![[Ada-Belgium]](/~dirk/.image/ada-belgium-icon.gif){kind=icon}
To the Ada-Belgium home page.
Date: Tue, 22 Dec 2009 17:17:13 +0100 From: Fabio Martinelli <Fabio.Martinelli@iit.cnr.it> To: seworld@sigsoft.org Subject: [SEWORLD] CfP: International Symposium on Engineering Secure Software and Systems (ESSoS) Call for participation ================ International Symposium on Engineering Secure Software and Systems (ESSoS) February 03-05, 2010 Pisa, Italy http://distrinet.cs.kuleuven.be/events/essos2010 In cooperation with ACM SIGSAC and SIGSOFT, and IEEE CS (TCSE) - Pending ----- REGISTRATION is open (early bird registration by Jan. 10th)!!! ------ CONTEXT AND MOTIVATION Trustworthy, secure software is a core ingredient of the modern world. Unfortunately, the Internet is too. Hostile, networked environments, like the Internet, can allow vulnerabilities in software to be exploited from anywhere. To address this, high-quality security building blocks (e.g., cryptographic components) are necessary, but insufficient. Indeed, the construction of secure software is challenging because of the complexity of modern applications, the growing sophistication of security requirements, the multitude of available software technologies and the progress of attack vectors. Clearly, a strong need exists for engineering techniques that scale well and that demonstrably improve the software's security properties. GOAL AND SETUP The goal of this symposium, which will be the second in the series, is to bring together researchers and practitioners to advance the states of the art and practice in secure software engineering. Being one of the few conference-level events dedicated to this topic, it explicitly aims to bridge the software engineering and security engineering communities, and promote cross-fertilization. The symposium will feature two days of technical program as well as one day of workshops. The technical program includes an experience track for which the submission of highly informative case studies describing (un)successful secure software project experiences and lessons learned is explicitly encouraged. TOPICS The Symposium seeks submissions on subjects related to its goals. This includes a diversity of topics including (but not limited to): - scalable techniques for threat modeling and analysis of vulnerabilities - specification and management of security requirements and policies - security architecture and design for software and systems - model checking for security - specification formalisms for security artifacts - verification techniques for security properties - systematic support for security best practices - security testing - security assurance cases - programming paradigms, models and DLS's for security - program rewriting techniques - processes for the development of secure software and systems - security-oriented software reconfiguration and evolution - security measurement - automated development - trade-off between security and other non-functional requirements - support for assurance, certification and accreditation --------------------------------- INVITED SPEAKERS Wed. 3 February 9:00 Invited Speaker: Andy Gordon (Microsoft Research) - Verification of Security Protocol Implementations Thu. 4 February 9:00 Invited Speaker: Angela Sasse (University College London) - Usable Security --------------------------------- TECHNICAL PROGRAM Wed. 3 February 9:00 Invited Speaker: Andy Gordon (Microsoft Research) - Verification of Security Protocol Implementations 10:00 Coffee Break 10:30 - Policy verification and enforcement I > Alfredo Pironti and Jan Jürjens - Formally-Based Black-Box Monitoring of Security Protocols > Martin Johns, Christian Beyerlein and Joachim Posegga - Secure Code Generation for Web Applications > Per Håkon Meland, Inger Anne Tøndel and Jostein Jensen - Reusability of threat models - an experimental evaluation (Idea) 12:00 Lunch 13:30 - Secure system and software development I > Nina Moebius, Kurt Stenzel and Wolfgang Reif - Formal Verification of Application-Specific Security Properties in a Model-Driven Approach > Giacomo A. Galilei and Vincenzo Gervasi - Enforcing consumer-specified security properties for modular software (Idea) > Ben Smith, Laurie Williams and Andrew Austin - On the Use of Grey Box Testing for Revealing SQL Injection-Related Error Message Information Leaks (Idea) 15:00 Coffee Break 15:30 Attack analysis and prevention I > Francesco Gadaleta, Yves Younan and Wouter Joosen - BuBBle: a Javascript engine level countermeasure against heap-spraying attacks > Philippe De Ryck, Lieven Desmet, Thomas Heyman, Frank Piessens and Wouter Joosen - Transparent client-side mitigation of malicious cross-domain requests > Igor Santos, Felix Brezo, Javier Nieves, Yoseba Penya, Borja Sanz, Carlos Laorden and Pablo Bringas - Opcode-sequence-based Malware Detection (Idea) ---------------------------------- Thu. 4 February 9:00 Invited Speaker: Angela Sasse (University College