CALL FOR PAPERS: ACM Transactions on Software Engineering and Methodology, Special issue on Software Engineering and Security

CALL FOR PAPERS:

ACM Transactions on Software Engineering and Methodology -
Special issue on Software Engineering and Security

Software system security issues are no longer only of primary 
concern to military, government or infrastructure systems. Every 
palmtop, desktop and TV set-top box contains or will soon contain 
networked software. This software must preserve desired security 
properties (authenticity, privacy, integrity) of activities ranging from 
electronic commerce, electronic messaging, and browsing. From 
being a peripheral concern of a limited and specialized group of 
engineers, security has become a central concern for a wide range 
of software professionals. In addition, software is no longer a 
monolithic shrink-wrapped product created by a single development 
organization with a well-defined software process. Instead, it is 
composed of components constructed by many different vendors 
following different practices. Indeed, software may even contain 
elements that arrive and are linked in just prior to execution. 
Customers need assurance that constituent components and mobile 
code have certain desirable properties; this need conflicts with the 
need for vendors to protect their proprietary information. The issue 
of providing assurance without full disclosure has been studied in 
security research, and needs to be applied to this problem. 

To provide a focus for these and other interactions between security 
and software engineering, ACM TOSEM will bring out a special 
issue dedicated to the intersection of concerns between the two 
fields.  We solicit submissions that address the following issues and 
sub-areas:
* How can security be used to address problems in distributed 
software development? How does one build trust and control in the 
distributed enactment of software processes while protecting 
intellectual property? Trust in software process; Trust in software 
tools; Trusted (distributed) configuration management. 
* Can conventional, standard software engineering techniques be 
used to achieve verifiably higher levels of security in heterogeneous, 
distributed systems? What new software engineering techniques are 
needed? 
* Formal Verified implementations of security protocols; Traceability 
of correctness into implementation; Testing of security protocols; 
Specification of Secure Systems; Domain specific languages for 
Secure systems; Static/Dynamic Analysis for System Security; 
Security Testing ( property-based, coverage-based, etc); 
Configuring trusted systems; Evolving Legacy Systems for greater 
security. 
* Intellectual Property Protection: can security techniques be used 
to protect the valuable investments in software?  Reverse 
engineering counter measures; Software watermarking and copy 
protection; Combination Software and Hardware-based techniques. 

Papers Due: April 1, 1999, 1200 GMT
Notification of Acceptance: October 1, 1999
Guest Editors: 
	Premkumar Devanbu (UC Davis) and 
	Stuart Stubblebine (AT&T Labs--Research) 
For More Information: 
http://www.research.att.com/~stubblebine/tosem.html