International Symposium on Engineering Secure Software and Systems (ESSoS)

June 26-27, 2018
Campus Paris-Saclay, France
co-Located with DIMVA.



Context and motivation
Software-based systems permeate the very fabric of our society -- from enterprise IT systems and mobile devices to smart home and city environments. Consequently, computer security is becoming an increasingly inter-disciplinary subject requiring attention to the various aspects of securing our software-based infrastructure. One must pay careful attention to ensure compatibility with existing software and the wider socio-technical context (e.g., users and organisations) which it inhabits. This, in turn, requires an approach that integrates insights from computer security research with rigorous software engineering methods to ensure the security and resilience of our digital infrastructure. ESSoS therefore welcomes contributions that are at the border of system security and software engineering.

Goal and setup
The goal of this symposium is to bring together researchers and practitioners to advance the state of the art and practice in secure software engineering. Being one of the few conference-level events dedicated to this topic, it explicitly aims to bridge the software engineering and software security communities. The symposium features two days of technical program including two keynote presentations. In addition to academic papers, the symposium encourages submission of high-quality, informative industrial experience papers about successes and failures in secure software engineering and the lessons learned. Furthermore, the symposium also accepts short idea papers that crisply describe a promising direction, approach, or insight.


Topics
The Symposium seeks submissions on subjects related to its goals. This includes a diversity of topics including (but not limited to):
Secure software engineering
-Security by design
- Empirical secure software engineering
- Security-oriented software reconfiguration and evolution
- Processes for the development of secure software and systems
- Security testing
- Security requirements analysis and modelling
- Model checking for security
Secure programming
- Programming paradigms, models, and domain-specific languages for security
- Verification techniques for security properties
- Static and dynamic code analysis for security
- Program rewriting techniques for security
- Security measurements
Systems Security
- Cloud security, virtualization for security
- Mobile devices security
- Operating system security
- Web applications security
Malware and vulnerability analysis
- Automated techniques for vulnerability discovery and analysis
- Binary code analysis, reverse-engineering
- Malware: detection, analysis, mitigation
- Computer forensics
Human factors
- Usable security
- Studies of developers’ behaviours
- Organisational practices pertaining to secure development
Infrastructure security
- Security in critical infrastructures
- Embedded software security
- Security of cyber-physical systems and IoT

Important dates
Paper submission: Friday, March 9, 2018 (firm)
Paper acceptance notification: Friday, April 27, 2018
Artifact evaluation submission: Wednesday, May 2, 2018
Poster submission: Friday, May 4, 2018
Poster acceptance notification: Friday, May 18, 2018
Camera-ready: Friday, May 11, 2018
Conference: Tuesday to Wednesday, June 26-27, 2018
(DIMVA is held June 28-29, following ESSoS)


Submission and format
The proceedings of the symposium are published by Springer-Verlag in the Lecture Notes in Computer Science Series (http://www.springer.com/computer/lncs, pending approval). Submissions should follow the formatting instructions of Springer LNCS. Submitted papers must present original, unpublished work of high quality.

Two types of papers will be accepted:

Full papers (max 14 pages excluding bibliography/appendices)
Such papers may describe original technical research with a solid foundation, such as formal analysis or experimental results, with acceptance determined mostly based on novelty and validation. Or they may describe case studies applying existing techniques or analysis methods in industrial settings, with acceptance determined mostly by the general applicability of techniques and the completeness of the technical presentation details.

Idea papers (max 8 pages including bibliography)
Such papers may crisply describe a novel idea that is both feasible and interesting, where the idea may range from a variant of an existing technique all the way to a vision for the future of security technology. Idea papers allow authors to introduce ideas to the field and get feedback, while allowing for later publication of complete, fully-developed results. Submissions will be judged primarily on novelty, excitement, and exposition, but feasibility is required, and acceptance will be unlikely without some basic, principled validation (e.g., extrapolation from limited experiments or simple formal analysis). In the proceedings, idea papers will clearly identified by means of the "Idea" tag in the title.

Posters
ESSoS will have a poster session to present ideas, discuss prototypes, and feature ongoing work. Authors of accepted papers and authors with evaluated artifacts are invited to submit a poster as well. Poster abstracts are limited to 1 page.

Approved Artifacts
Due to the secure software engineering focus, we expect the majority of papers to be based on an accompanying software artifact, data set, or similar. We strongly encourage the authors of accepted papers to submit such artifacts for evaluation. Artifact Evaluation will take place after accepted papers have been announced. Further information will be given closer to the paper-submission deadline. Submissions where the artifact evaluation committee can reproduce the software artifacts and evaluation will receive the “approved artifact” badge. Authors of approved artifacts are further given the opportunity to demo their artifact at the conference. In addition, the committee will select a best artifact to receive the Distinguished Artifact Award.