[ml] Fw: [Call for Paper]

Woa!

   ... come da subject, per chi fosse interessato! :)

bye,
GG sullivan

P.S. Buon Natale e felice anno nuovo!

-- 
Lorenzo Cavallaro `Gigi Sullivan' <sullivan@xxxxxxxxxxxxx>

Until I loved, life had no beauty;
I did not know I lived until I had loved. (Theodor Korner)

See the reality in your eyes, when the hate makes you blind. (A.H.X)
> --- Begin Message ---
> 	       Software Engineering for Secure Systems
> 			       (SESS05)
> 		  Building Trustworthy Applications
> 	    http://homes.dico.unimi.it/~monga/sess05.html
>
> 			   May 15-16, 2005
> 		      St. Louis, Missouri   USA
>
> 			An ICSE 2005 workshop
> 		    http://www.cs.wustl.edu/icse05
>
>
> * Theme and goals
>
> Every software  application is built  and deployed to  accomplish some
> goal pursued  by its interested parties. Thus,  software engineers aim
> at  designing, implementing, and  maintaining valid  applications that
> meet the needs of stakeholders. However, every application can be also
> potentially misused, that  is, used to pursue goals  that contrast the
> ones  intended by stakeholders.  Therefore, software  engineers should
> try  to  design  applications   that,  while  still  valid,  are  also
> trustworthy and  cannot be  misused. Validity and  trustworthiness are
> goals that often cannot be achieved either because they are too costly
> or  because  they  stem  from  conflicting  needs.  Historically,  the
> software  engineering community  has strived  more to  obtain validity
> than trustiness. Nowadays, however,  software ubiquity in the creation
> of critical infrastructures has risen the value of trustworthiness and
> new efforts should be dedicated to achieve it.
>
> The major source of vulnerability of systems has been recognized to be
> poor-quality  software. However,  while secure  applications  are also
> valid  and   robust  ones,  security  is   a  specific  non-functional
> requirement that has to be explicitly and carefully taken into account
> during  analysis, implementation,  testing, and  deployment. Moreover,
> some of the most successful  techniques used by software engineers may
> conflict with  security objectives.  Abstraction, for example,  is the
> invaluable device the designers use  in order to cope with complexity,
> but, since it is rarely applied as a pure mathematical generalization,
> it could force one to neglect  details that can be exploited to misuse
> an  application; late binding,  while a  fundamental tool  in pursuing
> design for  change, could  be hijacked to  adapt systems  to malicious
> goals; COTS, commercial off-the-shelf components, if they might foster
> the profitableness of software industry, they also introduce black-box
> subsystems that are difficult to manage when reasoning about the chain
> of trust of the whole system.
>
> This workshop will  provide a venue to discuss  techniques that enable
> the building and validation  of secure applications. We are especially
> interested in  (1) design and  implementation approaches that  make it
> easier to  deal with security  requirements, and (2)  program analysis
> techniques that enhance the trustworthiness of applications.  
>
> * Topics
>
> Areas of interest include, but are not limited to:
>
>     o Security requirements management
>     o Architecture and design of trustworthy systems
>     o Architecture and design of protection systems
>     o Separation of the security concern in complex systems
>     o Secure programming
>     o Black box components trustworthiness
>     o Security testing
>     o Trustworthiness verification and clearance
>     o Defining and supporting the process of building secure software
>     o Deployment of secure applications
>
> Workshop papers must be limited to 7 pages in the ICSE two column format.
>
> * Important dates
>
> ** Submission of workshop papers
>     21 February 2005 
> ** Notification of workshop papers
>     21 March 2005
> ** Publication-ready version
>     4 April 2005
>
> * Program Committe
>
>     o Annie I. Antón, North Carolina State University
>     o Elisa Bertino, Center for Education and Research in Information Assurance and Security, Purdue University
>     o Premkumar T. Devanbu, University of California at Davis
>     o Carlo Ghezzi, Politecnico di Milano, Italy
>     o Charles B. Haley, The Open University, UK
>     o Constance Heitmeyer, Naval Research Laboratory
>     o Somesh Jha, University of Wisconsin at Madison
>     o Richard A. Kemmerer, University of California at Santa Barbara
>     o Christopher Kruegel, Technische Universität Wien, Austria
>     o Axel van Lamsweerde, Université Catholique de Louvain
>     o Gene Spafford, Purdue University
>     o Stuart Stubblebine, Stubblebine Research Labs and University of California at Davis
>     o Wietse Z. Venema, IBM T.J. Watson Research Center
>     o John Viega, Secure Software, Inc.
>     o Giovanni Vigna, University of California at Santa Barbara
>     o Alexander L. Wolf, University of Colorado at Boulder
>
> * Organizing Committe
>
>     o Danilo Bruschi, Università degli Studi di Milano, Italy
>     o Bart De Win, Katholieke Universiteit Leuven, Belgium
>     o Mattia Monga, Università degli Studi di Milano, Italy
>
> --- End Message ---