STAM 2017

The 2nd International Workshop on Security Testing And Monitoring

to be held in conjunction with the ARES EU Projects Symposium 2017, held at ARES 2017
(ARES 2017 – http://www.ares-conference.eu)

August 29 – September 1, 2017, Reggio Calabria, Italy

Distributed computer networked systems and services have become a crucial infrastructure element for the organization of modern society. These networks and services are required to be more and more open and new technology is designed to facilitate the inter-operation between these networks composed of heterogeneous, communicating devices. Guaranteeing that they interoperate securely has become a major concern for individuals, enterprises and governments. Since the environment may be potentially hostile and contain malicious components, it is crucial to define frameworks adapted to distributed systems to enforce security and privacy. By distributed systems, we mean all systems that are composed of more than one communicating device such as telecommunication networks, cloud computer environment, smart communities, internet of things, distributed operating systems and middleware, big data etc.

The STAM workshop tries to answer how vulnerability, intrusions and attacks modeling can help users understand the occurrence of malicious behaviors in order to avoid them, and what are the advantages and drawbacks of the existing models. At the same time, the workshop tries to understand how to solve the challenging security testing and monitoring problem given that testing distributed systems is a complex task and security will add new challenges and difficulties to be solved.

The objective of this workshop is to share ideas, methods, techniques, and tools about security testing and monitoring in distributed systems to improve the state of the art. In addition to scientific paper presentations, we intend to have one or two keynotes describing ongoing activities in the related areas and demonstrations of some innovative security tools.

Supporting projects

STAM workshop is upported by projects: H2020-MUSA, H2020-CLARUS, ANR-DOCTOR, H2020 ANASTACIA and H2020 SISSDEN.

H2020 MUSA: MUSA Project is an EU H2020 Research Project which is aimed at ensuring security in all multi-cloud environments. The goal of MUSA is to provide a framework which supports the security-intelligent lifecycle management of distributed applications over heterogeneous cloud resources. The MUSA framework utilizes security-by-design mechanisms for application self-protection as well as methods and tools for integrated security assurance.

H2020 CLARUS: The main objective of the CLARUS project is to enhance trust in cloud computing services by developing a secure framework for the storage and processing of data outsourced to the cloud. CLARUS will allow end users to monitor, audit and control the stored data without impairing the functionality and cost-saving benefits of cloud services. Ten partners cover all expertise and competence required to achieve the objectives of the project, which have guided all the time the formation of the consortium.

ANR DOCTOR: The DOCTOR project provides a major push towards the adoption of these new standards by enabling a secure use of virtualized network equipment, which will ease the deployment of novel networking architectures. Monitoring and security are primary operator requirements that need to be assured before deploying new solutions.

H2020 ANASTACIA:  ANASTACIA main goal is to address cyber-security concerns by researching, developing and demonstrating a holistic solution enabling trust and security by-design for Cyber Physical Systems (CPS) based on IoT and Cloud architectures. To this end, ANASTACIA will develop a trustworthy-by-design security framework which will address all the phases of the ICT Systems Development Lifecycle (SDL) and will be able to take autonomous decisions through the use of new networking technologies such as Software Defined Networking (SDN) and Network Function Virtualisation (NFV) and intelligent and dynamic security enforcement and monitoring methodologies and tools.

H2020 SISSDEN: SISSDEN will improve the cybersecurity posture of EU organisations and citizens through the development of increased situational awareness and the effective sharing of actionable information. SISSDEN builds on the experience of The Shadowserver Foundation, a non-profit organisation well known in the security community for its successful efforts in the mitigation of botnets and fighting malware propagation. SISSDEN will provide free-of-charge victim notification services, and work in close collaboration with Law Enforcement Agencies, national CERTs, network owners, service providers, small and medium-sized enterprises (SMEs) and individual citizens.

Topics of interest comprise but are not limited to:
Runtime monitoring of secure interoperability of relevant applications
Remediation and reactions against attacks in distributed systems
Comparisons between security-by-design and formal approaches
Application of mutation techniques to security interoperability
Security testing & monitoring in multi-cloud environments
Security testing and monitoring for Cyber-physical systems
Test-driven diagnosis of security interoperability weaknesses
Secure interoperability in Cloud-based environments
Secure interoperability for multi-cloud systems
Techniques to validate secure interoperability
Attacks tolerance in distributed environments
Security monitoring in distributed systems
Security testing and monitoring for big data
Robustness and fault tolerance to attacks
Trust and privacy in secure interoperability
Security testing in distributed systems
Security testing and monitoring for IoT
Fuzz testing for secure interoperability
Research project methods and tools
Secure multi-cloud collaboration
Industrial experience reports
Project success stories
Important Dates
Submission Deadline April 2, 2017
Author Notification May 22, 2017
Proceedings Version June 20, 2017
Conference August 29 – September 2, 2017
Workshop Chairs

The workshop will be co-chaired by two persons representing two different organizations : Montimage and Institute Telecom SudParis from France. Dr. Wissam Mallouli will be the primary contact.

Wissam Mallouli
Montimage, France

Ana Rosa Cavalli
Telecom SudParis, France

Program Committee

Valentina Casola, CERICT, Italy
Thibault Cholez, INRIA, France
Josep Domingo-Ferrer, Universitat Rovira i Virgili, Catalonia
Jürgen Grossman, Fraunhofer Fokus, Germany
Rob Hierons, Brunel University, UK
Alexandre K. Petrenko, ISPRAS, Russia
Stephane Maag, Telecom SudParis
Bertrand Mathieu, Orange, France
Mercedes Merayo, Complutense University of Madrid, Spain
Edgardo Montes de Oca, Montimage, France
Antonio M. Ortiz, Montimage, France
Erkuden Rios Velasco, Tecnalia, Spain
Antony Shimmin, AIMES, UK
Antonio Skarmeta, Universidad de Murcia, Spain
Khalifa Toumi, Telecom SudParis, France
Fatiha Zaidi, Universite de Paris Sud, France

Submission

The submission guidelines valid for the STAM workshop are the same as for the ARES conference. They can be found >>here<<.