1st International Workshop on Security Testing

1st International ICST workshop on

Security Testing

Lillehammer, 9 April 2008

www.inf.ethz.ch/personal/pretscha/events/sectest08/

[News] [Theme] [CfP] [Dates] [Submission&Contact] [Travel] [Keynote] [Program] [PC] [Organizers]

Flyer as pdf

News

Workshop will take place in Meeting Room A

Program available
David Litchfield agreed to deliver the keynote ("A Security Testing Philosophy")
Workshop will take place on April 9th
Deadline extended until January 25th
Flyer [pdf] available

Theme and goals of the workshop

Testing is an activity that aims at both demonstrating discrepancies between a systems actual and intended behaviors and increasing the confidence that there is no such discrepancy. The security of a system classically relates to the confidentiality and integrity of data as well as the availability of systems and the non-repudiation of transactions. Because confidentiality and integrity can be compromised in many different ways, because availability and non-repudiation guarantees are tremendously difficult to give, and because testing the mere functionality of a system alone is a fundamentally critical task, testing security properties is a real challenge, both from an academic and a practical point of view.

Call for Papers [pdf]

The goal of this workshop on security testing is to provide a forum for practitioners and researchers to exchange ideas, perspectives on problems, and solutions. We solicit both full (8 pages) and short (2 pages) submissions in the following non-exclusive areas:

network security testing
application security testing
testing access control requirements
runtime monitoring of security-relevant applications
security testing of legacy systems
stopping criteria for security testing
cost effectiveness issues
comparisons with security-by-design and formal analyses
adapting classical testing techniques to security
security test generation and oracle derivation
specifying testable security constraints
test automation
penetration testing
regression testing for security
robustness and fault tolerance to attacks
test-driven diagnosis of security weaknesses
process and models for designing and testing secure system
tools and case studies
industrial experience reports
when to perform security analysis and testing
"white Box" security testing techniques
compile time fault detection and program verification

We encourage authors of technical and position papers from both academia and industry to submit their work. Submissions must not be submitted elsewhere, and authors of technical papers are asked to precisely state the problem they are solving. Accepted papers will be published in the IEEE digital library. One author of each paper must agree to attend the workshop that is collocated with ICST in Lillehammer, Norway.
Submitted papers should comment on the potential for generalization of their approach and summarize the contribution.

Important Dates

25 January 2008: Submission
2 March: Notification
10 March: Final copies
9 April: Workshop

Submission and Contact Information

We solicit full (8 pages) and short (2 pages) papers, both in the IEEE two-column format provided here. Submissions are handled via EasyChair.

For further information, please contact Alexander Pretschner.

Venue and Travel

Please refer to the respective ICST webpages.

Keynote Presentation

David Litchfield: A Security Testing Philosophy

Program

0900-1000 David Litchfield. A Security Testing Philosophy

1030-1100 Sven Tuerpe. When it comes to Testing, is Usability the Closest Analogy to Security?
1100-1130 Kaarina Karppinen, Mikael Lindvall and Lyly Yonkwa. Detecting Security Vulnerabilities with Software Architecture Analysis Tools
1130-1200 Vianney Darmaillacq, Jean-Luc Richier and Roland Groz. Test generation and execution for security rules in temporal logic

1330-1400 Fabio Martinelli, Paolo Mori, Thomas Quillinan and Christian Schaefer. A Runtime Monitoring Environment for Mobile Java
1400-1430 Sven Tuerpe. Security Testing: Turning Practice into Theory
1430-1500 Inger Anne Tondel, Martin Gilje Jaatun and Jostein Jensen. Learning from Software Security Testing

1530-1600 Tejeddine Mouelhi, Benoit Baudry and Franck Fleurey. A Generic Metamodel For Security Policies Mutation
1600-1630 Wissam Mallouli, Gerardo Morales and Ana Cavalli. Testing Security Policies for Web Applications
1630-1700 Vianney Darmaillacq. Security policy testing using vulnerability exploit chaining

1700- discussion

Program Committee

Benoit Baudry, INRIA, Rennes, France
Ruth Breu, University of Innsbruck, Austria
Achim Brucker, ETH Zürich, Switzerland
Jeremy Epstein, Software AG, USA
Daniel Faigin, Aerospace Corp, USA
Roland Groz, University of Grenoble, France
Bruno Legeard, Leirios, France
Charles Pfleeger - Pfleeger Consulting, USA
Ron Ritchey, Booz Allen Hamilton, USA
Ina Schieferdecker, Fraunhofer FOKUS, Germany
Thomas Walter, DoCoMo Euro-Labs, Munich, Germany
Jeff Williams, Aspect Security, USA
Laurie Williams, North Carolina State University, USA
Tao Xie, North Carolina State University, USA
and the organizers

Organizers

Yves Le Traon, ENST Bretagne, Rennes, France
Alexander Pretschner, ETH Zürich, Switzerland
Stan Wisseman, Booz Allen Hamilton, USA

[News] [Theme] [CfP] [Dates] [Submission&Contact] [Travel] [Keynote] [Program] [PC] [Organizers]

last modified Mar-4-2008, Alexander Pretschner