[ecoop-info] SecTest2011: Call for Papers (deadline extended to Jan 4, 2011)

avantssar at resin.csoft.net avantssar at resin.csoft.net
Tue Dec 21 16:06:25 CET 2010

Due to popular request and the holiday break,
the deadline is extended to Jan 4, 2011

(Apologies if you receive this announcement multiple times)


The 2nd International Workshop on Security Testing (SECTEST 2011)
Berlin, Germany, March 25, 2011

Co-located with ICST 2011
(The 4th Int. Conference on Software Testing, Verification and Validation)


SUBMISSION DEADLINE: January 4, 2011 (extended)

Both full (8 pages) and short (2 pages) research papers allowed.

The proceedings will be published in the IEEE digital library.


To improve software security, several techniques, including
vulnerability modelling and security testing, have been developed but
the problem remains unsolved. On one hand, the workshop tries to
answer how vulnerability modelling can help users understand the
occurrence of vulnerabilities so to avoid them, and what the
advantages and drawbacks of the existing models are to represent
vulnerabilities. At the same time, the workshop tries to understand
how to solve the challenging security testing problem given that
testing the mere functionality of a system alone is already a
fundamentally critical task, how security testing is different from
and related to classical functional testing, and how to assess the
quality of security testing. The objective of this workshop is to
share ideas, methods, techniques, and tools about vulnerability
modelling and security testing to improve the state of the art.

In particular, the workshop aims at providing a forum for
practitioners and researchers to exchange ideas, perspectives on
problems, and solutions. Both papers proposing novel models, methods,
and algorithms and reporting experiences applying existing methods on
case studies and industrial examples are welcomed.


The topics of interest include, but are not restricted to:
  * network security testing 
  * application security testing 
  * security requirements definition and modelling 
  * security and vulnerability modelling 
  * runtime monitoring of security-relevant applications 
  * security testing of legacy systems 
  * cost effectiveness issues 
  * comparisons between security-by-design and formal analyses 
  * formal techniques for security testing and validation 
  * security test generation and oracle derivation 
  * specifying testable security constraints 
  * test automation 
  * penetration testing 
  * regression testing for security 
  * robustness and fault tolerance to attacks 
  * test-driven diagnosis of security weaknesses 
  * process and models for designing and testing secure system 
  * when to perform security analysis and testing 
  * "white box" security testing techniques 
  * compile time fault detection and program verification 
  * tools and case studies 
  * industrial experience reports 


  * Papers due:  January 4, 2011
  * Notification:  January 31, 2011  
  * Camera-ready due:  February 14, 2011  


David Basin (ETH Zurich)
Policy Monitoring in First-order Temporal Logic.
In security and compliance, it is often necessary to ensure that
agents and systems comply to complex policies. An example from
financial reporting is the requirement that every transaction t of a
customer c, who has within the last 30 days been involved in a
suspicious transaction t', must be reported as suspicious within 2
days. We present an approach to monitoring such policies formulated in
an expressive fragment of metric first-order temporal logic. We also
report on case studies in security and compliance monitoring and use
these to evaluate both the suitability of this fragment for expressing
complex, realistic policies and the efficiency of our monitoring
(Joint work with Felix Klaedtke, Samuel Mueller, Matus Harvan, and
Eugen Zalinescu)

Ina Schieferdecker (Fraunhofer Fokus)
TItle: TBA


  * Paul Ammann (George Mason University, USA) 
  * Alessandra Bagnato (TXT e-solutions, Corporate Research Division, Italy) 
  * Benoit Baudry (INRIA Rennes, France) 
  * Ruth Breu (University of Innsbruck, Austria) 
  * Achim Brucker (SAP Research, Germany) 
  * Fr¨¦d¨¦ric Cuppens (Telecom Bretagne, France) 
  * Khaled El Fakih (American University of Sharjah, UAE) 
  * Daniel Faigin (The Aerospace Corporation, USA) 
  * Roland Groz (Grenoble University, France) 
  * Mohamed Jmaiel (University of Sfax, Tunisia) 
  * Keqin Li (SAP Research, France; co-chair) 
  * Lijun Liu (China Mobile Research Institute, China) 
  * Wissam Mallouli (Montimage, France; co-chair) 
  * Matteo Meucci (OWASP-Italy) 
  * Charles P. Pfleeger (Pfleeger Consulting Group, USA) 
  * Ronald Ritchey (Booz Allen & Hamilton, USA) 
  * Ina Schieferdecker (Fraunhofer FOKUS, Germany) 
  * Nahid Shahmehri (Link?ping University) 
  * Luca Vigan¨° (Universit¨¤ di Verona, Italy; co-chair) 
  * Laurie Williams (North Carolina State University, USA)
  * Nina Yevtushenko (Tomsk State University, Russia)


  * Alessandro Armando (University of Genova, Italy) 
  * Ana Cavalli (Telecom SudParis, France) 
  * Jorge Cuellar (Siemens, Germany) 
  * Alexander Pretschner (KIT, Germany) 
  * Yves Le Traon (University of Luxembourg, Luxembourg) 

For further information: http://www.avantssar.eu/sectest2011/.

More information about the ecoop-info mailing list