[Om-announce] SecTest2012: Call for Participation

avantssar at resin.csoft.net avantssar at resin.csoft.net
Tue Mar 20 22:33:06 CET 2012


(Apologies if you receive this announcement multiple times)


SECTEST 2012:  the 3nd International Workshop on Security Testing 

Co-located with ICST 2012
(The 5th Int. Conference on Software Testing, Verification and Validation)
Montreal, Canada, April 21, 2012



Model-Based Fuzz Testing - Invited talk
Ina Schieferdecker (Fraunhofer Fokus, Germany)

XSS Vulnerability Detection Using Model Inference Assisted Evolutionary Fuzzing
Fabien Duchene, Roland Groz, Jean-Luc Richier and Sanjay Rawat

A Taint Based Approach for Smart Fuzzing
Sofia Bekrar, Chaouki Bekrar, Roland Groz and Laurent Mounier

A Testing Model for Dynamic Malware Analysis Systems
Mathieu Couture, Frederic Massicotte, Hugues Normandin and Frederic Michaud

Managing Evolution by Orchestrating Requirements and Testing Engineering Processes
Federica Paci, Fabio Massacci, Fabrice Bouquet and Stephane Debricon

Automatic XACML requests generation for policy testing
Antonia Bertolino, Said Daoudagh, Francesca Lonetti and Eda Marchetti

Solving Some Modeling Challenges when Testing Rich Internet Aplications for Security
Suryakant Choudhary, Mustafa Emre Dincturk, Gregor V. Bochmann, Guy-Vincent Jourdan, Iosif Viorel Onut and Paul Ionescu

SPaCiTE - Web Application Testing Engine
Matthias Buechler, Johan Oudinet and Alexander Pretschner
Events-Based Security Monitoring Using MMT Tool
Bachar Wehbi, Edgardo Montes de Oca and Michel Bourdelles

The SmartLogic Tool: Analysing and Testing Smart Card Protocols
Gerhard de Koning Gans and Joeri de Ruiter

To improve software security, several techniques, including vulnerability
modelling and security testing, have been developed but the problem remains
unsolved. On one hand, the workshop tries to answer how vulnerability modelling
can help users understand the occurrence of vulnerabilities so to avoid them,
and what the advantages and drawbacks of the existing models are to represent
vulnerabilities. At the same time, the workshop tries to understand how to
solve the challenging security testing problem given that testing the mere
functionality of a system alone is already a fundamentally critical task, how
security testing is different from and related to classical functional testing,
and how to assess the quality of security testing. The objective of this
workshop is to share ideas, methods, techniques, and tools about vulnerability
modelling and security testing to improve the state of the art.
In particular, the workshop aims at providing a forum for practitioners and
researchers to exchange ideas, perspectives on problems, and solutions. Both
papers proposing novel models, methods, and algorithms and reporting
experiences applying existing methods on case studies and industrial examples
are welcomed.

The topics of interest include, but are not restricted to:
  * network security testing
  * application security testing
  * security requirements definition and modelling
  * security and vulnerability modelling
  * runtime monitoring of security-relevant applications
  * security testing of legacy systems
  * cost effectiveness issues
  * comparisons between security-by-design and formal analyses
  * formal techniques for security testing and validation
  * security test generation and oracle derivation
  * specifying testable security constraints
  * test automation
  * penetration testing
  * regression testing for security
  * robustness and fault tolerance to attacks
  * test-driven diagnosis of security weaknesses
  * process and models for designing and testing secure system
  * when to perform security analysis and testing
  * "white box" security testing techniques
  * compile time fault detection and program verification
  * tools and case studies
  * industrial experience reports
  * Paul Ammann (George Mason University, USA)
  * Alessandra Bagnato (TXT e-solutions, Corporate Research Division, Italy)
  * Ruth Breu (University of Innsbruck, Austria)
  * Achim Brucker (SAP Research, Germany)
  * Frédéric Cuppens (Telecom Bretagne, France)
  * Khaled El Fakih (American University of Sharjah, UAE)
  * Daniel Faigin (The Aerospace Corporation, USA)
  * Ylies Falcone (Grenoble University, France)
  * Roland Groz (Grenoble University, France)
  * Bruno Legeard (Smartesting, France)
  * Keqin Li (SAP Research, France; co-chair)
  * Lijun Liu (China Mobile Research Institute, China)
  * Wissam Mallouli (Montimage, France; co-chair)
  * Ronald Ritchey (Booz Allen & Hamilton, USA)
  * Juha Roning (University of Oulu, Finland)
  * Luca Viganò (Università di Verona, Italy; co-chair)
  * Bachar Wehbi (Montimage, France)
  * Alessandro Armando (University of Genova, Italy)
  * Ana Cavalli (Telecom SudParis, France)
  * Jorge Cuellar (Siemens, Germany)
  * Alexander Pretschner (KIT, Germany)
  * Yves Le Traon (University of Luxembourg, Luxembourg)
For further information, please contact http://www.spacios.eu/sectest2012/.

More information about the Om-announce mailing list