International Symposium on Engineering Secure Software and Systems (ESSoS)

[brian at fortifysoftware.com (Brian Chess)]

CALL FOR PAPERS
===============
International Symposium on Engineering Secure Software and Systems (ESSoS)
February 04-06, 2009
Leuven, Belgium
http://distrinet.cs.kuleuven.be/events/essos2009/

CONTEXT AND MOTIVATION
Trustworthy, secure software is a core ingredient of the modern world.
Unfortunately, most software developed today runs on a network exposing it
to a hostile environment. The Internet can allow vulnerabilities in software
to be exploited from anywhere in the world. High-quality security building
blocks (e.g., cryptographic components) are necessary, but insufficient to
address this. Indeed, the construction of secure software is challenging
because of the complexity of applications, the growing security
requirements, and the multitude of software technologies and attack vectors.
Clearly, a strong need exists for engineering techniques for secure software
and systems that scale well and that demonstrably improve the software's
security properties.

GOAL AND SETUP
The goal of this symposium, which will be the first in a series of events,
is to bring together researchers and practitioners to advance the states of
the art and practice in secure software engineering. Being one of the few
conference-level events dedicated to this topic, it explicitly aims to
bridge the software engineering and security engineering communities, and
promote cross-fertilization. The symposium will feature two days of
technical programme as well as one day of tutorials. The technical programme
includes an experience track for which the submission of highly informative
case studies describing (un)successful secure software project experiences
and lessons learned is explicitly encouraged.

TOPICS 
The Symposium seeks submissions on topics related to its goals. This
includes a diversity of topics including (but not limited to):
-    scalable techniques for threat modeling and analysis of vulnerabilities
-    specification and management of security requirements and policies
-    security architecture and design for software and systems
-    model checking for security
-    specification formalisms for security artifacts
-    verification techniques for security properties
-    systematic support for security best practices
-    security testing
-    security assurance cases
-    programming paradigms, models and DLS's for security
-    program rewriting techniques
-    processes for the development of secure software and systems
-    security-oriented software reconfiguration and evolution
-    security measurement
-    automated development
-    trade-off between security and other non-functional requirements
-    support for assurance, certification and accreditation


SUBMISSION AND FORMAT
The proceedings of the symposium will be published as a Springer-Verlag
volume in the Lecture Notes in Computer Science Series
(http://www.springer.com/lncs). Submitted papers must present original,
non-published work of high quality that has not been submitted for potential
publication in parallel. Submitted papers should follow the formatting
instructions of the Springer LNCS Style, and should include maximally 15
pages for research papers and 10 pages for industrial papers (figures and
appendices included). Proposals for tutorials are highly welcome as well.
Further guidelines will appear on the website of the symposium.

IMPORTANT DATES
Abstract submission: September 8, 2008
Paper submission: September 15, 2008
Author notification: November 5, 2008
Camera-ready: November 24, 2008
Tutorial submission: October 24, 2008
Tutorial notification: November 21, 2008

STEERING COMMITTEE
Jorge Cuellar (Siemens AG)
Wouter Joosen (Katholieke Universiteit Leuven)
Fabio Massacci (Universit` di Trento)
Gary McGraw (Cigital)
Bashar Nuseibeh (The Open University)
Samuel Redwine (James Madison University)

ORGANIZING COMMITTEE
General chair: Bart De Win (Katholieke Universiteit Leuven)
Program co-chairs: Fabio Massacci (Universit` di Trento) and Samuel Redwine
(James Madison University)
Publication chair: Nicola Zannone (University of Toronto)
Tutorial chair: Riccardo Scandariato (Katholieke Universiteit Leuven)

PROGRAM COMMITTEE (preliminary)
Matt Bishop, University of California (Davis) - USA
Brian Chess, Fortify Software - USA
Richard Clayton, Cambridge University - UK
Christian Collberg, University of Arizona - USA
Bart De Win, Katholieke Universiteit Leuven - BE
Juergen Doser, ETH - CH
Eduardo Fernandez-Medina, University of Castilla-La Mancha - ES
Dieter Gollmann, University of Hamburg - DE
Michael Howard, Microsoft - USA
Cynthia Irvine, Naval Postgradual School - USA
Jan Jurjens, Open University - UK
Volkmar Lotz, SAP Labs - FR
Antonio Mana, University of Malaga - ES
Robert Martin, MITRE - USA
Fabio Massacci, Universit` di Trento - IT
Mira Mezini, Darmstadt University - DE
Mattia Monga, Milan University - IT
Andy Ozment, DoD - USA
Gunther Pernul, Universitat Regensburg - DE
Domenico Presenza, Engineering - IT
Samuel Redwine, James Madison University - USA
Riccardo Scandariato, Katholieke Universiteit Leuven - BE
Ketil Stolen, Sintef - NO
Eric Vetillard, Trusted Logic - FR
Jon Whittle, Lancaster University - UK
Mohammad Zulkernine, Queens University - AU