STPSA 2013: The 8th IEEE International Workshop on Security, Trust and Privacy for Software Applications
Held in conjunction with COMPSAC, the IEEE Signature Conference on Computers, Software & Applications - July 22-26, 2013 - Kyoto, Japan
MS Word CFP
Goal of the WorkshopThis workshop will bring together researchers from both academia and industry to discuss methods and tools to achieve security, trust, and privacy (STP) goals of both traditional and emerging Web-based software applications. The workshop will focus on techniques, experiences, and lessons learned with respect to the STP aspects of software specification, design, implementation, testing, and deployment.
Theme and Scope of the WorkshopThe Internet has become an indispensable global platform that glues together daily communication, sharing, trading, collaboration, and service delivery using software applications. This is a witness that our society is increasingly dependant on software applications. Internet users often store and manage critical information that can attract cyber-criminals who misuse web-based programs and the Internet to exploit vulnerabilities for illegitimate benefits (such as for underground economy, violating privacy, etc.). Malicious programs are taking an alarmingly significant share of web-based attacks to evade the Security, Privacy, and Trust (STP) of software applications, and hence end-users. As noted also in several security incidents, this situation has been amplified by recent technological developments such as cloud computing, pervasive computing, mobile devices, by making the distrusted Internet an integral component of software applications. As such, the traditional host-based approaches (e.g., antivirus, firewall) to securing a software application alone are no longer sufficient to address the STP issues of such emerging software applications. The STP issues must be addressed throughout the lifecycle of a software application, including its design, implementation, testing, and deployment. The principal challenge of existing approaches in developing STP-aware software is the lack of consideration, methods, and tools for addressing STP issues during the software development processes and runtime operations.
Topics of interest include, but are not limited to, the following:
STP specific software development practices
STP requirements elicitation and specification
Models and languages for STP-aware software specification and design
Architecture for STP-aware software development
Testing STP properties of software applications
Formal analysis of STP properties in emerging software applications
Runtime monitoring of STP properties
STP configuration, management and usability issues in software applications
Security, trust, and privacy (STP) challenges and solutions in Web-based applications
STP challenges and solutions in Cloud computing applications
STP challenges and solutions in pervasive applications
STP challenges and solutions in mobile applications
STP challenges and solutions in e-services such as e-health, e-government, e-banking, etc...
STP challenges and solutions in distributed or sensor-based software applications
STP-aware service discovery mechanisms for pervasive computing environments
Experience reports on developing STP-aware software
Teaching STP-aware software development
This year, we also solicit papers that focus on systematization of knowledge with respect to STP. The goal of this call is to encourage work that evaluates, systematizes, and contextualizes existing practices and knowledge with respect to STP.
SubmissionPapers must be submitted electronically via the STPSA 2013 Submission Page.
Follow the IEEE Computer Society Press Proceedings Author Guidelines to prepare your papers: http://www.computer.org/portal/web/cscps/submission.
All papers will be carefully reviewed by at least three reviewers. Papers can be submitted as regular papers (six pages), and the acceptance will depend on reviewer feedback. Accepted papers will be published in the workshop proceedings of the IEEE Computer Software and Applications Conference (COMPSAC 2013) by the IEEE CS Press. At least one of the authors of each accepted paper must register as a full participant of the workshop to have the paper published in the proceedings. Each accepted paper must be presented in person by an author.