SERE 2013 Slides & Video

Who Trumps Who: Security (SE) or Reliability (RE)? Slide Video
Tutorial Angelos Stavrou
Programming on Android: Best Practices for Security & Reliability
Speech I
Constance L. Heitmeyer
Model-based Software Development: Benefits and Barriers
Speech II
Ravi Sandhu
The Future of Access Control: Attributes, Automation and Adaptation
Slide Video
Speech III
Zili Wang
4-D Development Mode of Reliability System Engineering
Slide Video
Speech IV
Nihal Sinnadurai
Time Bombs in Modern Networks and Mitigation Thereof
Lecture I
Samuel Keene
Six Sigma Requirement Development Tools Assure More Reliable Software
Lecture II
Bret Michael
Rethinking the Formal Specification, Validation, and Verification Process: Making it an End-to-End Process that is Scalable
Slide Video

Plenary Panel
Who Trumps Who: Security or Reliability?
Jeff Voas (moderator)
U.S. National Institute of Standards and Technology

Half-Day Tutorial

Programming on Android: Best Practices for Security & Reliability
Angelos Stavrou
2013 Engineer of the Year, IEEE Reliability Society

Keynote Speakers

 Constance Heitmeyer, Head, Software Engineering,
  U.S. Naval Research Laboratory [abstract]
 Nihal Sinnadurai, CEO and Chief Technologist, ATTAC, UK
 Ravi Sandhu, Lutcher Brown Endowed Chair in Cyber
  Security, UT San Antonio [abstract]
 Zili Wang, Dean, School of Reliability and System
  Engineering,Beihang University, China [abstract]

Distinguished Lecture

Rethinking the Formal Specification, Validation, and Verification Process: Making it an End-to-End Process that is Scalable [abstract]
Bret Michael
2010 Engineer of the Year, IEEE Reliability Society

Paper Presentations

 Research Track: 26
 Workshop on Information Assurance: 16
 Workshop on Trustworthy Computing: 16
 Workshop on Safety and Security in Cyber-Physical
  Systems: 4
 Student Doctoral Program: 3
 Fast Abstract: 4

Welcome to SERE 2013 -- The 7th International Conference on Software Security and Reliability, sponsored by the IEEE Reliability Society and technically co-sponsored by the National Institute of Standards and Technology, an agency of the U.S. Department of Commerce, and the Intelligent Information & Communications Research Center at the National Chiao-Tung University, Taiwan. The conference will be held at the NIST campus, located in Gaithersburg, Maryland which is less than one hour from Washington D.C.

SERE 2013 brings together a wide range of researchers and practitioners to present their on-going ideas, experiences, and outcomes of most recent research, and to exchange their best-of-breed practices for developing reliable, secure, and trustworthy software systems in a more effective and efficient way. It not only allows the academic community to gain an increased awareness of the areas that are vital to the software industry, but it also grants practitioners an opportunity to express their needs.

The conference has three major tracks: research papers, fast abstracts and the student doctoral program. It also has invited keynotes and talks, panels, and tutorials on emerging topics related to the scope of the conference. Additional workshops with more focused topics will also be held concurrently.

This year's conference has a special theme on

Trustworthy Computing

Special welcome is extended to contributions on the following topics, although others will be accepted as well:

  Security, Reliability, Availability, and Safety of Software Systems
  Information and Software Assurance
  Fault Tolerance for Software Reliability Improvement
  Modeling, Prediction, Simulation, and Evaluation
  Validation, Verification, and Testing
  Metrics, Measurements, and Analysis
  Secure and Reliable Storage
  Software Penetration and Protection
  Software Vulnerabilities
  Malware Detection and Analysis
  Intrusion Detection and Prevention
  Operating System Security and Reliability
  Mobile and Cloud Computing
  Theory and Practice
  Benchmark and Empirical Studies

Organizing Committee

General Chair Jeffrey Voas NIST USA
Program Chair Shiuhpyng Winston Shieh National Chiao Tung University Taiwan
Workshop Chair Paul Black National Institute of Standards and Technology USA
Student Doctoral Program Chair Tadashi Dohi Hiroshima University Japan
Publicity Chairs Zhenyu Chen Nanjing University China
Angelos Stavrou George Mason University USA
Fei-Ching Kuo Swinburne University of Technology Australia
Publication Yu-Lun Huang National Chiao Tung University Taiwan
Finance Chair Alfred Stevens IEEE Reliability Society USA
Registration Chair Junhua Ding East Carolina University USA
Webmasters Xinwei Gao University of Texas at Dallas USA
Shou-Yu Lee University of Texas at Dallas USA

