This workshop is organized in conjunction with the 46th International Conference on Software Engineering (ICSE). The workshop will be held in may 2024.
Call for papers
The workshop will facilitate discourse and discussions among researchers, practitioners, and students who are working on challenges and solutions related to the industrial revolution There will be a particular focus on sharing industry experience and project results pertaining to cyber threats on critical systems, secure software engineering, and attack detection and response mechanisms.
EnCyCriS and SVM invites contributions from research scholars and practitioners working on challenges and solutions for engineering and cybersecurity of critical systems on the following topics:
- Safe, reliable, and secure by design - and - Safety and security co-engineering.
- Software Vulnerability Management for critical systems, including threat modeling and event analysis.
- Cyber response estimation on software and hardware of CI using models, simulations, and digital twins.
- The role and impact of human in cybersecurity in critical infrastructures development and operation.
- Human factors in cybersecurity software engineering and software vulnerability management.
We accept position papers, research papers, and industrial experience
papers. We highly value industrial experience and lessons learned, and academic papers where research artefacts have been applied in an industrial context.
- Paper Submission Deadline: 15th December 2023.
- Paper Acceptance Notification: 11th Janary 2023.
- Camera-ready Papers: 25th January 2024.
- Workshop date: Monday 15st April 2024.
Software permeates modern society. Within critical infrastructures and systems providing important societal services, there have been considerable digitisation efforts the last decade
To address critical infrastructures vulnerabilities in design, development, implementation, operation and maintenance, a Joint Workshop is arranged between the International Workshop on Engineering and security of Critical Systems (EnCyCriS) and the International Workshop on Software Vulnerability Management (SVM).
An effect of the 4th industrial revolution is that cyber physical systems and software are in continuous growth in their complexity. Complexity of data, and system integration are becoming increasingly important for business and operation.
For critical infrastructures in e.g., energy production and transmission, transportation and public health, this transformation has led to an increased exposure to cyber, physical, and combined cyber-physical attacks.
Most of these cyber attacks have been caused by software vulnerabilities, and thus software vulnerability management has become indispensable to ensure the security of critical systems and infrastructures (e.g., safety protection systems in nuclear, high integrity control systems in transportation, etc.), and emerging solutions with potential high impact (e.g., Artificial Intelligence, block chain, and quantum systems).
Systems are required to be more efficient whilst retaining their efficacy, resulting in a more complex security landscape. For cybersecurity, handling both hardware and software vulnerabilities throughout the system life cycle is critical. To manage software vulnerabilities, Software Vulnerability Management (SVM) is a vital process to ensure the quality and security of critical systems and infrastructures.
This workshop facilitates discourse and discussions among researchers, practitioners, and students who are working on challenges and solutions related to the 4th industrial revolution, with a particular focus on sharing industry experience and project results pertaining to cyber threats on critical systems; secure software engineering; and attack detection and response mechanisms.
We highly value industrial experience and lessons learned, and academic papers where research artefacts have been applied in an industrial context
- Integrated safety and security software engineering processes
and methods for CI that enable coordination among different teams and personnel with different competences, and continuous integration of new and emerging technologies enabling the 4th Industrial Revolution.
- As a means to support both development and operational phases: threat landscape for digital systems’ software in critical infrastructure, and the modelling of cyber-attack scenarios for digital systems’ architecture and inter-dependencies, must be considered. This includes accurate software architecture design model specification that facilitates cyber-security, Reliability, Availability, Maintainability and Safety (RAMS) assessment, Software Vulnerability Management (SVM), and support effective communication of the threats, vulnerabilities, risks, and potential mitigation to relevant stakeholders.
- Development and use of risk models for digital systems’ software for quick and effective decision-making in order to respond to fast evolving cyber incidents. For e.g., how to use, combine or tailor software system models, network topology, risk models, in a way that they could be used in incident response to determine event propagation and suitable response and mitigation strategies.
- Demonstrate the use of digital twins, Hardware-In-the-Loop (HIL) testbeds, simulators, and/or emulators developed for cybersecurity purposes in critical infrastructures, especially to understand the consequences of a cyber-attack on both the software and on the an overall system-level, evaluate the effectiveness of the developed risk models, detection, and response tools and/or methods.
- Disseminate the state-of-the-art and state-of-the-practice of SVM to identify and close the gap between industry and research on the advances and practices of SVM for critical systems and infrastructures such as Artificial Intelligence based, blockchain, Augmented/Virtual/Mixed Reality, and quantum systems, as well as and the respective development paradigms, including DevOps and infrastructure-as-code.
