[Owasp-italy] SEC-MDA 09 - Deadline Extension for paper submission

Alessandra Bagnato alessandra.bagnato at txt.it
Tue Mar 31 03:28:00 EDT 2009


Dear All,

Please note that   paper submission deadline for  ECMDA co-hosted
SEC-MDA'09 Workshop has been extended to Thursday, 23th April 2009.

Best Regards and thanks,
Alessandra


CFP-Workshop on Security in Model Driven Architecture

-------------------Call for Papers -------------------------

Workshop on Security in Model Driven Architecture (SEC-MDA'09)

http://www.shields-project.eu/sec-mda09.html

University of Twente, Enschede, The Netherlands, 24 June 2009

In collaboration with the Fifth European Conference on Model Driven
Architecture
Foundations and Applications (ECMDA-FA)
http://www.utwente.nl/projecten/ecmda2009/

-----------------------------------------------------------------

Software security and reliability is rapidly becoming one of the most
pressing issues in software engineering since software has become a
critical component in almost all systems that society relies on. The level
of risk the society faces from intentional or unintentional failures in
these systems has increased in an almost uncontrolled fashion:

With software controlling, protecting, and affecting more and more
critical information and systems, the consequences of failure has
increased significantly.
As software becomes more complex, it tends to contain more flaws, and as
it becomes more networked, its exposure to potential adversaries
increases.

This workshop would like to discuss how software security can be improved
through the MDA approach.

The main discussion topics will be:


How security specialists can capture their security expertise in form of
reusable models, in particular threat and vulnerability models


How the security requirements and goals can be traced all along the
development process


How security models and profiles can be merged with system models in
different abstraction levels


How security models can be shared and reused


How developers can benefit from these reusable models for specification
and design (e.g. through sharing tool artifacts such as security design
patterns)


How security testing can be improved through security models.


Which are the requirements on tools to support the creation,
transformation and use of security models.

The workshop will try to bring together people from both academia and
industry, from all the different areas that want to/might play an
active role in domain of security solutions and issue in MDA, to discuss
problems, highlight possible solutions, disseminate success stories and
also draft a possible research agenda.

---------------------------------------------------------------------------------------------
Covered topics
---------------------------------------------------------------------------------------------

The workshop addresses problems and solutions for Security in MDA. The
topics of interest include, but are not restricted to::


Security Modelling
Security requirements tracking in MDA
Model-based security testing
Transformation of model-based security knowledge
Interoperability between security models
Platform dependent and platform independent models for security solutions
Model-based behavior analysis
Security Tools using security models
Security design patterns in MDA
Abuse and Misuse cases
Standards for modeling and sharing vulnerabilities and security issue
knowledge
Standards for storing and querying vulnerabilities and security issue
knowledge bases
Requirements for new security improved tools
Security models and design patterns integration within IDE

---------------------------------------------------------------------------------------------
Contributions
---------------------------------------------------------------------------------------------

The workshop is open to contributions that focus on the "broad" spectrum
on security in MDA related activities and in particular
industrialexperience report, progress, new methods and solutions in that
context.

We would like to invite papers that explain and exemplify relevant issues
and problems related to the security and reliability incomplex software
systems in MDA context,papers that present established solutions to
well-known problems and also papers that discuss success stories.

In all these cases, we expect well-focused contributions to help
participants understand problems, open issues, and available solutions,
and also to foster rich and fruitful discussions.

The emphasis should be on defining and setting problems, on technical
details of proposed solutions, or on the rationale behind success
stories.Papers should be written in Springer LNCS style and limited to 10
pages (see http://www.springer.de/comp/lncs/authors.html for details). The
emphasis should be on defining and setting problems, on technical details
of proposed solutions, or on the rationale behind success stories. As the
workshop will apply double-blind reviews process, the papers should not
indicate their authors.

Submissions should be sent by email attachment (MS Word format) to
Alessandra
Bagnato alessandra.bagnato at txt.it.

---------------------------------------------------------------------------------------------
Pubblications
---------------------------------------------------------------------------------------------

The paper selection will be based upon the relevance of a paper to the
main topics, on its quality and on the potential to stimulate
discussion in the workshop. Accepted papers will be published in Workshop
proceedings CTIT Proceedings series available in the Faculty of Electrical
Engineering, Mathematics & Computer Science University of Twente (ISBN
number to be communicated).

---------------------------------------------------------------------------------------------
Important dates
---------------------------------------------------------------------------------------------

Paper submission: 23 April 2009
Notification of acceptance: 1 May 2009
Final manuscript due: 15 May 2009
Workshop: 24 June 24 2009

---------------------------------------------------------------------------------------------
Program committee
---------------------------------------------------------------------------------------------
Habtamu Abie, Norwegian Computing Center
Alessandra Bagnato, TXT e-solutions
Charles Bastos Rodriguez, Atos Research & Innovation Security Unit
Ruth Breu, University of Insbruck
Ana Cavalli, Institut TELECOM/TELECOM SudParis
Estíbaliz Delgado, European Software Institute
Marina Egea Gonzalez, ETH Zürich
Jan Jurjens, Computing Department, The Open University
Filippo Lanubile, Università degli Studi di Bari
Xabier Larrucea, European Software Institute
Amel Mammar, Institut TELECOM/TELECOM SudParis
Jason Xabier Mansell, European Software Insitute
Per Håkon Meland, SINTEF
Matteo Meucci, OWASP-Italy Chair, OWASP Testing Guide lead
Bernhard Rumpe, RWTH Aachen University
Nahid Shahmehri, Linköping University
Ståle Walderhaug, SINTEF

---------------------------------------------------------------------------------------------
Keynote Speaker
---------------------------------------------------------------------------------------------

Jan Jurjens, Computing Department, The Open University
Model-based Security Engineering for Evolving Systems

---------------------------------------------------------------------------------------------
Workshop Contact References
---------------------------------------------------------------------------------------------

For more information on the workshop, please contact:

Alessandra Bagnato
Txt e-solutions, Corporate Research Division
Via al Ponte Reale 5, Genoa (Italy)
Phone: 39 027711
alessandra.bagnato at txt.it.





More information about the Owasp-italy mailing list