:00 Lunch

12:15–3:00 Briefings and discussion
12:15–12:45 Toward a systems perspective on software assurance (Mitchell Komaroff)
1:45–2:30 Certification and accreditation and independent software quality assessment (Francis Mayer)
2:30–3:00 Rose: an open source-to-source compiler for analysis and transformation of source code and binary (Dan Quinlan)

3:30–5:30 Study briefing working session


Mitchell Komaroff (DoD, OASD), Francis Mayer (US Army CECOM) Greg Morrisett (Harvard), Andrew Myers (Cornell), Dan Quinlan (LLNL), Mike Reiter (UNC), Konrad Vesey (NSA CAS), David Wheeler (IDA)