The 2nd International Workshop on Designing and Measuring Security in Software Architectures

(DeMeSSA)


@ECSA 2022, Monday 19 September 2022, Prague, Czech Republic

Objectives and Scope

With the growing complexity of software and in particular of software-reliant systems and systems-of-systems, the focus of security on network and code has been increasingly shifted to design and more recently to 'security by design' or 'design for security', where the software architecture is the first-class citizen for security analyses.

Recent advances of bridging the gap between higher-level of software architecture design and implementation have made software architecture a keystone also for security enforcement via (semi)automated transformations (or mappings) to code-level security checks. Indeed, as consensually admitted, software architecture is the fundamental artefact for addressing extra-functional requirements in software-reliant systems and systems-of-systems, especially in the case of security issues. Therefore, the endeavor of addressing threats, vulnerabilities, and security controls (safeguards or countermeasures) evolved from the operational phase (e.g., Security Operation Centers (SOCs)), where the focus was mainly on network security, in the last decades, to architect software-reliant systems and system-of-systems in recent years. De facto, security has intrinsic characteristics that are hard to address, in particular related to the unpredictability and uncertainty of threats and attacks, which call for novel approaches in Software Architecture as part of the effort to achieve security by design.

In addition, security expert teams are not diverse, especially for what concerns gender. According to a news post by the International Consortium of Minority Cyber Professionals (non-profit) in August 2021, the security workforce in the USA is currently only 14% female. To remedy the lack of such research in the domain of software architecture, there is a need for more experimental studies and protocols that can provide evidence of bias (or lack thereof) vis-a-vis the actual quality of security tasks as performed by human analysts.

This second edition of the International Workshop on Designing and Measuring Security in Software Architecture (DeMeSSA), held at ECSA 2022, intends to provide researchers and practitioners with a forum to exchange ideas and experiences, analyze research and development issues, discuss promising solutions, and propose inspiring visions for the future in complementary fields of security from the perspective of the Software Architecture: Designing Security in Software Architecture and Measuring Security in Software Architecture Design.