SecSE 2013

Seventh International Workshop on Secure Software Engineering

In conjunction with ARES 2013

September 2nd-6th 2013

Regensburg, Germany


Final Call for Papers


Software security is about protecting information and ensuring that systems continue to function correctly even when under malicious attack. The traditional approach of securing a system has been to create defensive walls such as intrusion detection systems and firewalls around it, but there are always cracks in these walls, and thus such measures are no longer sufficient by themselves. We need to be able to build better, more robust and more “inherently secure” systems, and we should strive to achieve these qualities in all software systems, not just in the ones that “obviously” need special protection. This workshop will focus on techniques, experiences and lessons learned for engineering secure and dependable software.

Suggested topics include, but are not limited to:

  • Secure architecture and design
  • Security in agile software development
  • Aspect-oriented software development for secure software
  • Security requirements
  • Risk management in software projects
  • Secure implementation
  • Secure deployment
  • Testing for security
  • Quantitative measurement of security properties
  • Static and dynamic analysis for security
  • Verification and assurance techniques for security properties
  • Security and usability
  • Design and deployment of secure services
  • Secure composition and adaptation of services
  • Teaching secure software development
  • Lessons learned
  • Experience reports on successfully attuning developers to secure software engineering

Important dates:

- Submission Deadline: 

March 30th 2013
- Author Notification:    May 7th, 2013
- Author Registration:   June 1st, 2013
- Proceedings Version:  June 1st, 2013
- Conference:   September 2-6th, 2013
- Workshop: September 3rd, 2013

Submission Guidelines

Authors are invited to submit research and application papers in CPS Proceedings Manuscripts style (two columns, single-spaced, including figures and references, using 10 pt fonts, and number each page). Please consult the CPS Author Guidelines at the following web page:

We solicit the submission of research papers (up to 10 pages) representing original, previously unpublished work. Submitted papers will be carefully evaluated based on originality, significance, technical soundness, and clarity of exposition.

Duplicate submissions are not allowed. A submission is considered to be a duplicate submission if it is submitted to other conferences/workshops/journals or if it has been already accepted to be published in other conferences/workshops/journals. Duplicate submissions thus will be automatically rejected without reviews.

Contact author must provide the following information: paper title, authors' names, affiliations, postal address, phone, fax, and e-mail address of the author(s), about 200-250 word abstract, and about five keywords. Paper registration and submission is done through the ARES 2013 Paper Management System at the following address:

Submission of a paper implies that should the paper be accepted, at least one of the authors will register for the ARES conference and present the paper in the workshop. No-show papers will be removed from the digital library after the workshop. Accepted papers will be given guidelines in preparing and submitting the final manuscript(s) together with the notification of acceptance.

Double blind review: SecSE (and ARES) now require anonymized submissions - please make sure that submitted paper contains no author names or obvious self-references.


All accepted papers will be published as ISBN proceedings published by Conference Publishing Services (CPS), and will be available online through IEEE Xplore (EI indexing).

Journal special issue: Distinguished papers submitted to SecSE will be invited to submit revised and extended versions for publication in the International Journal of Secure Software Engineering (ISSN 1947-3036 -

Organizing committee:

  • Martin Gilje Jaatun, SINTEF ICT, Norway (chair)
  • Lillian Røstad, Norwegian University of Science and Technology (NTNU)
  • Riccardo Scandariato, KU Leuven, Belgium

Enquiries to the organizing committee may be sent to:
SecSE “replace with at-character”

Alumni Program committee (to be confirmed)

Rubén Alonso, Visual Tools, Spain
Sergey Bratus, Dartmouth College, USA
Ana Cavalli, GET/INT, France
Estibaliz Delgado, Tecnalia, Spain
Zeta Dooly, TSSG, Ireland
Christophe Feltus, Centre de Recherche Public Henri Tudor, Luxembourg
Ivan Flechais, University of Oxford, UK
Khaled M. Khan, Qatar University, Qatar
Andrea Lanzi, Institute Eurecom, France
Gary McGraw, Cigital, USA
Per Håkon Meland, SINTEF ICT, Norway
Khalid Mughal, University of Bergen, Norway
Jong Hyuk Park, Kyungnam University, Korea
Pierre Parrend, Proxiad, France
Holger Peine, FH Hannover, Germany
Chunming Rong, University of Stavanger, Norway
Lillian Røstad, NTNU, Norway
Riccardo Scandariato, KU Leuven, Belgium
Christoph Schuba, Sun Microsystems Inc., USA
Hossain Shahriar, Kennesaw State University, USA
Nahid Shahmehri, Linköping University, Sweden
Torbjørn Skramstad, NTNU, Norway
Emin Tatli, Daimler TSS, Germany
Panagiotis Trimintzios, ENISA, EU 
Bart De Win, Ascure, Belgium
Stephen Wolthusen, Royal Holloway University of London, UK 
George Yee, Carleton University, Canada
Gansen Zhao, South China Normal University, China
Mohammad Zulkernine, Queens University, Canada

Published September 12, 2013

SecSE 2012

The sixth international workshop on secure software engineering (SecSE'12) was held in Prague, Czech Republic on August 21st 2012.

