STPSA 2012 - 7th IEEE International Workshop on Security,Trust, and Privacy for Software Applications

Our societies are increasingly dependent on software applications. Software applications must be engineered with reliable protection mechanisms with respect to security, privacy, and trust (STP), while still delivering the expected value of applications to end-users. Nonetheless, the scale and severity of security attacks on software applications have continued to grow at an ever-increasing pace. Potential consequences of a compromised software application have also become more and more serious as many high-profile attacks are reportedly targeting software applications used in industrial control systems at nuclear power plants, in implanted heart defibrillators, and in military satellites. This situation has been worsened by recent technological developments, including pervasive computing, mobile devices, Web applications and cloud computing, which have made the untrusted Internet an integral component of software applications. The traditional approaches to securing a software application (e.g., anti-virus) alone are no longer sufficient to address the STP issues of such emerging software applications. The STP issues must be addressed throughout the lifecycle of a software application, including its design, implementation, testing, and deployment. The principal obstacle in developing STP-aware software is the lack of consideration, methods, and tools for addressing STP issues under current approaches to software applications development.
Topics of interest
? STP challenges and solutions in Web-based applications
? STP challenges and solutions in cloud-based applications
? STP challenges and solutions in pervasive software applications
? STP challenges and solutions in mobile software applications
? STP challenges and solutions in e-services, e.g. e-health, e-government, e-banking, etc.
? STP challenges and solutions in distributed or sensor-based software applications
? STP specific software development practices
? STP requirements elicitation and specification
? Models and languages for STP-aware software specification and design
? Architecture for STP-aware software development
? Testing STP properties of software applications
? STP management and usability issues in software applications
? User interfaces for STP-aware software applications
? Software reengineering for STP-aware software applications
? Tradeoffs among security, privacy, trust, and other criteria
? STP-aware service discovery mechanisms for pervasive computing environments
? Teaching STP-aware software development
? Experience reports on developing STP-aware software