Steering Committee

W. Eric Wong (co-Chair) University of Texas at Dallas USA
Sam Keene (co-Chair) IEEE Reliability Society USA
Fevzi Belli University of Paderborn Germany
Karama Kanoun LAAS-CNRS France
Raymond Paul Department of Defense USA
Shiuhpyng Winston Shieh National Chiao Tung University Taiwan
Ji Wang National University of Defense Technology China

Program Committee

Doo-Hwan Bae Korea Advanced Institute of Science and Technology Korea
Ebrahim Bagheri Ryerson University Canada
Jongmoon Baik Korea Advanced Institute of Science and Technology Korea
Elisa Bertino Purdue University USA
Lionel Briand Simula Research Laboratory Norway
Christof J. Budnik Siemens Corporate Research USA
W.K. Chan City University of Hong Kong Hong Kong
Hao Chen University of California, Davis USA
Ke-Fei Chen Shanghai Jiaotong University China
Ewen Denney SGT/NASA Ames USA
Wei Dong National University of Defense Technology China
Fu-Hau Hsu National Central University Taiwan
Chin-Tser Huang University of South Carolina USA
Yu Lun Huang National Central University Taiwan
Shih-Kun Huang National Chiao Tung University Taiwan
Lucas Chi Kwong Hui University of Hong Kong Hong Kong
Martin Gilje Jaatun SINTEF ICT Norway
Herbert Kuchen University of Muenster Germany
Luiz Laranjeira Universidade de Brasilia Brasilia
Xuandong Li Nanjing University China
Ninghui Li Purdue University USA
Horst Lichter RWTH Aachen University Aachen
Lin Liu Tsinghua University China
Peng Liu Pennsylvania State University USA
Leo Luan IBM USA
Andrew Martin University of Oxford UK
Bruce Mcmillin Missouri University of Science and Technology USA
Thomas Noll RWTH Aachen University Aachen
Alexander Pretschner Karlsruhe Institute of Technology (KIT) Germany
Yu Qi Mesh Capital LLC USA
Giovanni Russello University of Auckland New Zealand
Pierangela Samarati University degli Studi di Milano Italy
Sahra Sedigh Missouri University of Science and Technology USA
Sean W. Smith Dartmouth College USA
Chii-Ren Tsai Citigroup Inc. USA
Tugkan Tuglular Izmir Institute of Technology Turkey
Duncan S. Wong City University of Hong Kong Hong Kong
Felix Wu University of California, Davis USA
Yu-Sung Wu National Chiao Tung University Taiwan
Dianxiang Xu Dakota State University USA
Chang Xu Nanjing University China
Yuen Tak Yu City University of Hong Kong Hong Kong
Liang Zhenkai National University of Singapore Singapore
Mohammad Zulkernine Queen's University Canada

Information for authors of regular papers

Submit original papers (not published or submitted elsewhere) with a maximum of ten pages. Include the title of the paper, the name and affiliation of each author, a 150-word abstract, and up to 6 keywords. The format of your submission must follow the IEEE conference proceedings format.

  Click here to submit your paper.

Information for authors of fast abstracts

The objective of fast abstracts is to report on-going work, describe practical experiences, introduce new ideas to promote further validation, or state positions on controversial issues. Each fast abstract can have a maximum of two pages using the IEEE conference proceedings format.

Click here to submit your fast abstract.

Information for authors of student doctoral program

The objective of the Student Doctoral Program is to encourage students to attend SERE and present their work, exchange ideas with researchers and practitioners, and get early feedback on their research efforts. Submit original papers (not published or submitted elsewhere) with a maximum of six pages using the IEEE conference proceedings format. Each submission should include the title of the paper, the name and affiliation of each author, a 150-word abstract, and up to 6 keywords. The first author must be a student (the advisor or non-student collaborators may be co-authors). Once accepted the paper should be presented by a student.

  Click here to submit your paper.

Information for authors of workshops

Submit original papers (not published or submitted elsewhere) with a maximum of ten pages. Include the title of the paper, the name and affiliation of each author, a 150-word abstract, and up to 6 keywords. The format of your submission must follow the IEEE conference proceedings format.

  Click on "Workshops" on the left pane to view all the co-located workshops.

Conference Proceedings

The conference proceedings will be published by IEEE Computer Society Conference Publishing Services (CPS). Papers presented at the conference will also be submitted for inclusion into the IEEE Xplore and to all of the A&I (abstracting and indexing) partners (such as the EI Compendex).

Special Section of IEEE Transactions on Reliability

Authors of selected best papers from the conference will be invited to submit an extended version to a special section of IEEE Transactions on Reliability (T-Rel).

Important Dates

    November 15, 2012       Workshop proposals due
    January 30, 2013
    (extended deadline)
      Regular papers due
    February 15, 2013       Fast Abstract Track due
    February 15, 2013       Student Doctoral Program due
    March 20, 2013       Author notification
    April 15, 2013       Camera-ready and author registration due
    June 18-20, 2013       Conference dates

Jeju Island, South Korea

SSSIRI 2011 is going to be held in Jeju Island, one of the most charming cities in South Korea.

