================
International Symposium on Engineering Secure Software and Systems (ESSoS)
February 03-05, 2010
Pisa, Italy
http://distrinet.cs.kuleuven.be/events/essos2010
In cooperation with ACM SIGSAC and SIGSOFT
CONTEXT AND MOTIVATION
Trustworthy, secure software is a core ingredient of the modern world.
Unfortunately, the Internet is too. Hostile, networked environments, like
the Internet, can allow vulnerabilities in software to be exploited from
anywhere. To address this, high-quality security building blocks (e.g.,
cryptographic components) are necessary, but insufficient. Indeed, the
construction of secure software is challenging because of the complexity of
modern applications, the growing sophistication of security requirements,
the multitude of available software technologies and the progress of attack
vectors. Clearly, a strong need exists for engineering techniques that
scale well and that demonstrably improve the software's security
properties.
GOAL AND SETUP
The goal of this symposium, which will be the second in the series, is to
bring together researchers and practitioners to advance the states of the
art and practice in secure software engineering. Being one of the few
conference-level events dedicated to this topic, it explicitly aims to
bridge the software engineering and security engineering communities, and
promote cross-fertilization. The symposium will feature two days of
technical program as well as one day of workshops. The technical program
includes an experience track for which the submission of highly informative
case studies describing (un)successful secure software project experiences
and lessons learned is explicitly encouraged.
TOPICS
The Symposium seeks submissions on subjects related to its goals. This
includes a diversity of topics including (but not limited to):
- scalable techniques for threat modeling and analysis of vulnerabilities
- specification and management of security requirements and policies
- security architecture and design for software and systems
- model checking for security
- specification formalisms for security artifacts
- verification techniques for security properties
- systematic support for security best practices
- security testing
- security assurance cases
- programming paradigms, models and DLS's for security
- program rewriting techniques
- processes for the development of secure software and systems
- security-oriented software reconfiguration and evolution
- security measurement
- automated development
- trade-off between security and other non-functional requirements
- support for assurance, certification and accreditation
---------------------------------
INVITED SPEAKERS
Wed. 3 February
9:00 Invited Speaker: Andy Gordon (Microsoft Research)
- Verification of Security Protocol Implementations
Thu. 4 February
9:00 Invited Speaker: Angela Sasse (University College London)
- Usable Security
---------------------------------
TECHNICAL PROGRAM
Wed. 3 February
9:00 Invited Speaker: Andy Gordon (Microsoft Research)
- Verification of Security Protocol Implementations
10:00 Coffee Break
10:30 - Policy verification and enforcement I
> Alfredo Pironti and Jan Jürjens
- Formally-Based Black-Box Monitoring of Security Protocols
> Martin Johns, Christian Beyerlein and Joachim Posegga
- Secure Code Generation for Web Applications
> Per Håkon Meland, Inger Anne Tøndel and Jostein Jensen
- Reusability of threat models - an experimental evaluation (Idea)
12:00 Lunch
13:30 - Secure system and software development I
> Nina Moebius, Kurt Stenzel and Wolfgang Reif
- Formal Verification of Application-Specific Security Properties in a
Model-Driven Approach
> Giacomo A. Galilei and Vincenzo Gervasi
- Enforcing consumer-specified security properties for modular software
(Idea)
> Ben Smith, Laurie Williams and Andrew Austin
- On the Use of Grey Box Testing for Revealing SQL Injection-Related
Error Message Information Leaks (Idea)
15:00 Coffee Break
15:30 Attack analysis and prevention I
> Francesco Gadaleta, Yves Younan and Wouter Joosen
