The 3rd International Workshop on Safety and Security Testing and Monitoring (STAM 2023)
to be held in conjunction with the 18
th
International Conference on Availability, Reliability and Security
(ARES 2023 –
http://www.ares-conference.eu
)
August 29 – September 01, 2023
Distributed computer networked systems and services have become a crucial infrastructure element for the organization of modern society. These networks and services are required to be more and more open and new technology is designed to facilitate the interoperation between these networks composed of heterogeneous, communicating devices. Guaranteeing that they interoperate in a safe and secure way has become a major concern for individuals, enterprises and governments.
Since the environment may be potentially hostile and contain malicious components, it is crucial to define frameworks adapted to distributed systems to enforce safety, security and privacy. By distributed systems, we mean all systems that are composed of more than one communicating device such as telecommunication networks, cloud/Edge computer environment, industrial systems, smart communities, internet of things, distributed operating systems and middleware etc.
The STAM workshop tries to answer how miss-behaviours and attacks modeling can help users understand the occurrence of malicious behaviors in order to avoid them, and what are the advantages and drawbacks of the existing models. At the same time, the workshop tries to understand how to solve the challenging safety and security testing and monitoring problem given that testing distributed systems is a complex task and safety & security will add new challenges and difficulties to be solved.
The objective of this workshop is to share ideas, methods, techniques, and tools about safety & security testing and monitoring in distributed systems to improve the state of the art. In addition to scientific paper presentations, we intend to have one or two keynotes describing ongoing activities in the related areas and demonstrations of some innovative security tools.
STAM workshop is supported by projects:
HE-AI4Cyber
HE-DYNABIC
H2020-ECSEL-AIDOART
H2020 PUZZLE
H2020-VeriDevOps
H2020-SANCUS
Workshop Chairs
Ana Rosa Cavalli
Institut Mines Telecom, France (H2020 SANCUS)
Sofia Karagiorgou
Ubitech LTD, Cyprus (H2020 PUZZLE)
Sandra König
Austrian Institute of Technology, Austria (H2020-ECSEL AIDOaRt)
Wissam Mallouli
Montimage, France (H2020 VeriDevOps, HE AI4Cyber)
Erkuden Rios
Tecnalia, Spain (HE DYNABIC, HE AI4CYBER)
Andrey Sadovykh
Softeam, France (H2020 VeriDevOps)
Valentina Casola
University of Napoli Federico II, Italy
PROGRAMME COMMITTEE 2023
Valentina Casola, University of Naples Federico II, Italy
Ana Rosa Cavalli, Institut Mines-Telecom/Telecom SudParis, France
Thibault Cholez, LORIA / INRIA Nancy Grand-Est, France
Alessandra De Benedictis, University of Naples Federico II, Italy
Eduard Paul Enoiu, Mälardalen University, Sweeden
Nicolas Ferry, University Cote d’Azur, France
Eider Iturbe, Tecnalia, Spain
Sophia Karagiorgou, UBITECH LTD, Greece
Sandra König, AIT Austrian Institute of Technology, Austria
Alexios Lekidis, Public Power Corporation, Greece
Stephane Maag, Institut Mines Telecom / Telecom SudParis, France
Wissam Mallouli, Montimage, France
Stefan Marksteiner, AVL List Gmbh / Mälardalen University, Sweeden
Edgardo Montes de Oca, Montimage, France
Phu H. Nguyen, SINTEF, Norway
Andrea Pferscher, Graz University of Technology, Austria
Panagiotis Radoglou-Grammatikis, University of Western Macedonia, Greece
Massimiliano Rak, University of Campania, Luigi Vanvitelli, Italy
Erkuden Rios, Tecnalia, Spain
Andrey Sadovykh, Softeam, France
Bilal Said, Arts, Sciences and Technology University in Lebanon (AUL), Lebanon
Cristina Seceleanu, Mälardalen University, Sweeden
Dragos Truscan, Åbo Akademi University, Finland
Fatiha Zaidi, Univ. Paris-Sud, France
Keynotes
Martin Schneider
Head of the Testing in the business unit Quality Engineering (SQC) at the Fraunhofer Institute for Open Communication Systems (Fraunhofer FOKUS), Germany
Challenges and Opportunities for Security Testing and Monitoring in the Light of the Cyber-Resilience Act
The Cyber-Resilience Act obliges the manufacturers of software to perform a comprehensive security evaluation. Security testing and monitoring plays a crucial role to meet the requirements arising from the CRA. In the light of these upcoming requirements, also the demands on security testing and monitoring will change, with respect to efficiency, reliability, and independence. In my talk, I will interpret the CRA in the context of security testing and monitoring and will present a solution that partially addresses them.
Martin Schneider is Head of the Testing in the business unit Quality Engineering (SQC) at the Fraunhofer Institute for Open Communication Systems (Fraunhofer FOKUS). His research focuses on security testing of both software systems and machine learning systems. He leads various research projects in these areas at Fraunhofer FOKUS and is active in standardization bodies such as DIN and ETSI. He is author of a primer for the application of fuzzing in the context of common criteria certification published by the German Federal Office for Information Security (BSI), trainer at the Fraunhofer Academy for Security Testing, and co-author of a book in this field.