Home      Log In      Contacts      FAQs      INSTICC Portal
Special Session
11th International Workshop on Security in Information Systems - WOSIS 2014

27 April, 2014 - Lisbon, Portugal

In conjunction with the 16th International Conference on Enterprise Information Systems - ICEIS 2014

General Chair

Dr. David G. Rosado
University of Castilla-La Mancha

Program Co-Chairs
Dr. Carlos Blanco
University of Cantabria
Dr. Daniel Mellado
Spanish Tax Agency
Dr. Jan Jürjens
Technical University of Dortmund

Enterprise Security Session chair
Dr. Luis Enrique Sánchez
University of Armed Forces


Information Systems Security is one of the most pressing challenges facing all kinds of organizations today. Although many companies have discovered how critical information is to the success of their business or operations, very few have managed to be effective in maintaining their information secure, avoiding unauthorized access, preventing intrusions, stopping secret information disclosure, etc.

There are various definitions of security, but all of them basically agree on the same components. Security in information systems considers the protection of information and of the systems that manage it, against a wide range of threats in order to ensure business continuity, minimize risks and maximize the return on investment and business opportunities.

Security is, therefore, currently a widespread and growing concern that covers all areas of society: business, domestic, financial, government, and so on. In fact, the so-called information society is increasingly dependent on a wide range of software systems whose mission is critical, such as air traffic control systems, financial systems, or public health systems. The potential losses that are faced by businesses and organizations that rely on all these systems, both hardware and software, therefore signify that it is crucial for information systems to be properly secured from the outset.

In this new edition of WOSIS, the traditional information systems security topics will remain but we want explicitly focus the workshop on security in Big Data. The enormous amount of external and unstructured data (referred as Big Data) has been increasing, and thus database systems and processing need to evolve to accommodate them to this new situation. Therefore, this new conception requires new models and methods that deal with the specific security issues related to Big Data. The objective of this new edition is to contribute to the study and analysis of solutions and approaches which help to achieve and facilitate the level of security needed for such Big Data environments and that its adoption is not any problem for the society, administration and enterprise.

The novelty in this edition is the call for regular papers and tool demonstrations oriented and focused on Security applied to businesses and enterprises which is an opportunity for researchers, practitioners, security architects and designers to present and discuss the most recent advances, experiences, developments, applications, tools and challenges in the field of security in software engineering applied to businesses and enterprises.

Topics of Interest
Topics of interest include, but are not limited to:

Topics for Security in Software Engineering
  • Security in agile software development
  • Secure architecture, design and deployment
  • Aspect-oriented, Model-driven development of secure software and systems
  • Domain-specific modeling languages (DSML) for secure software
  • Modeling privacy for software systems
  • Analysis and management of risks
  • Security requirements and Specification of security and privacy requirements and policies
  • Threats, vulnerability, and trust modeling
  • Testing for security, Security Metrics and Measurement
  • Static and dynamic analysis for security
  • Verification and assurance techniques for security properties
  • Model-based verification techniques for security properties
  • Case studies and experiences of secure software engineering

Security in Big Data, Databases and Data Warehouses
  • Conceptual modeling approaches (UML, EER, etc.) for Big Data, DBs and DWs including security aspects
  • Security models oriented to NoSQL, DBs or DWs
  • Implementation of security into NoSQL tools (Cassandra, Hadoop, Hive, MongoDB, etc.), DBs or DWs
  • Mapreduce techniques for security
  • Metadata and Security
  • Secure Data Management
  • Data Confidentiality, Data Integrity or Secure Auditing

Security in Cloud Computing and Mobile Computing
  • Security Engineering and Security Requirements Engineering for Cloud-Based Systems
  • Risks and threats in Cloud
  • Identity, Access Management , Privacy and Data protection in Cloud
  • Issues and recent approaches in portability, interoperability and secure migration processes to cloud computing
  • Cloud Legal Issues
  • Trust and policy management in Clouds
  • Storage security and Cloud Infrastructure Security
  • Security Governance in the Cloud and Risk management and assessment and third-party risk management
  • Security in SaaS, PaaS, IaaS
  • Security in Cloud applications and case studies
  • MDA and MDS applied to cloud computing
  • Security for Mobile Computing, sensors networks, multimedia systems
  • Mobile security/privacy policies
  • Secure mobile software architecture and application design
  • Security and privacy issues related to user behavior

Rest of Topics
  • Security Management and Assessment
  • Security culture, IT Governance and IT Service Continuity
  • Open Security Standards and Security Certification
  • Common practice, legal and regulatory issues
  • Security for SOA, Web Services, Grid computing and Social Networks
  • Workflow and Business Process Security
  • Security ontology/taxonomy design
  • Semantic Web Technologies applied to Security
  • Security in Software Product Lines
  • Distributed and Network Security
  • Security & Trust Models
  • Authentication, Authorization and Access Control, Anonymity and Privacy
  • Security for Electronic Commerce, Electronic Business and e-Services (e-voting, e-banking, e-governement, e-health)
  • Security for embedded systems, smart cards and RFID
  • Security Issues in Ubiquitous/Pervasive Computing
  • Intellectual Property Protection, Personal Data Protection for Information Systems and Digital Identity management
  • Disaster Recovery and Failure Prevention, Incident Response and Prevention, Intrusion Detection and Fraud Detection
  • Biometric Security, Cryptology: Cryptography and Cryptanalysis, Information hiding: Steganography & Steganalysis and Digital Forensics
  • Cyber terrorism


Paper Submission: January 31, 2014 (expired)
Authors Notification: February 17, 2014 (expired)
Camera Ready and Registration: March 3, 2014 (expired)

Socio-Technical Security Requirements Modeling and Analysis

Software systems today are part of larger socio-technical systems, wherein they interact—by exchanging data and delegating tasks—with other technical components, humans, and organizations. The design of a secure software system cannot disregard its collocation within a socio-technical context, where security is threatened not only by technical attacks, but also by social and organizational ones. This talk will discuss about socio-technical security requirements modeling and analysis and it will present a tool-supported model-driven methodology for conducting security requirements engineering. It will also report about the three years experience in using the methodology within ANIKETOS, an EU funded project on Ensuring Trustworthiness and Security in Service Composition.

Biography of Paolo Giorgini
Paolo Giorgini is associate professor and head of the Software Engineering, Formal Methods and Security group at the Department of Engineering and Computer Science of University of Trento. He received his Ph.D. degree from University of Ancona (Italy) and then he joined the University of Trento as assistant professor. He has worked on the development of requirements languages and the application of agent and goal-oriented techniques to (security) software analysis. He is co-editor in chief of the International Journal of Agent-Oriented Software Engineering and his publication list includes more than 200 refereed journal and conference proceedings papers and twelve edited books.


Prospective authors are invited to submit papers in any of the topics listed above.
Instructions for preparing the manuscript (in Word and Latex formats) are available at: Paper Templates
Please also check the Guidelines and Templates.
Papers should be submitted electronically via the web-based submission system at: http://www.insticc.org/Primoris


All accepted papers will be published in the workshop proceedings book, under an ISBN reference and on CD-ROM support.
All papers presented at the conference venue will be available at the SCITEPRESS Digital Library (http://www.scitepress.org/DigitalLibrary/).
SCITEPRESS is a member of CrossRef (http://www.crossref.org/).


ICEIS Workshops - WOSIS 2014
e-mail: iceis.workshops.secretariat@insticc.org