Workshop proceedings will be prepared by IEEE CPS and published in ACM Digital Library and IEEE Xplore Digital Library. Workshop papers must follow the ACM formatting instructions.
We accept submission of research papers of 8 pages maximum length as well as position papers & short papers of 4 to 6 pages length, and industry experiences and challenges papers of 4 to 6 pages
All paper should be submitted in PDF through the HotCRP platform of the workshop, and should not be longer than 8 pages including references: https://encycris-svm-2024.hotcrp.com/.
Each paper will be reviewed on the basis of technical quality, relevance, significance, and clarity by at least three Program Committee members.
To be updated earlier 2024.
The workshop opens discussions among researchers, practitioners and students with a particular focus on software and systems vulnerability management for critical infrastructure and systems across life cycle phases.
The workshop invites papers within the following topics:
- Safety and security co-engineering.
- Threat modeling and analyzing software systems security.
- Requirements engineering for critical infrastructures systems and software.
- SecDevOps for critical infrastructures software and systems - and - SVM for DevOps
- Methodology, processes and tools for SVM
- AI-driven techniques for SVM (AI4SVM) and SVM for AIbased systems (SVM4AI).
- Socio-technical aspects of critical infrastructures cybersecurity and SVM.
- Human-AI collaboration for SVM.
- Empirical study of SVM tools and/or practices (including mixed-methods).
- SVM in software development lifecycle, including supply chain.
- Mining software repositories, and data sets for SVM.
- Software infrastructures for SVM.
- SVM for infrastructure-as-code and/or virtualised infrastructures.
- Systems cyber security management and SVM for emerging systems (e.g., blockchain, virtual, and quantum systems).
This workshop will include keynote talks in both topical areas. the workshop is accepting research papers of a maximum of 8 pages as well as industrial or results short papers of minimum 4pages.
The workshop will be organized into different sessions, with a session chair. Each presentation will be followed by live Q&A session.
To be updated earlier 2024
The conference main event will be organized as a hybrid event in Lisbon, Portugal.
The workshop is aiming to be organized physically as a co-located event to ICSE 2024. Be advised that although we aim for a hybrid event (both physically and digitally), this option is not confirmed yet and may be changed. Virtual attendance option will be updated. The workshop will not cover participants or authors expenses for travel or registration.
All participants, including workshop organizers, keynote speakers, and invited guests, must register for the workshop through ICSE webpage. Registrations are mandated and must be performed at least 10 days prior to this workshop. We cannot guarantee participation after this date.
Please follow the ICSE conference instructions: to be updated.
The workshop is included in the "co-located event registration" category. Participants require only one day participation.
- Doo-Hwan Bae, KAIST, South Korea,
- John Eidar Simensen, IFE, Norway,
- Mary Sánchez-Gordón, Østfold University College, Norway
- Vasileios Gkioulos, Norwegian University of Science and Technology (NTNU), Norway,
- Sridhar Adepu, University of Bristol, UK,
- Kate Labunets, Utrecht University, The Netherlands,
- Nadia Saad Noori, University of Adger, Norway,
- Ita Ryan, School of Computer Science and Information Technology, University College Cork. Science Foundation Ireland Centre for Research Training in Advanced Networks for Sustainable Societies - ADVANCE CRT, Cork Ireland,
- André Teixeira, Uppsala University, Sweden,
- Andy Meneely, Rochester Institute of Technology, USA,
- Amiangshu Bosu, Wayne State University, USA,
- Zhiyuan Wan, Zhejiang University, China,
- Joanna C. S. Santos, University of Notre Dame, USA,
- Gias Uddin, University of Calgary, Canada,
- Jingyue Li, NTNU, Norway,
- Hongyu Zhang, University of Newcastle, Australia,
- Kristen Moore, Data61, Australia,
- Xiaoning Du, Monash University, Australia,
- Sharif Abuadbba, Data61, Australia,
- Chadni Islam, Queensland University of Technology, Australia,
- Hoa K. Dam, University of Wollongong, Australia,
- Monica Whitty, Monash University, Australia,
- Karen Renaud, University of Strathclyde, United Kingdom,
- Jamal El Hachem, University of South Brittany, France,
- Nicolás E. Díaz Ferreyra, Hamburg University of Technology, Germany,
- Steven Arzt, Fraunhofer SIT, Germany.
- Coralie Esnoul, IFE, Norway,
- Eunkyoung Jee, KAIST, South Korea,
- Triet Huynh Minh Le, Adelaide University, Australia,
- Ali Babar, Adelaide University, Australia,
- Ricardo Colomo-Palacios, Universidad Politécnica de Madrid,
- Awais Rashid, University of Bristol, UK.