Strategic Seminars

Responding to the need for closer ties with the European ICT industry, the ERCIM Board of Directors embarked on the initiative to organize a series of annual strategic seminars on current topics within ICT and Mathematics. The rationale behind this strategic decision is manifold: to enhance the impact of research taking place within ERCIM institutes and Working Groups by actively disseminating results towards industrial stakeholders; to expose researchers to ongoing research activities with an industrial take-up potential; and to help bridge the gap between research and industrial practice.

2008 EC-ERCIM Seminar on ICT Security: "Engineering Secure Complex Software Systems and Services"

Brussels, 16 October 2008

ERCIM and the Eurpean Commission were jointly organising a Strategic Seminar on “Engineering Secure Complex Software Systems and Services”. The seminar was the result of a joint effort of ERCIM, its Security and Trust Management Working Group, and the European Commission (Unit F5 “Security” of DG INFSO).

Organising Committee of the Seminar:
- Javier Lopez, U. of Malaga
- Volkmar Lotz, SAP Research
- Fabio Martinelli, IIT-CNR
- Aljosa Pasic, Atos Origin
- Dimitris Plexousakis, ERCIM
- Manuel Carvalhosa and Thomas Skordas, EC, DG INFSO-F5.

Seminar Report

List of participants

Programme and Presenation Slides

Scope and Objectives

In particular, this ERCIM strategic seminar aimed at collecting the relevant academic and industrial expertise in secure software engineering and at linking it with industry's best practices in the field in order to increase the trustworthiness of the resulting ICT systems.

Indeed, the growing complexity of ICT systems and the services they provide creates demands for a continuously increasing level of assurance on their expected functional behaviour as well as on non-functional properties such as performance, reliability, scalability and in particular security. Today however, the task of secure engineering (from collecting requirements to implementation and operation) of such systems and services is difficult, due to a number of reasons, such as:

the lack of effective support in writing secure code sections, developing secure systems and assessing their security status
the lack of adequate methodological support for the elicitation and specification of system-level security requirements based on domain- and application-specific risk analysis
the lack of support to compare different system implementations with regard to their security properties and expected behaviour.

In order to contribute to addressing these relevant issues, this EC-ERCIM Strategic Seminar:

presented latest progress on key research and development initiatives in engineering secure complex software systems and services and in achieving ICT system-level assurance
encouraged the dialogue between scientists and industrial players from the field with a view to promoting collaboration; in particular, discuss the balance between rigorous scientific approaches aiming at achieving provably secure systems and cost-benefit considerations
identified future key research challenges to be addressed in the field.

Participation was by invitation only.

Links:
ERCIM WG on Security and Trust Management: http://www.iit.cnr.it/STM-WG/
European Commission’s DG INFSO Unit F5 "Security":
http://cordis.europa.eu/fp7/ict/security/home_en.html

Contacts:
Dimitris Plexousakis, FORTH-ICS, Greece (dpics.forth.gr)
Fabio Martinelli, IIT-CNR, Italy (Fabio.Martinelliiit.cnr.it)
Thomas Skordas, European Commission (Thomas.Skordasec.europa.eu)
ERCIM office (contactercim.org)

Programme

Programme and Presentation Slides

09:30 - 10:10	Welcome and Introductory key note speech Welcome from *Jacques Bus, EC-DG INFSO Head of Unit "Security" Welcome* from *Keith Jeffery, ERCIM President Keynote Speaker: Antti Vähä-Sipilä*, Nokia, The SAFECode initiative
10:10 - 11:30	Panel Moderator: Aljosa Pasic, ATOS Origin Panellists *Bill Whyte, the UK White Paper on "secure software development" Tor Gaute IndstÃ¸y, Santander Bank, Norway, Best practices in secure software engineering - an end-user's perspective Tom Schroeer, SAP Germany, Promoting secure software engineering processes - a large company's perspective Wilson Goudalo, Atos Origin, UK, Best practices in secure software engineering - a service company's perspective Sachar Paulus, ISSECO board, Germany, Standardising education for secure software development Panel discussion* (30 minutes): Assessing today's situation and moving ahead the industrial agenda on secure software engineering and software assurance.

11:50- 13:20	Panel 2: Research Advances and Perspectives Panel Moderator: Javier Lopez, University of Malaga Panellists *Ketil Stoelen, SINTEF, Norway, Advances in risk assessment for systems of systems Jorge Cuellar, SIEMENS, Germany, Security, a Sisyphean task? A personal view Maritta Heisel, University of Duisburg Essen, Germany, Advances in Pattern- and Model-based Requirements and Design Gilles Barthe, IMDEA SoftwareSpain, Language-based methods in system-wide security Fabio Massacci, University of Trento, Italy, Security Engineering in the new millenium Matthias Hoelzl, University of Munich, Germany, Software Engineering for Secure Software-Intensive Systems Panel discussion*: Assessing today's research advances and discussing the way forward on secure software engineering from a research perspective.

14:30 - 16:15	Panel 3: The Way Forward Panel Moderator: Jacques Bus, EC-DG INFSO Panellists *Volkmar Lotz, SAP Research, Summary of the main findings of Panel 1 Fabio Martinelli, CNR, Italy, Summary of the main findings of Panel 2 Paul Kearney, BT UK Andreas Ebert, Microsoft Europe Claude Kirchner, INRIA, France Wouter Joosen, KU Leuven, Belgium Hermann Brand, ETSI Panel discussion* (1H): Bridging the gap between today's industrial practices and research advances and discussing promising ways ahead.
16:15 - 16:30	Concluding Remarks