Workshop Chair
	Dr. David G. Rosado University of Castilla-La Mancha Spain e-mail

Program Chairs
	Dr. Carlos Blanco University of Cantabria Spain e-mail
	Dr. Daniel Mellado Spanish Tax Agency Spain e-mail
	Dr. Jan Jürjens Technical University of Dortmund Germany e-mail

Publicity Chair
	Dr. Luis Enrique Sánchez Sicaman-NT, Departament of R+D Spain e-mail

SCOPE

Information Systems Security is one of the most pressing challenges facing all kinds of organizations today. Although many companies have discovered how critical information is to the success of their business or operations, very few have managed to be effective in maintaining their information secure, avoiding unauthorized access, preventing intrusions, stopping secret information disclosure, etc.

There are various definitions of security, but all of them basically agree on the same components. Security in information systems considers the protection of information and of the systems that manage it, against a wide range of threats in order to ensure business continuity, minimize risks and maximize the return on investment and business opportunities.

Security is, therefore, currently a widespread and growing concern that covers all areas of society: business, domestic, financial, government, and so on. In fact, the so-called information society is increasingly dependent on a wide range of software systems whose mission is critical, such as air traffic control systems, financial systems, or public health systems. The potential losses that are faced by businesses and organizations that rely on all these systems, both hardware and software, therefore signify that it is crucial for information systems to be properly secured from the outset.

In this new edition of WOSIS, the traditional information systems security topics will remain but we want explicitly focus the workshop on two of the most important issues and currently considered as it is security in Cloud computing and Mobile Computing. Although there are many benefits to adopting cloud computing, there are also some significant barriers to adoption as is security followed by issues regarding compliance, privacy and legal matters. Security is the main obstacle for many organizations in their move to the cloud, related to risk areas such as external data storage, dependency on the “public” internet, multi-tenancy and integration with internal security. For other hand, in recent years the mobile computing community has been successful in utilising academic and industry research efforts to bring products to the commercial market. The benefits of on-the-move network connectivity are obvious, however, there are serious networking and systems issues to be solved before the full benefits of mobile computing systems are realised in practice. Security is a prerequisite for every network, but mobile computing presents more security issues than traditional networks due to the additional constraints imposed by the characteristics of wireless transmission and the demand for mobility and portability. The objective of this new edition is to contribute to the study and analysis of solutions and approaches which help to achieve and facilitate the level of security needed for such mobile and distributed environments and that its adoption is not any problem for the society, administration and enterprise. The novelty in this edition is the section of tool demonstrations which is an opportunity for researchers and practitioners to present and discuss the most recent advances, experiences, and challenges in the field of security in software engineering with the goal of allowing live presentation of new research tools.

Topics of interest include, but are not limited to:

Topics for Security in Software Engineering

• Security in agile software development
• Secure architecture, design and deployment
• Aspect-oriented, Model-driven development of secure software and systems
• Domain-specific modeling languages (DSML) for secure software
• Modeling privacy for software systems
• Analysis and management of risks
• Security requirements and Specification of security and privacy requirements and policies
• Threats, vulnerability, and trust modeling
• Testing for security, Security Metrics and Measurement
• Static and dynamic analysis for security
• Verification and assurance techniques for security properties
• Model-based verification techniques for security properties
• Case studies and experiences of secure software engineering

Security in Cloud Computing

• Security Engineering for Cloud-Based Systems
• Security Requirements Engineering for Cloud-Based Systems
• Risks and threats in Cloud
• Privacy and Data protection in Cloud
• Cloud Legal Issues
• Trust and policy management in Clouds
• Issues and recent approaches in portability, interoperability and secure migration processes to cloud computing
• Storage security and Cloud Infrastructure Security
• Security Governance in the Cloud and Risk management and assessment and third-party risk management
• Identity & Access Management in the Cloud
• Security and Virtualization
• Security in SaaS, PaaS and IaaS
• Security in Cloud applications
• MDA and MDS applied to cloud computing
• Case studies

Security in BBDD and Mobile Computing

• Security for Databases and Data Warehouses
• Metadata and Security
• Secure Data Management
• Data Anonymization/Pseudonymization
• Data Hiding
• Data Integrity
• Secure Auditing
• Security for Mobile Computing, sensors networks, multimedia systems
• Mobile security/privacy policies
• Secure mobile software architecture
• Secure mobile application design
• Security and privacy issues related to user behavior

