[ml] CFP: SESS06 @ ICSE06

Ciaps,

   FYI

--

                   (Apologize for multiple copies)

           Software Engineering for Secure Systems (SESS06)
                           "Secure by Design"
            http://homes.dico.unimi.it/~monga/sess06.html

In conjunction with the 28th International Conference on Software
Engineering (ICSE 2006), Shanghai, China, 20-28 May 2006

* Theme and goals

The issue  of software  security is increasingly  relevant in  a world
where  most   of  our  life   depends  directly  on   several  complex
computer-based  systems. Today  the  Internet connects  and enables  a
growing list of critical  activities from which people expect services
and revenues. In  other words, they trust these systems  to be able to
provide  data  and  elaborations  with a  degree  of  confidentiality,
integrity,   and    availability   compatible   with    their   needs.
Historically, the  software engineering community has  strived more to
obtain  validity  than  trustworthiness. Nowadays,  however,  software
ubiquity in  the creation of  critical infrastructures has  raised the
value  of  trustworthiness and  new  efforts  should  be dedicated  to
achieve  it. In  particular, security  concerns should  be  taken into
account  as  early  as  possible,  and  not added  to  systems  as  an
after-thought: this  is extremely expensive and it  may compromise the
design integrity in critical ways. Moreover, security features such as
cryptographic protocols and tamper-resistant hardware cannot be simply
used to "decorate" applications, to transform an insecure product in a
secure one just by this addition. Surprisingly, several security holes
are recurrent, notwithstanding  the experience accumulated by security
research  in the  last decades.  Software engineers  and practitioners
should assimilate basic security  techniques and integrate them in the
current practice,  while understanding associated  costs and benefits.
At the same time,  several well-known software engineering disciplines
such  as  verification, testing,  program  analysis, process  support,
configuration   management,   requirement   engineering,  etc.   could
contribute  to  improving security  solutions  that  sometimes lack  a
coherent  methodological  approach or,  as  in  the  case of  security
standards proposed  by the Common Criteria or  BS7799, are challenging
to integrated with mainstream software engineering practice.  The SESS
workshop aims at providing a venue for software engineers and security
researchers to  exchange ideas  and techniques. The  first_edition was
held in conjunction with ICSE2005.

* Topics

Areas of interest include, but are not limited to:

o Security requirements management
o Architecture and design of trustworthy systems
o Architecture and design of protection systems
o Separation of the security concern in complex systems
o Model driven security
o Secure programming
o Black box components trustworthiness
o Security testing
o Static analysis for security
o Trustworthiness verification and clearance
o Defining and supporting the process of building secure software
o Deployment of secure applications
o Monitoring and maintenance of the security solution
o Security usability

Workshop papers must be limited to 7 pages in the ICSE_two_column
format.

* Important dates

  Intent to submit
      25 January 2006

  Submission of workshop papers
      1 February 2006

  Notification of workshop papers
      22 February 2006

  Publication-ready version
      7 March 2006

  Workshop dates
      20-21 May 2006


* Program Committe


o Elisa Bertino, Center for Education and Research in Information
  Assurance and Security, Purdue University
o Premkumar T. Devanbu, University of California at Davis
o Carlo Ghezzi, Politecnico di Milano, Italy
o Charles B. Haley, The Open University, UK
o Richard A. Kemmerer, University of California at Santa Barbara
o Christopher Kruegel, Technische Universita"t Wien, Austria
o Samuel Redwine, James Madison University
o Stuart Stubblebine, Stubblebine Research Labs and University of
  California at Davis
o Wietse Z. Venema, IBM T.J. Watson Research Center
o John Viega, Secure Software, Inc.
o Giovanni Vigna, University of California at Santa Barbara
o Xiaolan Zhang, IBM T. J. Watson Research Center
o Hengming Zou, Shanghai Jiao Tong University, China


* Organizing Committe


o Danilo Bruschi, Universita` degli Studi di Milano, Italy
o Bart De Win, Katholieke Universiteit Leuven, Belgium
o Mattia Monga, Universita` degli Studi di Milano, Italy

bye,
GG sullivan

-- 
Lorenzo `Gigi Sullivan' Cavallaro <sullivan@xxxxxxxxxxxxx>
GPG key at http://security.dico.unimi.it/~sullivan/sullivan.asc

Until I loved, life had no beauty;
I did not know I lived until I had loved. (Theodor Korner)

See the reality in your eyes, when the hate makes you blind. (A.H.X)

Attachment: signature.asc
Description: Digital signature