[ The Types Forum (announcements only), http://lists.seas.upenn.edu/mailman/listinfo/types-announce ]
=== Call for Participation === Conference: International Symposium on Engineering Secure Software and Systems (ESSoS) Date: March 4 - 6, 2015 Venue: Milan, Italy Website: https://distrinet.cs.kuleuven.be/events/essos/2015/ Deadlines: January 25, 2015 (Early bird) In cooperation with: (pending) ACM SIGSAC and SIGSOFT and IEEE CS (TCSP). == Context and Motivation == Trustworthy, secure software is a core ingredient of the modern world. Hostile, networked environments, like the Internet, can allow vulnerabilities in software to be exploited from anywhere. To address this, high-quality security building blocks (e.g., cryptographic components) are necessary, but insufficient. Indeed, the construction of secure software is challenging because of the complexity of modern applications, the growing sophistication of security requirements, the multitude of available software technologies and the progress of attack vectors. Clearly, a strong need exists for engineering techniques that scale well and that demonstrably improve the software's security properties. == Goal and Setup == The goal of this symposium, which will be the seventh in the series, is to bring together researchers and practitioners to advance the states of the art and practice in secure software engineering. Being one of the few conference-level events dedicated to this topic, it explicitly aims to bridge the software engineering and security engineering communities, and promote cross-fertilization. The symposium will feature two days of technical program. In addition to academic papers, the symposium encourages submission of high-quality, informative industrial experience papers about successes and failures in security software engineering and the lessons learned. Furthermore, the symposium also accepts short idea papers that crisply describe a promising direction, approach, or insight. == Venue == ESSoS 2015 will take place in Milano, at Politecnico di Milano, the largest engineering and architecture university in Italy, with more than 39.000 students and 7 campuses. ESSoS will take place at the main campus of the university, located in Milan's "Città studi" (university neighborhood). Hotels conveniently located around the Politecnico di Milano have been reserved at preferential rates through our partner KC Travel. A range of accommodations will be available, together with any additional travel services you may require. Details will be posted soon to the ESSoS 2015 website. == Program == Complete overview of the program can be found at: https://distrinet.cs.kuleuven.be/events/essos/2015/programme.html = Tutorials = *Browser technology - essentials for securing the Web* Dr. Philippe De Ryck iMinds-DistriNet, KU Leuven *Effective security management: a tutorial on CVSS v3 and using case control studies to measure vulnerability risk* Luca Allodi & Fabio Massacci = Keynotes = *The botnet that would not die Keynote talk* Herbert Bos (VU Amsterdam) *The European Strategic Agenda for Research and Innovation in Cybersecurity* Afonso Ferreira (European Commission) *Rocco Mammoliti (Poste Italiane)* *Felix Lindner (Recurity Labs GmbH)* = Papers = *Rethinking Kernelized MLS Database Architectures in the Context of CloudScale Data Stores* Thuy Nguyen, Mark Gondree, Jean Khosalim and Cynthia Irvine. *Formal Verification of Liferay RBAC* Stefano Calzavara, Alvise Rabitti and Michele Bugliesi. *Improving reuse of access control policies using policy templates* Maarten Decat, Jasper Moeys, Bert Lagaisse and Wouter Joosen. *Are Your Training Datasets Still Relevant?* Kevin Allix, Tegawende Bissyande, Jacques Klein and Yves Le Traon. *Formal Verification of Privacy Properties in Electric Vehicle Charging* Marouane Fazouane, Henning Kopp, Rens W. van der Heijden, Daniel Le Métayer and Frank Kargl. *The Heavy Tails of Vulnerability Exploitation* Luca Allodi. *A Security Ontology for Security Requirements Elicitation* Amina Souag, Camille Salinesi, Raul Mazo and Isabelle Comyn-Wattiau. *Learning how to Prevent Return-Oriented Programming Efficiently* David Pfaff, Sebastian Hack and Christian Hammer. *Producing Hook Placements To Enforce Expected Access Control Policies* Divya Muthukumaran, Nirupama Talele, Trent Jaeger and. *OMEN: Faster Password Guessing using Markov Models* Markus Dürmuth, Fabian Angelstorf, Claude Castelluccia and Daniele Perito. *Monitoring Database Access Constraints with an RBAC Metamodel: a Feasibility Study* Lars Hamann, Martin Gogolla and Karsten Sohr. *Idea: Optimising Multi-Cloud Application Deployments with Security Controls as Constraints* Philippe Massonet, Jesus Luna, Alain Pannetrat and Ruben Trapero. *Idea: Towards an Inverted Cloud* Raoul Strackx, Pieter Philippaerts and Frédéric Vogels. *Idea: Benchmarking indistinguishability obfuscation - A candidate implementation* Sebastian Banescu, Martín Ochoa, Nils Kunze and Alexander Pretschner. *Idea: Unwinding based Model-Checking and Testing for Non-Interference on EFSMs* Martín Ochoa, Alexander Pretschner, Jorge Cuellar and Per Hallgren. *Idea: State-Continuous Transfer of State in Protected-Module Architectures* Raoul Strackx and Niels Lambrigts. = Demos = *MAVERIC: static analysis module for Mobile App security* (this demo will be presented as part of the industry keynote) Alessandro Armando, Gianluca Bocci, Giantonio Chiarelli, Gabriele Costa, Gabriele De Maglie, Rocco Mammoliti, and Alessio Merlo. Poste Italiane, U. of Genova, and FBK. *Joern analyser: discovering vulnerabilities via code property graph* Fabian Yamaguchi. University of Goettingen. *Open-Source Vulnerability Assessment in Composite Application Scenarios* Henrik Plate, Serena Ponta, and Antonino Sabetta. SAP SE. *Using Split Kernel to Make Kernel Hardening Practical* Anil Kurmus and Robby Zippel. IBM research. *The RACOMAT tool* Johannes Viehmann, Ketil Stolen, and Juergen Grossmann. Fraunhofer and SINTEF. *TESTREX: a Testbed for Repeatable Exploits* Stanislav Dashevskyi, Daniel Ricardo dos Santos, Fabio Massacci, and Antonino Sabetta. U. of Trento, FBK, and SAP SE. *A Pattern-driven and Model-Based Test Generation Toolchain for Web Vulnerability* Alexandre Vernotte, Bruno Legeard, and Fabien Peureux. FEMTO-ST CNSR and Smartesting R&D Center. *A Transitive Access Solution for Web Services* Worachet Uttha, Clara Bertolissi, and Silvio Ranise. LIF CNRS and FBK. = Doctoral Symposium = TBA Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm