Call For Papers

International Symposium on Engineering Secure Software and Systems (ESSoS)


February 03-04, 2010
Pisa, Italy

In cooperation with ACM SIGSAC and SIGSOFT (and IEEE CS (TCSE) - Pending)

Download this call as a PDF-file



Trustworthy, secure software is a core ingredient of the modern world. Unfortunately, the Internet is too. Hostile, networked environments, like the Internet, can allow vulnerabilities in software to be exploited
from anywhere. To address this, high-quality security building blocks (e.g., cryptographic components) are necessary, but insufficient. Indeed, the construction of secure software is challenging because
of the complexity of modern applications, the growing sophistication of security requirements, the multitude of available software technologies and the progress of attack vectors. Clearly, a strong need exists for
engineering techniques that scale well and that demonstrably improve the software's security properties.



The goal of this symposium, which will be the second in the series, is to bring together researchers and practitioners to advance the states of the art and practice in secure software engineering. Being one of the
few conference-level events dedicated to this topic, it explicitly aims to bridge the software engineering and security engineering communities, and promote cross-fertilization. The symposium will feature two days of
technical program as well as one day of tutorials. The technical program includes an experience track for which the submission of highly informative case studies describing (un)successful secure software project experiences and lessons learned is explicitly encouraged.


The Symposium seeks submissions on subjects related to its goals. This includes a diversity of topics including (but not limited to):
- scalable techniques for threat modeling and analysis of vulnerabilities
- specification and management of security requirements and policies
- security architecture and design for software and systems
- model checking for security
- specification formalisms for security artifacts
- verification techniques for security properties
- systematic support for security best practices
- security testing
- security assurance cases
- programming paradigms, models and DLS's for security
- program rewriting techniques
- processes for the development of secure software and systems
- security-oriented software reconfiguration and evolution
- security measurement
- automated development
- trade-off between security and other non-functional requirements
- support for assurance, certification and accreditation


The proceedings of the symposium have been published by Springer-Verlag in the Lecture Notes in Computer Science Series (

Submissions should follow the formatting instructions of the Springer LNCS Style.

Submitted papers must present original, non-published work of high quality. The PC will select the papers into three categories:

Full Papers (16 pages plus bibliography)- describe novel original research which is validated by either formal results, experimental analysis or significant case study validation. The critical bar for acceptance in this category is novelty and validation.

Industrial Reports (12 pagesplus bibliography) - describe the application of existing research techniques or analysis methods to an industry level case studies. The research results might be already published elsewhere, here you show that you have applied them to something that is actually used in an industrial setting (eg a real SAP product or a RedHat distribution). A critical issue for acceptance here is applicability to a large scale.

Idea papers (8 pages plus bibliography) - describe an interesting novel idea whose formal or experimental validation is not at the level of a full paper, but whose potential is promising. An idea paper allows you to timestamp your research contribution while giving you the chance to present fully validate result at later conferences.

Proposals for tutorials are highly welcome as well. Further guidelines will appear on the website of the symposium.

Online submission for papers is available through EasyChair, at


Abstract submission: September 15, 2009 (passed)
Paper submission: September 30, 2009
Author notification: November 15, 2009
Camera-ready: December 5, 2009
Tutorial submission: October 30, 2009
Tutorial notification: November 21, 2009


For all information on the organization, see this page.