EnCyCriS/SVM 2024

Backgrounds

Software permeates modern society. Within critical infrastructures and systems providing important societal services, there have been considerable digitisation efforts the last decade. To address critical infrastructures vulnerabilities in design, development, implementation, operation and maintenance, a Joint Workshop is arranged between the International Workshop on Engineering and security of Critical Systems (EnCyCriS) and the International Workshop on Software Vulnerability Management (SVM).

An effect of the 4th industrial revolution is that cyber physical systems and software are in continuous growth in their complexity. Complexity of data, and system integration are becoming increasingly important for business and operation.

For critical infrastructures in e.g., energy production and transmission, transportation and public health, this transformation has led to an increased exposure to cyber, physical, and combined cyber-physical attacks.

Most of these cyber attacks have been caused by software vulnerabilities, and thus software vulnerability management has become indispensable to ensure the security of critical systems and infrastructures (e.g., safety protection systems in nuclear, high integrity control systems in transportation, etc.), and emerging solutions with potential high impact (e.g., Artificial Intelligence, block chain, and quantum systems).

Systems are required to be more efficient whilst retaining their efficacy, resulting in a more complex security landscape. For cybersecurity, handling both hardware and software vulnerabilities throughout the system life cycle is critical. To manage software vulnerabilities, Software Vulnerability Management (SVM) is a vital process to ensure the quality and security of critical systems and infrastructures.

Workshop

EnCyCriS and SVM invites contributions from research scholars and practitioners working on challenges and solutions for engineering and cybersecurity of critical systems on the following topics:

• Safe, reliable, and secure by design - and - Safety and security co-engineering.
• Software Vulnerability Management for critical systems, including threat modeling and event analysis.
• Cyber response estimation on software and hardware of CI using models, simulations, and digital twins.
• The role and impact of human in cybersecurity in critical infrastructures development and operation.
• Human factors in cybersecurity software engineering and software vulnerability management.

We accept position papers, research papers, and industrial experience papers. We highly value industrial experience and lessons learned, and academic papers where research artefacts have been applied in an industrial context.

Call For Papers

EnCyCriS and SVM invites contributions from research scholars and practitioners working on challenges and solutions for engineering and cybersecurity of critical systems on the following topics:

• Safety and security co-engineering.
• Cyber security challenges and solutions in critical infrastructure and industrial software-intensive systems.
• Threat modeling and analyzing software systems security.
• Requirements engineering for critical infrastructure systems and software.
• Techniques and practices of threat modeling (including mixed-methods).
• Identification and impact estimation for response of cyber effects on software and hardware of CI using models, simulations, and digital twins.
• Human factors in cybersecurity software engineering and software vulnerability management.
• SecDevOps for critical infrastructure software and systems - and - SVM for DevOps.
• Methodology, processes and tools for SVM.
• AI-driven techniques for SVM (AI4SVM) and SVM for AI-based systems (SVM4AI).
• Human-AI collaboration for SVM.
• Empirical study of SVM tools and/or practices (including mixed-methods).
• SVM in software development lifecycle.
• Mining software repositories, and data sets for SVM.
• Data quality for SVM analytics.
• SVM for infrastructure-as-code and/or virtualised infrastructures.
• Systems cybersecurity management and SVM for emerging systems (e.g., blockchain, virtual, and quantum systems).
• Cyber-response estimation on software and hardware of critical infrastructure using models, simulations, and digital twins.

We accept position papers, research papers, and industrial experience papers. We highly value industrial experience and lessons learned, and academic papers where research artefacts have been applied in an industrial context.

Important dates

• Paper Submission Deadline: 27th November 2023 extended 15th December
• Paper Acceptance Notification: 11th January 2024.
• Camera-ready Papers: 25th January 2024.
• Workshop date: Monday 15th April 2024.

Paper Submission

Workshop proceedings will be prepared by IEEE CPS and published in ACM Digital Library and IEEE Xplore Digital Library. Workshop papers must follow the ACM formatting instructions.

We accept submission of research papers of 8 pages maximum length as well as position papers & short papers of 4 to 6 pages length, and industry experiences and challenges papers of 4 to 6 pages. All paper should be submitted in PDF through the HotCRP platform of the workshop, and should not be longer than 8 pages including references. Each paper will be reviewed on the basis of technical quality, relevance, significance, and clarity by at least three Program Committee members.

If you have any questions or wonder whether your submission is in scope, please do not hesitate to contact the organizers.

Submission Link

https://encycris-svm-2024.hotcrp.com/