Home

SecSE 2011

Fifth International Workshop on Secure Software Engineering

In conjunction with ARES 2011
August 29- September 1, 2011

Budapest, Hungary 
http://www.ares-conference.eu/conf/

 

Preliminary Call for Papers
[PDF] [TXT] 

   

Introduction

Software is an integral part of everyday life, and we expect and depend upon software systems to perform correctly. Software security is about ensuring that systems continue to function correctly also under malicious attack. As most systems now are web-enabled, the number of attackers with access to the system increases dramatically and thus the threat scenario changes. The traditional approach to secure a system includes putting up defence mechanisms like IDS and firewalls, but such measures are no longer sufficient by themselves. We need to be able to build better, more robust and more secure systems. Even more importantly, however, we should strive to achieve these qualities in all software systems, not just the ones that need special protection.

This workshop will focus on techniques, experiences and lessons learned for engineering secure and dependable software. 

Topics

Suggested topics include, but are not limited to:
- Secure architecture and design
- Security in agile software development
- Aspect-oriented software development for secure software
- Security requirements
- Risk management in software projects
- Secure implementation
- Secure deployment
- Testing for security
- Quantitative measurement of security properties
- Static and dynamic analysis for security
- Verification and assurance techniques for security properties
- Lessons learned
- Security and usability
- Teaching secure software development
- Experience reports on successfully attuning developers to secure software engineering

Important dates:

- Submission Deadline: 

TBD

- Author Notification:    TBD
- Author Registration:   TBD
- Proceedings Version:  TBD
- Conference:   TBD
- Workshop: TBA 2011

 

 

Submission Guidelines

Authors are invited to submit research and application papers in IEEE Computer Society Proceedings Manuscripts style (two columns, single-spaced, including figures and references, using 10 pt fonts, and number each page). Please consult the IEEE CS Author Guidelines at the following web page:

http://www2.computer.org/portal/web/cscps/formatting

We solicit the submission of academic workshop papers (6 pages) representing original, previously unpublished work. Submitted papers will be carefully evaluated based on originality, significance, technical soundness, and clarity of exposition.

Duplicate submissions are not allowed. A submission is considered to be a duplicate submission if it is submitted to other conferences/workshops/journals or if it has been already accepted to be published in other conferences/workshops/journals. Duplicate submissions thus will be automatically rejected without reviews.

Contact author must provide the following information: paper title, authors' names, affiliations, postal address, phone, fax, and e-mail address of the author(s), about 200-250 word abstract, and about five keywords. Paper registration and submission is done through the ARES & CISIS 2010 Paper Management System at the following address:

https://stdev.ifs.tuwien.ac.at/ares2010/

Submission of a paper implies that should the paper be accepted, at least one of the authors will register for the ARES conference and present the paper in the workshop. Accepted papers will be given guidelines in preparing and submitting the final manuscript(s) together with the notification of acceptance. Note that SecSE 2010 does not require anonymized submissions.

Publication

All accepted papers will be published as ISBN proceedings published by the IEEE Computer Society, and will be available online through IEEE Xplore (EI indexing).

Journal special issue: Distinguished papers submitted to SecSE will be invited for possible publication in the International Journal of Secure Software Engineering (ISSN 1947-3036 - http://www.igi-global.com/ijsse).

Organizing committee:

Martin Gilje Jaatun, SINTEF ICT, Norway
Torbjørn Skramstad, Norwegian University of Science and Technology (NTNU)
Lillian Røstad, Norwegian University of Science and Technology (NTNU)

Enquiries to the organizing committee may be sent to:
SecSE “replace with at-character” sislab.no

Program committee (to be confirmed)

Rubén Alonso, Visual Tools, Spain
Sergey Bratus, Dartmouth College, USA
Ana Cavalli, GET/INT, France
Estibaliz Delgado, European Software Institute, Spain
Ivan Flechais, University of Oxford, UK
Khaled M. Khan, Qatar University, Qatar
Andrea Lanzi, Institute Eurecom, France
Per Håkon Meland, SINTEF ICT, Norway
Khalid Mughal, University of Bergen, Norway
Jong Hyuk Park, Kyungnam University, Korea
Pierre Parrend, FZI, Germany
Holger Peine, FH Hannover, Germany
Chunming Rong, University of Stavanger, Norway
Lillian Røstad, NTNU, Norway
Riccardo Scandariato, KU Leuven, Belgium
Christoph Schuba, Sun Microsystems Inc., USA
Nahid Shahmehri, Linköping University, Sweden
Torbjørn Skramstad, NTNU, Norway
Panagiotis Trimintzios, ENISA, EU 
Bart De Win, KU Leuven, Belgium
Stephen Wolthusen, Royal Holloway University of London, UK 
George Yee, Carleton University, Canada
Gansen Zhao, South China Normal University, China
Mohammad Zulkernine, Queens University, Canada