The Jeju Island is famous for 3 things: roaring winds, magnificent rocks, and woman divers for fishing. As one of the host cities of the 2002 Korea/Japan FIFA World Cup, Jeju's Seogwipo City has a fame of the most enchanting environment in Korea. Jeju is a focal point of international affairs and offers many kinds of recreation together with breathtaking vistas, a temperate climate and a unique traditional culture. Located in the center of this volcanically formed island is Mt. Halla (a dormant volcano), which is filled with over 1,800 species of wild plants, wild deers, and an ecosystem, that will surely amaze all visitors.

Jeju also offers unbelievably breathtaking views from coast to coast, ranging from waterfalls at Haean Jidae to naturally sculpted cliffs at Jusang Jeolli. Tourists can enjoy each season in Jeju with a particular splash of color; brilliant yellow-colored flowers in spring that spread across the landscape, the golden beaches and sea vistas in summer, the Eulalia's light brown wispy reeds flowing in autumn winds, and the lovely snow flowers of Mt. Halla in winter are all must-sees of Jeju.

  • Click here for more information about Jeju Island

  • Click here for Jeju Island Travel Information

  • Click here to see images for Jeju Island

  • Jeju Grand Hotel

    The conference venue is Jeju Grand Hotel, located in Shinjeju area, which takes just 10 minutes from the Jeju International Airport. A free shuttle is provided between the airport and the hotel. The Jeju Grand Hotel is a super deluxe hotel with 512 rooms. The hotel is equipped with various facilities including casino and banquet rooms with 5 different language simultaneous translation system.

    Previous Conferences

      SERE 2012 - Washington, D.C., USA
      SSIRI 2011 - Jeju Island, Korea
      SSIRI 2010 - Singapore
      SSIRI 2009 - Shanghai, China
      SSIRI 2008 - Yokohama, Japan
      SIRI 2006 - Hanoi, Vietnam

    SERE 2013 co-Located Workshops

    All the workshops will be held concurrently with the main conference.

      SSCPS: International Workshop on Safety and Security in
          Cyber-Physical Systems
          Jianhua Zhao (Nanjing University, China)
          Click here to submit your papers to SSCPS 2013

      IA: International Workshop on Information Assurance
          Shih-Kun Huang (National Chiao Tung University, Taiwan)
          Click here to submit your papers to IA 2013

      TC: International Workshop on Trustworthy Computing
          Fu-Hau Hsu (National Central University, Taiwan)
          Yu-Sung Wu (National Chiao Tung University, Taiwan)
          Click here to submit your papers to TC 2013

    For any inquiry, please contact Professor Shiuhpyng Winston Shieh,
    Program Chair or Professor W. Eric Wong, co-Chair, Steering Committee.

    Best Paper Award

    At least one Award will be presented by SERE 2013. Authors will receive a plaque signed by the President of the IEEE Reliability Society and also a cash prize (depending on the conference budget).


    SERE 2013 has arranged for a special conference rate of $129/night at the Hilton Washington, DC North/Gaithersburg. The special rate includes complimentary breakfast, parking, and guest room internet connection.

    You can make your hotel reservations at the following website

    or call 1-800-HILTONS (1-800-445-8667) and provide the following information.

    Group Name: IEEE Reliability Society
    Group Code: IEE

    SSIRI 2011: Keynote Speakers

    Gerard J Holzmann
    Jet Propulsion Laboratory, NASA

    Verifying Complex Software Systems: the Challenge


    Virtually all software applications grow in size and complexity over time.For software used in spacecraft, software size can even be shown to grow exponentially with each new mission flown, matching the growth trends seen in many other industries. This rapid growth poses a serious challenge to our ability to verify the reliability of complex safety-critical software systems. Significant progress has been made in the development of strong tool-based formal verification techniques in the last few decades, but the bar keeps rising. I will describe how we are tackling this challenge, and where the main research challenges in reliable systems design currently are.


