Blogs (1) >>
ASE 2019
Sun 10 - Fri 15 November 2019 San Diego, California, United States

Second International Workshop on Software Security from Design to Deployment (SEAD)

In today’s increasingly interconnected software-intensive systems, analyzing, implementing and maintaining security requirements of software-intensive systems and achieving truly secure software systems requires planning for security from the ground up, and continuously assuring that security is maintained across the software’s lifecycle and after deployment during operations when software evolves. Given the increasing complexity of software systems, new application domains, dynamic and often critical operating conditions, the distributed nature of many software systems and fast-moving markets which put pressure on software vendors, building secure systems from the ground up becomes even more challenging. Security-related issues have previously been targeted in software engineering sub-communities and venues.

In this second edition of the SEAD workshop, we aim to bring the research and practitioner communities of requirements engineers, security experts, architects, developers, and testers together to identify foundations, challenges and formulate solutions related to automating the analysis, design, implementation, testing, and maintenance of secure software systems.

This program is tentative and subject to change.

Mon 11 Nov

sead-2019-papers
09:00 - 10:30: SEAD 2019 - Introduction and Keynote Talk at Hillcrest 2
sead-2019-papers09:15 - 10:30
Talk
Hamid BagheriUniversity of Nebraska-Lincoln, USA
sead-2019-papers
09:00 - 17:30: SEAD 2019 - Schedule to be announced at Hillcrest 2
ase-2019-catering
10:30 - 11:00: Social - Break at Cortez Foyer/Kensington Terrace
ase-2019-catering
12:30 - 14:00: Social - Lunch Break at Kensington Ballroom/Kensington Terrace
ase-2019-catering
15:30 - 16:00: Social - Break at Cortez Foyer/Kensington Terrace

Not scheduled yet

sead-2019-papersNot scheduled yet
Day opening
Mehdi MirakhorliRochester Institute of Technology, Matthias GalsterUniversity of Canterbury, Laurie WilliamsNorth Carolina State University

Call for Papers

Workshop theme

Analyzing, implementing and maintaining security requirements of software-intensive systems and achieving truly secure software systems requires planning for security from the ground up, and continuously assuring that security is maintained across the software’s lifecycle and after deployment during operations when software evolves. Given the increasing complexity of software systems, new application domains, dynamic and often critical operating conditions, the distributed nature of many software systems and fast-moving markets which put pressure on software vendors, building secure systems from the ground up becomes even more challenging. Security-related issues have previously been targeted in software engineering sub-communities and venues.

In this second edition the International Workshop on Software Security Design to Deployment (SEAD), we aim to bring the research and practitioner communities of requirements engineers, security experts, architects, developers, and testers together to identify foundations, challenges and formulate solutions related to automating the analysis, design, implementation, testing, and maintenance of secure software systems.

Main topics

The workshop addresses automated software engineering issues related to ensuring secure software through cross-cutting “security awareness”. Topics include (but are not limited to):

  • Automated reasoning techniques for security
  • Flexible, lean and lightweight (automated) approaches to support security and to develop large-scale security-intensive software
  • Adaptive security and situational awareness
  • Data analytics and forensics for security
  • Conflict between flexibility in modern systems and security
  • Security in new, emerging and maturing domains with potentially large problem and design spaces
  • “Soft” aspects of security, e.g, human behavior, psychological aspects, social engineering
  • Impact of technology advances on implementing security, e.g., new implementation technologies, cloud computing, micro-services, serverless architectures
  • “Build-in” security, e.g., in programming languages
  • Mechanisms to model and handle security across different life cycle stages, from inception to operation
  • DevOps for developing, deploying and maintaining security-intensive systems
  • Secure DevOps (DevSecOps)
  • Design solutions to enable secure systems
  • Reference models/architectures/frameworks to ensure security across life cycle stages
  • Practices and automated techniques for requirements engineering, architecting, design, implementation, testing and maintenance of security-intensive systems
  • (Automated) traceability mechanisms to support traceability between security needs and how they are implemented
  • Methods for quality assurance, process and product metrics for security-intensive systems
  • Security mining and security architecture recovery
  • (Automated) validation and verification of security, including prototyping to test and validate security
  • Assessment techniques and metrics for compliance of architecture, design, code, etc. with security needs
  • (Automated) vulnerability repair
  • Training and tools, e.g., tools and techniques for stimulating “security thinking” during coding activities

Paper categories

We invite submissions in the following categories of papers:

Position and vision papers (2-4 pages): On-going research, new challenges and emerging trends; novel solutions and inspiring, new ideas; directions for future research.

Reference problem papers (2-4 pages): Descriptions or examples of problems in real-life settings that pose fundamental or characteristic challenges.

Full papers (6-8 pages): Innovative and original research, empirical studies, systematic literature studies, etc.

Industry and experience papers (up to 8 pages): Industrial experience, case studies, challenges, problems and solutions.

Education and training papers (up to 8 pages): Experiences, approaches and tools for teaching topics in academic courses or industrial training (e.g., lesson plans, assignments).

Artifact papers (2 pages): Security-related architectures, designs, code, etc. to build a corpus for research and education. Papers must include link to actual artifacts.

Paper formatting and submission

All papers must follow the general formatting guidelines and policies. Submissions must be made through EasyChair.

Publication

Workshop proceedings will be in both the ACM and IEEE digital libraries.

Towards Automated Security Design Flaw Detection

Laurens Sion (Katholieke Universiteit Leuven, Belgium), Katja Tuma (Chalmers | University of Gothenburg, Sweden), Riccardo Scandariato (Chalmers | University of Gothenburg, Sweden), Koen Yskout (Katholieke Universiteit Leuven, Belgium), Wouter Joosen (Katholieke Universiteit Leuven, Belgium)


Security-related Commits in Open Source Web Browser Projects

Ákos Kiss (University of Szeged, Hungary), Renáta Hodován (University of Szeged, Hungary)


Challenges in Secure Engineering of Critical Infrastructure

Sridhar Adepu (Singapore University of Technology and Design, Singapore), Eunsuk Kang (Carnegie Mello University, USA), Aditya Mathur (Singapore University of Technology and Design, Singapore)


The Effect of Weighted Moving Windows on Security Vulnerability Prediction

Patrick Kwaku Kudjo (Jiangsu University, China), Jinfu Chen (Jiangsu University, China), Selasie Aformaley Brown (University of Professional Studies, Accra-Ghana, Ghana), Solomon Mensah (University of Ghana, Ghana)


Securing Smart Contracts in Blockchain

Jaturong Kongmanee (Texas Tech University, USA), Phongphun Kijsanayothin (Naresuan University, Thailand), Rattikorn Hewett (Texas Tech University, USA)


On Secret Management and Handling in Mobile Application Development Cycle: A Position Paper

Panuchart Bunyakiati (Kasetsart University, Thailand), Usa Sammapun (Kasetsart University, Thailand)