The 3rd International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS 2022)

May 16th, 2022

In conjunction with the 44th International Conference on Software Engineering (ICSE 2022).

This is the third installment of the International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS). The 4th Industrial Revolution drives connectivity and complexity of cyber physical systems, as well as information and communication technologies. The 4th Industrial Revolution aims at the intelligent world through connection, decentralization, sharing, and opening. Software is the driving force of the revolution. Across domains this digital transformations aim to optimize their services and processes as well as to reduce costs. For critical infrastructures in e.g., energy, transportation and public health, this transformation has resulted in increased exposure to cyber, physical, and combined cyber-physical attacks.

A cyberattack on a critical system can inflict severe catastrophe to society, economy and national security. Cyber can also have adverse effects on safety and reliability of these systems. This workshop opens discussions among researchers, practitioners and students who are working on challenges and solutions for the 4th Industrial Revolution, with a particular focus on cyber threats to critical systems; secure software engineering; and attack detection and response mechanisms.

The Workshop organization would like to thank all the authors, reviewers, chairs and ICSE virtualization team for their efforts and hard work to make this event possible this year again. Thank you for this year great success. We wish to see you in our future events.

Motivation

The 4th Industrial Revolution technologies have brought both opportunities and challenges to several industries and disciplines. Their impacts are broad in scale and disruptive in nature. One of the challenges is cybersecurity of critical infrastructures (CI) such as energy and transportation that are also going through the new technological revolution. A successful cyber-attack on these critical systems can inflict severe consequences at a national level. To understand the threat landscape for critical applications of digital systems, including the attack interfaces, vulnerabilities, potential threats and associated risks, it is crucial to visualize and articulate the system in a manner that shows the interconnections between the system and its operational environment, the interrelations between software and hardware components of the system, and any dependencies that may be exploitable in a cyber-attack.

From a software engineering perspective, it is crucial to understand for example the vulnerabilities and threats pertaining to digital systems’ software, how to securely design the software and integrate with other components, how to monitor the abnormal behavior of the software.

The objectives of the workshop in terms of the R&D presented in the paper contributions is to provide state of the art and practice in:

  • integrated and secured software engineering processes and methods for CI that enable coordination among different stakeholders, experts and engineers, continuous integration of new and emerging technologies that enable the 4th Industrial Revolution, and interdependencies of CIs and their rippling effects;
  • threat landscape for digital systems’ software in CI, modelling cyber-attack scenarios and digital systems’ architecture and interdependencies. This includes to assess how to specify accurate software architecture design models that facilitates cybersecurity and Reliability, Availability, Maintainability and Safety (RAMS) assessment and support effective communication of the threats, vulnerabilities, risks and potential mitigation to relevant stakeholders as decision
    support;
  • developing risk models for digital systems’ software that could be used during response of fast evolving cyber incidents. For e.g. how to use, combine or tailor software system models, network topology, risk models, in a way that they could be used by incident responders to determine event propagation and suitable response strategies.
  • relevant early signals of threats to digital systems’ software for timely detection and response.

Call for Papers

This workshop invites paper contributions from research scholars and practitioners working on challenges and solutions for engineering and cybersecurity of critical systems in the 4th Industrial Revolution. The workshop invites papers within the following topics, but are not limited to:

  • Integrated and secured software engineering processes and
    methods for reliable critical infrastructure;
  • Safety by design in software engineering;
  • Security by design in software engineering;
  • Software engineering techniques enabling digital twin;
  • Simulation technology for analysis on safety, reliability, security,
    etc.;
  • Threats and risks modeling to critical infrastructures;
  • Cybersecurity risk visualization during development and
    operation;
  • Human factors in cyber security software engineering

We accept position papers, research papers, and industrial experience papers. We highly value industrial experience and lessons learned, this includes also academic papers where research artefacts have been applied in an industrial context.

Submission Guideline

Workshop proceedings will be prepared by IEEE CPS and published in ACM Digital Library and IEEE eXplore Digital Library. Workshop papers must follow the ACM formatting instructions: https://www.acm.org/publications/proceedings-template . Papers must have a maximum length of 8 pages.

All paper should be submitted in PDF through the HotCRP platform of the workshop: https://encycris22.hotcrp.com/.

Each paper will be reviewed by on the basis of technical quality, relevance, significance, and clarity by the program committee.

Workshop Papers Submission Deadline: 14 January 2022. Extended – 21 January 2022

Acceptance of paper: 25 March 2022.

Organizers

Program committee

  • Doo-Hwan Bae, KAIST, Republic of Korea
  • Eunkyoung Jee, KAIST, Republic of Korea
  • Sizarta Sarshar, IFE, Norway
  • John Eidar Simensen, IFE, Norway
  • Sabarathinam Chockalingam, IFE, Norway
  • Nathan Lau, VirginiaTech, USA
  • Ryan Gerdes, VirginiaTech, USA
  • Ricardo Colomo-Palacios, HIOF, Norway
  • Mary-Ann Lundteigen, NTNU, Norway
  • Vasileios Gkioulos, NTNU, Norway
  • Paul Smith, AIT Austrian Institute of Technology, Austria
  • Wolter Pieters, Radboud University, The Netherlands
  • Sridhar Adepu, University of Bristol, United Kingdom

Organization Committee

  • Coralie Esnoul, IFE, Norway
  • Eunkyoung Jee, KAIST, Republic of Korea
  • Doo-Hwan Bae, KAIST, Republic of Korea
  • Ricardo Colomo-Palacios, HIØF, Norway
  • John Eidar Simensen, IFE, Norway
  • Sabarathinam Chockalingam, IFE, Norway

The workshop is organized in conjunction with the 44th International
Conference on Software Engineering (ICSE 2022).
Please visit: https://conf.researchr.org/home/icse-2022

Important dates

Workshop Papers Submission Deadline: 14 January 2022 Extended –21 January 2022.

Workshop Papers Acceptance Notification: 25 February 2022.

Workshop Papers Camera Ready: 18 March 2022 Extended –22 March 2022.

Workshop sessions: 16 May 2022 – online

Program

The Workshop will be held on May 16th, online.

A possible hybrid attendance is planned in conjunction of the the ICSE conference in Pittsburg, USA depending on the travelling possibilities.

The workshop will be organized in sessions and topics, gathering papers from the same area and thematic. A Q&A session will be arranged after each session or topic.

Agenda:

Please note that all times below are indicated in CEST.

 9.30 AM           Test your connection

10.00 AM         Welcome and keynote speaker

  • Keynote: The challenges of gaining insights into highly critical systems

Einar Færaas, Principal Analyst IT Info Sec, Equinor Cyber Defense Centre

10.45 AM         Session 1 – Security Patterns And Critical Infrastructure.

  • 1.1 – A Reimagined Catalogue of Software Security Patterns

Alexander van den Berghe, Koen Yskout and Wouter Joosen imec-DistriNet, KU Leuven.

  • 1.2 – Standardized Cyber Security Risk Assessment for Unmanned Offshore Facilities

Balint Teglasy, Sokratis Katsikas and Mary Ann Lundteigen, NTNU.

  • 1.3 – Better Security Assessment Communication: Combining ISO 27002 Controls with UML Sequence Diagrams

Fabien Sechi, Bjørn Axel Gran, Per-Arne Jørgensen, , Institute for Energy Technology; and Oleh Kilyukh, Rivne Nuclear Power Plant.

  • 1.4 – Building a Hardware-In-the-Loop (HIL) Digital Energy Station Infrastructure for Cyber Operation Resiliency Testing

Per-Arne Jørgensen, Institute for Energy Technology; André Waltoft-Olsen, NTNU; Siv Hilde Houmb, Statnett SF, Aleksander Lygren Toppe, Institute for Energy Technology; Tore Soltvedt, Statnett SF; Hans Kristian Muggerud, Siemens AS.

12.15 PM                     break

 12.30 PM         Live Q&A session 1 – all authors from session 1 are expected live in Midspace

 1.10 PM           Session 2 – Threat and Vulnerabilities Analysis

  • 1.1 – Relationship-Based Threat Modeling

Stef Verreydt, Laurens Sion, Koen Yskout and Wouter Joosen, imec-DistriNet, KU Leuven.

  • 2.2 – Predicting the Severity and Exploitability of Vulnerability Reports using Convolutional Neural Nets

Ahmet Okutan and Mehdi Mirakhorli, Rochester Institute of Technology.

  • 1.3 – A Survey of Security Vulnerabilities in Android Automotive Apps

Manar H. Alalfi and Abdul Moiz, Ryerson University.

2.20 PM                       break

2.30 PM           Live Q&A session 2 – all authors from session 2 are expected live in Midspace

3.00 PM           Closure

Registration

All registrations for the workshop must be done through ICSE registration system, for both participants and authors to have access granted to the Workshop.

Please visit ICSE conference webpage: https://conf.researchr.org/home/icse-2022

Details to be updated.

Venue (Online Event)

EnCyCriS 2022 will be arranged online.

Depending on the traveling conditions, a venue will be communicated to allow the participants to meet in person in Pittsburg.

Contact

Please send your requests or question about the workshop to:

• Eunkyoung Jee, KAIST, Republic of Korea, ekjee@se.kaist.ac.kr
• Coralie Esnoul, IFE, Norway, coralie.esnoul@ife.no

Contact