    Gerard Holzmann received his Ph.D. from Delft University of Technology in 1979. From 1980 until 2003 he was a researcher in the Computing Science Research Center of Bell Laboratories, in Murray Hill, New Jersey. He then moved to NASA/JPL in California to start the new Laboratory for Reliable Software, where he is currently a senior research scientist. He has published four books and many technical articles on software verification methods, image processing techniques, and telecommunication history. Dr. Holzmann is a member of the U.S. National Academy of Engineering. url:

    C.V. Ramamoorthy
    Department of Electrical Engineering and Computer Sciences
    UC Berkeley, USA

    Software Engineering Approaches to the Challenges in Technology Education and System Development in the Software Ecosystem Environment


    There exist several challenges in the current science, engineering, mathematics (STEM) graduate education. We are continuously inundated with great volumes of information from our portable communication devices, lap tops, television etc., continuously. We do multitasking to assimilate the information resulting developing short attention spans. Our current digital generation spends enormous amount of time on social networking, video entertainment and video games. Science and engineering subjects require long and deep attention spans to learn and to contribute. We discuss some of the successful methods that can help us to focus on the deep engineering and technology. These include video narratives, entertainment and gaming. We consider the instructional methods developed by ancient Greeks (Aristotle, Socrates etc.), and the teaching of moral principles by means of parables and narratives by Buddha and Christ. We consider the successful interest and curiosity creating violin teaching methods of Suzuki. We study the talent discovering and skill enhancing instructional methods of Montessori. The social networking and interactive type of instruction was used by Escalante to overcome academic weaknesses. The tweet- and- repeat methods of the Khan Academy also provide useful ideas for improving our teaching process using ICT technology. We propose a comprehensive cocktail (mixture) of methods as the transformative means to upgrade of STEM higher education based on similar ideas proposed and successfully used by Norman Borlaug, the Nobel Prize-winning agricultural biologist in agricultural crop production. His methods eliminated the unfortunate annual food famines in Mexico, China, and India. We propose a comprehensive software supported methods using graphical animation, using virtualization, immersion and video gaming techniques to capture interest and enhance creative skills. It is well known that we use only a small fraction of the total visual and sensual bandwidth that our nervous system and brain can process at any instant. We can expand our educational communication bandwidth input by innovative interactive graphical and aural presentations of our academic material for maximum advantage to create both interest, learning and to develop creative skills.

    We introduce the theme of 'Needs Engineering' into our technical educational curriculum. This topic emphasizes the importance of problem (needs) finding, problem discovery and problem anticipation. We associate a 'problem' with a specific need. Needs and necessities are mothers of invention and innovation and therefore the prime factors in creative thinking. We describe the classification of problem-solution pairs using the Remsfeld paradigm of knowns-unknowns and their importance in creative problem finding and solving. Our educational system emphasizes problem solving under a known and well understood framework of theory and knowledge. It does not lead to creative thinking beyond the 'box'. It has been said that 'main object of teaching is not just how to solve problems and give explanations, but to knock at the doors of the mind'. Problems and needs- finding approaches are indeed the mothers of creative innovation. We quote a well known ICT company CEO:

    "Today it is the minds, not the megahertz or the gigabytes that are scarce. Use IT (information technology) to enhance them and use them to deliver sustainable and survivable products to support our developing world".

    In the second part of the presentation, we shall concentrate on software ecosystems and the sustainability issues of software entities. We see a large proliferation of platforms, app's, operating systems, designs, patterns etc. The concept of software ecosystem tries to develop an environment which nurtures, supports and evolves sustainable software systems. As in the natural ecosystem sustainability implies survivability in the short term and evolution and growth in the long term under changing environments, such as operating systems, languages, platforms, services etc. We develop a simple model of growth and give some examples. The theory involves the three basic resources, namely, intellectual resource (I), manual resources (M), and physical (P) resources, essential for our living. Intellectual resources grow in accordance with the law of increasing returns (Arthur and Romer); the manual resources follow the Churchill's suggestion of using minimum manual effort, and the natural physical resources follow the law of diminishing returns. We show that the basic tenets of our growth theory are similar to theory of evolution of human development. It is not a perfect theory. We are still working on it. It is just an hypothesis and yet provides another abstract way to look at evolution and provides some valuable insights on the software engineering trends of the future.

    Mike Hinchey
    Lero-the Irish Software Engineering Research Centre, Ireland

    Evolving Critical Systems


    Increasingly software can be considered to be critical, due to the business or other functionality which it supports. Upgrades or changes to such software are expensive and risky, primarily because the software has not been designed and built for ease of change. Expertise, tools and methodologies which support the design and implementation of software systems that evolve without risk (of failure or loss of quality) are essential. We address a research agenda for building software that (a) is highly reliable and (b) retains this reliability as it evolves, either over time or at run-time. We propose Evolving Critical Systems as an area for research to tackle the challenge and outline a number of scenarios to highlight some of the important research questions that should be asked of the community. Given that software evolution can be seen as a compromise between cost and risk, the most pressing question to ask is which processes, techniques and tools are most cost-effective for evolving critical systems?


    Mike Hinchey is scientific director of Lero-the Irish Software Engineering Research Centre and a professor of software engineering at the University of Limerick, Ireland. His research interests include selfmanaging software and formal methods for system development. Hinchey received a PhD in computer science from the University of Cambridge. He is a senior member of the IEEE and currently chairs the IFIP Technical Assembly. url:

    Conference Venue

    SERE 2013 will be held at the National Institute of Standards and Technology (NIST), an agency of the U.S. Department of Commerce, located in Gaithersburg, Maryland, about 40 kilometers (25 miles) north of the center of Washington, D.C.


