STPSA 2018: The 13th IEEE International Workshop on Security, Trust, and Privacy for Software Applications

Call for Papers (MS Word)

STPSA 2018 workshop will bring researchers from academia and industry to discuss methods and tools to achieve security, trust, and privacy goals of both pervasive and non-pervasive software applications. This workshop will focus on techniques, experiences and lessons learned with respect to the state of art for the security, trust, and privacy aspects of both pervasive and non-pervasive software applications along with some open issues.

Information security has become a major concern for software and applications. Software systems must be engineered with reliable protection mechanisms with respect to security, privacy, and trust, while still delivering the expected value of the software to their customers. The traditional approaches to secure a system (e.g., IDS, firewalls) are no longer sufficient to address many security, trust, and privacy (STP) issues. These issues should be addressed by building more effective STP-aware software applications. The principal obstacle in developing STP-aware software is that current software specification, design, implementation, and testing practices do not include adequate methods and tools to achieve security, trust, and privacy goals. Further, emerging techniques such as blockchain bring on new challenges to adopt them into developing STP-aware software and applications.

As most systems now are Internet-based, the number of attackers is increased dramatically and threat scenarios have changed. Traditional security measures do not fit well for the software of pervasive applications. Since location and contexts are key attributes of pervasive applications, the privacy issues need to be handled in a novel manner than traditional software applications. The devices in pervasive computing leave and join in ad hoc manner in the pervasive network. These create a need for new trust models for pervasive computing applications. In this workshop, we will also welcome papers on the challenges and requirements of security, privacy, and trust for pervasive software applications.

Topics of interest include, but are not limited to, the following:

• Security, trust, and privacy specific software development practices
• Security, trust, and privacy requirements elicitation and specification
• Models and languages for STP-aware software specification and design
• Architecture for STP-aware software development
• STP challenges for pervasive software applications
• Testing security, trust, and privacy properties of both pervasive and non-pervasive software
• STP management and usability issues in software applications
• User interfaces for STP-aware pervasive and non-pervasive software
• Software reengineering for security, trust, and privacy for both pervasive and non-pervasive applications
• Tradeoffs among security, privacy, trust, and other criteria
• STP challenges in e-services, e.g. e-health, e-government, e-banking, e-commerce, e-marketing and other web-based and pervasive applications
• STP challenges in mobile software applications
• STP issues in sensor-based software applications
• User interfaces for secure and privacy-aware pervasive computing applications
• STP-aware service discovery mechanisms for pervasive computing environments
• Models for ensuring security, trust, and privacy in pervasive software applications
• STP issues for handheld device software applications such as healthcare
• Teaching, innovative course or curriculum for STP-aware software development
• Experience reports on developing STP-aware software
• Offensive security and attacks on software applications and mitigation techniques
• Application of blockchain technologies for STP-aware software development
• Ethical issues in STP-aware software and application development

STPSA Program Schedule

Monday July 23, 11:30 – 1:00pm
Session 1
Location: Meeting 203
Session Chair: Natalia Stakhnova, University of New Brunswick, Canada

Identifying Security Spots for Data Integrity
Pushkar Ogale, Michael Shin, Sasanka Abeysinghe

A Privacy Safeguard Framework for a WebRTC/WoT-based Healthcare Architecture
Saad El Jaouhari, Ahmed Bouabdallah

Removing Software Vulnerabilities During Design
George Yee

Monday July 23, 2:00 – 3:30pm
Session 2
Location: Meeting 203
Session Chair: Hasan Jamil, University of Idaho, USA

Resource and Role Hierarchy Based Access Control for Resourceful Systems
Nidhiben Solanki, Yongtao Huang, I-Ling Yen, Farokh Bastani, Yuqun Zhang

An Unknown Malware Detection Using Execution Registry Access
Sanouphab Phomkeona, Kento Kono, Koji Okamura

A Security Assessment of HCE-NFC enabled E-Wallet Banking Android Apps
Ratinder Kaur, Yan Li, Junaid Iqbal, Hugo Gonzalez, Natalia Stakhanova

Monday July 23, 4:00 – 5:30pm
Session 3
Location: Meeting 203
Session Chair: Hossain Shahriar, Kennesaw State University, USA

Chained of Things: A Secure and Dependable Design of Autonomous Vehicle Services
Md Golam Moula Mehedi Hasan, Amarjit Datta, Mohammad Ashiqur Rahman, Hossain Shahriar

A Best-Effort Damage Mitigation Model for Cyber-Attacks on Smart Grids
Mohammad Ashrafuzzaman, Hasan Jamil, Yacine Chakhchoukh, Frederick Sheldon

Static Analysis of HIPPA Security Requirements in Electronic Health Record Applications
Maryam Farhadi, Hisham Haddad, Hossain Shahriar