The Twenty-Second Annual
High Confidence Software and Systems (HCSS) Conference
CALL FOR PRESENTATIONS
OVERVIEW
The twenty-second annual High Confidence Software and Systems (HCSS) Conference will be held virtually the week of May 16, 2022. We solicit proposals to present talks at the conference.
IMPORTANT DATES
- Abstracts Due: February 25, 2022
- Notification of Decisions: March 25, 2022
- HCSS Conference: Week of May 16, 2022
BACKGROUND
Our security, safety, privacy, and well-being increasingly depend upon the correctness, reliability, resilience, and integrity of software-intensive systems of all kinds, including cyber-physical systems (CPS). These systems must be capable of interacting correctly, safely, and securely with humans, with diverse other systems, and with the physical world even as they operate in changing, difficult-to-predict, and possibly malicious environments. New foundations in science, technology, and methodologies continue to be needed. Moreover, these methods and tools have to be transitioned into mainstream use to build and assure these systems—and to move towards more effective models for acceptance and certification.
CONFERENCE SCOPE, GOALS, AND VISION
The High Confidence Software and Systems (HCSS) Conference draws together researchers, practitioners, and management leaders from government, universities, non-profits, and industry. The conference provides a forum for dialogue centered upon the development of scientific foundations for the assured engineering of software-intensive complex computing systems and the transition of science into practice. The technical emphasis of the HCSS conference is on mathematically-based tools and techniques, scientific foundations supporting evidence creation, systems assurance, and security. The HCSS vision is one of engaging and growing a community—including researchers and skilled practitioners—that is focused around the creation of dependable systems that are capable, efficient, and responsive; that can work in dangerous or inaccessible environments; that can support large-scale, distributed coordination; that augment human capabilities; that can advance the mission of national security; and that enhance quality of life, safety, and security.
CONFERENCE THEMES
We invite submissions on any topic related to high-confidence software and systems that align with the conference scope and goals listed above. In addition, the 2022 HCSS Conference will highlight the following themes:
Autonomous IoT Systems
Internet of Things (IoT) continues to grow in complexity and scope, including automobiles, industrial control, aircraft and sea vessels, power grid management, “smart” home automation, connected cities, and medicine and healthcare, to name a few domains. Meanwhile, the autonomy of IoT systems in these domains continues to increase, particularly leveraging advances in artificial intelligence (AI) and machine learning (ML). The scale and scope of Autonomous IoT systems makes bounding and predicting their behavior more difficult while they become more integrated into our lives. Therefore, we solicit research and experience reports related to the problem of scaling up and applying formal methods tools to Autonomous IoT Systems. Example topics include but are not limited to:
- Applications of formal methods to predict, bound, and mitigate errors in AI/ML
- Applications of formal methods to specific Autonomous IoT domains
- Formal methods tool building and scaling to address Autonomous IoT challenges
- Applications of runtime checking and verification to bound Autonomous IoT systems
- Formal methods for compliance, audit, and regulation of Autonomous IoT systems
Cyber Defense of the Supply Chain
Complex high assurance systems depend not only on their components, but also the supply, implementation, and maintenance infrastructure for those components. This support ecosystem – referred to as supply chain – is frequently complex, interdependent, and outside the direct influence of system maintainers. Our dependence on them makes supply chains a part of our nation's critical infrastructure that must be designed, implemented, maintained and defended at a level similar to the systems they support. The phrase “supply chain as battlefield” sums up both the threat of supply chain compromise and the need to defend this vital infrastructure. Some known challenges include security and resilience, provenance, complexity management, composition and emergent behavior, and certification. Many unknown challenges remain to be discovered, documented and mitigated. We invite presentations on all aspects of predicting, operating, and defending our supply chain infrastructure including identifying emergent challenges unique to this evolving domain. Example topics include but are not limited to:
- Hardware/software verification related to supply chain assurance
- Attestation and provenance for software supply chains
- Connection of physical and digital fingerprints for system-of-systems supply chains
- Emergent challenges in supply chain verification
- Supply chain verification within specific domains (e.g., military, medical, automotive, etc.)