    The picture on the left shows the logo of NIST on a beautiful flower bed. The middle is the 11-story Administration Building. The 234-hectare Gaithersburg campus has 35 additional buildings, including specialized research laboratories and facilities. The right picture captures deer (a few hundred) grazing on the NIST campus.

    The official mission of the institute is to
    Promote U.S. innovation and industrial
    competitiveness by advancing measurement
    science, standards, and technology in ways
    that enhance economic security and improve
    our quality of life.

    NIST supplies industry, academia, government, and other users with over 1,300 Standard Reference Materials (SRMs) which serve as calibration standards for measuring equipment, baseline samples for scientific experiments, or quality control benchmarks.

    Visit the NIST website for more details.

    Final Camera-ready Submission

    Please follow the instructions in the author kit you received from Bob Warner at the IEEE CPS (Conference Publishing Services) to upload your camera-ready version directly to the specific IEEE web server. Do not submit it via EasyChair, which was only for the initial submission.

      Number of Pages

        Regular Paper: 10
        Student Paper: 6
        Fast Abstract: 2
        Workshop: 10

         No extra pages are allowed.

      The submission deadline is April 30, 2012.
        If you have more than one paper accepted, you need to create one profile for each

        After the submission, you also need to submit the copyright release to the IEEE.

    SERE 2013: Keynote Speakers

    Stephen S. Yau
    Information Assurance Center, and School of Computing, Informatics, and Decision Systems Engineering,
    Arizona State University
    Tempe, Arizona, USA

    Human Factors in Development of Trustworthy Service-based Systems


    Over the past decade, the rapid advances and growth in deployment of service-based systems, such as the booming cloud computing systems, have had major impacts on the economy, society, and our daily lives. Today, users have grown more accustomed to accessing various online services from a wide range of computing devices, from smart phones/tablets to desktop PCs, for both business and entertainments. However, such a trend also means that more users' private and confidential information than ever is transferred processed and stored in service-based systems. This trend raises serious concerns on the trustworthiness of such systems. Substantial research has been devoted to developing new security mechanisms, network protocols, and methods to improve the trustworthiness of service-based systems. Human factors, however, have not been sufficiently addressed in the development of trustworthy service-based systems.

    Human factors encompass many aspects in the development of trustworthy service-based systems, from design of trust management for trustworthy service-based systems and analysis of tradeoff between system usability and security to the evaluation of users' confidence and the usability of the deployed systems. Human factors are more important in the development of trustworthy service-based systems than traditional software systems due to more complicated interactions among various participants (infrastructure providers, service providers, application developers, and users) of service-based systems.

    In this address, the current state of the art of human factors considered in the development of trustworthy service-based systems will be discussed, especially on how human factors are incorporated in improving system trustworthiness, such as the establishment and evaluation of trusts. Challenges and future research directions for human factors in the development of trustworthy service-based systems will be presented.


    Stephen S, Yau is the director of Information Assurance Center and a professor of computer science and engineering at Arizona State University (ASU), Tempe, Arizona, USA. He served as the chair of the Department of Computer Science and Engineering at ASU in 1994-2001. Previously, he was on the faculties of Northwestern University, Evanston, Illinois, and University of Florida, Gainesville.

    He served as the president of the Computer Society of the Institute of Electrical and Electronics Engineers (IEEE) and was on the IEEE Board of Directors, and the Board of Directors of Computing Research Association. He served as the editor-in-chief of IEEE COMPUTER. He organized many national and international major conferences, including the 1989 World Computer Congress sponsored by International Federation for Information Processing (IFIP), and the Annual International Computer Software and Applications Conference (COMPSAC) sponsored by the IEEE Computer Society. His current research includes service-based systems, cloud computing, trustworthy computing, software engineering, mobile ad hoc networks and ubiquitous computing. He has received many awards and recognitions for his accomplishments, including the Tsutomu Kanai Award and Richard E. Merwin Award of the IEEE Computer Society, the IEEE Centennial Award and Third Millennium Medal, the Outstanding Contributions Award of the Chinese Computer Federation, and the Louis E. Levy Medal of the Franklin Institute. He is a Fellow of the IEEE and the American Association for the Advancement of Science. He received the M.S. and Ph.D. degrees from the University of Illinois, Urbana, and the B.S. degree from National Taiwan University, Taipei, all in electrical engineering.

