IEEE *Software* Special Issue on Building Software Securely


Subject: IEEE *Software* Special Issue on Building Software Securely
From: Mitchell Wand (wand@ccs.neu.edu)
Date: Sun Apr 15 2001 - 16:27:56 EDT


Date: Fri, 23 Mar 2001 16:38:00 -0500
From: Anup Ghosh <aghosh@cigital.com>
Subject: IEEE *Software* Special Issue on Building Software Securely

  [Here is something that should be of vital interest to RISKS readers
  and writers alike. PGN]

Call for Articles and Reviewers for an IEEE *Software Magazine* Special Issue
  "Software Security: Building Systems Securely from the Ground Up"
 
Publication: January/February 2002, Submission deadline: 1 July 2001

Fragile and insecure software continues to be a major threat to a society
increasingly reliant on complex software systems. The premise of this
special issue is that most security breaches in practice are made possible
by software flaws. We believe engineering secure and robust software systems
can break the penetrate-and-patch cycle of software releases all too common
today. A constructive exchange on this topic among software practitioners
and researchers is the focus of this special issue.
 
Specifically, our goal is to encourage a deeper, more fully integrated
understanding of how security concerns should influence all aspects of
software design, implementation, testing, and support. A notorious example
is the buffer overflow problem. Known for decades and very troublesome in
networked systems, it continues to be introduced into new software at an
alarming rate, due in part to software development habits that trace back to
isolated systems where such flaws had few security implications.
 
An important aspect of this discussion is how to balance security with the
many other characteristics of a good software system. Finally, software
designers in a networked world cannot pretend to be working in isolation.
People are a critical part of the full software security equation, and
software that makes unrealistic or unreasonable security-related demands on
users (for example, requiring them to memorize too many passwords that
change too often) will inevitably fail to keep its data secure. Articles
that address the issues of how to design software that works with and
directly supports the need for such social engineering issues are also
encouraged.
 
Topics of interest include:
 
- Case studies that help quantify common security risks
- Security implications of programming languages and development tools
- Techniques for balancing security with other design goals
- Extracting security requirements from software projects
- Design for security
- Developing secure applications
- Aspect-oriented programming for security
- Analyzing programs for vulnerabilities
- Testing for vulnerabilities
- Secure configuration and maintenance
- Developing trusted environments for running untrusted mobile code
- Secure mobile code programming paradigms
- Analyzing unknown software for malicious logic
- Intrusion-tolerant software architectures
- Software application-based intrusion detection
- Models and techniques for quantifying tradeoffs in adding security
  concerns during development
 
[... 5,400-word limit, caveats, etc. PGN]
 
Guest Editors:
 
Anup K. Ghosh
Director of Security Research, Cigital
phone +1 703 404-9293
anup.ghosh@computer.org <mailto:anup.ghosh@computer.org>
 
Chuck Howell
Chief Engineer, Joint and Defense-Wide Systems Division, MITRE Corp.
phone +1 703 883-7615
howell@mitre.org <mailto:howell@mitre.org>
 
James Whittaker
Associate Professor of Computer Science, Florida Institute of Technology
phone +1 321-674-7638
jw@se.fit.edu <mailto:jw@se.fit.edu>



This archive was generated by hypermail 2b28 : Sun Apr 15 2001 - 16:28:30 EDT