[Owasp-italy] Call for Papers - Workshop on Security in Model Driven Architecture

Alessandra Bagnato alessandra.bagnato at txt.it
Tue Feb 17 08:32:38 EST 2009

-------------------Call for Papers  -------------------------

Workshop on Security in Model Driven Architecture (SEC-MDA'09)


University of Twente, Enschede, The Netherlands, 24 June 2009

In collaboration with the Fifth European Conference on Model Driven
Foundations and Applications


Software security and reliability is rapidly becoming one of the most
pressing issues in software engineering since software has become a
critical component in almost all systems that society relies on. The level
of risk the society faces from intentional or unintentional failures in
these systems has increased in an almost uncontrolled fashion:

With software controlling, protecting, and affecting more and more
critical information and systems, the consequences of failure has
increased significantly.
As software becomes more complex, it tends to contain more flaws, and as
it becomes more networked, its exposure to potential adversaries

This workshop would like to discuss how software security can be improved
through the MDA approach.

The main discussion topics will be:

* How security specialists can capture their security expertise in form of
reusable models, in particular threat and vulnerability models

* How the security requirements and goals can be traced all along the
development process

* How security models and profiles can be merged with system models in
different abstraction levels

* How security models can be shared and reused

* How developers can benefit from these reusable models for specification
and design (e.g. through sharing tool artifacts such as security design

* How security testing can be improved through security models.

* Which are the requirements on tools to support the creation,
transformation and use of security models.

The workshop will try to bring together people from both academia and
industry, from all the different areas that want to/might play an
active role in domain of security solutions and issue in MDA, to discuss
problems, highlight possible solutions, disseminate success stories and
also draft a possible research agenda.

Covered topics

The workshop addresses problems and solutions for Security in MDA. The
topics of interest include, but are not restricted to::

* Security Modelling
* Security requirements tracking in MDA
* Model-based security testing
* Transformation of model-based security knowledge
* Interoperability between security models
* Platform dependent and platform independent models for security
* Model-based behavior analysis
* Security Tools using security models
* Security design patterns in MDA
* Abuse and Misuse cases
* Standards for modeling and sharing vulnerabilities and security issue
* Standards for storing and querying vulnerabilities and security issue
knowledge bases
* Requirements for new security improved tools
* Security models and design patterns integration within IDE


The workshop is open to contributions that focus on the "broad" spectrum
on security in MDA related activities and in particular
industrialexperience report, progress, new methods and solutions in that

We would like to invite papers that explain and exemplify relevant issues
and problems related to the security and reliability incomplex software
systems in MDA context,papers that present established solutions to
well-known problems and also papers that discuss success stories.

In all these cases, we expect well-focused contributions to help
participants understand problems, open issues, and available solutions,
and also to foster rich and fruitful discussions.

The emphasis should be on defining and setting problems, on technical
details of proposed solutions, or on the rationale behind success
stories.Papers should be written in Springer LNCS style and limited to 10
pages (see http://www.springer.de/comp/lncs/authors.html for details). The
emphasis should be on defining and setting problems, on technical details
of proposed solutions, or on the rationale behind success stories. As the
workshop will apply double-blind reviews process, the papers should not
indicate their authors.

Submissions should be sent by email attachment (Word format) to Alessandra
Bagnato alessandra.bagnato<at> txt.it.


The paper selection will be based upon the relevance of a paper to the
main topics, on its quality and on the potential to stimulate
discussion in the workshop. Accepted papers will be published in Workshop
proceedings CTIT Proceedings series available in the Faculty of Electrical
Engineering, Mathematics & Computer Science University of Twente (ISBN
number to be communicated).

Important dates (tentative)

Paper submission: 3 April 2009
Notification of acceptance: 1 May 2009
Final manuscript due: 15 May 2009
Workshop: 24 June 24 2009

Program committee
Habtamu Abie, Norwegian Computing Center
Alessandra Bagnato, TXT e-solutions
Charles Bastos Rodriguez, Atos Research & Innovation Security Unit
Ruth Breu, University of Insbruck
Ana Cavalli,  Institut TELECOM/TELECOM SudParis
Estíbaliz Delgado, European Software Institute
Marina Egea Gonzalez, ETH Zürich
Jan Jurjens, Computing Department, The Open University
Filippo Lanubile, Università degli Studi di Bari
Xabier Larrucea, European Software Institute
Amel Mammar,  Institut TELECOM/TELECOM SudParis
Jason Xabier Mansell, European Software Insitute
Per Håkon Meland, SINTEF
Matteo Meucci, OWASP-Italy Chair, OWASP Testing Guide lead
Bernhard Rumpe, RWTH Aachen University
Nahid Shahmehri, Linköping University
Ståle Walderhaug, SINTEF

Workshop Contact References

For more information on the workshop, please contact:

Alessandra Bagnato
Txt e-solutions, Corporate Research Division
Via al Ponte Reale 5, Genoa (Italy)
Phone: 39 027711
alessandra.bagnato<at> txt.it.

More information about the Owasp-italy mailing list