    Virgil Gligor
    Department of Electrical and Computer Engineering
    Carnegie Mellon University, USA

    Towards a Theory of Trust in Networks of Humans and Computers


    We argue that a general theory of trust in networks of humans and computers must be build on both a theory of behavioral trust and a theory of computational trust. This argument is motivated by increased participation of people in social networking, crowdsourcing, human computation, and socio-economic protocols, e.g., protocols modeled by trust and gift-exchange games, norms-establishing contracts, and scams/deception. User participation in these protocols relies primarily on trust, since online verification of protocol compliance is often impractical; e.g., verification can lead to undecidable problems, co-NP complete test procedures, and user inconvenience. Trust is captured by participant preferences (i.e., risk and betrayal aversion) and beliefs in the trustworthiness of other protocol participants. Both preferences and beliefs can be enhanced whenever protocol non-compliance leads to punishment of untrustworthy participants; i.e., it seems natural that betrayal aversion can be decreased and belief in trustworthiness increased by properly defined punishment. We argue that a general theory of trust should focus on the establishment of new trust relations where none were possible before. This focus would help create new economic opportunities by increasing the pool of usable services, removing cooperation barriers among users, and at the very least, taking advantage of "network effects." Hence a new theory of trust would also help focus security research in areas that promote trust-enhancement infrastructures in human and computer networks. Finally, we argue that a general theory of trust should mirror, to the largest possible extent, human expectations and mental models of trust without relying on false metaphors and analogies with the physical world.

    This talk is based on joint work with Jeannette Wing.


    Virgil D. Gligor received his B.Sc., M.Sc., and Ph.D. degrees from the University of California at Berkeley. He taught at the University of Maryland between 1976 and 2007, and is currently a Professor of Electrical and Computer Engineering at Carnegie Mellon University and co-Director of CyLab. Over the past thirty-five years, his research interests ranged from access control mechanisms, penetration analysis, and denial-of-service protection to cryptographic protocols and applied cryptography. Gligor was an editorial board member of several IEEE and ACM journals, and the Editor in Chief of the IEEE Transactions on Dependable and Secure Computing. He received the 2006 National Information Systems Security Award jointly given by NIST and NSA in the US, and the 2011 Outstanding Innovation Award given by the ACM Special Interest Group on Security, Audit and Control.

    Huimin Lin
    State Key Laboratory of Computer Science, Institute of Software,
    Chinese Academy of Sciences, China

    Checking Safety Properties of Concurrent Programs


    As network and multi-core systems are becoming pervasive, software systems also go concurrent. In a concurrent setting, in order to accomplish its computation task a program must cooperate with other programs by exchanging messages between them. These result in non-determinism and sophisticated interaction behaviour, making it very difficult to ensure that concurrent software systems will run safely and reliably

    In this talk I will present an approach to checking safety properties of concurrent programs. In this approach, concurrent programs are represented as symbolic transition graphs which can be regarded as a generalization of flow chart diagrams to allow nondeterminism and communication. Safety properties are expressed as formulas in alteration-free first-order mu-calculus. An efficient algorithm exists to check whether a symbolic transition graph satisfies the desired properties. Various abstraction techniques can be incorporated to reduce the size of reachable state space.


    Huimin Lin received Ph.D in Computer Science from the Institute of Software, Chinese Academy of Sciences, in 1986. He is currently a research professor and the director of the State Key Laboratory of Computer Science, Institute of Software, Chinese Academy of Sciences. He was elected Member of Chinese Academy of Sciences in 1999.

    Prof. Lin's research interests include concurrency, model checking, modal logics, formal methods, and tools and algorithms for concurrent systems. He is in the editorial boards of Information and Computation, Theoretical Computer Science, as well as major computer science journals in China (Science in China, Journal of Computer, Journal of Software, Journal of Computer Science and Technology etc.). He serves in the Steering Committees of the International Conference on Quality Software and the Asia-Pacific Software Engineering Conference, and has been general chairs or program committee chairs of several international conferences in the area of computer science and software.

    SERE 2013: Additional Invited Speakers

    Karama Kanoun
    Directeur de Recherche
    Toulouse, France

    Software Dependability Assessment: A Reality or A Dream


    The widespread use of software systems and their ever increasing size and complexity induce many challenges to software developers and quality assurance practitioners. A fully integrated approach, based on qualitative and quantitative aspects, is needed to ensure that software dependability is correctly handled and the expected goals are reached for the final product. Dependability assessment, based on measurement, plays a vital role in software dependability improvement.

    Measurement encompasses both the observation of the software behavior during its development or operational life (i.e., field measurement) and controlled experimentation (i.e., experimental measurement). Field measurement requires the collection of data related to failures, maintenance, and usage environment, in order to evaluate measures such the overall software failure rate, the failure rates according to some specific (critical) failure modes, the components failure rates, and system availability. Controlled experimentation complements very well field measurement, particularly when considering Off-The-Shelf software for which, most of the time, no information is available from the development phase.

