[SystemSafety] Fwd: [ESSOS] [ESSoS'16] Call for Papers -- International Symposium on Engineering Secure Software and Systems

Peter Bernard Ladkin ladkin at rvs.uni-bielefeld.de
Fri Jul 10 07:23:42 CEST 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

This encompasses many of the themes that have arisen here.

First, there is an interconnection between security and safety concerns, particularly for
safety-related infrastuctural systems.

Second, many security concerns with software-based systems arise through poor software engineering
practice.

For example, maybe someone could have a go at this:

On 2015-06-27 12:03 , Martyn Thomas wrote:
> Can anyone give me a link to any published analyses that identify the most common underlying 
> errors in software (or systems) engineering that have led to exploitable security
> vulnerabilities or to safety-related failures?

PBL

- -------- Forwarded Message --------
Subject: [ESSOS] [ESSoS'16] Call for Papers -- International Symposium on Engineering Secure
Software and Systems
Date: Fri, 10 Jul 2015 07:04:46 +0200
From: Raoul Strackx <raoul.strackx at CS.KULEUVEN.BE>
Reply-To: Raoul Strackx <raoul.strackx at CS.KULEUVEN.BE>
To: essos-publicity at CS.KULEUVEN.BE

                       Call for papers ESSoS

   International Symposium on Engineering Secure Software and Systems

                              (ESSoS)

                          April 6 - 8, 2016,
            Royal Holloway, University of London, London, UK

     In cooperation with: (pending) ACM SIGSAC and SIGSOFT and
                            IEEE CS (TCSP)

 https://distrinet.cs.kuleuven.be/events/essos/2016/calls-papers.html

== Approaching deadlines ==
Abstract submission: September 25, 2015
Paper submission:    October 2, 2015

== Context and motivation  ==
Trustworthy, secure software is a core ingredient of the modern world.
So is the Internet. Hostile, networked environments, like the Inter-
net, can allow vulnerabilities in software to be exploited from any-
where. High-quality security building blocks (e.g., cryptographic com-
ponents) are necessary but insufficient to address these concerns. In-
deed, the construction of secure software is challenging because of
the complexity of modern applications, the growing sophistication of
security requirements, the multitude of available software technolo-
gies and the progress of attack vectors. Clearly, a strong need exists
for engineering techniques that scale well and that demonstrably im-
prove the software's security properties.

== Goal and setup ==
The goal of this symposium, which will be the eighth in the series, is
to bring together researchers and practitioners to advance the states
of the art and practice in secure software engineering. Being one of
the few conference-level events dedicated to this topic, it explicitly
aims to bridge the software engineering and security engineering com-
munities, and promote cross-fertilization. The symposium will feature
two days of technical program including two keynote presentations. In
addition to academic papers, the symposium encourages submission of
high-quality, informative industrial experience papers about successes
and failures in security software engineering and the lessons learned.
Furthermore, the symposium also accepts short idea papers that crisply
describe a promising direction, approach, or insight.

== Topics ==
The Symposium seeks submissions on subjects related to its goals. This
 includes a diversity of topics including (but not limited to):

 - Cloud security, virtualization for security
 - Mobile devices security
 - Automated techniques for vulnerability discovery and analysis
 - Model checking for security
 - Binary code analysis, reverse-engineering
 - Programming paradigms, models, and domain-specific languages for
     security
 - Operating system security
 - Verification techniques for security properties
 - Malware: detection, analysis, mitigation
 - Security in critical infrastructures
 - Security by design
 - Static and dynamic code analysis for security
 - Web applications security
 - Program rewriting techniques for security
 - Security measurements
 - Empirical secure software engineering
 - Security-oriented software reconfiguration and evolution
 - Computer forensics
 - Processes for the development of secure software and systems
 - Security testing
 - Embedded software security

== Important Dates ==
Abstract submission: September 25, 2015
Paper submission:    October 2, 2015
Author notification: December 7, 2015
Camera-ready:        January 8, 2016

== Submission and format ==
The proceedings of the symposium are published by Springer-Verlag in t
he Lecture Notes in Computer Science Series (http://www.springer.com/l
ncs). Submissions should follow the formatting instructions of
Springer LNCS. Submitted papers must present original, unpublished work
of high quality.

