Strategic Seminars
Responding to the need for closer ties with the European ICT industry, the ERCIM Board of Directors embarked on the initiative to organize a series of annual strategic seminars on current topics within ICT and Mathematics. The rationale behind this strategic decision is manifold: to enhance the impact of research taking place within ERCIM institutes and Working Groups by actively disseminating results towards industrial stakeholders; to expose researchers to ongoing research activities with an industrial take-up potential; and to help bridge the gap between research and industrial practice.
2008 EC-ERCIM Seminar on ICT Security: "Engineering Secure Complex Software Systems and Services"
Brussels, 16 October 2008
ERCIM and the Eurpean Commission were jointly organising a Strategic Seminar on “Engineering Secure Complex Software Systems and Services”. The seminar was the result of a joint effort of ERCIM, its Security and Trust Management Working Group, and the European Commission (Unit F5 “Security” of DG INFSO).
Organising Committee of the Seminar:
- Javier Lopez, U. of Malaga
- Volkmar Lotz, SAP Research
- Fabio Martinelli, IIT-CNR
- Aljosa Pasic, Atos Origin
- Dimitris Plexousakis, ERCIM
- Manuel Carvalhosa and Thomas Skordas, EC, DG INFSO-F5.
Scope and Objectives
In particular, this ERCIM strategic seminar aimed at collecting the relevant academic and industrial expertise in secure software engineering and at linking it with industry's best practices in the field in order to increase the trustworthiness of the resulting ICT systems.
Indeed, the growing complexity of ICT systems and the services they provide creates demands for a continuously increasing level of assurance on their expected functional behaviour as well as on non-functional properties such as performance, reliability, scalability and in particular security. Today however, the task of secure engineering (from collecting requirements to implementation and operation) of such systems and services is difficult, due to a number of reasons, such as:
- the lack of effective support in writing secure code sections, developing secure systems and assessing their security status
- the lack of adequate methodological support for the elicitation and specification of system-level security requirements based on domain- and application-specific risk analysis
- the lack of support to compare different system implementations with regard to their security properties and expected behaviour.
In order to contribute to addressing these relevant issues, this EC-ERCIM Strategic Seminar:
- presented latest progress on key research and development initiatives in engineering secure complex software systems and services and in achieving ICT system-level assurance
- encouraged the dialogue between scientists and industrial players from the field with a view to promoting collaboration; in particular, discuss the balance between rigorous scientific approaches aiming at achieving provably secure systems and cost-benefit considerations
- identified future key research challenges to be addressed in the field.
Participation was by invitation only.
Links:
ERCIM WG on Security and Trust Management: http://www.iit.cnr.it/STM-WG/
European Commission’s DG INFSO Unit F5 "Security":
http://cordis.europa.eu/fp7/ict/security/home_en.html
Contacts:
Dimitris Plexousakis, FORTH-ICS, Greece (dp ics.forth.gr)
Fabio Martinelli, IIT-CNR, Italy (Fabio.Martinelliiit.cnr.it)
Thomas Skordas, European Commission (Thomas.Skordasec.europa.eu)
ERCIM office (contactercim.org)
|
Programme and Presentation Slides
| 09:30 - 10:10 |
Welcome and Introductory key note speech
Welcome from Jacques Bus, EC – DG INFSO Head of Unit "Security"
 Welcome from Keith Jeffery, ERCIM President
Keynote Speaker: Antti Vähä-Sipilä, Nokia, The SAFECode initiative
|
| 10:10 - 11:30 |
Panel Moderator: Aljosa Pasic, ATOS Origin
Panellists
Bill Whyte, the UK White Paper on "secure software development"
Tor Gaute Indstøy, Santander Bank, Norway, Best practices in secure software engineering – an end-user's perspective
Tom Schroeer, SAP Germany, Promoting secure software engineering processes - a large company's perspective
Wilson Goudalo, Atos Origin, UK, Best practices in secure software engineering - a service company's perspective
Sachar Paulus, ISSECO board, Germany, Standardising education for secure software development
Panel discussion (30 minutes): Assessing today's situation and moving ahead the industrial agenda on secure software engineering and software assurance.
|
|
|
| 11:50- 13:20 |
Panel 2: Research Advances and Perspectives
Panel Moderator: Javier Lopez, University of Malaga
Panellists
Ketil Stoelen, SINTEF, Norway, Advances in risk assessment for systems of systems
Jorge Cuellar, SIEMENS, Germany, Security, a Sisyphean task? A personal view
Maritta Heisel, University of Duisburg Essen, Germany, Advances in Pattern- and Model-based Requirements and Design
Gilles Barthe, IMDEA SoftwareSpain, Language-based methods in system-wide security
Fabio Massacci, University of Trento, Italy, Security Engineering in the new millenium
Matthias Hoelzl, University of Munich, Germany, Software Engineering for Secure Software-Intensive Systems
Panel discussion: Assessing today's research advances and discussing the way forward on secure software engineering from a research perspective.
|
|
|
| 14:30 - 16:15 |
Panel 3: The Way Forward
Panel Moderator: Jacques Bus, EC – DG INFSO
Panellists
Volkmar Lotz, SAP Research, Summary of the main findings of Panel 1
Fabio Martinelli, CNR, Italy, Summary of the main findings of Panel 2
Paul Kearney, BT UK
Andreas Ebert, Microsoft Europe
Claude Kirchner, INRIA, France
Wouter Joosen, KU Leuven, Belgium
Hermann Brand, ETSI
Panel discussion (1H): Bridging the gap between today's industrial practices and research advances and discussing promising ways ahead.
|
| 16:15 - 16:30 |
Concluding Remarks |
|
|
Last Updated ( Thursday, 13 November 2008 )
|
|
Activities 