Identifying and Controlling Weird Machines
Weird machines are a theoretical framework to think about unintentional computational tools available through outside interfaces in a computing system, potentially exploitable by hackers to execute arbitrary shell code. In some cases, external inputs can cause memory writes beyond the bounds of an internal buffer, enabling an attacker to overwrite executable code on the target machine. In other cases, restrictions prevent directly writing code into executable regions of memory, but other available functions enable an attacker to cause a target machine to perform operations that are equivalent to some finite-state machine operating on some memory. Such arbitrarily powerful computational avenues have been found in a surprisingly wide variety of systems, yielding a view that to a sufficiently creative attacker, any complex system can be considered a weird machine available for them to program by carefully crafted external inputs. Some security, privacy, and reliability claims about critical systems implicitly assume such weird machines do not exist or are severely limited in capabilities. Thus identifying weird machines and the limits that can be assured or imposed on them, is key to providing high-assurance for any complex system. Example topics include but are not limited to:
- Discovery of weird machines in complex systems
- Principled limitations on the computational power of weird machines
- Containing the effects or actuators weird machines can leverage
- Formal analysis of expressiveness, storage, and bandwidth available to weird machines
Driving FM to Practice
Formal methods (FM) have a rich history spanning a half-century, and mathematical proof of properties of programs have been sought since Turing and the early days of computing. Despite these aspirations, FM has not taken hold due to barriers of scale, usability, engineering realism, and mission incentives. Recently, however, FM has advanced to the point that techniques are breaking through the barriers, and are now being adopted in a broader range of engineering organizations where reliability and assurance are highly critical, particularly in cloud infrastructure, operating system kernels, and other applications. This is timely, because assurance needs are ramping up due to the growing sophistication of modern cyber threats, as well as the increase in complexity and interconnection of systems. This session seeks presentations of research and application towards achieving broader practice of this critical technology and at increasing levels of usability, scalability, and experience. Example topics include but are not limited to:
- FM applied to novel domains
- Integration of FM into traditional developer and maintenance workflows
- The use of FM to augment or replace traditional testing and validation approaches
- Scaling FM in terms of users, system complexity, problem size, or computational resources
CONFERENCE PRESENTATIONS
The conference program features invited speakers, panel discussions, poster presentations, and a technical track of contributed talks.
Technical Track Presentations
The technical track features two kinds of talks:
· Experience reports. These talks inform participants about how emerging HCSS and CPS techniques play out in real-world applications, focusing especially on lessons learned and insights gained. Although experience reports do not have to be highly technical, they should emphasize substantive and comprehensive reflection, building on data and direct experience. Experience reports focus on topics such as transitioning science into practice, architecture and requirements, use of advanced languages and tools, evaluation and assessment, team practice and tooling, supply-chain issues, etc.
· Technical talks. These talks highlight state-of-the-art techniques and methods for high-confidence software systems with an emphasis on how those techniques and methods can be used in practice. Presenters of these talks should strive to make their material accessible to the broader HCSS community even as they discuss deep technical results in areas as diverse as concurrency analysis, hybrid reasoning approaches, theorem proving, separation logic, analysis, synthesis, analytics, various modeling techniques, etc.
If you are interested in offering a talk—or nominating someone else to be invited to do so—please upload an abstract of one page or less for your proposed talk or a one paragraph description of your nominee’s proposed talk by Friday, February 25, 2022 to https://cps-vo.org/group/hcss_conference/submit. Abstracts and nomination paragraphs should clearly indicate why the talk would be relevant to HCSS and which, if any, conference themes the talk would address. Notifications of accepted presentations will be made by Wednesday, March 25, 2022.
ADDITIONAL INFORMATION
Instructions for submitting print-ready abstracts and final slide presentations will be provided for accepted talks. Abstracts of accepted presentations will be included in the electronic proceedings booklet and posted on the conference website.
IMPORTANT DATES
Abstracts Due: February 25, 2022
Notification of Decisions: March 25, 2022
HCSS Conference: Week of May 16, 2022
PLANNING COMMITTEE
Co-Chairs
Patrick Lincoln, SRI International
Lee Pike, Amazon Web Service
Steering Group
June Andronick, Proofcraft
Perry Alexander, University of Kansas
Kathleen Fisher, DARPA
John Hatcliff, Kansas State University
John Launchbury, Galois, Inc.
Stephen Magill, Sonatype
Brad Martin, DARPA
Ray Richards, Leidos
Bill Scherlis, DARPA
Eric Smith, Kestrel Institute
Sean Weaver, National Security Agency
Matt Wilding, Collins Aerospace
Organizers
Katie Dey, Vanderbilt University
Regan Williams, Vanderbilt University
Sponsor Agency
NITRD HCSS Coordinating Group