MeSSa 2016 - 3rd International Workshop on Monitoring and Measurability of Software and Network Security

Security-related incidents are increasing, and at the same time our society is increasingly relying on cyber-physical systems. Systematic approaches to monitor and measure security are needed to build secure systems, including IoT and cloud services, and to offer security evidence for system designers and users. Security analysis and measuring on software architecture level produces evidence of security in the design phase, to deal with requirement trade-offs. Architecture-level security analysis supports "security by design". On the other hand, to understand overall security status and get a holistic view, architecture-level security analysis has to be extended to the operational system domain, and needs to include also the network level security monitoring and analysis. Thus, techniques to understand and scale the needs in both measurement and analytics are needed. Together these are able to provide the basis for security situational awareness in the modern complex software infrastructure. Security metrics may also support security adaptation and architecture-based evolution.
MeSSa 2016 solicits security-enhancing contributions on the following issues (but not limited to):
Security, trust and privacy metrics
Measurement systems and architectures
Internet of Things
Trusted cloud
Situational awareness and threat intelligence
Software Defined Networking and Network Function Virtualisation
Self-adaptive and cognitive security
Trade-off analysis and decision-making
Evolutionary techniques
Measuring at runtime
Security visualisation and analytics
Quality and uncertainty in security measurement and metrics
Anomaly detection
Forensics and data analytics
Taxonomies and ontologies on security metrics
Empirical case studies and pilots