Measurability of Security in Software Architectures

The growing complexity of service-centric systems has increased the need for pertinent and reliable software security and trusted system solutions. Systematic approaches to measuring security in software architectures are needed in order to obtain sufficient and credible proactive evidence of the security level or performance of a system, service or product. The systematic definition of security metrics and security assurance metrics is a young field that still lacks widely accepted definitions of metrics and applicable measuring techniques for design-time and run-time security monitoring.

The workshop will provide a forum for dissemination, demonstration and discussion of original scientific and experimental results of security measurement topics.

MeSSa 2010 solicits contributions on the following issues (but not limited to):

Security, trust and privacy metrics
Security assurance metrics
Security, trust and privacy measurement systems and associated data gathering
Metrics for adaptive security systems
Taxonomical and ontological research on security metrics
Experimental results from security measurements
Security measurability-increasing mechanisms for software architectures
The relationship and differences between security metrics and security assurance metrics
Tradeoff analysis and decision-making at design-time and at run-time
The workshop paper will be published in a second volume of the ECSA 2010 conference proceedings with an ISBN number and through ACM digital library (approval pending). At least one author of all accepted papers must present the paper at the workshop.

Submission of papers: May 17, 2010
Author notification: June 7, 2010
Submission of camera-ready paper: July 1, 2010

Organisation

Workshop Co-Chairs

Reijo Savola, VTT Technical Research Centre of Finland (Finland)
Teemu Kanstrén, VTT Technical Research Centre of Finland (Finland)
Antti Evesti, VTT Technical Research Centre of Finland (Finland)
Program Committee

Habtamu Abie, Norwegian Computing Center (Norway)
Nadya Bartol, Booz Allen Hamilton (USA)
John Bigham, Queen Mary University of London (UK)
Christophe Blad, Oppida (France)
Marijke Coetzee, University of Johannesburg (South Africa)
Michel Cukier, University of Maryland (USA)
Giorgio da Bormida, ELGI (Italy)
Jim Clarke, Waterford Institute of Technology (Ireland)
Ilesh Dattani, Q-Sphere (UK)
Samuel Dubus, Alcatel-Lucent (France)
Sammy Haddad, ENST (France)
Thomas Heyman, Katholieke Universiteit Leuven (Belgium)
Zoltan Hornák, SEARCH-LAB (Hungary)
Siv-Hilde Houmb, Telenor (Norway)
Erland Jonsson, Chalmers University of Technology (Sweden)
Oscar López, Nextel S.A. (Spain)
Louis Marinos, European Network and Information Security Agency (Greece)
Aliki Ott, Nokia Siemens Networks (Finland)
Moussa Ouedraogo, CRP Henri Tudor (Luxembourg)
Eila Ovaska, VTT Technical Research Centre of Finland (Finland)
Tanir Ozcelebi, Technical University of Eindhoven (The Netherlands)
Pierre Parrend, Karlsruhe Institute of Technology (Germany)
Aljosa Pasic, Atos Origin (Spain)
Christophe Ponchel, EADS (France)
Michel Riguidel, ENST (France)
Domenico Rotondi, TXT e-solutions SpA (Italy)
Juha Röning, University of Oulu (Finland)
Riccardo Scandariato, Katholieke Universiteit Leuven (Belgium)
Pedro Soria-Rodriguez, Atos Origin (Spain)
Ari Takanen, Codenomicon (Finland)
Alessandra Toninelli, INRIA Paris (France)
Hein Venter, University of Pretoria (South Africa)
Antti Vähä-Sipilä, Nokia (Finland)