SEAD 2019 - ASE 2019 (original) (raw)

Second International Workshop on Software Security from Design to Deployment (SEAD)

In today’s increasingly interconnected software-intensive systems, analyzing, implementing and maintaining security requirements of software-intensive systems and achieving truly secure software systems requires planning for security from the ground up, and continuously assuring that security is maintained across the software’s lifecycle and after deployment during operations when software evolves. Given the increasing complexity of software systems, new application domains, dynamic and often critical operating conditions, the distributed nature of many software systems and fast-moving markets which put pressure on software vendors, building secure systems from the ground up becomes even more challenging. Security-related issues have previously been targeted in software engineering sub-communities and venues.

In this second edition of the SEAD workshop, we aim to bring the research and practitioner communities of requirements engineers, security experts, architects, developers, and testers together to identify foundations, challenges and formulate solutions related to automating the analysis, design, implementation, testing, and maintenance of secure software systems.

The program is currently displayed in (GMT-08:00) Tijuana, Baja California.

Use conference time zone: (GMT-08:00) Tijuana, Baja CaliforniaSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

You're viewing the program in a time zone which is different from your device's time zone change time zone

11:00 - 12:30	Session 2SEAD at Hillcrest 2
11:0020mTalk	The Effect of Weighted Moving Windows on Security Vulnerability PredictionSEADPatrick Kwaku Kudjo Jiangsu University, Jinfu Chen Jiangsu University, Selasie Aformaley Brown University of Professional Studies, Accra-Ghana, Solomon Mensah University of Ghana, Legon
11:2020mTalk	Towards Automated Security Design Flaw DetectionSEADLaurens Sion Katholieke Universiteit Leuven, Katja Tuma Vrije Universiteit Amsterdam, Koen Yskout Katholieke Universiteit Leuven, Riccardo Scandariato Chalmers \| University of Gothenburg, Wouter Joosen Katholieke Universiteit Leuven
11:4020mTalk	Securing Smart Contracts in BlockchainSEADJaturong Kongmanee Computer Science, Texas Tech University, Jaturong Kongmanee Computer Science, Texas Tech University, Phongphun Kijsanayothin Electrical and Computer Engineering, Naresuan University, Rattikorn Hewett Computer Science, Texas Tech University

Accepted Papers

Title
Challenges in Secure Engineering of Critical Infrastructure SystemsSEADSridhar Adepu, Eunsuk Kang, Aditya Mathur
Link to the TopicsSEAD Link to publication Pre-print
Secrets Management and Handling in Mobile Application Development LifecycleSEADpanuchart bunyakiati, Usa Sammapun
Securing Smart Contracts in BlockchainSEADJaturong Kongmanee, Jaturong Kongmanee, Phongphun Kijsanayothin, Rattikorn Hewett
Security-related Commits in Open Source Web Browser ProjectsSEADÁkos Kiss, Renáta Hodován
The Effect of Weighted Moving Windows on Security Vulnerability PredictionSEADPatrick Kwaku Kudjo, Jinfu Chen, Selasie Aformaley Brown, Solomon Mensah
Towards Automated Security Design Flaw DetectionSEADLaurens Sion, Katja Tuma, Koen Yskout, Riccardo Scandariato, Wouter Joosen

Call for Papers

Workshop theme

Analyzing, implementing and maintaining security requirements of software-intensive systems and achieving truly secure software systems requires planning for security from the ground up, and continuously assuring that security is maintained across the software’s lifecycle and after deployment during operations when software evolves. Given the increasing complexity of software systems, new application domains, dynamic and often critical operating conditions, the distributed nature of many software systems and fast-moving markets which put pressure on software vendors, building secure systems from the ground up becomes even more challenging. Security-related issues have previously been targeted in software engineering sub-communities and venues.

In this second edition the International Workshop on Software Security Design to Deployment (SEAD), we aim to bring the research and practitioner communities of requirements engineers, security experts, architects, developers, and testers together to identify foundations, challenges and formulate solutions related to automating the analysis, design, implementation, testing, and maintenance of secure software systems.

Main topics

The workshop addresses automated software engineering issues related to ensuring secure software through cross-cutting “security awareness”. Topics include (but are not limited to):

Automated reasoning techniques for security
Flexible, lean and lightweight (automated) approaches to support security and to develop large-scale security-intensive software
Adaptive security and situational awareness
Data analytics and forensics for security
Conflict between flexibility in modern systems and security
Security in new, emerging and maturing domains with potentially large problem and design spaces
“Soft” aspects of security, e.g, human behavior, psychological aspects, social engineering
Impact of technology advances on implementing security, e.g., new implementation technologies, cloud computing, micro-services, serverless architectures
“Build-in” security, e.g., in programming languages
Mechanisms to model and handle security across different life cycle stages, from inception to operation
DevOps for developing, deploying and maintaining security-intensive systems
Secure DevOps (DevSecOps)
Design solutions to enable secure systems
Reference models/architectures/frameworks to ensure security across life cycle stages
Practices and automated techniques for requirements engineering, architecting, design, implementation, testing and maintenance of security-intensive systems
(Automated) traceability mechanisms to support traceability between security needs and how they are implemented
Methods for quality assurance, process and product metrics for security-intensive systems
Security mining and security architecture recovery
(Automated) validation and verification of security, including prototyping to test and validate security
Assessment techniques and metrics for compliance of architecture, design, code, etc. with security needs
(Automated) vulnerability repair
Training and tools, e.g., tools and techniques for stimulating “security thinking” during coding activities

Paper categories

We invite submissions in the following categories of papers:

Position and vision papers (2-4 pages): On-going research, new challenges and emerging trends; novel solutions and inspiring, new ideas; directions for future research.

Reference problem papers (2-4 pages): Descriptions or examples of problems in real-life settings that pose fundamental or characteristic challenges.

Full papers (6-8 pages): Innovative and original research, empirical studies, systematic literature studies, etc.

Industry and experience papers (up to 8 pages): Industrial experience, case studies, challenges, problems and solutions.

Education and training papers (up to 8 pages): Experiences, approaches and tools for teaching topics in academic courses or industrial training (e.g., lesson plans, assignments).

Artifact papers (2 pages): Security-related architectures, designs, code, etc. to build a corpus for research and education. Papers must include link to actual artifacts.

Paper formatting and submission

All papers must follow the general formatting guidelines and policies. Submissions must be made through EasyChair.

Publication

Workshop proceedings will be in both the ACM and IEEE digital libraries.