Second International Workshop on Software Security from Design to Deployment (SEAD)

In today’s increasingly interconnected software-intensive systems, analyzing, implementing and maintaining security requirements of software-intensive systems and achieving truly secure software systems requires planning for security from the ground up, and continuously assuring that security is maintained across the software’s lifecycle and after deployment during operations when software evolves. Given the increasing complexity of software systems, new application domains, dynamic and often critical operating conditions, the distributed nature of many software systems and fast-moving markets which put pressure on software vendors, building secure systems from the ground up becomes even more challenging. Security-related issues have previously been targeted in software engineering sub-communities and venues.

In this second edition of the SEAD workshop, we aim to bring the research and practitioner communities of requirements engineers, security experts, architects, developers, and testers together to identify foundations, challenges and formulate solutions related to automating the analysis, design, implementation, testing, and maintenance of secure software systems.

Call for Papers

Workshop theme

Analyzing, implementing and maintaining security requirements of software-intensive systems and achieving truly secure software systems requires planning for security from the ground up, and continuously assuring that security is maintained across the software’s lifecycle and after deployment during operations when software evolves. Given the increasing complexity of software systems, new application domains, dynamic and often critical operating conditions, the distributed nature of many software systems and fast-moving markets which put pressure on software vendors, building secure systems from the ground up becomes even more challenging. Security-related issues have previously been targeted in software engineering sub-communities and venues.

In this second edition the International Workshop on Software Security Design to Deployment (SEAD), we aim to bring the research and practitioner communities of requirements engineers, security experts, architects, developers, and testers together to identify foundations, challenges and formulate solutions related to automating the analysis, design, implementation, testing, and maintenance of secure software systems.

Main topics

The workshop addresses automated software engineering issues related to ensuring secure software through cross-cutting “security awareness”. Topics include (but are not limited to):

• Automated reasoning techniques for security
• Flexible, lean and lightweight (automated) approaches to support security and to develop large-scale security-intensive software
• Adaptive security and situational awareness
• Data analytics and forensics for security
• Conflict between flexibility in modern systems and security
• Security in new, emerging and maturing domains with potentially large problem and design spaces
• “Soft” aspects of security, e.g, human behavior, psychological aspects, social engineering
• Impact of technology advances on implementing security, e.g., new implementation technologies, cloud computing, micro-services, serverless architectures
• “Build-in” security, e.g., in programming languages
• Mechanisms to model and handle security across different life cycle stages, from inception to operation
• DevOps for developing, deploying and maintaining security-intensive systems
• Secure DevOps (DevSecOps)
• Design solutions to enable secure systems
• Reference models/architectures/frameworks to ensure security across life cycle stages
• Practices and automated techniques for requirements engineering, architecting, design, implementation, testing and maintenance of security-intensive systems
• (Automated) traceability mechanisms to support traceability between security needs and how they are implemented
• Methods for quality assurance, process and product metrics for security-intensive systems
• Security mining and security architecture recovery
• (Automated) validation and verification of security, including prototyping to test and validate security
• Assessment techniques and metrics for compliance of architecture, design, code, etc. with security needs
• (Automated) vulnerability repair
• Training and tools, e.g., tools and techniques for stimulating “security thinking” during coding activities

Paper categories

We invite submissions in the following categories of papers:

Position and vision papers (2-4 pages): On-going research, new challenges and emerging trends; novel solutions and inspiring, new ideas; directions for future research.

Reference problem papers (2-4 pages): Descriptions or examples of problems in real-life settings that pose fundamental or characteristic challenges.

Full papers (6-8 pages): Innovative and original research, empirical studies, systematic literature studies, etc.

Industry and experience papers (up to 8 pages): Industrial experience, case studies, challenges, problems and solutions.

Education and training papers (up to 8 pages): Experiences, approaches and tools for teaching topics in academic courses or industrial training (e.g., lesson plans, assignments).

Artifact papers (2 pages): Security-related architectures, designs, code, etc. to build a corpus for research and education. Papers must include link to actual artifacts.

Paper formatting and submission

All papers must follow the general formatting guidelines and policies. Submissions must be made through EasyChair.

Publication

Workshop proceedings will be in both the ACM and IEEE digital libraries.

Accepted Papers