[Owasp-italy] CFP - Workshop on Security in Model Driven Architecture (SEC-MDA 2010)

Tue Feb 9 05:11:11 EST 2010

---------------- Call for Papers ---------------- 

Second International Workshop on Security in Model Driven
Architecture (SEC-MDA 2010)
http://www.shields-project.eu/?q=node/120

University of Pierre & Marie Curie,

Paris, France, June 16th 2010

In conjunction with ECMFA 2010 Sixth European Conference on

Modelling Foundations and Applications
http://www.ecmfa-2010.org/

-------------------------------------------------

Introduction
============

Software security and reliability is rapidly becoming one

of the most pressing issues in
software engineering since software has become a critical

component in almost all systems
that society relies on. The level of risk the society faces

from intentional or unintentional
failures in these systems has increased in an almost

uncontrolled fashion:

- With software controlling, protecting, and affecting more

and more critical information
and systems, the consequences of failure has increased

significantly.
- As software becomes more complex, it tends to contain

more flaws, and as it becomes more
networked, its exposure to potential adversaries increases.
- Software-intensive systems are increasingly becoming

viable financial and political targets
for well-funded and well-motivated attackers, thus

increasing the overall hreat to these systems.

Today, security is often an afterthought when developing

software, rarely included in the early
phases of software development, and mostly focused on

detecting problems, rather than on
preventing them in the first place.
Despite a rash of new programming paradigms, methodologies,

and development environments, the
ever increasing number of vulnerabilities found in software

clearly shows that a different
approach is called for.
Software developers use models extensively, particularly in

the early phases of software
development, in order to improve software quality.

This workshop would like to discuss how software security

can be improved through the MDA approach.
The main discussion topics will be:

- How security specialists can capture their security

expertise in form of reusable models, in
particular threat and vulnerability models
- How the security requirements and goals can be traced all

along the development process
- How security models and profiles can be merged with

system models in different abstraction levels.
- How security models can be shared and reused
- How developers can benefit from these reusable models for

specification and design (e.g. through
sharing tool artifacts such as security design patterns).
- How security testing can be improved through security

models.
- Which are the requirements on tools to support the

creation, transformation and use of security
models.

The workshop will try to bring together people from both

academia and industry, from all the different
areas that want to/might play an active role in domain of

security solutions and issue in MDA, to
discuss problems, highlight possible solutions, disseminate

success stories and also draft a possible
research agenda.

Organizing committee
====================

- Alessandra Bagnato (TXT e-solutions, Corporate Research

Division, Italy)
- Amel Mammar (Telecom SudParis, France)
- Per Håkon Meland (SINTEF, Norway)
- Txus Sánchez (ESI, Spain)

Topics
======

The workshop addresses problems and solutions for Security

in MDA. The topics of interest include, but
are not restricted to:
- Security Modelling
- Security requirements tracking in MDA
- Model-based security testing
- Transformation of model-based security knowledge
- Interoperability between security models
- Platform dependent and platform independent models for

security solutions
- Model-based behavior analysis
- Security Tools using security models
- Security design patterns in MDA
- Abuse and Misuse cases
- Standards for modeling and sharing vulnerabilities and

security issue knowledge
- Standards for storing and querying vulnerabilities and

security issue knowledge bases
- Requirements for new security improved tools
- Security models and design patterns integration within

IDE

Important dates
===============

Submission deadline: April 2nd, 2010
Notification of acceptance for participation/presentation:
May 4th, 2010
Final papers: May 21th, 2010 (tentative)
Workshop: June 16th, 2010

Submission Guidelines
=====================

The workshop is open to contributions that focus on the

"broad" spectrum on security in MDA related
activities and in particular industrialexperience report,

progress, new methods and solutions in that
context. We would like to invite papers that explain and

exemplify relevant issues and problems related
to the security and reliability incomplex software systems

in MDA context,papers that present established
solutions to well-known problems and also papers that

discuss success stories. In all these cases, we
expect well-focused contributions to help participants

understand problems, open issues, and available
solutions, and also to foster rich and fruitful

discussions.
The emphasis should be on defining and setting problems, on

technical details of proposed solutions,
or on the rationale behind success stories.Papers should be

written in Springer LNCS style and limited
to 10 pages (see

http://www.springer.de/comp/lncs/authors.html for details).

The emphasis should be on
defining and setting problems, on technical details of

proposed solutions, or on the rationale behind
success stories. As the workshop will apply double-blind

reviews process, the papers should not indicate
their authors. Submissions should be sent by email

attachment (Word format or pdf format) to

alessandra.bagnato at txt.it.

Pubblications
=============

The paper selection will be based upon the relevance of a

paper to the main topics, on its quality and
on the potential to stimulate discussion in the workshop.
Workshop Proceedings will be published as CEA Proceedings

with assigned ISBN.

Program committee (under definition)
====================================

- Habtamu Abie (Norwegian Computing Center, Norway)
- Alessandra Bagnato (TXT e-solutions, Corporate Research

Division, Italy)
- Ruth Breu (University of Insbruck, Austria)
- Ana Cavalli (GET/INT, France)
- Violeta Damjanovic (Salzburg Research, Austria)
- Marina Egea Gonzalez (ETH Zürich, Swiss)
- Jan Jurjens (TU Dortmund and Fraunhofer ISST, Germany)
- Filippo Lanubile (Università degli Studi di Bari, Italia)
- Xabier Larrucea, (European Software Institute, Spain)
- Amel Mammar (Telecom SudParis, France)
- Jason Xabier Mansell, (European Software Insitute, Spain)
- Per Håkon Meland (SINTEF, Norway)
- Matteo Meucci (OWASP-Italy Chair, OWASP Testing Guide
lead, Italy)
- Bernhard Rumpe (RWTH Aachen University, Germany)
- Nahid Shahmehri (Linkoping University, Sweden)
- Txus Sánchez (European Software Institute, Spain)
- Ståle Walderhaug, (SINTEF, Norway)

Sponsored by
============

SHIELDS Project

Workshop Contact References
===========================

For more information on the workshop, please contact:
Alessandra Bagnato
Txt e-solutions, Corporate Research Division
Via al Ponte Reale 5, Genoa (Italy)
Phone: +39 0257711
alessandra.bagnato at txt.it

Il contenuto di questo messaggio e-mail e di ogni eventuale allegato e' strettamente confidenziale e indirizzato esclusivamente al destinatario indicato.
Tutte le informazioni contenute sono soggette a riservatezza ai sensi del D.Lgs 196/2003.
La diffusione, distribuzione, trattamento e/o copiatura non autorizzata del documento trasmesso e' vietata.
In caso di erronea ricezione la preghiamo di contattare al piu' presto il mittente e di cancellare immediatamente il messaggio dal suo pc.
Grazie.

This e-mail, including any attachment, is for the sole use of the intended recipients and may contain confidential or privileged information.
Any unauthorized review, use, disclosure or distribution is prohibited.
If you have received this e-mail in error, please notify the sender by reply e-mail, then delete immediately this message from your computer system without copying it.
Thank you!