[ecoop-info] SecTest2011: Call for Papers

avantssar at resin.csoft.net avantssar at resin.csoft.net
Sat Oct 30 09:01:53 CEST 2010



The 2nd International Workshop on Security Testing (SECTEST 2011)

Co-located with ICST 2011
(The 4th Int. Conference on Software Testing, Verification and Validation)
Berlin, Germany, March 21-25, 2011


SUBMISSION DEADLINE: December 21, 2010

Both full (8 pages) and short (2 pages) research papers allowed.


To improve software security, several techniques, including vulnerability
modelling and security testing, have been developed but the problem remains
unsolved. On one hand, the workshop tries to answer how vulnerability
modelling can help users understand the occurrence of vulnerabilities so to
avoid them, and what the advantages and drawbacks of the existing models are
to represent vulnerabilities. At the same time, the workshop tries to
understand how to solve the challenging security testing problem given that
testing the mere functionality of a system alone is already a fundamentally
critical task, how security testing is different from and related to classical
functional testing, and how to assess the quality of security testing. The
objective of this workshop is to share ideas, methods, techniques, and tools
about vulnerability modelling and security testing to improve the state of the

In particular, the workshop aims at providing a forum for practitioners and
researchers to exchange ideas, perspectives on problems, and solutions. Both
papers proposing novel models, methods, and algorithms and reporting
experiences applying existing methods on case studies and industrial examples
are welcomed.


The topics of interest include, but are not restricted to:
  * network security testing 
  * application security testing 
  * security requirements definition and modelling 
  * security and vulnerability modelling 
  * runtime monitoring of security-relevant applications 
  * security testing of legacy systems 
  * cost effectiveness issues 
  * comparisons between security-by-design and formal analyses 
  * formal techniques for security testing and validation 
  * security test generation and oracle derivation 
  * specifying testable security constraints 
  * test automation 
  * penetration testing 
  * regression testing for security 
  * robustness and fault tolerance to attacks 
  * test-driven diagnosis of security weaknesses 
  * process and models for designing and testing secure system 
  * when to perform security analysis and testing 
  * "white box" security testing techniques 
  * compile time fault detection and program verification 
  * tools and case studies 
  * industrial experience reports 


  * Papers due:  December 21, 2010  
  * Notification:  January 31, 2011  
  * Camera-ready due:  February 14, 2011  


  * Paul Ammann (George Mason University, USA) 
  * Alessandra Bagnato (TXT e-solutions, Corporate Research Division, Italy) 
  * Benoit Baudry (INRIA Rennes, France) 
  * Ruth Breu (University of Innsbruck, Austria) 
  * Achim Brucker (SAP Research, Germany) 
  * Frederic Cuppens (Telecom Bretagne, France) 
  * Khaled El Fakih (American University of Sharjah, UAE) 
  * Daniel Faigin (The Aerospace Corporation, USA) 
  * Roland Groz (Grenoble University, France) 
  * Mohamed Jmaiel (University of Sfax, Tunisia) 
  * Keqin Li (SAP Research, France; co-chair) 
  * Lijun Liu (China Mobile Research Institute, China) 
  * Wissam Mallouli (Montimage, France; co-chair) 
  * Matteo Meucci (OWASP-Italy) 
  * Charles P. Pfleeger (Pfleeger Consulting Group, USA) 
  * Ronald Ritchey (Booz Allen & Hamilton, USA) 
  * Ina Schieferdecker (Fraunhofer FOKUS, Germany) 
  * Nahid Shahmehri (Linkoeping University) 
  * Luca Vigano` (Universita` di Verona, Italy; co-chair) 
  * Laurie Williams (North Carolina State University, USA)
  * Nina Yevtushenko (Tomsk State University, Russia)


  * Alessandro Armando (University of Genova, Italy) 
  * Ana Cavalli (Telecom SudParis, France) 
  * Jorge Cuellar (Siemens, Germany) 
  * Alexander Pretschner (KIT, Germany) 
  * Yves Le Traon (University of Luxembourg, Luxembourg) 

For further information, please contact the co-chairs.

More information about the ecoop-info mailing list