SESS at ICSE 2010 - Call for Papers

Call for Papers: SESS at ICSE 2010 The 6th International Workshop on Software Engineering for Secure Systems (SESS'10) http://homes.dico.unimi.it/~monga/sess10.html May 2, 2010 (one day) In conjunction with the 32nd Int'l Conf on Software Engineering (ICSE 2010), Cape Town, South Africa, 1-8 May 2010. * Theme and goals: Software is at core of most of the business transactions and its smart integration in an industrial setting may be the competitive advantage even when the core competence is outside the ICT field. As a result, the revenues of a firm depend directly on several complex software-based systems. Thus, stakeholders and users should be able to trust these systems to provide data and elaborations with a degree of confidentiality, integrity, and availability compatible with their needs. Moreover, the pervasiveness of software products in the creation of critical infrastructures has raised the value of trustworthiness and new efforts should be dedicated to achieve it. However, nowadays almost every application has some kind of security requirement even if its use is not to be considered critical. Thus, designers have to cope with the complexity of insecure operating environments by considering threats to their application correctness. Security concerns should be taken into account as early as possible, and not added to systems as an after-thought: this is extremely expensive and it may compromise the design integrity in critical ways. Security features such as cryptographic protocols and tamper-resistant hardware cannot be simply added on to transform an insecure product to a secure one. Security solutions and patterns are hard to reuse in different contexts, they crosscut all the system components and a vulnerability alone might compromise the trustworthiness of the whole system. Thus, not surprisingly, several security holes are recurrent, notwithstanding the experience accumulated by security research in the last decades. Software engineers and practitioners should assimilate basic security techniques and discover new techniques for integrating them in the current practice, while understanding associated costs and benefits. Several well-established software engineering disciplines such as verification, testing, program analysis, process support, configuration management, requirement engineering, etc. could contribute to improving security solutions that sometimes lack a coherent methodological approach. Or, as it is the case of security standards proposed by the Common Criteria or BS7799, present challenges that prevent integration with mainstream software engineering practice. The SESS workshop aims at providing a venue for software engineers and security researchers to exchange ideas and techniques. The previous SESS workshops were held in conjunction with the past edition of ICSE. We are looking for unpublished original contributions. Accepted papers will be included into ICSE proceedings. A post-workshop special issue of a scientific journal is under negotiation. (Best papers from the previous workshops were published in the SESS special issue of "Information and Software Technology" and "Computers and Security" journals.) We also seek short proposals that explicitly give the audience the opportunity to gain hands-on experience with these research technologies or interactively demonstrate the developed tools. Any proposed experiment or demonstrations will have a poster display during the workshop. Authors are expected to submit both an extended abstract (1 page limit) and a poster in PDF. The extended abstract will not be published in the proceedings, thus no format requirements will be enforced on extended abstracts and posters. The programs will include a keynote speaker, research presentation (short and long), panel discussion, and the poster session. * Topics (Areas of interest include, but are not limited to) - Security requirements management - Architecture and design of trustworthy systems - Architecture and design of protection systems - Separation of the security concern in complex systems - Model driven security - Secure programming - Black box components trustworthiness - Security testing - Static analysis for security - Trustworthiness verification and clearance - Defining, supporting the process of building secure software - Deployment of secure applications - Monitoring and maintenance of the security solution - Security usability - Modeling & integrating dependability requirements with security constraints - Secure software/process certification and accreditation in socio-technical environment Workshop papers must be limited to 7 pages in the ICSE two column format. http://www.sbs.co.za/ICSE2010/ and should be submitted through the SESS09 submission system. http://www.easychair.org/conferences/?conf=sess10 * Important dates Submission of workshop papers - 20 January 2010 Notification of workshop papers - 15 February 2010 Publication-ready version - 3 March 2010 Submission of posters - 1 April 2010 Workshop dates - 2 May 2010 * Steering Committee Seok-Won Lee, University of North Carolina at Charlotte, USA Mattia Monga, Università degli Studi di Milano, Italy Bashar Nuseibeh, Open University, UK Alex Orso, Georgia Institute of Technology, USA Sam Redwine, James Madison University, USA * Organizing Committee (Workshop Chairs) Jan Jürjens, Technical University Dortmund, Germany, jan.jurjens@cs.tu-dortmund.de Seok-Won Lee, University of North Carolina at Charlotte, USA, seoklee@uncc.edu Mattia Monga, Università degli Studi di Milano, Italy, mattia.monga@unimi.it * Program Committee Davide Balzarotti, Eurecom, France Andreas Bauer, National ICT Australia, Australia Kosta Beznosov, University of British Columbia, Canada Pau-Chen Cheng, IBM TJ Watson Research Center, USA Mihai Christodorescu, IBM TJ Watson Research Center, USA Dave Clarke, Katholieke Universiteit Leuven, Belgium Hyunsook Do, North Dakota State University, USA Robin Gandhi, University of Nebraska at Omaha, USA Munawar Hafiz, University of Illinois, USA Charles B. Haley, Univ. College of Technology and Innovation Kuala Lumpur, Malaysia Jaejoon Lee, Lancaster University, UK Lorenzo Martignoni, Università degli Studi di Udine, Italy William Robertson, University of California, Berkeley, USA Riccardo Scandariato, Katholieke Universiteit Leuven, Belgium Lin Liu, Tsinghua University, China Raimundas Matulevicius, University of Namur, Belgium Sjouke Mauw, University of Luxembourg, Luxembourg Thomas Santen, European Microsoft Innovation Center, Germany Wietse Z. Venema, IBM T.J. Watson Research Center, USA Liang Xiao, Royal College of Surgeons Ireland, Ireland