    The presentation will focus on dependability assessment, based on measurements. It will i) outline current approaches to measurement-based dependability assessment, with examples from real-life systems, and ii) identify some research gaps.


    Karama Kanoun is Directeur de Recherche at LAAS-CNRS (French National Centre for Scientific Research - Laboratory for Analysis and Architecture of Systems), in charge of the Dependable Computing and Fault Tolerance Research Group ( Her research interests include modeling and evaluation of computer system dependability considering hardware as well as software, and dependability benchmarking. She has co-directed the production of a book on Dependability Benchmarking (Wiley and IEEE Computer Society, 2008).

    Karama Kanoun is Chairperson of the Special Interest Group on Dependability Benchmarking of the International Federation for Information Processing (IFIP), and vice-chairperson of the IFIP working group 10.4 on Dependable Computing and Fault Tolerance. She was the principal investigator of the DBench European project (Dependability Benchmarking), and managed the European Network of Excellence ReSIST, Resilience Survivability in IST.

    She is chairing the Steering Committee of the European Dependable Computing Conference (EDCC) and serving on the Steering Committees of three other conferences in her field of interest: DSN (the IEEE/IFIP International Conference on Dependable Systems and Networks), ISSRE (the IEEE International Symposium on Software Reliability Engineering), and SERE (the IEEE International Conference on Software Security and Reliability). She has been a consultant for several French companies (including Renault-Automation, SYSECA, Aerospatiale, SAGEM, CNES, Alcatel Espace, STNA), the European Space Agency, Ansaldo Transporti, and the International Union of Telecommunications.

    Phillip Laplante
    IEEE Fellow &
    Professor of Software Engineering

    Penn State University

    Safe and Secure Software Systems and the Role Professional Licensure


    Licensure of certain software engineers in the United States will be required in at least 10 states by 2013 and, likely, by all US states and jurisdictions within a few years. States license engineers to ensure that those who offer services directly to the public are minimally competent. But what kinds of software systems affect the health, safety and welfare of the public? Which software engineers will need to be licensed? The answers to these two questions are both a matter of law and of science. This paper introduces some of the scientific aspects of these two questions from the perspective of reliability engineering and suggests new research directions to help answer these questions.


    Dr. Phillip Laplante is Professor of Software Engineering at Penn State's Great Valley Graduate Professional Center. In addition to his academic career, Dr. Laplante spent several years as a software engineer and project manager working on avionics, computer aided design and software test systems. He has authored or edited 27 books and has published more than 200 scholarly papers. He is currently chairing the committee that is developing the examination, which will be used nation-wide to license Professional Engineers in the practice of Software Engineering.

    Laplante received his B.S., M.Eng., and Ph.D. in Systems Planning & Management, Electrical Engineering, and Computer Science, respectively, from Stevens Institute of Technology and an MBA from the University of Colorado. He is a Fellow of the IEEE and SPIE and a member of numerous other professional societies, program committees, and boards. He is a licensed professional engineer in Pennsylvania and a Certified Software Development Professional.

    Ji Wang
    National Laboratory for Parallel and Distributed Processing,
    School of Computer, National University of Defense Technology,
    Changsha, China

    Formal Modeling, Verification and Refinement of Long Running Transactions


    Recently, long running transactions attracted much research attention, because they are adopted in distributed systems, such as service-oriented systems, to ensure consistency. How to model and verify long running transactions is critical to improve the reliability of current distributed systems.

    This talk will introduce our recent work on formal modeling, verification and refinement of long running transactions in terms of a process algebra language. The start point of our work is Compensating CSP (cCSP), which extends CSP for specification and verification of long running transactions. We present an extended cCSP to support the modeling of non-determinism, deadlock and livelock, which are the three basic features of concurrent systems. A full semantic theory supporting refinement for the extended language is developed based on the theory of CSP. Leveraged by our semantic theory, the verification techniques and the tools, such as FDR and PAT, can be extended for verifying long running transactions.

    This talk is based on joint work with Zhenbang Chen and Zhiming Liu.


    Ji Wang received his B.S., M.S. and Ph.D. in Computer Science from National University of Defense Technology. He is currently a professor in School of Computer of National University of Defense Technology, and the deputy director of National Laboratory for Parallel and Distributed Processing of China. He has been awarded National Natural Science Fund for Distinguished Young Scholars of China, and Professorship of Chang Jiang Scholars Program of Ministry of Education of China. His research interest includes formal analysis and verification of software systems, and distributed parallel computing. He has been an editorial board member of the Journal of Systems and Software, the Science China (Information Sciences), and a member of the Steering Committee of the International Conference on Software Security and Reliability.


    This page contains important information which you will need to register for the SERE 2013 conference, reserve a hotel room, request an invitation letter for your visa application, complete the NIST 1260 form, and submit the camera-ready paper and copyright transfer.

