Workshop theme

Analyzing, implementing and maintaining security requirements of software-intensive systems and achieving truly secure software systems requires planning for security from ground up, and continuously assuring that security is maintained across the software's lifecycle and after deployment during operations when software evolves. Given the increasing complexity of software systems, new application domains, dynamic and often critical operating conditions, the distributed nature of many software systems and fast moving markets which put pressure on software vendors, building secure systems from ground up becomes even more challenging. Security-related issues have previously been targeted in software engineering sub-communities and venues. In this third edition of the SEAD workshop, we aim to bring the research and practitioner communities of requirements engineers, security experts, architects, developers, and testers together to identify foundations, challenges and formulate solutions related to the analysis, design, implementation, testing, and maintenance of secure software systems. SEAD 2020 will be a "virtual" event.

Topics

The workshop addresses software engineering issues related to ensuring secure software through cross-cutting "security awareness". Topics include (but are not limited to):

• Reasoning techniques for security

• Software economics and security

• Flexible, lean and lightweight (automated) approaches to support security and to develop large-scale security-intensive software

• Adaptive security and situational awareness

• Data analytics and forensics for security

• Conflict between flexibility in modern systems and security

• Security in new, emerging and maturing domains with potentially large problem and design spaces

• "Soft" aspects of security, e.g., human behavior, psychological aspects, social engineering

• Impact of technology advances on implementing security, e.g., new implementation technologies, cloud computing, micro-services, serverless architectures

• "Build-in" security, e.g., in programming languages

• Mechanisms to model and handle security across different life cycle stages, from inception to operation

• DevOps for developing, deploying and maintaining security-intensive systems

• Secure DevOps (DevSecOps)

• Design solutions to enable secure systems

• Reference models/architectures/frameworks to ensure security across life cycle stages

• Practices and techniques for requirements engineering, architecting, design, implementation, testing and maintenance of security-intensive systems

• Traceability mechanisms to support traceability between security needs and how they are implemented

• Methods for quality assurance, process and product metrics for security-intensive systems

• Security mining and security architecture recovery

• Validation and verification of security, including prototyping to test and validate security

• Assessment techniques and metrics for compliance of architecture, design, code, etc. with security needs

• Vulnerability repair

• Training and tools, e.g., tools and techniques for stimulating "security thinking" during coding activities

Paper categories

• Position and vision papers (2-4 pages): On-going research, new challenges and emerging trends; novel solutions and inspiring, new ideas; directions for future research.

• Full papers (6-8 pages): Innovative and original research, empirical studies, systematic literature studies, etc.

• Industry and experience papers (up to 8 pages): Industrial experience, case studies, challenges, problems and solutions.

• Education and training papers (up to 8 pages): Experiences, approaches and tools for teaching topics in academic courses or industrial training (e.g., lesson plans, assignments).

• Artifact papers (2 pages): Security-related architectures, designs, code, etc. to build a corpus for research and education (must include link to artifacts).

Each submission must clearly include and elaborate on at least one "position" or "argument" - something that the authors feel strongly about in the context of SEAD.

Please submit your contribution via the SEAD 2020 EasyChair page: https://easychair.org/conferences/?conf=sead2020

The SEAD 2020 workshop proceedings will be published by ACM and must follow the ACM formatting instructions: https://www.acm.org/publications/proceedings-template

The official publication date is the date the proceedings are made available in the ACM Digital Library. This date may be up to two weeks prior to the first day of your conference. The official publication date affects the deadline for any patent filings related to published work.

Each paper will be reviewed by three members of the program committee. Papers must present novel material and not under review elsewhere at the time of submission.