Aims and Scope

Software-based systems are becoming increasingly long-living. At the same time, software-based systems are getting extremely security-critical since software now pervades the whole critical infrastructures dealing with users and organizational data. There is therefore a growing demand for more assurance and security properties verification of long living systems both during development and at deployment time. Yet long lived systems also need to be flexible, to adapt to changes and adjust to evolving requirements, usage and attack models. However, using today’s system engineering techniques we are forced to trade flexibility for assurance or vice versa.

The objective is thus to develop techniques and tools that ensure “lifelong” compliance to evolving security, privacy and dependability requirements for a long-running evolving software system. Achieving this objective is challenging because security requirements are not necessarily preserved by system evolution.

We seek for novel software engineering techniques and approaches for secure and evolvable systems. Topics of interest include (but are not limited to):

  • Requirements engineering techniques for secure and evolvable systems
  • Model-driven security requirements specification for evolving business processes
  • Software engineering processes for secure and evolvable systems
  • Software architectures for secure and evolvable systems
  • Modeling techniques for secure and evolvable systems
  • Generic models and transformations of change
  • Risk assessment techniques for secure and evolvable systems
  • Access control models and mechanisms for evolving systems
  • Design-time and on-device verification techniques to provide guaranteed level of assurance upon change
  • Model-driven testing techniques for secure and evolvable systems

Important dates

  • Workshop date: February 08th or February 11th 2011 (full day)
  • Submission deadline: December 1st 2010
  • Notification deadline: December 17th 2010
  • Final paper deadline: February 25th 2011

Programme Committee

  • Fabrice Bouquet (INRIA, France)
  • Ruth Breu (Univ. Innsbruck, Austria)
  • Boutheina Chetali (Gemalto, France)
  • Edith Felix (Thales, France)
  • Elena Ferrari (Univ. Insubria, Italy)
  • Holger Giese (Hasso-Plattner Institute, Germany)
  • Reiko Heckel (Univ. Leicester, UK)
  • Jan Jürjens (Univ. Dortmund, Germany)
  • Fabio Massacci (Univ. Trento, Italy)
  • Bashar Nuseibeh (Open University, UK)
  • Richard Paige (Univ. York, UK)
  • Frank Piessens (KU Leuven, Belgium)
  • Riccardo Scandariato (KU Leuven, Belgium)
  • Andreas Schaad (SAP, Germany)
  • Mohamed Schebab (UNC Charlotte, US)
  • Anna Squicciarini (Penn State University, US)
  • Ketil Stolen (SINTEF, Norway)
  • Alessandra Tedeschi (DeepBlue, Italy)
  • Nicola Zannone (TU Eindhoven, Netherlands)


The proceedings of this workshop is planned to be published in the journal Electronic Communications of the EASST.

Two kinds of papers are solicited: (1) full papers (maximum 10 pages in ECEASST format) and (2) short papers (max 6 pages). Accepted full papers will be published in the ECEASST volume.


All submitted papers will be thoroughly reviewed before the workshop. Authors of accepted short papers will be offered to extend their papers AFTER the workshop to get included in the proceedings after a (post-workshop) second round of review.


SecureChangeWS 2011 will be held in the heart of Madrid, Spain on February 8th or 11th, 2011. It is a satellite workshop of ESSOS 2011, the International Symposium on Engineering Secure Software and Systems. For venue, registration and suggested accommodation see the ESSOS 2011 web page:


Please do not hesitate to contact the organizers if you have any questions: