Third International Workshop on Secure Software Engineering (SecSE 2009)

                      In conjunction with ARES 2009
                    Fukuoka, Japan, March 16th-19th 2009  

                               Call for Papers

In our modern society, software is an integral part of everyday life,
and we expect and depend upon software systems to perform
correctly. Software security is about ensuring that systems continue
to function correctly also under malicious attack. As most systems now
are web-enabled, the number of attackers with access to the system
increases dramatically and thus the threat scenario changes. The
traditional approach to secure a system includes putting up defence
mechanisms like IDS and firewalls, but such measures are no longer
sufficient by themselves. We need to be able to build better, more
robust and more secure systems. Even more importantly, however, we
should strive to achieve these qualities in all software systems, not
just the ones that need special protection.

This workshop will focus on techniques, experiences and lessons
learned for engineering secure and dependable software.

Suggested topics include, but are not limited to:
- Secure architecture and design
- Security in agile software development
- Aspect-oriented software development for secure software
- Security requirements
- Risk management in software projects
- Secure implementation
- Secure deployment
- Testing for security
- Quantitative measurement of security properties
- Static and dynamic analysis for security
- Verification and assurance techniques for security properties
- Lessons learned
- Security and usability
- Teaching secure software development
- Experience reports on successfully attuning developers to secure software 

Important dates:
- Submission Deadline:  October  30th 2008 
- Author Notification:  November 30th 2008 
- Author Registration:  December 15th 2008
- Proceedings Version:  December 15th 2008
- Conference:           March 16th - March 19th 2009
- Workshop: TBA March 2009

Submission Guidelines
Authors are invited to submit research and application papers in IEEE
Computer Society Proceedings Manuscripts style (two columns,
single-spaced, including figures and references, using 10 pt fonts, and
number each page). Please consult the IEEE CS Author Guidelines at the
following web page:	 

We solicit the submission of academic workshop papers (6 pages) 
representing original, previously unpublished work. Submitted papers 
will be carefully evaluated based on originality, significance, 
technical soundness, and clarity of exposition.

Duplicate submissions are not allowed. A submission is considered to
be a duplicate submission if it is submitted to other
conferences/workshops/journals or if it has been already accepted to
be published in other conferences/workshops/journals. Duplicate
submissions thus will be automatically rejected without reviews.

Contact author must provide the following information: paper title,
authors' names, affiliations, postal address, phone, fax, and e-mail
address of the author(s), about 200-250 word abstract, and about five
keywords.Paper registration and submission is done through the 
ARES & CISIS 2009 Paper Management System at the following address:

Submission of a paper implies that should the paper be accepted, at
least one of the authors will register for the ARES conference and
present the paper in the workshop. Accepted papers will be given
guidelines in preparing and submitting the final manuscript(s)
together with the notification of acceptance. Note that SecSE 2009
does not require anonymized submissions.

All accepted papers will be published as ISBN proceedings published by
the IEEE Computer Society.
Organizing committee:
Torbjørn Skramstad, Norwegian University of Science and Technology (NTNU)
Lillian Røstad, Norwegian University of Science and Technology (NTNU)
Martin Gilje Jaatun, SINTEF ICT, Norway

Enquiries to the organizing committee may be sent to: 
SecSE08 "replace with at-character"

Program committee 
Rubén Alonso, Visual Tools, Spain 
Davide Balzarotti, University of California, Santa Barbara, USA
Sergey Bratus, Dartmouth College, USA
Ana Cavalli, GET/INT, France
Ivan Flechais, University of Oxford, UK 
Per Håkon Meland, SINTEF ICT, Norway
Leon Moonen, Simula Research Laboratory, Norway  
Khalid Mughal, University of Bergen, Norway
Jong Hyuk Park, Kyungnam University, Korea
Erkuden Rios, European Software Institute, Spain 
Chunming Rong, University of Stavanger, Norway
Lillian Røstad, NTNU, Norway
Riccardo Scandariato, KU Leuven, Belgium
Christoph Schuba, Sun Microsystems Inc., USA
Nahid Shahmehri, Linköping University, Sweden
Torbjørn Skramstad, NTNU, Norway
Bart De Win, KU Leuven, Belgium
Stephen Wolthusen, Royal Holloway University of London, UK
George Yee, NRC Institute for Information Technology, Canada
Mohammad Zulkernine, Queens University, Canada