- BuBBle: a Javascript engine level countermeasure against
heap-spraying attacks
> Philippe De Ryck, Lieven Desmet, Thomas Heyman, Frank Piessens and
Wouter Joosen
- Transparent client-side mitigation of malicious cross-domain
requests
> Igor Santos, Felix Brezo, Javier Nieves, Yoseba Penya, Borja Sanz,
Carlos Laorden and Pablo Bringas
- Opcode-sequence-based Malware Detection (Idea)
----------------------------------
Thu. 4 February
9:00 Invited Speaker: Angela Sasse (University College London)
- Usable Security
10:00 Coffee Break
10:30 - Secure system and software development II
> David Basin, Manuel Clavel, Marina Egea and Michael Schläpfer
- Automatic Generation of Smart, Security-Aware GUIs
> Albin Zuccato, Nils Daniels, Mikael Nilson and Cheevarat Jaampatom
- Report: Modular safeguards to create holistic security requirement
specifications for system of systems (Report)
> Aida Omerovic, Anette Andresen, Håvard Grindheim, Per Myrseth, Atle
Refsdal and Ketil Stølen
- A Feasibility Study in Model Based Prediction of Impact of Changes
on System Quality (Idea)
12:00 Lunch
13:30 - Policy verification and enforcement II
> Stere Preda, Nora Cuppens-Boulahia, Frédéric Cuppens, Joaquin
Garcia-Alfaro and Laurent Toutain
- Model-driven Security Policy Deployment: Property Oriented
Approach
> Clara Bertolissi and Maribel Fernandez
- Category-based authorisation models: operational semantics and
expressive power
> Achim D. Brucker and Helmut Petritsch
- On the Efficient Evaluation of Access Control Constraints (Idea)
15:00 Coffee Break
15:30 Attack analysis and prevention II
> Christian Hammer
- Experiences with PDG-based IFC
> James Walden, Maureen Doyle, Rob Lenhof and John Murray
- Java vs. PHP: Security Implications of Language Choice for Web
Applications (Idea)
> Karsten Sohr and Bernhard Berger
- Towards architecture-centric static security analysis of software
(Idea)
------------------------------------
Fri. 5 February (Workshops)
*** International Workshop on Policies for the Future Internet
(http://www2.imm.dtu.dk/~ndra/PoFI/PoFI10.html)
*** Workshop on Security Predictions
(http://distrinet.cs.kuleuven.be/events/essos2010/program/SecurityPredictions.html)
ORGANIZING COMMITTEE
General chair: Fabio Martinelli (C.N.R., IT)
Program co-chairs:
Fabio Massacci (Universita di Trento, IT) and
Dan Wallach (Rice University, USA)
Publication chair: N. Zannone (Eindhoven Technical Univ., NL)
Publicity chair: Yves Younan (Katholieke Universiteit Leuven, BE)
PROGRAM COMMITTEE
Juergen Doser (IMDEA, ES)
Manuel Fahndrich (Microsoft Research, US)
Michael Franz (UC Irvine, US)
Dieter Gollmann (Hamburg University of Technology, DE)
Jan Jurjens (Open University, UK)
Seok-Won Lee (Univ. North Carolina Charlotte, US)
Antonio Mana (University of Malaga, ES)
Robert Martin (MITRE, USA)
Mattia Monga (Milan University, IT)
Fabio Massacci (Univ. of Trento) - Chair
Haris Mouratidis (Univ. of East London, UK)
Gunther Pernul (Universitat Regensburg, DE)
Samuel Redwine (James Madison University, USA)
David Sands (Chalmers Univ., SE)
Riccardo Scandariato (Katholieke Universiteit Leuven, BE)
Ketil Stolen (Sintef, NO)
Jon Whittle (Lancaster University, UK)
Mohammad Zulkernine (Queen's University, CA)
Neeraj Suri (Tech. Univ. Darmstadt, DE)
Yingjiu Li (Singapore Management Univ., SG)
Hao Chen (UC Davis, US)
Richard Clayton (Cambridge University, UK)
Eduardo Fernandez-Medina (University of Castilla-La Mancha, ES)
Yucel Karabulut (Office of CTO, SAP)
Vijay Varadharajan (Maquarie Univ, AU)
Jungfeng Yang (Columbia University, US)
Dan Wallach (Rice University) - Chair
STEERING COMMITTEE
Jorge Cuellar (Siemens AG)
Wouter Joosen (Katholieke Universiteit Leuven) - chair
Fabio Massacci (Universita di Trento)
Gary McGraw (Cigital)
Bashar Nuseibeh (The Open University)
Daniel Wallach (Rice University University)
_______________________________________________
Tccc mailing list
Tccc@lists.cs.columbia.edu
https://lists.cs.columbia.edu/cucslists/listinfo/tccc
Posts
1 comment:
sangambayard-c-m.com
Post a Comment