Rest of Topics

• Security Management and Assessment
• Security culture, IT Governance and IT Service Continuity
• Open Security Standards and Security Certification
• Common practice, legal and regulatory issues
• Security for SOA, Web Services, Grid computing and Social Networks
• Workflow and Business Process Security
• Security ontology/taxonomy design
• Semantic Web Technologies applied to Security
• Security in Software Product Lines
• Distributed and Network Security
• Security & Trust Models
• Authentication, Authorization and Access Control, Anonymity and Privacy
• Security for Electronic Commerce, Electronic Business and e-Services (e-voting, e-banking, e-governement, e-health)
• Security for embedded systems, smart cards and RFID
• Security Issues in Ubiquitous/Pervasive Computing
• Intellectual Property Protection, Personal Data Protection for Information Systems and Digital Identity management
• Disaster Recovery and Failure Prevention, Incident Response and Prevention, Intrusion Detection and Fraud Detection
• Biometric Security, Cryptology: Cryptography and Cryptanalysis, Information hiding: Steganography & Steganalysis and Digital Forensics
• Cyber terrorism

Alfonso Rodriguez, University of Bio-Bio, Chile
Ambrosio Toval, University of Murcia, Spain
Andreas Bauer, National ICT Australia, Australia
Antonio Maña, University of Malaga, Spain
Brajendra Panda, University of Arkansas, USA
Csilla Farkas, University of South Carolina, USA
Daniel Mellado, University of Castilla-La Mancha, Spain
Debasis Giri, Haldia Institute of Technology, India
Duminda Wijesekera, University George Mason, USA
Eduardo Fernández-Medina, University of Castilla-La Mancha, Spain
Eduardo B. Fernández, Florida Atlantic University, USA
Ernesto Damiani, Università degli Studi di Milano, Italy
Federica Paci, University of Trento, Italy
George Yee, Charleton University, Canada
Günther Pernul, University of Regensburg, Germany
Haris Mouratidis, University of East London, UK
Hugo Jonker, University of Luxembourg, Luxembourg
Indrajit Ray, Colorado State University, USA
Indrakshi Ray, Colorado State University, USA
Jaejoon Lee, Lancaster University, UK
Jaime Delgado, Universitat Politècnica de Catalunya, Spain
Juan Carlos Trujillo, University of Alicante, Spain
Ketil Stoelen, Sintef, Norway
Kevin Butler, University of Oregon, USA
Komminist Weldemariam, Foundation Bruno Kessler, Italy
Luigi Lo Iacono, European University of Applied Sciences, Germany
María Carmen Fernández, Universidad de Málaga, Spain
Mario Piattini, University of Castilla-La Mancha, Spain
Mihai Christodorescu, University of Wisconsin, USA
Paolo Giorgini, University of Trento, Italy
Pino Caballero-Gil, University of La Laguna, Spain
Raimundas Matulevicius, University of Tartu, Estonia
Renato Iannella, Queensland University of Technology, Australia
Sabrina De Capitani di Vimercati, Università degli Studi di Milano, Italy
Sakurai Kouichi, Kyushu University, Japan
Shareful Islam, University of East London, UK
Sjouke Mauw, University of Luxembourg, Luxembourg
Spyros Kokolakis, Athens University of Economics and Business, Greece
Stamatis Karnouskos, SAP AG, Germany
Steven Furnell, University of Plymouth, UK
Thomas Santen, Microsoft Research Advanced Technology Labs Europe, Germany
Toshihiro Yamauchi, Okayama University, Japan
Yair Levy, Nova Southeastern University, USA

IMPORTANT DATES

PAPER SUBMISSION

Prospective authors are invited to submit papers in any of the topics listed above.
Instructions for preparing the manuscript (in Word and Latex formats) are available at: Paper Templates
Please also check the Guidelines and Templates.
Papers should be submitted electronically via the web-based submission system at: http://www.insticc.org/Primoris

PUBLICATIONS

All accepted papers will be published in the workshop proceedings book, under an ISBN reference and on CD-ROM support.
All papers presented at the conference venue will be available at the SCITEPRESS Digital Library (http://www.scitepress.org/DigitalLibrary/).
SCITEPRESS is member of CrossRef (http://www.crossref.org/).

SECRETARIAT CONTACTS

ICEIS Workshops - WOSIS 2013
e-mail: iceis.workshops.secretariat@insticc.org