London) - Usable Security 10:00 Coffee Break 10:30 - Secure system and software development II > David Basin, Manuel Clavel, Marina Egea and Michael Schläpfer - Automatic Generation of Smart, Security-Aware GUIs > Albin Zuccato, Nils Daniels, Mikael Nilson and Cheevarat Jaampatom - Report: Modular safeguards to create holistic security requirement specifications for system of systems (Report) > Aida Omerovic, Anette Andresen, Håvard Grindheim, Per Myrseth, Atle Refsdal and Ketil Stølen - A Feasibility Study in Model Based Prediction of Impact of Changes on System Quality (Idea) 12:00 Lunch 13:30 - Policy verification and enforcement II > Stere Preda, Nora Cuppens-Boulahia, Frédéric Cuppens, Joaquin Garcia-Alfaro and Laurent Toutain - Model-driven Security Policy Deployment: Property Oriented Approach > Clara Bertolissi and Maribel Fernandez - Category-based authorisation models: operational semantics and expressive power > Achim D. Brucker and Helmut Petritsch - On the Efficient Evaluation of Access Control Constraints (Idea) 15:00 Coffee Break 15:30 Attack analysis and prevention II > Christian Hammer - Experiences with PDG-based IFC > James Walden, Maureen Doyle, Rob Lenhof and John Murray - Java vs. PHP: Security Implications of Language Choice for Web Applications (Idea) > Karsten Sohr and Bernhard Berger - Towards architecture-centric static security analysis of software (Idea) ------------------------------------ Fri. 5 February (Workshops) *** International Workshop on Policies for the Future Internet (http://www2.imm.dtu.dk/~ndra/PoFI/PoFI10.html) *** Workshop on Security Predictions (http://distrinet.cs.kuleuven.be/events/essos2010/program/SecurityPredictions.html) ORGANIZING COMMITTEE General chair: Fabio Martinelli (C.N.R., IT) Program co-chairs: Fabio Massacci (Universita di Trento, IT) and Dan Wallach (Rice University, USA) Publication chair: N. Zannone (Eindhoven Technical Univ., NL) Publicity chair: Yves Younan (Katholieke Universiteit Leuven, BE) PROGRAM COMMITTEE Juergen Doser (IMDEA, ES) Manuel Fahndrich (Microsoft Research, US) Michael Franz (UC Irvine, US) Dieter Gollmann (Hamburg University of Technology, DE) Jan Jurjens (Open University, UK) Seok-Won Lee (Univ. North Carolina Charlotte, US) Antonio Mana (University of Malaga, ES) Robert Martin (MITRE, USA) Mattia Monga (Milan University, IT) Fabio Massacci (Univ. of Trento) - Chair Haris Mouratidis (Univ. of East London, UK) Gunther Pernul (Universitat Regensburg, DE) Samuel Redwine (James Madison University, USA) David Sands (Chalmers Univ., SE) Riccardo Scandariato (Katholieke Universiteit Leuven, BE) Ketil Stolen (Sintef, NO) Jon Whittle (Lancaster University, UK) Mohammad Zulkernine (Queen's University, CA) Neeraj Suri (Tech. Univ. Darmstadt, DE) Yingjiu Li (Singapore Management Univ., SG) Hao Chen (UC Davis, US) Richard Clayton (Cambridge University, UK) Eduardo Fernandez-Medina (University of Castilla-La Mancha, ES) Yucel Karabulut (Office of CTO, SAP) Vijay Varadharajan (Maquarie Univ, AU) Jungfeng Yang (Columbia University, US) Dan Wallach (Rice University) - Chair STEERING COMMITTEE Jorge Cuellar (Siemens AG) Wouter Joosen (Katholieke Universiteit Leuven) - chair Fabio Massacci (Universita di Trento) Gary McGraw (Cigital) Bashar Nuseibeh (The Open University) Daniel Wallach (Rice University University)
From: Yves Younan <Yves.Younan@cs.kuleuven.be> To: Yves Younan <Yves.Younan@cs.kuleuven.be> Date: Wed, 9 Sep 2009 00:28:36 +0200 Subject: [ecoop-info] ESSOS - 2nd call for papers [Apologies if you receive this more than once] CALL FOR PAPERS ================ International Symposium on Engineering Secure Software and Systems (ESSoS) February 03-04, 2010 Pisa, Italy http://distrinet.cs.kuleuven.be/events/essos2010 In cooperation with ACM SIGSAC and SIGSOFT (and IEEE CS (TCSE) - Pending) CONTEXT AND MOTIVATION Trustworthy, secure software is a core ingredient of the modern world. Unfortunately, the Internet is too. Hostile, networked environments, like the Internet, can allow vulnerabilities in software to be exploited from anywhere. To address this, high-quality security building blocks (e.g., cryptographic components) are necessary, but insufficient. Indeed, the construction of secure software is challenging because of the complexity of modern applications, the growing sophistication of security requirements, the multitude of available software technologies and the progress of attack vectors. Clearly, a strong need exists for engineering techniques that scale well and that demonstrably improve the software's security properties. GOAL AND SETUP The goal of this symposium, which will be the second in the series, is to bring together researchers and practitioners to advance the states of the art and practice in secure software engineering. Being one of the few conference-level events dedicated to this topic, it explicitly aims to bridge the software engineering and security engineering communities, and promote cross-fertilization. The symposium will feature two days of technical program as well as one day of tutorials. The technical program includes an experience track for which the submission of highly informative case studies describing (un)successful secure software project experiences and lessons learned is explicitly encouraged. TOPICS The Symposium seeks submissions on subjects related to its goals. This includes a diversity of topics including (but not limited to): - scalable techniques for threat modeling and analysis of vulnerabilities - specification and management of security requirements and policies - security architecture and design for software and systems - model checking for security - specification formalisms for security artifacts - verification techniques for security properties - systematic support for security best practices - security testing - security assurance cases - programming paradigms, models and DLS's for security - program rewriting techniques - processes for the development of secure software and systems - security-oriented software reconfiguration and evolution - security measurement - automated development - trade-off between security and other non-functional requirements - support for assurance, certification and accreditation SUBMISSION AND FORMAT The proceedings of the symposium are published by Springer-Verlag in the Lecture Notes in Computer Science Series (http://www.springer.com/lncs). Submissions should follow the formatting instructions of the Springer LNCS Style. Submitted papers must present original, non-published work of high quality. The PC will select the papers into three categories: Full Papers (16 pages plus bibliography)- describe novel original research which is validated by either formal results, experimental analysis or significant case study validation. The critical bar for acceptance in this category is novelty and validation. Industrial Reports (12 pagesplus bibliography) - describe the application of existing research techniques or analysis methods to an industry level case studies. The research results might be already published elsewhere, here you show that you have applied them to something that is actually used in an industrial setting (eg a real SAP product or a RedHat distribution). A critical issue for acceptance here is applicability to a large scale. Idea papers (8 pages plus bibliography) - describe an interesting novel idea whose formal or experimental validation is not at the level of a full paper, but whose potential is promising. An idea paper allows you to timestamp your research contribution while giving you the chance to present fully validate result at later conferences. Proposals for tutorials are highly welcome as well. Further guidelines will appear on the website of the symposium. IMPORTANT DATES Abstract submission: September 15, 2009 Paper submission: September 30, 2009 Author notification: November 15, 2009 Camera-ready: December 5, 2009 Tutorial submission: October 24, 2009 Tutorial notification: November 21, 2009 STEERING COMMITTEE Jorge Cuellar (Siemens AG) Wouter Joosen (Katholieke Universiteit Leuven) - chair Fabio Massacci (Universita di Trento) Gary McGraw (Cigital) Bashar Nuseibeh (The Open University) Daniel Wallach (Rice University University) ORGANIZING COMMITTEE General chair: Fabio Martinelli (C.N.R., IT) Program co-chairs: Fabio Massacci (Universita di Trento, IT) and Dan Wallach (Rice University, USA) Publication chair: N. Zannone (Eindhoven Technical Univ., NL) Publicity chair: Yves Younan (Katholieke Universiteit Leuven, BE) Local arrangements chair: Adriana Lazzaroni (C.N.R., IT) PROGRAM COMMITTEE Juergen Doser (IMDEA, ES) Manuel Fahndrich (Microsoft Research, US) Michael Franz (UC Irvine, US) Dieter Gollmann (Hamburg University of Technology, DE) Jan Jurjens (Open University, UK) Seok-Won Lee (Univ. North Carolina Charlotte, US) Antonio Mana (University of Malaga, ES) Robert Martin (MITRE, USA) Mattia Monga (Milan University, IT) Fabio Massacci (Univ. of Trento) - Chair Haris Mouratidis (Univ. of East London, UK) Gunther Pernul (Universitat Regensburg, DE) Samuel Redwine (James Madison University, USA) David Sands (Chalmers Univ., SE) Riccardo Scandariato (Katholieke Universiteit Leuven, BE) Ketil Stolen (Sintef, NO) Jon Whittle (Lancaster University, UK) Mohammad Zulkernine (Queen's University, CA) Neeraj Suri (Tech. Univ. Darmstadt, DE) Yingjiu Li (Singapore Management Univ., SG) Hao Chen (UC Davis, US) Richard Clayton (Cambridge University, UK) Eduardo Fernandez-Medina (University of Castilla-La Mancha, ES) Yucel Karabulut (Office of CTO, SAP) Vijay Varadharajan (Maquarie Univ, AU) Jungfeng Yang (Columbia University, US) Dan Wallach (Rice University) - Chair
To: SEWORLD@cs.colorado.edu From: Yves Younan <Yves.Younan@cs.kuleuven.be> Subject: (SEWORLD) CFP: ESSoS Date: Thu, 18 Jun 2009 00:52:10 -0600 (MDT) [ 138 lines deleted; see updated version above -- dc ]
To the Ada-Belgium home page.
Last update: 2009/12/29.
Dirk Craeynest