Modeling Security Workshop

In Association with MODELS '08

Toulouse, France

28th September, 2008

Menu

Call for Papers
Important Dates
Submission
Workshop Program
Organization
Program Committee
Registration

Call for Papers

Overview

It is well known that ensuring computer security is one of the key challenges in making modern systems safe, reliable and dependable. The number of vulnerability exploits is rising exponentially, and estimates set the cost of security breaches at between $13 billion and $1.6 trillion per year.

Secure programming techniques are now generally well understood. Best practice guidelines teach programmers how to avoid buffer overflows, when to validate inputs and how to apply cryptography. Automated tools scan source code for vulnerabilities, many of which can be detected automatically.

However, large classes of attacks cannot be avoided using such methods. Insider attacks, for example, bypass authentication protocols. These sophisticated types of attacks require a more holistic view of a system’s vulnerabilities and necessitate security analysis techniques that take into account all phases of development. In other words, there is a pressing need for systematic methods for analysing and assessing the security of system models, where models here are interpreted broadly to include requirements, architecture and design, as well as organizational and business models.

Aims

This workshop aims to bring together practitioners and researchers in both software and system modeling and security to transfer ideas, foster new collaborations, and define a research agenda for secure modeling of software-intensive systems. Through technical presentations and directed discussions, the workshop will deliver a document outlining research challenges for the community, which will act to inspire future research and to summarize state-of-the-art work in this area.

Topics

Potential topic areas for submissions include (but are not limited to) the following:

  • Modeling security requirements
  • Modeling security in design and architecture
  • Languages for modeling security
  • Verification and validation of security models
  • Patterns for security modeling
  • Model-based testing for security
  • Model-driven security engineering
  • Applications/Experience of using security modeling
  • Challenges for security modeling
  • Tool support for modeling security
  • Reverse engineering security models
  • Processes and methodologies which incorporate security modeling
  • Security metrics for modeling
  • Model-based intrusion detection

Submissions

Prospective authors are invited to submit papers between 4 and 10 pages in length in Springer LNCS Format. Submissions may be technical papers that describe work related to security modeling or position statements that clearly articulate open research challenges. We also welcome survey papers and experience papers. Note, however, that experience papers should include a clear statement of lessons learned rather than simply a description of an application.

Workshop Structure

The workshop will be structured around invited presentations, submitted paper presentations and directed group discussions. Three invited presentations by renowned speakers in either modeling or security will set the scene. Two sessions for submitted papers will then follow. The day will end with detailed group discussions aiming to define a research agenda for future work in this area. There will be a workshop dinner in the evening.

Main Contact: Jon Whittle.
E-mail: whittle - *at* - comp - *dot* - *lancs* -*dot* - *ac* - *uk*

Page last updated: