———–Call for Papers ———–
International Workshop on Modelling and Detection of Vulnerabilities (MDV 2010)
Telecom Paris Tech, Paris, France, 10 April 2010 http://www.shields-project.eu/?q=node/62
In conjunction with ICST 2010 Third International Conference on Software Testing, Verification and Validation Paris, France (http://vps.it-sudparis.eu/icst2010/)
Alessandra Bagnato (TXT e-solutions, Corporate Research Division, Italy) Wissam Mallouli (Montimage, France) Amel Mammar (Telecom SudParis, France)
Enquiries to the organizing committee may be sent to: wissam.mallouli“replace with at-character”montimage.com
With the quick proliferation of complex, open and distributed systems, any software security breach becomes a real issue that needs to be fixed since these systems are often used in critical domains like transport, finance, politic, etc which makes attackers more and more motivated to cause important damages by exploiting security vulnerabilities.
To improve the software security, several techniques have been developed but the problem remains unsolved. The objective of this workshop is to share ideas, methods, techniques, and tools that help users model and detect vulnerabilities in software. The workshop will try to bring together people from both academia and industry, from all the different areas that want to develop new techniques to model and detect vulnerabilities, to report their experience on using tools or methods to detect vulnerabilities. This workshop with try to answer the following questions: • How vulnerability modelling can help user to understand the occurrence of vulnerabilities to avoid them? • What are the advantages/drawbacks of the existing models to represent vulnerabilities? Are they satisfactory? Otherwise, how they can be improved? • What are the existing techniques to detect vulnerabilities? Are they satisfactory? Otherwise, how they can be improved? • How verification and testing techniques can help to detect and prevent vulnerabilities? • How tools can help developers to detect vulnerabilities and improve the software quality?
The workshop addresses different techniques to model and detect vulnerabilities. The topics of interest include, but are not restricted to:
• Security requirements definition and modelling • Security goals modelling • Security and vulnerability modelling • Formal approaches for vulnerability detection • Testing and verification techniques for vulnerability detection • Formal approaches for security validation • Theorem proving for vulnerability detection • Good practises for security flaws avoidance • Security related Tools (modelling, checking)
Important dates:
Paper submission: 29 January 2010 Notification of acceptance: 1 March 2010 Final manuscript due: 21 March 2010 Workshop: 10 April 2010
Authors are invited to submit research and application papers in IEEE Computer Society Proceedings Manuscripts style (two columns, single-spaced, including figures and references, using 10 pt fonts, and number each page). Please consult the IEEE CS Author Guidelines at the following web page:
http://www2.computer.org/portal/web/cscps/formatting
The workshop is open to contributions that focus on methods and tools to modelling and detecting vulnerabilities. Industrial experience report (success story and even failed ones), progress, new methods and solutions in that context are very encouraged. In all these cases, we expect well-focused contributions to help participants understand problems, open issues, and available solutions, and also to foster rich and fruitful discussions. Papers should try to be bold and visionary, but limited to 10 pages. The emphasis should be on defining and setting problems, on technical details of proposed solutions, or on the rationale behind success stories.
Contact author must provide the following information: paper title, authors’ names, affiliations, postal address, phone, fax, and e-mail address of the author(s), about 200-250 word abstract, and about five keywords.
Paper registration and submission is by email attachment (Word format) to wissam.mallouli“replace with at-character”montimage.com
Workshop Proceedings will be published in the IEEE Digital Library with assigned ISBN.
Paul Ammann (George Mason University, USA) Alessandra Bagnato (TXT e-solutions, Corporate Research Division, Italy) Ana Cavalli (GET/INT, France) Jorge Cuellar (Siemens AG Corporate Technology, Germany) Frédéric Cuppens (Telecom Bretagne, France) Khaled El Fakih (American University of Sharjah, UAE) Marc Frappier (University of Sherbrooke, Canada) Frédéric Gervais (University of Paris 12, France) Roland Groz (LIG, France) Mohamed Jmaiel (University of Sfax, Tunisia) Khaled Khan (University of Western Sydney, Australia) Régine Laleau (University Paris 12, France) Keqin Li (SAP Research labs, France) Wissam Mallouli (Montimage, France) Amel Mammar (Telecom SudParis, France) Per Håkon Meland (SINTEF, Norway) Matteo Meucci (OWASP-Italy Chair, OWASP Testing Guide lead, Italy) Domenico Rotondi (TXT e-solutions, Italy) Txus Sánchez (ESI, Spain) Nahid Shahmehri (Linkoping University, Sweden) Bachar Wehbi (Montimage, France) Nina Yevtushenko (Tomsk State Unviversity, Russia)
SHIELDS Project (http://www.shieldsproject.eu/)