SESS 2011 - The 7th International Workshop on Software Engineering for Secure Systems (SESS'11)

The 7th International Workshop on Software Engineering for Secure Systems (SESS'11)

Soft and secure

Waikiki, Honolulu, Hawaii, 22 May 2011
A one day workshop in conjunction with the 33rd International Conference on Software Engineering (ICSE 2011); Stay tuned with our RSS feed!

Theme and goals (PDF Call for papers)
Topics
Important dates
Program Committee
Theme and goals

Nowadays software systems are as flexible as ever: they adapt themselves to the context of operation and their evolving environments. Nevertheless, they should always operate in a secure manner by preserving privacy and trust among the involved parties, even if the dynamic and decentralized nature of these systems poses several challenges in order to protect the exchange of data or services and guarantee the fairness of the system as a whole. Software is at core of most of the business transactions and its smart integration in an industrial setting may be the competitive advantage even when the core competence is outside the ICT field. As a result, the revenues of a firm depend directly on several complex software-based systems. Thus, stakeholders and users should be able to trust these systems to provide data and elaborations with a degree of confidentiality, integrity, and availability compatible with their needs and software engineers have to be familiar with the risks their design choices pose. All in all almost every application has today some kind of security requirement even if its use is not to be considered critical.

Moreover, the pervasiveness of software products in the creation of critical infrastructures has raised the value of trustworthiness and new efforts should be dedicated to achieve it. The cases in which no one has the complete control on all the components are increasingly common and relevant: for example, "mashup" applications pose several new security challenges since the designers could be partially unaware of the information exchanges that the users introduce into the system logic.

Security concerns should be taken into account as early as possible, and not added to systems as an after-thought: this is extremely expensive and it may compromise the design integrity in critical ways. Security features such as cryptographic protocols and tamper resistant hardware cannot be simply added on to transform an insecure product to a secure one. Security solutions and patterns are hard to reuse in different contexts, they crosscut all the system components and a single vulnerability alone might compromise the trustworthiness of the whole system. Thus, not surprisingly, several security holes are recurrent, notwithstanding the experience accumulated by security research in the last decades. Software engineers and practitioners should assimilate basic security techniques and discover new techniques for integrating them in the current practice, while understanding associated costs and benefits. Several well-established software engineering disciplines such as verification, testing, program analysis, process support, configuration management, requirement engineering, etc. could contribute to improving security solutions that sometimes lack a coherent methodological approach. Or, as it is the case of security standards proposed by the Common Criteria or BS7799, present challenges that prevent integration with mainstream software engineering practice. Moreover, applications are increasingly deployed in unanticipated environments and even the "attack surface" of an application can be difficult to assess at design time, for example in the now popular case of virtual hosting in which guest applications share physical resources that might open unwanted communication channels.

The SESS workshop aims at providing a venue for software engineers and security researchers to exchange ideas and techniques. Past editions (first, second, third, fourth, fifth, and sixth) were also held in conjunction of ICSE. Selected and extended version of the papers from the SESS07 and SESS08 have been published (after publisher's rigorous peer review process) to the special issue of the Information and Software Technology -- The Elsevier Journal, Vol. 51, Issue 7, July 2009; and the special issue of the Computers and Security -- The Elsevier Journal, Vol. 29, Issue 3, May 2010, respectively.

Topics

Areas of interest include, but are not limited to:

Security requirements management
Architecture and design of trustworthy systems
Architecture and design of protection systems
Separation of the security concern in complex systems
Model driven security
Secure programming
Black box components trustworthiness
Security testing
Static analysis for security
Trustworthiness verification and clearance
Defining and supporting the process of building secure software
Deployment of secure applications
Monitoring and maintenance of the security solution
Security usability
Modeling and integrating dependability requirements with security constraints
Secure software/process certification and accreditation in socio-technical environment
Workshop papers must be limited to 7 pages in the ICSE two column format. and should be submitted through the SESS'11 submission system.
We're also interested in having 1-2 presentations about the ideas of curricula development and experience reports on teaching computer security in software engineering courses.
We also solicit posters (with a page of abstract) and should be submitted to one of the workshop chairs. Accepted posters and a page of abstract will be displayed in the workshop for discussions.

Important dates

Submission of workshop papers
21 January 2011
Notification of workshop papers
19 February 2011
Publication-ready version
3 March 2011
Submission of posters
1 April 2011
Workshop dates
22 May 2011
Plans for discussion/networking at the workshop

The workshop will be organized with the following contents. The workshop will start with an invited talk and then the paper presentation (long and short) with Q/A. In the past, the workshop maintained a very interactive and dynamic atmosphere in the discussion of interesting and important topics. Also, a poster session throughout the workshop significantly promoted the dynamics of the interactive discussion. The session chair will wrap up with the discussion of research challenges that were raised during presentations.

Program Committe

Davide Balzarotti, Eurecom, France
Andreas Bauer, National ICT Australia, Australia
Hao Chen, University of California Davis, USA
Pau-Chen Cheng, IBM TJ Watson Research Center, USA
Mihai Christodorescu, IBM TJ Watson Research Center
Dave Clarke, Katholieke Universiteit Leuven, Belgium
Hyunsook Do, North Dakota State University, USA
Eduardo Fernàndez-Medina Patón, Universidad de Castilla-La Mancha, Spain
Donald Firesmith, Software Engineering Institute, USA
Robin Gandhi, University of Nebraska at Omaha
Munawar Hafiz, University of Illinois, USA
Lin Liu, Tsinghua University, China
Lorenzo Martignoni, University of California at Berkely, USA
Raimundas Matulevicius, University of Tartu, Estonia
Sjouke Mauw, University of Luxembourg
Nancy Mead, Software Engineering Institute, USA
Haris Mouratidis, University of East London, UK
William Robertson, University of California, Berkeley, USA
Thomas Santen European Microsoft Innovation Center, Germany
Riccardo Scandariato, Katholieke Universiteit Leuven, Belgium
Jörg Schreck, Telefonica O2 Munich, Germany
Wietse Z. Venema, IBM T.J. Watson Research Center
Liang Xiao, Royal College of Surgeons Ireland, Ireland
Mohammad Zulkernine, Queens University, Canada
Organizing Committe (Workshop Chairs)

Jan Jürjens, Technical University Dortmund, Germany
Seok-Won Lee, University of Nebraska-Lincoln, USA
Mattia Monga, Università degli Studi di Milano, Italy