Published March 2, 2010

Previous workshops

SecSE 2010

The fourth international workshop on secure software engineering (SecSE'10) was held in Krakow, Poland, on February 16th 2010. The following papers were presented:

1. #2298: Investigating the limitations of Java annotations for input validation
       Authors : (Federico Mancini, Dag Hovland, Khalid Mughal, )
   2. #2335: Practical Experience gained from Modeling Security Goals
       Authors : (Christian Jung, Frank Elberzhager, Alessandra Bagnato, Fabio Raiteri, )
   3. #2345: Security modeling and tool support advantages
       Authors : (Egilv Trygve Baadshaug, Gencer Erdogan, Per Håkon Meland )
   4. #2348: Supporting Authorization Policy Modification in Agile Development of Web Applications
       Authors : (Steffen Bartsch)
   5. #2352: The road to Hell is paved with good intentions: A story of (in)secure software development
       Authors : (Richard Sassoon, Martin Gilje Jaatun, Jostein Jensen, )
   6. #2353: Classification of Buffer Overflow Vulnerability Monitors
       Authors : (Hossain Shahriar, Mohammad Zulkernine )
   7. #2358: Katana: A Hot Patching Framework for ELF Executables
       Authors : (Ashwin Ramaswamy, Sergey Bratus, Sean W. Smith, Michael E. Locasto, )
   8. #2361: Analysing and Visualising Security and Usability in IRIS
       Authors : (Shamal Faily, Ivan Flechais)
   9. #2362: Configuration Fuzzing for Software Vulnerability Detection
       Authors : (Huning Dai, Christian Murphy, Gail Kaiser, )
  10. #2364: Link-Layer Aware Intelligent Scanning and Mitigation Agents
       Authors : (Ziyad Al-Salloum, Stephen Wolthusen, )


We received a total of 18 submissions this year, reflecting a 56% acceptance ratio.

SecSE 2009

The third international workshop on secure software engineering (SecSE'09) was held in Fukuoka, Japan, March 16th-19th 2009.

We considered 15 papers, and accepted 10 which are available in full text in the ARES'09 proceedings.

SecSE 2008

The second international workshop on secure software engineering (SecSE'08) was held in Barcelona in March 2008, and the following papers were presented:

1. Security requirement engineering at a Telecom provider
Albin Zuccato, Viktor Endersz and Nils Daniels
2.Identifying Security Aspects in Early Development Stages
Takao Okubo and Hidehiko Tanaka
3. Using security patterns to combine security metrics
Thomas Heyman, Riccardo Scandariato, Christophe Huygens and Wouter Joosen
4. Covering Your Assets in Software Engineering
Martin Gilje Jaatun and Inger Anne Tøndel
5. Secure Software Design in Practice
Per Håkon Meland and Jostein Jensen
6. A Non-Intrusive Approach to Enhance Legacy Embedded Control Systems with Cyber Protection Features
Shangping Ren and Kevin Kwiat
7. Towards Incorporating Discrete-Event Systems in Secure Software Development
Sarah Whittaker, Mohammad Zulkernine and Karen Rudie
8. How to Open a File and Not Get Hacked
James Kupsch and Barton Miller
9. Rules of Thumb for Developing Secure Software: Analyzing and consolidating two proposed sets of rules
Holger Peine

Full-text versions of the papers are available from  IEEEXplore.

SecSE 2007

The first international workshop on secure software engineering (SecSE'07) was held in Vienna in April 2007, and the following papers were presented:

1. Using Privacy Process Patterns for Incorporating Privacy Requirements into the System Design Process
Christos Kalloniatis, Evangelia Kavakli, Stefanos Gritzalis
2. How can the developer benefit from security modeling?
Shanai Ardi, David Byers, Per Håkon Meland, Inger Anne Tøndel, Nahid Shahmehri
3. AProSec: an Aspect for Programming Secure Web Applications
Laurence Duchien, Roberto Gomez, Gabriel Hermosillo, Lionel Seinturier
4. Empirical and statistical analysis of techniques for threat management based on risk analysis
Koen Buyens, Bart De Win, Wouter Joosen
5. Secure Software Development through Coding Conventions and Frameworks 
Takao Okubo, Hidehiko Tanaka
6. Pastures: Towards Usable Security Policy Engineering 
Sergey Bratus, Doug McIlroy, Alex Ferguson, Sean Smith
7. A Novel Approach to Building Secure Systems
Dragan Vidakovic, Dejan Simic

These papers can be found in the Proceedings of ARES 2007
     Copyright © SINTEF      |    This is a mailto link    |    This is a mailto link  
uiqt|wBqvnwH{qv|mn5vwqvnwH{qv|mn5vwuiqt|wB%wmjui{|mzH{qv|mn5vw%wmjui{|mzH{qv|mn5vw