Workshop theme
Analyzing, implementing and maintaining security requirements of software-intensive systems and achieving truly secure software systems requires planning for security from ground up, and continuously assuring that security is maintained across the software's lifecycle and after deployment during operations when software evolves. Given the increasing complexity of software systems, new application domains, dynamic and often critical operating conditions, the distributed nature of many software systems and fast moving markets which put pressure on software vendors, building secure systems from ground up becomes even more challenging. Security-related issues have previously been targeted in software engineering sub-communities and venues. In this third edition of the SEAD workshop, we aim to bring the research and practitioner communities of requirements engineers, security experts, architects, developers, and testers together to identify foundations, challenges and formulate solutions related to the analysis, design, implementation, testing, and maintenance of secure software systems. SEAD 2020 will be a "virtual" event.
Topics
The workshop addresses software engineering issues related to ensuring secure software through cross-cutting "security awareness". Topics include (but are not limited to):
Reasoning techniques for security
Software economics and security
Flexible, lean and lightweight (automated) approaches to support security and to develop large-scale security-intensive software
Adaptive security and situational awareness
Data analytics and forensics for security
Conflict between flexibility in modern systems and security
Security in new, emerging and maturing domains with potentially large problem and design spaces
"Soft" aspects of security, e.g., human behavior, psychological aspects, social engineering
Impact of technology advances on implementing security, e.g., new implementation technologies, cloud computing, micro-services, serverless architectures
"Build-in" security, e.g., in programming languages
Mechanisms to model and handle security across different life cycle stages, from inception to operation
DevOps for developing, deploying and maintaining security-intensive systems
Secure DevOps (DevSecOps)
Design solutions to enable secure systems
Reference models/architectures/frameworks to ensure security across life cycle stages
Practices and techniques for requirements engineering, architecting, design, implementation, testing and maintenance of security-intensive systems
Traceability mechanisms to support traceability between security needs and how they are implemented
Methods for quality assurance, process and product metrics for security-intensive systems
Security mining and security architecture recovery
Validation and verification of security, including prototyping to test and validate security
Assessment techniques and metrics for compliance of architecture, design, code, etc. with security needs
Vulnerability repair
Training and tools, e.g., tools and techniques for stimulating "security thinking" during coding activities
Paper categories
Position and vision papers (2-4 pages): On-going research, new challenges and emerging trends; novel solutions and inspiring, new ideas; directions for future research.
Full papers (6-8 pages): Innovative and original research, empirical studies, systematic literature studies, etc.
Industry and experience papers (up to 8 pages): Industrial experience, case studies, challenges, problems and solutions.
Education and training papers (up to 8 pages): Experiences, approaches and tools for teaching topics in academic courses or industrial training (e.g., lesson plans, assignments).
Artifact papers (2 pages): Security-related architectures, designs, code, etc. to build a corpus for research and education (must include link to artifacts).
Each submission must clearly include and elaborate on at least one "position" or "argument" - something that the authors feel strongly about in the context of SEAD.
Please submit your contribution via the SEAD 2020 EasyChair page: https://easychair.org/conferences/?conf=sead2020
The SEAD 2020 workshop proceedings will be published by ACM and must follow the ACM formatting instructions: https://www.acm.org/publications/proceedings-template
The official publication date is the date the proceedings are made available in the ACM Digital Library. This date may be up to two weeks prior to the first day of your conference. The official publication date affects the deadline for any patent filings related to published work.
Each paper will be reviewed by three members of the program committee. Papers must present novel material and not under review elsewhere at the time of submission.