[TYPES/announce] [ESSoS] Call for Participation

Raoul Strackx raoul.strackx at cs.kuleuven.be
Wed Jan 14 10:12:25 EST 2015 

                         ===  Call for Participation ===

Conference: International Symposium on Engineering Secure Software and
             Systems (ESSoS)
Date:       March 4 - 6, 2015
Venue:      Milan, Italy
Website:    https://distrinet.cs.kuleuven.be/events/essos/2015/
Deadlines:  January 25, 2015 (Early bird)

In cooperation with: (pending) ACM SIGSAC and SIGSOFT and IEEE CS (TCSP).

== Context and Motivation ==

Trustworthy, secure software is a core ingredient of the modern world.
Hostile, networked environments, like the Internet, can allow
vulnerabilities in software to be exploited from anywhere. To address
this, high-quality security building blocks (e.g., cryptographic
components) are necessary, but insufficient. Indeed, the construction of
secure software is challenging because of the complexity of modern
applications, the growing sophistication of security requirements, the
multitude of available software technologies and the progress of attack
vectors. Clearly, a strong need exists for engineering techniques that
scale well and that demonstrably improve the software's security properties.

== Goal and Setup ==

The goal of this symposium, which will be the seventh in the series, is
to bring together researchers and practitioners to advance the states of
the art and practice in secure software engineering. Being one of the
few conference-level events dedicated to this topic, it explicitly aims
to bridge the software engineering and security engineering communities,
and promote cross-fertilization. The symposium will feature two days of
technical program. In addition to academic papers, the symposium
encourages submission of high-quality, informative industrial experience
papers about successes and failures in security software engineering and
the lessons learned. Furthermore, the symposium also accepts short idea
papers that crisply describe a promising direction, approach, or insight.

== Venue ==

ESSoS 2015 will take place in Milano, at Politecnico di Milano, the
largest engineering and architecture university in Italy, with more than
39.000 students and 7 campuses. ESSoS will take place at the main campus
of the university, located in Milan's "Città studi" (university
neighborhood).

Hotels conveniently located around the Politecnico di Milano have been
reserved at preferential rates through our partner KC Travel. A range of
accommodations will be available, together with any additional travel
services you may require. Details will be posted soon to the ESSoS 2015
website.

== Program ==

Complete overview of the program can be found at:
https://distrinet.cs.kuleuven.be/events/essos/2015/programme.html

= Tutorials =

*Browser technology - essentials for securing the Web*
  Dr. Philippe De Ryck iMinds-DistriNet, KU Leuven

*Effective security management: a tutorial on CVSS v3 and using case
control studies to measure vulnerability risk*
  Luca Allodi & Fabio Massacci

= Keynotes =

*The botnet that would not die Keynote talk*
  Herbert Bos (VU Amsterdam)

*The European Strategic Agenda for Research and Innovation in Cybersecurity*
  Afonso Ferreira (European Commission)

*Rocco Mammoliti (Poste Italiane)*

*Felix Lindner (Recurity Labs GmbH)*

= Papers =

*Re­thinking Kernelized MLS Database Architectures in the Context of
Cloud­Scale Data Stores*
  Thuy Nguyen, Mark Gondree, Jean Khosalim and Cynthia Irvine.

*Formal Verification of Liferay RBAC*
  Stefano Calzavara, Alvise Rabitti and Michele Bugliesi.

*Improving reuse of access control policies using policy templates*
  Maarten Decat, Jasper Moeys, Bert Lagaisse and Wouter Joosen.

*Are Your Training Datasets Still Relevant?*
  Kevin Allix, Tegawende Bissyande, Jacques Klein and Yves Le Traon.

*Formal Verification of Privacy Properties in Electric Vehicle Charging*
  Marouane Fazouane, Henning Kopp, Rens W. van der Heijden, Daniel Le
Métayer and Frank Kargl.

*The Heavy Tails of Vulnerability Exploitation*
  Luca Allodi.

*A Security Ontology for Security Requirements Elicitation*
  Amina Souag, Camille Salinesi, Raul Mazo and Isabelle Comyn-Wattiau.

*Learning how to Prevent Return-Oriented Programming Efficiently*
  David Pfaff, Sebastian Hack and Christian Hammer.

*Producing Hook Placements To Enforce Expected Access Control Policies*
  Divya Muthukumaran, Nirupama Talele, Trent Jaeger and.

*OMEN: Faster Password Guessing using Markov Models*
  Markus Dürmuth, Fabian Angelstorf, Claude Castelluccia and Daniele Perito.

*Monitoring Database Access Constraints with an RBAC Metamodel: a
Feasibility Study*
  Lars Hamann, Martin Gogolla and Karsten Sohr.

*Idea: Optimising Multi-Cloud Application Deployments with Security
Controls as Constraints*
  Philippe Massonet, Jesus Luna, Alain Pannetrat and Ruben Trapero.

*Idea: Towards an Inverted Cloud*
  Raoul Strackx, Pieter Philippaerts and Frédéric Vogels.

*Idea: Benchmarking indistinguishability obfuscation - A candidate
implementation*
  Sebastian Banescu, Martín Ochoa, Nils Kunze and Alexander Pretschner.

*Idea: Unwinding based Model-Checking and Testing for Non-Interference
on EFSMs*
  Martín Ochoa, Alexander Pretschner, Jorge Cuellar and Per Hallgren.

*Idea: State-Continuous Transfer of State in Protected-Module Architectures*
  Raoul Strackx and Niels Lambrigts.

= Demos =

*MAVERIC: static analysis module for Mobile App security* (this demo
will be presented as part of the industry keynote)
  Alessandro Armando, Gianluca Bocci, Giantonio Chiarelli, Gabriele
Costa, Gabriele De Maglie, Rocco Mammoliti, and Alessio Merlo.
  Poste Italiane, U. of Genova, and FBK.

*Joern analyser: discovering vulnerabilities via code property graph*
  Fabian Yamaguchi.
  University of Goettingen.

*Open-Source Vulnerability Assessment in Composite Application Scenarios*
  Henrik Plate, Serena Ponta, and Antonino Sabetta.
  SAP SE.

*Using Split Kernel to Make Kernel Hardening Practical*
  Anil Kurmus and Robby Zippel.
  IBM research.

*The RACOMAT tool*
  Johannes Viehmann, Ketil Stolen, and Juergen Grossmann.
  Fraunhofer and SINTEF.

*TESTREX: a Testbed for Repeatable Exploits*
  Stanislav Dashevskyi, Daniel Ricardo dos Santos, Fabio Massacci, and
Antonino Sabetta.
  U. of Trento, FBK, and SAP SE.

*A Pattern-driven and Model-Based Test Generation Toolchain for Web
Vulnerability*
  Alexandre Vernotte, Bruno Legeard, and Fabien Peureux.
  FEMTO-ST CNSR and Smartesting R&D Center.

*A Transitive Access Solution for Web Services*
  Worachet Uttha, Clara Bertolissi, and Silvio Ranise.
  LIF CNRS and FBK.

= Doctoral Symposium =

TBA

Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm

More information about the Types-announce mailing list