Cape Town, South Africa, May 2, 2010
A one day workshop in conjunction with the 32nd International Conference on Software Engineering (ICSE 2010); Stay tuned with our RSS feed!
Software is at core of most of the business transactions and its smart integration in an industrial setting may be the competitive advantage even when the core competence is outside the ICT field. As a result, the revenues of a firm depend directly on several complex software-based systems. Thus, stakeholders and users should be able to trust these systems to provide data and elaborations with a degree of confidentiality, integrity, and availability compatible with their needs. Moreover, the pervasiveness of software products in the creation of critical infrastructures has raised the value of trustworthiness and new efforts should be dedicated to achieve it. However, nowadays almost every application has some kind of security requirement even if its use is not to be considered critical. Thus, designers have to cope with the complexity of insecure operating environments by considering threats to their application correctness. Security concerns should be taken into account as early as possible, and not added to systems as an after-thought: this is extremely expensive and it may compromise the design integrity in critical ways. Security features such as cryptographic protocols and tamper-resistant hardware cannot be simply added on to transform an insecure product to a secure one. Security solutions and patterns are hard to reuse in different contexts, they crosscut all the system components and a vulnerability alone might compromise the trustworthiness of the whole system. Thus, not surprisingly, several security holes are recurrent, notwithstanding the experience accumulated by security research in the last decades. Software engineers and practitioners should assimilate basic security techniques and discover new techniques for integrating them in the current practice, while understanding associated costs and benefits. Several well-established software engineering disciplines such as verification, testing, program analysis, process support, configuration management, requirement engineering, etc. could contribute to improving security solutions that sometimes lack a coherent methodological approach. Or, as it is the case of security standards proposed by the Common Criteria or BS7799, present challenges that prevent integration with mainstream software engineering practice.
The SESS workshop aims at providing a venue for software engineers and security researchers to exchange ideas and techniques. The previous SESS workshops were held in conjunction with the past edition of ICSE. We are looking for unpublished original contributions. Accepted papers will be included into ICSE proceedings. A post-workshop special issue of a scientific journal is under negotiation. (Best papers from the previous workshops were published in the SESS special issue of “Information and Software Technology” and “Computers and Security” journals.)
We also seek short proposals that explicitly give the audience the opportunity to gain hands-on experience with these research technologies or interactively demonstrate the developed tools. Any proposed experiment or demonstrations will have a poster display during the workshop. Authors are expected to submit both an extended abstract (1 page limit) and a poster in PDF. The extended abstract will not be published in the proceedings, thus no format requirements will be enforced on extended abstracts and posters.
The SESS workshop aims at providing a venue for software engineers and security researchers to exchange ideas and techniques. Past editions (first, second, third, fourth, and fifth) were also held in conjunction of ICSE.
Areas of interest include, but are not limited to:
Workshop papers must be limited to 7 pages in the ICSE two column format. and should be submitted through the SESS'10 submission system.
This event is listed at the Computer Science Event List, www.informatics-europe.org