CALL FOR PAPERS =============== International Symposium on Engineering Secure Software and Systems (ESSoS) February 04-06, 2009 Leuven, Belgium http://distrinet.cs.kuleuven.be/events/essos2009/
CONTEXT AND MOTIVATION Trustworthy, secure software is a core ingredient of the modern world. Unfortunately, most software developed today runs on a network exposing it to a hostile environment. The Internet can allow vulnerabilities in software to be exploited from anywhere in the world. High-quality security building blocks (e.g., cryptographic components) are necessary, but insufficient to address this. Indeed, the construction of secure software is challenging because of the complexity of applications, the growing security requirements, and the multitude of software technologies and attack vectors. Clearly, a strong need exists for engineering techniques for secure software and systems that scale well and that demonstrably improve the software's security properties. GOAL AND SETUP The goal of this symposium, which will be the first in a series of events, is to bring together researchers and practitioners to advance the states of the art and practice in secure software engineering. Being one of the few conference-level events dedicated to this topic, it explicitly aims to bridge the software engineering and security engineering communities, and promote cross-fertilization. The symposium will feature two days of technical programme as well as one day of tutorials. The technical programme includes an experience track for which the submission of highly informative case studies describing (un)successful secure software project experiences and lessons learned is explicitly encouraged. TOPICS The Symposium seeks submissions on topics related to its goals. This includes a diversity of topics including (but not limited to): - scalable techniques for threat modeling and analysis of vulnerabilities - specification and management of security requirements and policies - security architecture and design for software and systems - model checking for security - specification formalisms for security artifacts - verification techniques for security properties - systematic support for security best practices - security testing - security assurance cases - programming paradigms, models and DLS's for security - program rewriting techniques - processes for the development of secure software and systems - security-oriented software reconfiguration and evolution - security measurement - automated development - trade-off between security and other non-functional requirements - support for assurance, certification and accreditation SUBMISSION AND FORMAT The proceedings of the symposium will be published as a Springer-Verlag volume in the Lecture Notes in Computer Science Series (http://www.springer.com/lncs). Submitted papers must present original, non-published work of high quality that has not been submitted for potential publication in parallel. Submitted papers should follow the formatting instructions of the Springer LNCS Style, and should include maximally 15 pages for research papers and 10 pages for industrial papers (figures and appendices included). Proposals for tutorials are highly welcome as well. Further guidelines will appear on the website of the symposium. IMPORTANT DATES Abstract submission: September 8, 2008 Paper submission: September 15, 2008 Author notification: November 5, 2008 Camera-ready: November 24, 2008 Tutorial submission: October 24, 2008 Tutorial notification: November 21, 2008 STEERING COMMITTEE Jorge Cuellar (Siemens AG) Wouter Joosen (Katholieke Universiteit Leuven) Fabio Massacci (Universit` di Trento) Gary McGraw (Cigital) Bashar Nuseibeh (The Open University) Samuel Redwine (James Madison University) ORGANIZING COMMITTEE General chair: Bart De Win (Katholieke Universiteit Leuven) Program co-chairs: Fabio Massacci (Universit` di Trento) and Samuel Redwine (James Madison University) Publication chair: Nicola Zannone (University of Toronto) Tutorial chair: Riccardo Scandariato (Katholieke Universiteit Leuven) PROGRAM COMMITTEE (preliminary) Matt Bishop, University of California (Davis) - USA Brian Chess, Fortify Software - USA Richard Clayton, Cambridge University - UK Christian Collberg, University of Arizona - USA Bart De Win, Katholieke Universiteit Leuven - BE Juergen Doser, ETH - CH Eduardo Fernandez-Medina, University of Castilla-La Mancha - ES Dieter Gollmann, University of Hamburg - DE Michael Howard, Microsoft - USA Cynthia Irvine, Naval Postgradual School - USA Jan Jurjens, Open University - UK Volkmar Lotz, SAP Labs - FR Antonio Mana, University of Malaga - ES Robert Martin, MITRE - USA Fabio Massacci, Universit` di Trento - IT Mira Mezini, Darmstadt University - DE Mattia Monga, Milan University - IT Andy Ozment, DoD - USA Gunther Pernul, Universitat Regensburg - DE Domenico Presenza, Engineering - IT Samuel Redwine, James Madison University - USA Riccardo Scandariato, Katholieke Universiteit Leuven - BE Ketil Stolen, Sintef - NO Eric Vetillard, Trusted Logic - FR Jon Whittle, Lancaster University - UK Mohammad Zulkernine, Queens University - AU _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________