Session SecSE 1: Threats and approaches

  1. Representing Threats in BPMN 2.0
    (Per Håkon Meland, Erlend Andreas Gjære)
  2. Type classification against Fault Enabled Mutant in Java based Smart Card
    (Jean Dubreuil, Guillaume Bouffard, Jean-Louis Lanet, Julien Iguchi-Cartigny)
  3. Towards Concurrent Data Sampling using GPU Coprocessing
    (Mark M. Seeger, Stephen D. Wolthusen)

Session SecSE 2: Taxonomies and comparisons

  1. A Taxonomy of Time and State Attacks and Defenses
    (Horia Corcalciuc)
  2. Comparing Privacy Requirements Engineering Approaches
    (Kristian Beckers)
  3. A Comparative Study of Security Pattern Classifications
    (Aleem Alvi, Mohammad Zulkernine)

SecSE 2011

The fifth international workshop on secure software engineering (SecSE'11) was held in Vienna, Austria, on August 23-24 2011. In addition to an invited talk by Gary McGraw, the following papers were presented:

Session 1: 
    Indicator-based Security Evaluation for Service-oriented Environments
    Authors : Christian Jung, Manuel Rudolph, Reinhard Schwarz

    Security in Model Driven Development: A Survey
    Authors : Jostein Jensen, Martin Gilje Jaatun   

     Characterising and Analysing Security Requirements Modelling Initiatives
    Authors : Peter Karpati, Guttorm Sindre, Andreas L. Opdahl   

Session 2: 
    User-Centered Information Security Policy Development in a Post-Stuxnet World
    Authors : Shamal Faily, Ivan Flechais,

    Here's Johnny: a Methodology for Developing Attacker Personas
    Authors : Andrea Atzeni, Shamal Faily, John Lyle, Cesare Cameroni, Ivan Flechais,  

    Enhancing fuzzing technique for OKL4 syscalls testing
    Authors : Amaury Gauthier, Clément Mazin, Julien Iguchi-Cartigny, Jean-Louis Lanet,   

Session 3: (Wednesday)
    Optimising CAPTCHA generation to be more usable
    Authors : Suliman Alsuhibany, Aad van Moorsel,  

    Evaluating RBAC Supported Techniques and Their Validation and Verification
    Authors : Nafees Qamar, Yves Ledru, Akram Idani,

    The JavaSPI Framework for Security Protocol Implementation
    Authors : Matteo Avalle, Alfredo Pironti, Davide Pozza, Riccardo Sisto,

SecSE 2010

The fourth international workshop on secure software engineering (SecSE'10) was held in Krakow, Poland, on February 16th 2010. The following papers were presented:

   1. Investigating the limitations of Java annotations for input validation
       Authors : (Federico Mancini, Dag Hovland, Khalid Mughal, )
   2. Practical Experience gained from Modeling Security Goals
       Authors : (Christian Jung, Frank Elberzhager, Alessandra Bagnato, Fabio Raiteri, )
   3. Security modeling and tool support advantages
       Authors : (Egilv Trygve Baadshaug, Gencer Erdogan, Per Håkon Meland )
   4. Supporting Authorization Policy Modification in Agile Development of Web Applications
       Authors : (Steffen Bartsch)
   5. The road to Hell is paved with good intentions: A story of (in)secure software development
       Authors : (Richard Sassoon, Martin Gilje Jaatun, Jostein Jensen, )
   6. Classification of Buffer Overflow Vulnerability Monitors
       Authors : (Hossain Shahriar, Mohammad Zulkernine )
   7. Katana: A Hot Patching Framework for ELF Executables
       Authors : (Ashwin Ramaswamy, Sergey Bratus, Sean W. Smith, Michael E. Locasto, )
   8. Analysing and Visualising Security and Usability in IRIS
       Authors : (Shamal Faily, Ivan Flechais)
   9. Configuration Fuzzing for Software Vulnerability Detection
       Authors : (Huning Dai, Christian Murphy, Gail Kaiser, )
  10. Link-Layer Aware Intelligent Scanning and Mitigation Agents
       Authors : (Ziyad Al-Salloum, Stephen Wolthusen, )

We received a total of 18 submissions this year, reflecting a 56% acceptance ratio.

Older workshops