In conjunction with the 30th International Conference on Software Engineering (ICSE 2008)
Software is at core of most of the business transactions and its smart integration in an industrial setting may be the competitive advantage even when the core competence is outside the ICT field. As a result, the revenues of a firm depend directly on several complex software-based systems. Thus, stakeholders and users should be able to trust these systems to provide data and elaborations with a degree of confidentiality, integrity, and availability compatible with their needs. Moreover, the pervasiveness of software products in the creation of critical infrastructures has raised the value of trustworthiness and new efforts should be dedicated to achieve it. However, nowadays almost every application has some kind of security requirement even if its use is not to be considered critical.
Thus, designers have to cope with the complexity of insecure operating environments by considering threats to their application correctness. Security concerns should be taken into account as early as possible, and not added to systems as an after-thought: this is extremely expensive and it may compromise the design integrity in critical ways. Security features such as cryptographic protocols and tamper-resistant hardware cannot be simply added on to transform an insecure product to a secure one.
Security solutions and patterns are hard to reuse in different contexts, they crosscut all the system components and a vulnerability alone might compromise the trustworthiness of the whole system. Thus, not surprisingly, several security holes are recurrent, notwithstanding the experience accumulated by security research in the last decades. Software engineers and practitioners should assimilate basic security techniques and discover new techniques for integrating them in the current practice, while understanding associated costs and benefits. Several well-established software engineering disciplines such as verification, testing, program analysis, process support, configuration management, requirement engineering, etc. could contribute to improving security solutions that sometimes lack a coherent methodological approach. Or, as it is the case of security standards proposed by the Common Criteria or BS7799, present challenges that prevent integration with mainstream software engineering practice.
The SESS workshop aims at providing a venue for software engineers and security researchers to exchange ideas and techniques. First, second, and third were held in conjunction with past edition of ICSE.
We are looking for unpublished contributions. Accepted papers will be included into ICSE proceedings. A post-workshop special issue of a scientific journal is under negotiation.
Areas of interest include, but are not limited to:
Workshop papers must be limited to 7 pages in the ICSE two column format. and should be submitted through the SESS08 submission system.