CFP - Workshop on Modelling and Detection of Vulnerabilities (MDV 2010)

Call for Papers International Workshop on Modelling and Detection of Vulnerabilities (MDV 2010) Telecom Paris Tech, Paris, France, 10 April 2010 http://www.shields-project.eu/?q=node/62 In conjunction with ICST 2010 Third International Conference on Software Testing, Verification and Validation Paris, France (http://vps.it-sudparis.eu/icst2010/) Organizing committee: Alessandra Bagnato (TXT e-solutions, Corporate Research Division, Italy) Wissam Mallouli (Montimage, France) Amel Mammar (Telecom SudParis, France) Enquiries to the organizing committee may be sent to: wissam.mallouli?replace with at-character?montimage.com Introduction With the quick proliferation of complex, open and distributed systems, any software security breach becomes a real issue that needs to be fixed since these systems are often used in critical domains like transport, finance, politic, etc which makes attackers more and more motivated to cause important damages by exploiting security vulnerabilities. To improve the software security, several techniques have been developed but the problem remains unsolved. The objective of this workshop is to share ideas, methods, techniques, and tools that help users model and detect vulnerabilities in software. The workshop will try to bring together people from both academia and industry, from all the different areas that want to develop new techniques to model and detect vulnerabilities, to report their experience on using tools or methods to detect vulnerabilities. This workshop with try to answer the following questions: ? How vulnerability modelling can help user to understand the occurrence of vulnerabilities to avoid them? ? What are the advantages/drawbacks of the existing models to represent vulnerabilities? Are they satisfactory? Otherwise, how they can be improved? ? What are the existing techniques to detect vulnerabilities? Are they satisfactory? Otherwise, how they can be improved? ? How verification and testing techniques can help to detect and prevent vulnerabilities? ? How tools can help developers to detect vulnerabilities and improve the software quality? Topics The workshop addresses different techniques to model and detect vulnerabilities. The topics of interest include, but are not restricted to: ? Security requirements definition and modelling ? Security goals modelling ? Security and vulnerability modelling ? Formal approaches for vulnerability detection ? Testing and verification techniques for vulnerability detection ? Formal approaches for security validation ? Theorem proving for vulnerability detection ? Good practises for security flaws avoidance ? Security related Tools (modelling, checking) Important dates: Paper submission: 15 January 2010 Notification of acceptance: 1 March 2010 Final manuscript due: 21 March 2010 Workshop: 10 April 2010 Submission Guidelines Authors are invited to submit research and application papers in IEEE Computer Society Proceedings Manuscripts style (two columns, single-spaced, including figures and references, using 10 pt fonts, and number each page). Please consult the IEEE CS Author Guidelines at the following web page: http://www2.computer.org/portal/web/cscps/formatting The workshop is open to contributions that focus on methods and tools to modelling and detecting vulnerabilities. Industrial experience report (success story and even failed ones), progress, new methods and solutions in that context are very encouraged. In all these cases, we expect well-focused contributions to help participants understand problems, open issues, and available solutions, and also to foster rich and fruitful discussions. Papers should try to be bold and visionary, but limited to 10 pages. The emphasis should be on defining and setting problems, on technical details of proposed solutions, or on the rationale behind success stories. Contact author must provide the following information: paper title, authors' names, affiliations, postal address, phone, fax, and e-mail address of the author(s), about 200-250 word abstract, and about five keywords. Paper registration and submission is by email attachment (Word format) to wissam.mallouli?replace with at-character?montimage.com Proceedings Workshop Proceedings will be published in the IEEE Digital Library with assigned ISBN. Program committee Paul Ammann (George Mason University, USA) Alessandra Bagnato (TXT e-solutions, Corporate Research Division, Italy) Ana Cavalli (GET/INT, France) Fr?d?ric Cuppens (Telecom Bretagne, France) Khaled El Fakih (American University of Sharjah, UAE) Roland Groz (LIG, France) Mohamed Jmaiel (University of Sfax, Tunisia) Khaled Khan (University of Western Sydney, Australia) Keqin Li (SAP Research labs, France) Wissam Mallouli (Montimage, France) Amel Mammar (Telecom SudParis, France) Per H?kon Meland (SINTEF, Norway) Matteo Meucci (OWASP-Italy Chair, OWASP Testing Guide lead, Italy) Domenico Rotondi (TXT e-solutions, Italy) Txus S?nchez (ESI, Spain) Nahid Shahmehri (Linkoping University, Sweden) Bachar Wehbi (Montimage, France) Nina Yevtushenko (Tomsk State Unviversity, Russia) Workshop Location: The MDV Workshop will be held in the heart of Paris at Telecom ParisTech (http://www.telecom-paristech.fr/en/). This engineering school is situated in the south-eastern part of the French capital, the 13th district. It is in the middle of the picturesque district of Butte-aux-Cailles and will benefit from the dynamics of the economic, academic and socio-cultural activities of left bank of the Seine River. Sponsored by: SHIELDS Project (http://www.shieldsproject.eu/) Alessandra Bagnato Corporate Research Division - TXT e-solutions S.p.A Via al Ponte Reale 5 - Genova - Italy Phone: +39 0225771 725 Mobile: +39 348 6913749 mail. alessandra.bagnato@txt.it