Two types of papers will be accepted:

 - FULL PAPERS (max 14 pages without bibliography/appendices):
Such papers may describe original technical research with a solid
foundation, such as formal analysis or experimental results, with ac-
ceptance determined mostly based on novelty and validation. Or they
may describe case studies applying existing techniques or analysis me-
thods in industrial settings, with acceptance determined mostly by the
general applicability of techniques and the completeness of the tech-
nical presentation details.

 - IDEA PAPERS (max 8 pages with bibliography):
Such papers may crisply describe a novel idea that is both feasible an
d interesting, where the idea may range from a variant of an existing
technique all the way to a vision for the future of security techno-
logy. Idea papers allow authors to introduce ideas to the field and
get feedback, while allowing for later publication of complete, fully-
developed results. Submissions will be judged primarily on novelty,
excitement, and exposition, but feasibility is required, and accep-
tance will be unlikely without some basic, principled validation (e.g.
extrapolation from limited experiments or simple formal analysis). In
the proceedings, idea papers will clearly identified by means of the
"Idea" tag in the title.

== Steering committee ==
 - Jorge Cuellar (Siemens AG)
 - Wouter Joosen (Katholieke Universiteit Leuven) - chair
 - Fabio Massacci (Università di Trento)
 - Gary McGraw (Cigital)
 - Bashar Nuseibeh (The Open University)

== Organizing committee ==
 - General chair: Lorenzo Cavallaro (Royal Holloway University of
     London)
 - Program co-chairs: Juan Caballero (IMDEA Software Institute), Eric
     Bodden (Fraunhofer SIT & TU Darmstadt)
 - Publication chair: Elias Athanasopoulos (FORTH)
 - Publicity chair: Raoul Strackx (KU Leuven)
 - Web chair: Ghita Saevels (Katholieke Universiteit Leuven)  - Daniel
     Wallach (Rice University)

== Program committee ==
 - Javier Alonso, Universidad de Leon & Duke University, ES
 - Alexander Pretschner, Technische Universität München, DE
 - Michele Bugliesi, Università Ca' Foscari Venezia, IT
 - Werner Dietl, University of Waterloo, CA
 - Michael Franz, University of California, Irvine, US
 - Flavio Garcia, University of Birmingham, UK
 - Christian Hammer, CISPA, Saarland University, DE
 - Marieke Huisman, University of Twente, NL
 - Martin Johns, SAP Research, DE
 - Stefan Katzenbeisser, Technische Universität Darmstadt, DE
 - Johannes Kinder; Royal Holloway, University of London, UK
 - Andy King, University of Kent, UK
 - Jacques Klein, University of Luxembourg, LU
 - Andrea Lanzi, Universita degli Studi di Milano, IT
 - Wenke Lee, Georgia Institute of Technology, US
 - Zhenkai Liang, National University of Singapore, SG
 - Ben Livshits, Microsoft Research, US
 - Heiko Mantel, Technische Universität Darmstadt, DE
 - Nick Nikiforakis, Stony Brook University, US
 - Martin Ochoa, TU Munich, GE
 - Mathias Payer, Purdue University, US
 - Frank Piessens, KU Leuven, BE
 - Awais Rashid, Lancaster University, UK
 - Mark Ryan, University of Birmingham, UK
 - Gianluca Stringhini, University College London,  UK
 - Pierre-Yves Strub, IMDEA Software Institute, ES
 - Helmut Veith, Vienna University of Technology, AU
 - Santiago Zanella, Microsoft Research – INRIA, UK


-----BEGIN PGP SIGNATURE-----

iQEcBAEBCAAGBQJVn1beAAoJEIZIHiXiz9k+YyAIAK17Xi1exJKZg88P9jmlpdBj
omHY961V1w8S9EnfA611+33GG8M+0Rs2Z9EfcsY7xiMh2zajl9QfBXrBSIRFKPWM
KhEw5VEZ+XzGdH9kFsv1rJR3zYQYwsskao1i7Drk5WhpD7JxSfWJchPywpZLO/KJ
arifTHqmSXG9XIjatI3j05zIvEo06Z6k0mlR8SsvF6tGe62AqoG8sqJS3YZVVUyp
/4M/ARPu0vnKlomNc/LT/7KyAvXWqEZ98Wm/DYvkJTka8gyUC7ZcIz4FDURIKywh
tEZ0f6gRBz3pj9eYU8GEV3hPpgv8lwDULDdd2b0TFcBRqt7uPzujjOOmhBtkSc4=
=dQpx
-----END PGP SIGNATURE-----

More information about the systemsafety mailing list