From Asset
Jump to: navigation, search

MeSSa 2016
3rd International Workshop on Monitoring and Measurability of Software and Network Security
Istanbul, Turkey, September 5-9, 2016
Co-located with
The 10th European Conference on Software Architecture (ECSA 2016)

Security-related incidents are increasing, and at the same time our society is increasingly relying on cyber-physical systems. Systematic approaches to monitor and measure security are needed to build secure systems, including IoT and cloud services, and to offer security evidence for system designers and users. Security analysis and measuring on software architecture level produces evidence of security in the design phase, to deal with requirement trade-offs. Architecture-level security analysis supports "security by design". On the other hand, to understand overall security status and get a holistic view, architecture-level security analysis has to be extended to the operational system domain, and needs to include also the network level security monitoring and analysis. Thus, techniques to understand and scale the needs in both measurement and analytics are needed. Together these are able to provide the basis for security situational awareness in the modern complex software infrastructure. Security metrics may also support security adaptation and architecture-based evolution.

MeSSa 2016 solicits security-enhancing contributions on the following issues (but not limited to):

  • Security, trust and privacy metrics
  • Measurement systems and architectures
  • Securing Internet of Things
  • Trusted cloud
  • Situational awareness and threat intelligence
  • Software Defined Networking and Network Function Virtualisation
  • Self-adaptive and cognitive security
  • Trade-off analysis and decision-making
  • Evolutionary techniques
  • Measuring at runtime
  • Security visualisation and analytics
  • Quality and uncertainty in security measurement and metrics
  • Anomaly detection
  • Forensics and data analytics
  • Taxonomies and ontologies on security metrics
  • Empirical case studies and pilots
  • Risk-based security measurement and analysis
  • Adaptive metrics and multi-metrics
  • Semantic provability

Submission of papers:May 22, 2016
Author notification: June 19, 2016
Submission of camera-ready paper: June 27, 2016

Authors should submit a workshop paper no longer than seven pages. Papers of 5 pages in length or longer are considered Full Papers. The authors should use the ACM template ( for the paper.

The paper should be supplied in MS Word or PDF format to

The accepted workshop papers will be published in an ACM digital library. At least one author of all accepted papers must present the paper at the workshop.

Reijo Savola, VTT Technical Research Centre of Finland, Finland
Habtamu Abie, Norwegian Computing Centre, Norway
Antti Evesti, VTT Technical Research Centre of Finland, Finland


Noureddine Boudriga, University of Carthage, Tunisia
Iris Adam, NOKIA Networks, Germany
Thorsten Holz, Ruhr-Universität Bochum, Germany
Wolfgang Hommel, Leibniz Supercomputing Centre, Germany
Marina Krotofil, Hamburg University of Technology, Germany
Wolfgang Leister, Norwegian Computing Center, Norway
Fabio Martinelli, Institute of Informatics and Telematics, Italy
Mohammad Mozumdar, California State University, Long Beach, USA
Eila Ovaska, VTT Technical Research Centre of Finland, Finland
Ebenezer Paintsil, Verifone, Norway
Stefan Poslad, Queen Mary University of London, UK
Juha Röning, University of Oulu, Finland
Riccardo Scandariato, Katholieke Universiteit Leuven, Belgium
Einar Snekkenes, Norwegian University of Science and Technology, Norway
Denis Treck, University of Ljubljana, Slovenia
Yan Zhang, Simula Research Laboratory, Norway

IoTSec (
SENDATE Celtic-Plus Flagship