    Deadline for author registration is April 15th.

      Registration Page

        The SERE 2013 registration page can be reached by clicking on "Registration"
             on the left menu.

      Registration Policy

        The registration fee must be paid in full with a credit card when registering for
             the conference.

        Every paper must have at least one paid registration (either $570.00 for
             IEEE members or $670.00 for non-members; the student registration or the
             one-day registration is not sufficient
    ) in order to be included in the conference
             proceedings or the SERE 2013 companion.

        Each registration (except for the one-day registration) covers all the technical
             sessions at the main conference and workshops, as well as meals and social
             events such as lunches, coffee breaks, banquet, reception, etc.

        The one-day registration is good only for attending the technical sessions, lunch,
             and coffee breaks of a specific day. Conference reception and banquet are not

        No multiple one-day registration will be allowed for the same attendee.

        Student registration only applies to full-time students. Proper IDs must be
             presented at the conference. It cannot be used to satisfy the registration
             requirement for the paper to be included in the proceedings or companion.

      Refund Policy

        Cancellation by May 20th, 2013: Full refund less a $40US administrative fee.

        Cancellation after May 20th, 2013: No refund. However, you may substitute
             another person for your registration at any time. Contact Alfred M. Stevens
             in the event you want to make a substitution.

      Hotel Reservation

        SERE 2013 has arranged for a special discount rate of $129/night at the Hilton
             Washington, DC North/Gaithersburg, including complimentary breakfast,
             parking, and guest room internet connection. To make a reservation, click on
             "Hotel" on the left menu.

      Shuttle Service between NIST and Conference Hotel

        A free shuttle service will be provided every morning and evening between the
             conference hotel and the NIST Gaithersburg campus for SERE 2013 attendees.

      Camera-Ready Submission and Copyright Transfer

        The IEEE CPS will send you the author kit. Follow the instructions to prepare
             the final version of your paper and upload it to their website (not the one to
             which you submitted the initial version).
    All the submissions must use the
             IEEE conference proceedings format. Each regular and workshop paper has
             10 pages, student papers have 6 pages, and fast abstracts have 2 pages. No
             extra page is allowed.
    Do not forget to complete the copyright transfer while
             submitting your camera-ready version.

      Paper Presentation

        Every paper must be presented by one of the authors at the conference in order
             to be included in the IEEE digital library and indexed by the EI Compendex.
             This requirement cannot be satisfied by a guest presenter who is not a co-author
             of the paper, nor by a video presentation without an in-person appearance;
             papers will not be eligible for the digital library or the indexing service. Contact
             Program Chair Professor Shiuhpyng Winston Shieh with sufficient justification
             in the event of extraordinary circumstances that would make attendance

      No On-Site Registration

        SERE 2013 will be held at NIST (The National Institute of Standards and
             Technology) - an agency of the U.S. Department of Commerce, located in
             Gaithersburg, Maryland. The conference must provide the complete list of
             attendees three business days before the meetings for a security check.
             Unless you have a pass to the NIST campus your (non-author) registration
             must be completed no later than June 12 (Wednesday).
    This also implies that
             there will be no on-site registration except for those affiliated with NIST.

      NIST 1260 Form for Non-US Citizen Attendees

        All non-US citizen conference attendees are required to complete a 1260 form
             (attached to this email) and send it to Miss Norris, Mary Lou no later than June
             12 (Wednesday) for the purposes of a security check to enable access to the
             NIST campus.

      Invitation Letter from SERE 2013

        Attendees from countries that do not participate in the US Visa Waiver
             Program are required to obtain a visa. If you are from those countries,
             we strongly recommend that you start your visa application as soon as

        If you need an invitation letter from the conference, please send the following
             information to Professor Eric Wong, Chair of the SERE Steering Committee
             and copy the same email to Mr. Xinwei Gao:

                 First Name
                 Last Name
                 Title/Position (Mr., Mrs., Miss, Dr., Professor, etc.)
                 Affiliation (name of the university, company, etc.)
                 Post Address (street number, street name, city, state/province, zip
                      code, country)
                 Contact Phone Number (including the country and area code)
                 Do you have a paper at the conference (Yes/No)
                 If yes, please provide
                        - Title of the paper
                        - List of all authors
                        - Name of the track which accepts your paper (Regular Paper, IA
                           Workshop Paper, TC Workshop Paper, SSCPS Workshop Paper,
                           Student Doctoral Program, Fast Abstract)
                 Copy of a receipt indicating payment of the registration fee

        A formal invitation will be issued after your registration including the payment
             is completed. Since it may take a few weeks for attendees from countries such
             as China to receive their visas, please complete your conference registration
             including the payment at your earliest convenience and then immediately
             submit a request for an invitation letter.