DbWorld » Blog Archive » [Dbworld] CFP - Workshop on Security in Model Driven Architecture (SEC-MDA 2010)

[Dbworld] CFP - Workshop on Security in Model Driven Architecture (SEC-MDA 2010) - Paris June 16th 2010

From: “Alessandra Bagnato” (email address not shown)

—————- Call for Papers —————-

Second International Workshop on Security in Model Driven Architecture (SEC-MDA 2010)
http://www.shields-project.eu/?q=node/120

University of Pierre & Marie Curie,

Paris, France, June 16th 2010

In conjunction with ECMFA 2010 Sixth European Conference on Modelling Foundations and Applications
http://www.ecmfa-2010.org/

————————————————-

Introduction
============

Software security and reliability is rapidly becoming one of the most pressing issues in
software engineering since software has become a critical component in almost all systems
that society relies on. The level of risk the society faces from intentional or unintentional
failures in these systems has increased in an almost uncontrolled fashion:

- With software controlling, protecting, and affecting more and more critical information
and systems, the consequences of failure has increased significantly.
- As software becomes more complex, it tends to contain more flaws, and as it becomes more
networked, its exposure to potential adversaries increases.
- Software-intensive systems are increasingly becoming viable financial and political targets
for well-funded and well-motivated attackers, thus increasing the overall hreat to these systems.

Today, security is often an afterthought when developing software, rarely included in the early
phases of software development, and mostly focused on detecting problems, rather than on
preventing them in the first place.
Despite a rash of new programming paradigms, methodologies, and development environments, the
ever increasing number of vulnerabilities found in software clearly shows that a different
approach is called for.
Software developers use models extensively, particularly in the early phases of software
development, in order to improve software quality.

This workshop would like to discuss how software security can be improved through the MDA approach.
The main discussion topics will be:

- How security specialists can capture their security expertise in form of reusable models, in
particular threat and vulnerability models
- How the security requirements and goals can be traced all along the development process
- How security models and profiles can be merged with system models in different abstraction levels.
- How security models can be shared and reused
- How developers can benefit from these reusable models for specification and design (e.g. through
sharing tool artifacts such as security design patterns).
- How security testing can be improved through security models.
- Which are the requirements on tools to support the creation, transformation and use of security
models.

The workshop will try to bring together people from both academia and industry, from all the different
areas that want to/might play an active role in domain of security solutions and issue in MDA, to
discuss problems, highlight possible solutions, disseminate success stories and also draft a possible
research agenda.

Organizing committee
====================

- Alessandra Bagnato (TXT e-solutions, Corporate Research Division, Italy)
- Amel Mammar (Telecom SudParis, France)
- Per Håkon Meland (SINTEF, Norway)
- Txus Sánchez (ESI, Spain)

Topics
======

The workshop addresses problems and solutions for Security in MDA. The topics of interest include, but
are not restricted to:
- Security Modelling
- Security requirements tracking in MDA
- Model-based security testing
- Transformation of model-based security knowledge
- Interoperability between security models
- Platform dependent and platform independent models for security solutions
- Model-based behavior analysis
- Security Tools using security models
- Security design patterns in MDA
- Abuse and Misuse cases
- Standards for modeling and sharing vulnerabilities and security issue knowledge
- Standards for storing and querying vulnerabilities and security issue knowledge bases
- Requirements for new security improved tools
- Security models and design patterns integration within IDE

Important dates
===============

Submission deadline: April 2nd, 2010
Notification of acceptance for participation/presentation: May 4th, 2010
Final papers: May 21th, 2010 (tentative)
Workshop: June 16th, 2010

Submission Guidelines
=====================

The workshop is open to contributions that focus on the “broad” spectrum on security in MDA related
activities and in particular industrialexperience report, progress, new methods and solutions in that
context. We would like to invite papers that explain and exemplify relevant issues and problems related
to the security and reliability incomplex software systems in MDA context,papers that present established
solutions to well-known problems and also papers that discuss success stories. In all these cases, we
expect well-focused contributions to help participants understand problems, open issues, and available
solutions, and also to foster rich and fruitful discussions.
The emphasis should be on defining and setting problems, on technical details of proposed solutions,
or on the rationale behind success stories.Papers should be written in Springer LNCS style and limited
to 10 pages (see http://www.springer.de/comp/lncs/authors.html for details). The emphasis should be on
defining and setting problems, on technical details of proposed solutions, or on the rationale behind
success stories. As the workshop will apply double-blind reviews process, the papers should not indicate
their authors. Submissions should be sent by email attachment (Word format or pdf format) to alessandra.bagnato@txt.it.

Pubblications
=============

The paper selection will be based upon the relevance of a paper to the main topics, on its quality and
on the potential to stimulate discussion in the workshop.
Workshop Proceedings will be published as CEA Proceedings with assigned ISBN.

Program committee (under definition)
====================================

- Habtamu Abie (Norwegian Computing Center, Norway)
- Alessandra Bagnato (TXT e-solutions, Corporate Research Division, Italy)
- Ruth Breu (University of Insbruck, Austria)
- Ana Cavalli (GET/INT, France)
- Violeta Damjanovic (Salzburg Research, Austria)
- Marina Egea Gonzalez (ETH Zürich, Swiss)
- Jan Jurjens (TU Dortmund and Fraunhofer ISST, Germany)
- Filippo Lanubile (Università degli Studi di Bari, Italia)
- Xabier Larrucea, (European Software Institute, Spain)
- Amel Mammar (Telecom SudParis, France)
- Jason Xabier Mansell, (European Software Insitute, Spain)
- Per Håkon Meland (SINTEF, Norway)
- Matteo Meucci (OWASP-Italy Chair, OWASP Testing Guide lead, Italy)
- Bernhard Rumpe (RWTH Aachen University, Germany)
- Nahid Shahmehri (Linkoping University, Sweden)
- Txus Sánchez (European Software Institute, Spain)
- Ståle Walderhaug, (SINTEF, Norway)