Blogs (1) >>
ASE 2019
Sun 10 - Fri 15 November 2019 San Diego, California, United States

Second International Workshop on Software Security from Design to Deployment (SEAD)

In today’s increasingly interconnected software-intensive systems, analyzing, implementing and maintaining security requirements of software-intensive systems and achieving truly secure software systems requires planning for security from the ground up, and continuously assuring that security is maintained across the software’s lifecycle and after deployment during operations when software evolves. Given the increasing complexity of software systems, new application domains, dynamic and often critical operating conditions, the distributed nature of many software systems and fast-moving markets which put pressure on software vendors, building secure systems from the ground up becomes even more challenging. Security-related issues have previously been targeted in software engineering sub-communities and venues.

In this second edition of the SEAD workshop, we aim to bring the research and practitioner communities of requirements engineers, security experts, architects, developers, and testers together to identify foundations, challenges and formulate solutions related to automating the analysis, design, implementation, testing, and maintenance of secure software systems.

Plenary
You're viewing the program in a time zone which is different from your device's time zone change time zone

Mon 11 Nov

Displayed time zone: Tijuana, Baja California change

09:00 - 10:30
Introduction and Keynote TalkSEAD at Hillcrest 2
09:00
15m
Day opening
Introduction
SEAD
Mehdi Mirakhorli Rochester Institute of Technology, Matthias Galster University of Canterbury, Laurie Williams North Carolina State University
09:15
60m
Talk
Keynote Talk: Automating Pragmatic Software Dependability
SEAD
K: Hamid Bagheri University of Nebraska-Lincoln, USA
11:00 - 12:30
Session 2SEAD at Hillcrest 2
11:00
20m
Talk
The Effect of Weighted Moving Windows on Security Vulnerability Prediction
SEAD
Patrick Kwaku Kudjo Jiangsu University, Jinfu Chen Jiangsu University, Selasie Aformaley Brown University of Professional Studies, Accra-Ghana, Solomon Mensah University of Ghana, Legon
11:20
20m
Talk
Towards Automated Security Design Flaw Detection
SEAD
Laurens Sion Katholieke Universiteit Leuven, Katja Tuma Vrije Universiteit Amsterdam, Koen Yskout Katholieke Universiteit Leuven, Riccardo Scandariato Chalmers | University of Gothenburg, Wouter Joosen Katholieke Universiteit Leuven
11:40
20m
Talk
Securing Smart Contracts in Blockchain
SEAD
Jaturong Kongmanee Computer Science, Texas Tech University, Jaturong Kongmanee Computer Science, Texas Tech University, Phongphun Kijsanayothin Electrical and Computer Engineering, Naresuan University, Rattikorn Hewett Computer Science, Texas Tech University
14:00 - 15:30
Session 3SEAD at Hillcrest 2
14:00
20m
Talk
Secrets Management and Handling in Mobile Application Development Lifecycle
SEAD
panuchart bunyakiati kasetsart university, Usa Sammapun kasetsart university
14:20
20m
Talk
Challenges in Secure Engineering of Critical Infrastructure Systems
SEAD
Sridhar Adepu Singapore University of Technology and Design, Singapore, Eunsuk Kang Carnegie Mellon University, Aditya Mathur Singapore University of Technology and Design
14:40
20m
Talk
Security-related Commits in Open Source Web Browser Projects
SEAD
Ákos Kiss University of Szeged, Department of Software Engineering, Renáta Hodován University of Szeged, Department of Software Engineering
16:00 - 17:30
Session 4SEAD at Hillcrest 2

Unscheduled Events

Not scheduled
Day closing
Link to the Topics
SEAD

Link to publication Pre-print

Call for Papers

Workshop theme

Analyzing, implementing and maintaining security requirements of software-intensive systems and achieving truly secure software systems requires planning for security from the ground up, and continuously assuring that security is maintained across the software’s lifecycle and after deployment during operations when software evolves. Given the increasing complexity of software systems, new application domains, dynamic and often critical operating conditions, the distributed nature of many software systems and fast-moving markets which put pressure on software vendors, building secure systems from the ground up becomes even more challenging. Security-related issues have previously been targeted in software engineering sub-communities and venues.

In this second edition the International Workshop on Software Security Design to Deployment (SEAD), we aim to bring the research and practitioner communities of requirements engineers, security experts, architects, developers, and testers together to identify foundations, challenges and formulate solutions related to automating the analysis, design, implementation, testing, and maintenance of secure software systems.

Main topics

The workshop addresses automated software engineering issues related to ensuring secure software through cross-cutting “security awareness”. Topics include (but are not limited to):

  • Automated reasoning techniques for security
  • Flexible, lean and lightweight (automated) approaches to support security and to develop large-scale security-intensive software
  • Adaptive security and situational awareness
  • Data analytics and forensics for security
  • Conflict between flexibility in modern systems and security
  • Security in new, emerging and maturing domains with potentially large problem and design spaces
  • “Soft” aspects of security, e.g, human behavior, psychological aspects, social engineering
  • Impact of technology advances on implementing security, e.g., new implementation technologies, cloud computing, micro-services, serverless architectures
  • “Build-in” security, e.g., in programming languages
  • Mechanisms to model and handle security across different life cycle stages, from inception to operation
  • DevOps for developing, deploying and maintaining security-intensive systems
  • Secure DevOps (DevSecOps)
  • Design solutions to enable secure systems
  • Reference models/architectures/frameworks to ensure security across life cycle stages
  • Practices and automated techniques for requirements engineering, architecting, design, implementation, testing and maintenance of security-intensive systems
  • (Automated) traceability mechanisms to support traceability between security needs and how they are implemented
  • Methods for quality assurance, process and product metrics for security-intensive systems
  • Security mining and security architecture recovery
  • (Automated) validation and verification of security, including prototyping to test and validate security
  • Assessment techniques and metrics for compliance of architecture, design, code, etc. with security needs
  • (Automated) vulnerability repair
  • Training and tools, e.g., tools and techniques for stimulating “security thinking” during coding activities

Paper categories

We invite submissions in the following categories of papers:

Position and vision papers (2-4 pages): On-going research, new challenges and emerging trends; novel solutions and inspiring, new ideas; directions for future research.

Reference problem papers (2-4 pages): Descriptions or examples of problems in real-life settings that pose fundamental or characteristic challenges.

Full papers (6-8 pages): Innovative and original research, empirical studies, systematic literature studies, etc.

Industry and experience papers (up to 8 pages): Industrial experience, case studies, challenges, problems and solutions.

Education and training papers (up to 8 pages): Experiences, approaches and tools for teaching topics in academic courses or industrial training (e.g., lesson plans, assignments).

Artifact papers (2 pages): Security-related architectures, designs, code, etc. to build a corpus for research and education. Papers must include link to actual artifacts.

Paper formatting and submission

All papers must follow the general formatting guidelines and policies. Submissions must be made through EasyChair.

Publication

Workshop proceedings will be in both the ACM and IEEE digital libraries.