Workshop program



9:00-10:00 Session 1 - Vulnerabilities

Session Chair: Riccardo Scandariato, Katholieke Universiteit Leuven, Belgium

  • Golnaz Elahi, Eric Yu and Nicola Zannone. Security Risk Management by Qualitative Vulnerability Analysis [pdf]
  • Maureen Doyle and James Walden. An Empirical Study of the Evolution of PHP Web Application Security [pdf]


Coffee Break

10:30-12:00 Session 2 - Alerts

Session Chair: Laurie Williams, NCSU, USA

  • Stewart Kowalski, Rostyslav Barabanov and Robert Hoffmann. Cyber Security Alert Warning System:A Socio-Techinal Coordinate System Proposal [pdf]
  • Harpreet Kohli, Dale Lindskog, Pavol Zavarsky and Ron Ruhl. An Enhanced Threat Identification Approach For Collusion Threats [pdf]
  • Sufatrio and Roland H.C. Yap. Quantifying the Effects of More Timely Certificate Revocation on Lightweight Mobile Devices [pdf]


Lunch (Vista Dining Room)

13:30-15:00 Session 3 - Privacy and Short Talks

Session Chair: Maureen Doyle, Northern Kentucky University, USA

  • Sebastian Banescu and Nicola Zannone. Measuring Privacy Compliance with Process Specifications [pdf]
  • Emmanuel Ibidokun Tope, Pavol Zavarsky, Ron Ruhl and Dale Lindskog, Performance Evaluation of Oracle VM Server Virtualization Software 64 bit Linux Environment [pdf]
  • Erland Jonsson and Laleh Pirzadeh, A Framework for Security Metrics Based on Operational System Attributes [pdf]
  • Jeffrey Stuckman and James Purtilo, A testbed for the evaluation of web intrusion prevention systems [pdf]
  • Kihun Jang and Heung-Youl Youm, Authentication Protocol for Preventing Damage by Loss and Theft of Smartphone [pdf]
  • Laleh Pirzadeh and Erland Jonsson, A Cause and Effect Approach Towards Risk Analysis [pdf]
  • Lukas Demetz, Daniel Bachlechner, Stefan Thalmann and Ronald Maier, Performance measurement in cross-organizational security settings [pdf]


Coffee Break

15:30-17:00 Breakout Session

Session Chair: James Walden, Northern Kentucky University, USA

  • Olav S. Ligaarden, Atle Refsdal and Ketil Stølen, Experiences from Using Indicators to Validate Expert Judgments in Security Risk Analysis [pdf]
  • Miles McQueen, Jason Wright, Lawrence Wellman, Are Vulnerability Disclosure Deadlines Justified? [pptx]

In the remaining time in this session, we will discuss common problems in empirical software security research, such as the quality of data sources for research.