The Fourth International Workshop on Software Engineering for Secure Systems SESS’08 – A Trusted Business World Bart De Win
Seok-Won Lee
Katholieke Universiteit Leuven Celestijnenlaan 200A – B-3001 Leuven, Belgium
Dept. of Software and Information Systems University of North Carolina at Charlotte
[email protected] 9201 University City Blvd. Charlotte, NC 28223, USA
[email protected]
General Terms Security
Categories and Subject Descriptors D.2.0 [Software Engineering]: General
Keywords Security, Software Engineering
1.
WORKSHOP THEME
Software is at core of most of the business transactions and its smart integration in an industrial setting may be the competitive advantage even when the core competence is outside the ICT field. As a result, the revenues of a firm depend directly on several complex software-based systems. Thus, stakeholders and users should be able to trust these systems to provide data and elaborations with a degree of confidentiality, integrity, and availability compatible with their needs. Moreover, the pervasiveness of software products in the creation of critical infrastructures has raised the value of trustworthiness and new efforts should be dedicated to achieve it. However, nowadays almost every application has some kind of security requirement even if its use is not to be considered critical. Thus, designers have to cope with the complexity of insecure operating environments by considering threats to their application correctness. Security concerns should be taken into account as early as possible, and not added to systems as an after-thought: this is extremely expensive and it may compromise the design integrity in critical ways. Security features such as cryptographic protocols and tamperresistant hardware cannot be simply added on to transform an insecure product to a secure one. Security solutions and patterns are hard to reuse in different contexts, they crosscut all the system components and a vulnerability alone might compromise the trustworthiness of the whole system. Thus, not surprisingly, several security holes are recurrent, notwithstanding the expeCopyright is held by the author/owner(s). ICSE’08, May 10–18, 2008, Leipzig, Germany. ACM 978-1-60558-079-1/08/05.
Mattia Monga Dip. Informatica e Comunicazione Università degli Studi di Milano Via Comelico 39/41 – I-20135 Milan, Italy
[email protected]
rience accumulated by security research in the last decades. Software engineers and practitioners should assimilate basic security techniques and discover new techniques for integrating them in the current practice, while understanding associated costs and benefits. Several well-established software engineering disciplines such as verification, testing, program analysis, process support, configuration management, requirement engineering, etc. could contribute to improving security solutions that sometimes lack a coherent methodological approach. Or, as it is the case of security standards proposed by the Common Criteria [2] or BS7799 [1], present challenges that prevent integration with mainstream software engineering practice. As software is going to permeate every aspect of our society, an increasing attention to its social side-effects is needed. Security is obviously an important one, because most of our daily activities assume the availability of reliable and trustworthy software systems. The software industry has to deal with the problem of building secure programs in an economical way, but software engineers still lack enough knowledge in the field yet [9]. The SESS workshop aims at providing a venue for software engineers and security researchers to exchange ideas and techniques. The past editions were held in conjunction with ICSE2005, ICSE2006 and ICSE2007.
1.1
Program committee
The program committee was joined by knowledgeable researchers from both the software engineering and the security community. • Davide Balzarotti, University of California at Santa Barbara • Danilo Bruschi, Universit` a degli Studi di Milano, Italy • Mihai Christodorescu, IBM TJ Watson Research Center • Vinod Ganapathy, Rutgers University, NJ, USA • Carlo Ghezzi, Politecnico di Milano, Italy • Charles B. Haley, University College of Technology and Innovation Kuala Lumpur, Malaysia • Jan J¨ urjens, The Open University, UK
• Engin Kirda, Technische Universit¨ at Wien, Austria • Raimundas Matulevicius, University of Namur, Belgium • Sjouke Mauw, University of Luxembourg • Frank Piessens, Katholieke Universiteit Leuven
can be useful to assess how complete was the security test of an application in the context of SQL queries. Software security metrics are measurements to assess security related errors introduced during the development of a software system. While most security metrics evaluate systems from a high level of abstraction, [7] proposes security metrics to be computed on the source code and it show their relevance in two case studies.
