|                                                                      |
|                            Call for papers                           |
|                                                                      |
|                                                                      |
|  International Symposium on Engineering Secure Software and Systems  |
|                                                                      |
|                               ESSoS 2017                             |
|                                                                      |
|                             July 3-5, 2017                           |
|                              Bonn, Germany                           |
|                                                                      |
| https://distrinet.cs.kuleuven.be/events/essos/2017/calls-papers.html |

| *Paper submission*: Friday, February 24, 2017 (firm)                 |

In cooperation with: ACM SIGSAC and SIGSOFT (pending)
New this year: co-Located with DIMVA.

* Context and motivation *
IT security is becoming an increasingly interdisciplinary subject.
For example, it is insufficient to simply deploy new security
measures but one must pay careful attention to correctly integrate
the security measures into existing software. Such an approach
involves redesigning and engineering of software to ensure that the
built-in security policy is effective in practice.
Many security venues put little focus on topics related to software
engineering, while many software-engineering venues lack appreciation
for more complex topics in software security. ESSoS thus strives to
be a venue that welcomes exactly such contributions that are at the
border of IT security and software engineering. The program committee
is particularly chosen to encompass a broad range of expertise,
ranging from software security over software engineering to human
subjects such as usable security.

* Goal and setup *
The goal of this symposium, which will be the ninth in the series, is
to bring together researchers and practitioners to advance the state
of the art and practice in secure software engineering. Being one of
the few conference-level events dedicated to this topic, it
explicitly aims to bridge the software engineering and security
engineering communities, and promote cross-fertilization. The
symposium will feature two days of technical program including two
keynote presentations. In addition to academic papers, the symposium
encourages submission of high-quality, informative industrial
experience papers about successes and failures in secure software
engineering and the lessons learned. Furthermore, the symposium also
accepts short idea papers that crisply describe a promising
direction, approach, or insight.

* Topics *
The Symposium seeks submissions on subjects related to its goals.
This includes a diversity of topics including (but not limited to):
- Cloud security, virtualization for security
- Mobile devices security
- Automated techniques for vulnerability discovery and analysis
- Model checking for security
- Binary code analysis, reverse-engineering
- Programming paradigms, models, and domain-specific languages for
- Operating system security
- Verification techniques for security properties
- Malware: detection, analysis, mitigation
- Security in critical infrastructures
- Security by design
- Static and dynamic code analysis for security
- Web applications security
- Program rewriting techniques for security
- Security measurements
- Empirical secure software engineering
- Security-oriented software reconfiguration and evolution
- Computer forensics
- Processes for the development of secure software and systems
- Security testing
- Embedded software security
- Usable security

* Important dates *
Paper submission: Friday, February 24, 2017 (firm)
Paper acceptance notification: Tuesday, April 18, 2017
Artifact evaluation submission: Friday, April 21, 2017
Poster submission: Friday, April 21, 2017
Poster acceptance notification: Friday, April 28, 2017
Camera-ready: Friday, May 12, 2017
Symposium: Monday to Wednesday, July 3-5, 2017
(DIMVA is held July 6-7, following ESSoS)

* Submission and format *
The proceedings of the symposium are published by Springer-Verlag in
the Lecture Notes in Computer Science Series
(http://www.springer.com/computer/lncs, pending approval).
Submissions should follow the formatting instructions of Springer
LNCS. Submitted papers must present original, unpublished work of
high quality.

Two types of papers will be accepted:

_Full papers (max 14 pages without bibliography/appendices)_
Such papers may describe original technical research with a solid
foundation, such as formal analysis or experimental results, with
acceptance determined mostly based on novelty and validation. Or they
may describe case studies applying existing techniques or analysis
methods in industrial settings, with acceptance determined mostly by
the general applicability of techniques and the completeness of the
technical presentation details.

_Idea papers (max 8 pages with bibliography)_
Such papers may crisply describe a novel idea that is both feasible
and interesting, where the idea may range from a variant of an
existing technique all the way to a vision for the future of security
technology. Idea papers allow authors to introduce ideas to the field
and get feedback, while allowing for later publication of complete,
fully-developed results. Submissions will be judged primarily on
novelty, excitement, and exposition, but feasibility is required, and
acceptance will be unlikely without some basic, principled validation
(e.g., extrapolation from limited experiments or simple formal
analysis). In the proceedings, idea papers will clearly identified by
means of the "Idea" tag in the title.

ESSoS will have a poster session to present ideas, discuss
prototypes, and feature ongoing work. Authors of accepted papers and
authors with evaluated artifacts are invited to submit a poster as
well. Poster abstracts are limited to 1 page.

_Approved Artifacts_
Due to the secure software engineering focus, we expect the majority
of papers to be based on an accompanying software artifact, data set,
or similar. We strongly encourage the authors of accepted papers to
submit such artifacts for evaluation. Artifact Evaluation will take
place after accepted papers have been announced. Further information
will be given closer to the paper-submission deadline. Submissions
where the artifact evaluation committee can reproduce the software
artifacts and evaluation will receive the “approved artifact”
badge. Authors of approved artifacts are further given the
opportunity to demo their artifact at the conference. In addition,
the committee will select a best artifact to receive the
Distinguished Artifact Award.

* Steering committee *

Jorge Cuellar (Siemens AG)
Wouter Joosen (Katholieke Universiteit Leuven) - chair
Fabio Massacci (Università di Trento)
Gary McGraw (Cigital)
Bashar Nuseibeh (The Open University)
Daniel Wallach (Rice University University)

* Organizing committee *
General chair: Michael Meier (University of Bonn, DE)
Program co-chairs: Mathias Payer (Purdue university, USA),Eric Bodden
(Paderborn University, DE)
Doctoral Symposium: TBA
Publication chair: Elias Athanasopoulos (University of Cyprus, CY)
Publicity chair: Raoul Strackx (Katholieke Universiteit Leuven, BE)
Web chair: Ghita Saevels (Katholieke Universiteit Leuven, BE)

* Program committee *
David Aspinall, University of Edinburgh
Domagoj Babic, Google Inc.
Alexandre Bartel, University of Luxembourg
Amel Bennaceur, The Open University
Stefan Brunthaler, Paderborn University
Will Enck, NC State University
Michael Franz, University of California, Irvine
Christian Hammer, University of Potsdam
Michael Hicks, University of Maryland
Trent Jaeger, The Pennsylvania State University
Vassilis P. Kemerlis, Brown University
Johannes Kinder, University of London
Byoungyoung Lee, Purdue University
Yang Liu, University of Oxford
Ben Livshits, Microsoft Research
Clémentine Maurice, Technical University Graz
Andy Meneely, Rochester Institute of Technology
Mira Mezini, Technical University Darmstadt
Alessandro Orso, Georgia Tech
Christina Pöpper, New York University Abu Dhabi
Awais Rashid, Lancaster University
Kaveh Razavi, Vrije Universiteit Amsterdam
Tamara Rezk, INRIA
Angela Sasse, University College London
Zhendong Su, University of California, Davis
Melanie Volkamer, Karlstad University
Xiangyu Zhang, Purdue University