Formal Approaches to Certifying Compliance (FACC)

A workshop on applying formal methods tools and techniques to certification and compliance problems.

FACC will be affiliated to CAV 2020. It will take place on July 19th 2020.

Co-chairs

Please direct inquiries to Mike Dodds.

Topic

Regulatory compliance is a requirement for many types of software systems. For example, cryptographic systems may be subject to FIPS 140-2 certifications, medical data systems must be HIPAA compliant, safety critical systems must adhere to standards such as ISO 26262, and cloud services used by the US government must achieve FedRAMP designation. Even after software is built and certified, changes to the software, no matter how minor, must often be recertified to ensure that they do not break previously-held assumptions.

Unfortunately, current approaches to compliance can be slow-moving and expensive. This pace directly clashes with modern software development, which is characterized by rapid change and enormous scale. For many organizations compliance imposes unacceptable cost and delay when shipping industry-strength software. In addition, compliance can perversely result in less reliable software, as bug fixes are delayed by certification processes.

Formal methods may offer solutions to this problem. We seek formal methods tools, solutions, capabilities, or techniques that can be inserted into certification processes to make them cheaper, faster, and more rigorous.

The FACC workshop will explore how formal methods tools and techniques can increase automation in compliance processes, and thereby help build software more cheaply and reliably. Our aim is to bring together industry, government, and academic experts to share ideas, scope problems, and develop future collaborations.

Topics of interest:

  • Case studies for certification and compliance
  • Generating auditable proofs
  • Detecting and analyzing changes
  • Automatically invalidating and regenerating evidence
  • Monitoring system boundaries
  • Generating reports suitable for human and machine certifiers

Confirmed Speakers

  • Neha Rungta - Amazon Web Services
  • Ray Richards - DARPA
  • Lucas Wagner - Collins Aerospace
  • Sazzadur Rahaman - Virginia Tech
  • Stephen Magill - MuseDev
  • Andrew Williams - Coalfire
  • Formal Approaches to Certifying Compliance

A CAV workshop on applying formal methods to certification and compliance.