SCAM 2025
Sun 7 - Fri 12 September 2025 Auckland, New Zealand
co-located with ICSME 2025

This program is tentative and subject to change.

Tue 9 Sep 2025 11:15 - 11:37 at OGGB5 260-051 - Analysis 2 Chair(s): Patrick Lam

Serverless computing significantly alters software development by abstracting infrastructure management and enabling rapid, modular, event-driven deployments. Despite its benefits, the distinct characteristics of serverless functions, such as ephemeral execution and fine-grained scalability, pose unique security challenges, particularly in open-source platforms like OpenFaaS. Existing approaches typically address isolated phases of the DevSecOps lifecycle, lacking an integrated and comprehensive security strategy. To bridge this gap, we propose FaaSGuard, a unified DevSecOps pipeline explicitly designed for open-source serverless environments. FaaSGuard systematically embeds lightweight, fail-closed security checks into every stage of the development lifecycle—planning, coding, building, deployment, and monitoring—effectively addressing threats such as injection attacks, hard-coded secrets, and resource exhaustion. We validate our approach empirically through a case study involving 20 real-world serverless functions from public GitHub repositories. Results indicate that FaaSGuard effectively detects and prevents critical vulnerabilities, demonstrating high precision (95%) and recall (91%) without significant disruption to established CI/CD practices.

This program is tentative and subject to change.

Tue 9 Sep

Displayed time zone: Auckland, Wellington change

10:30 - 12:00
Analysis 2Engineering Track / Research Track at OGGB5 260-051
Chair(s): Patrick Lam University of Waterloo
10:30
22m
Research paper
On the need to perform comprehensive evaluations of automatic program repair benchmarks: Sorald case study
Research Track
Sumudu Liyanage University of Otago, Sherlock A. Licorish University of Otago, Markus Wagner Monash University, Australia, Stephen MacDonell Victoria University of Wellington
Pre-print
10:52
22m
Research paper
Static Analysis as a Feedback Loop: Enhancing LLM-Generated Code Beyond Correctness
Research Track
Scott Blyth Monash University, Sherlock A. Licorish University of Otago, Christoph Treude Singapore Management University, Markus Wagner Monash University, Australia
Pre-print
11:15
22m
Research paper
FaaSGuard: Secure CI/CD for Serverless Applications – An OpenFaaS Case Study
Engineering Track
Amine Barrak Oakland University, USA, Emna Ksontini University of Michigan, Ridouane Atike , Fehmi Jaafar Université du Québec à Chicoutimi
Pre-print
11:37
22m
Research paper
llvm-dimeta: A library for extracting source-level type information in LLVM IR using debug metadata.
Engineering Track
Alexander Hück Scientific Computing, TU Darmstadt, Sebastian Kreutzer TU Darmstadt, Christian Bischof Scientific Computing, TU Darmstadt