• Indrakshi Ray, Colorado State University • Dongwan Shin, New Mexico Tech
• Wietse Z. Venema, IBM T.J. Watson Research Center
The organizers want to thank all the reviewers and the authors for their contribution to a workshop that promises to be very interesting for both the security and the software engineering research community.
• Giovanni Vigna, University of California at Santa Barbara
3.
• Stuart Stubblebine, Stubblebine Consulting
2.
Acknowledgments
WORKSHOP OUTLINE
This year the program committee selected eight papers to be presented at the workshop. The issues addressed are very diverse, another demonstration of how security cross-cuts all the activities of modern software engineering practice. Security policies specification is a well established research field. Access control is an important security service constantly required by diverse distributed systems, and thus it is crucial for such systems to have optimized performance: [10] presents a programmatic approach to the optimisation of XACML policies that specifies how a set of access control rules should be best represented for optimised evaluation and it discusses the flexibility of the XACML specifications to describe the same access rules with different policy configurations. Security and privacy issues in healthcare data management play a fundamental role in the widespread adoption of medical information systems. [4] presents an extension to an open source hospital information system in order to provide support for expressing and enforcing privacy-related policies. Security patterns often lack a formal description. [8] investigates the use of Petri nets to model security patterns on an abstract level. Gradual and intuitive refinement of the Petri nets permits the creation of a running Petri net implementation. Software development process should be intertwined with security assessment at each stage. [5] proposes to integrate into the version-control server a set of security checks that are to be run with every code submission. If one or more of the security checks fail, the cause of the failure is mapped to the source code. [3] discusses the feasibility and use of runtime verification as means for monitoring security protocols and their historybased security properties. It applies runtime monitoring to a particular implementation of the SSL (TLS) protocol. Modern malware can spread so quickly that any countermeasure based on human reaction might not be fast enough. [6] proposes an improvement of the automated content-based signature generation system for polymorphic worms originally proposed by the Hamsa system, which was prone to poisoning attacks. An increasing number of cyber-attacks occur at the application layer via malicious input, by exploiting insufficiently tested systems. [11] discusses two coverage metrics which
REFERENCES
[1] The BS7799 / BS 7799 security standard. http://www.thewindow.to/bs7799/. [2] The Common Criteria portal. http://www.commoncriteriaportal.org/. [3] A. Bauer and J. J¨ urjens. Security protocols, properties, and their monitoring. In SESS’08: Proceedings of the 4th International Workshop on Software Engineering for Secure Systems, Leipzig, Germany, May 2008. [4] S. Braghin, A. Coen-Porisini, P. Colombo, S. Sicari, and A. Trombetta. Introducing privacy in a hospital information system. In SESS’08: Proceedings of the 4th International Workshop on Software Engineering for Secure Systems, Leipzig, Germany, May 2008. [5] B. Braun. SAVE - static analysis on versioning entities. In SESS’08: Proceedings of the 4th International Workshop on Software Engineering for Secure Systems, Leipzig, Germany, May 2008. [6] L. Cavallaro, A. Lanzi, L. Mayer, and M. Monga. LISABETH: Automated content-based signature generator for zero-day polymorphic worms. In SESS’08: Proceedings of the 4th International Workshop on Software Engineering for Secure Systems, Leipzig, Germany, May 2008. [7] I. Chowdhury, B. Chan, and M. Zulkernine. Security metrics for source code structures. In SESS’08: Proceedings of the 4th International Workshop on Software Engineering for Secure Systems, Leipzig, Germany, May 2008. [8] V. Horvath and T. D¨ orges. From security patterns to implementation using Petri nets. In SESS’08: Proceedings of the 4th International Workshop on Software Engineering for Secure Systems, Leipzig, Germany, May 2008. [9] M. Howard and D. LeBlanc. Writing Secure Code. Best Practices. Microsoft Press, second edition, 2003. [10] P. Miseldine. Automated XACML policy reconfiguration for evaluation optimisation. In SESS’08: Proceedings of the 4th International Workshop on Software Engineering for Secure Systems, Leipzig, Germany, May 2008. [11] B. Smith, Y. Shin, and L. Williams. Proposing SQL statement coverage metrics. In SESS’08: Proceedings of the 4th International Workshop on Software Engineering for Secure Systems, Leipzig, Germany, May 2008.
