ESSoS 2017 : Engineering Secure Software and Systems

  in Conferences   Posted on December 23, 2016

Conference Information

Submission Deadline Friday 24 Feb 2017
Conference & Submission Link
Conference Dates Jul 3, 2017 - Jul 5, 2017
Conference Address University of Bonn, Germany
Proceedings indexed by
Conference Organizers : ( Deadline extended ? Click here to edit )

Conference Call for Papers

Context and motivation

IT security is becoming an increasingly interdisciplinary subject. For example, it is insufficient to simply deploy new security measures but one must pay careful attention to correctly integrate the security measures into existing software. Such an approach involves redesigning and engineering of software to ensure that the built-in security policy is effective in practice.

Many security venues put little focus on topics related to software engineering, while many software-engineering venues lack appreciation for more complex topics in software security. ESSoS thus strives to be a venue that welcomes exactly such contributions that are at the border of IT security and software engineering. The program committee is particularly chosen to encompass a broad range of expertise, ranging from software security over software engineering to human subjects such as usable security.

Goal and setup

The goal of this symposium, which will be the ninth in the series, is to bring together researchers and practitioners to advance the state of the art and practice in secure software engineering. Being one of the few conference-level events dedicated to this topic, it explicitly aims to bridge the software engineering and security engineering communities, and promote cross-fertilization. The symposium will feature two days of technical program including two keynote presentations. In addition to academic papers, the symposium encourages submission of high-quality, informative industrial experience papers about successes and failures in secure software engineering and the lessons learned. Furthermore, the symposium also accepts short idea papers that crisply describe a promising direction, approach, or insight.


The Symposium seeks submissions on subjects related to its goals. This includes a diversity of topics including (but not limited to):

– Cloud security, virtualization for security

– Mobile devices security

– Automated techniques for vulnerability discovery and analysis

– Model checking for security

– Binary code analysis, reverse-engineering

– Programming paradigms, models, and domain-specific languages for security

– Operating system security

– Verification techniques for security properties

– Malware: detection, analysis, mitigation

– Security in critical infrastructures

– Security by design

– Static and dynamic code analysis for security

– Web applications security

– Program rewriting techniques for security

– Security measurements

– Empirical secure software engineering

– Security-oriented software reconfiguration and evolution

– Computer forensics

– Processes for the development of secure software and systems

– Security testing

– Embedded software security

– Usable security

Important dates

Paper submission: Friday, February 24, 2017 (firm)

Paper acceptance notification: Tuesday, April 18, 2017

Artifact evaluation submission: Friday, April 21, 2017

Poster submission: Friday, April 21, 2017

Poster acceptance notification: Friday, April 28, 2017

Camera-ready: Friday, May 12, 2017

Symposium: Monday to Wednesday, July 3-5, 2017

(DIMVA is held July 6-7, following ESSoS)

Submission and format

The proceedings of the symposium are published by Springer-Verlag in the Lecture Notes in Computer Science Series (, pending approval). Submissions should follow the formatting instructions of Springer LNCS. Submitted papers must present original, unpublished work of high quality.

Two types of papers will be accepted:

Full papers (max 14 pages without bibliography/appendices)

Such papers may describe original technical research with a solid foundation, such as formal analysis or experimental results, with acceptance determined mostly based on novelty and validation. Or they may describe case studies applying existing techniques or analysis methods in industrial settings, with acceptance determined mostly by the general applicability of techniques and the completeness of the technical presentation details.

Idea papers (max 8 pages with bibliography)

Such papers may crisply describe a novel idea that is both feasible and interesting, where the idea may range from a variant of an existing technique all the way to a vision for the future of security technology. Idea papers allow authors to introduce ideas to the field and get feedback, while allowing for later publication of complete, fully-developed results. Submissions will be judged primarily on novelty, excitement, and exposition, but feasibility is required, and acceptance will be unlikely without some basic, principled validation (e.g., extrapolation from limited experiments or simple formal analysis). In the proceedings, idea papers will clearly identified by means of the \”Idea\” tag in the title.


ESSoS will have a poster session to present ideas, discuss prototypes, and feature ongoing work. Authors of accepted papers and authors with evaluated artifacts are invited to submit a poster as well. Poster abstracts are limited to 1 page.

Approved Artifacts

Due to the secure software engineering focus, we expect the majority of papers to be based on an accompanying software artifact, data set, or similar. We strongly encourage the authors of accepted papers to submit such artifacts for evaluation. Artifact Evaluation will take place after accepted papers have been announced. Further information will be given closer to the paper-submission deadline. Submissions where the artifact evaluation committee can reproduce the software artifacts and evaluation will receive the “approved artifact” badge. Authors of approved artifacts are further given the opportunity to demo their artifact at the conference. In addition, the committee will select a best artifact to receive the Distinguished Artifact Award.

Steering committee

Jorge Cuellar (Siemens AG)

Wouter Joosen (Katholieke Universiteit Leuven) – chair

Fabio Massacci (Università di Trento)

Gary McGraw (Cigital)

Bashar Nuseibeh (The Open University)

Daniel Wallach (Rice University University)

Organizing committee

General chair: Michael Meier (University of Bonn, DE)

Program co-chairs: Mathias Payer (Purdue university, USA),Eric Bodden (Paderborn University, DE)

Doctoral Symposium: TBA

Publication chair: Elias Athanasopoulos (University of Cyprus, CY)

Publicity chair: TBA

Web chair: Ghita Saevels (Katholieke Universiteit Leuven, BE)

Program committee

David Aspinall, University of Edinburgh

Domagoj Babic, Google Inc.

Alexandre Bartel, University of Luxembourg

Amel Bennaceur, The Open University

Stefan Brunthaler, Paderborn University

Will Enck, NC State University

Michael Franz, University of California, Irvine

Christian Hammer, University of Potsdam

Michael Hicks, University of Maryland

Trent Jaeger, The Pennsylvania State University

Vassilis P. Kemerlis, Brown University

Johannes Kinder, University of London

Byoungyoung Lee, Purdue University

Yang Liu, University of Oxford

Ben Livshits, Microsoft Research

Clémentine Maurice, Technical University Graz

Andy Meneely, Rochester Institute of Technology

Mira Mezini, Technical University Darmstadt

Alessandro Orso, Georgia Tech

Christina Pöpper, New York University Abu Dhabi

Awais Rashid, Lancaster University

Kaveh Razavi, Vrije Universiteit Amsterdam

Tamara Rezk, INRIA

Angela Sasse, University College London

Zhendong Su, University of California, Davis

Melanie Volkamer, Karlstad University

Xiangyu Zhang, Purdue University

Other Conferences in Germany

ACM e-Energy 2018 : The Ninth ACM International Conference on Future Energy Systems

Deadline :
Mon 22 Jan 2018
Jun 12, 2018 - Jun 15, 2018 - Karlsruhe

IAS 2018 : Intelligent Autonomous Systems

Deadline :
Thu 01 Feb 2018
Jun 11, 2018 - Jun 15, 2018 - Baden-baden

ECCV 2018 : European Conference on Computer Vision

Deadline :
Wed 14 Mar 2018
Sep 8, 2018 - Sep 14, 2018 - Munich

DEXA 2018 : 29th International Conference on Database and Expert Systems Applications

Deadline :
Sun 18 Mar 2018
Sep 3, 2018 - Sep 6, 2018 - Regensburg