4th International Workshop on Risk Assessment and Risk-driven Quality Assurance (RISK)
In conjunction with 28th International Conference on Testing Software and Systems (ICTSS)
Traditional approaches for ensuring system quality address risk implicitly rather than systematically. However, there is a growing interest in enhancing traditional approaches for ensuring system quality by taking risk systematically into account. For instance, traditional test approaches often address risks implicitly. Systems, functions, or modules, which are known to be critical, are tested more intensively than others. The basis of such kind of test planning is often a very simple and unstructured risk assessment, which is usually performed during or in the preparation of the test process. However, we know that humans are great in planning technical environments and processes, but often fail when it comes to the intuitive estimation of related risk.
This workshop addresses risk-based approaches for ensuring the quality of software and cyber-physical systems. We are interested in innovative techniques, tools, languages and methods from industry or research, that take risk into account in the process of assurance, compliance, validation, or testing of cyber-physical systems and software. We are interested in safety, security and reliability, and in particular the intersection between these areas. In this year's edition, contributions that address reliability or the Internet of Things are particularly encouraged.
Program Risk Workshop 2016, Tuesday October 18th, 9:00 – 17:30
9:00 – 10:00
Keynote (shared with ICTSS)
Arnaud Gotlieb: Constraint-Based Test Suite Optimization
10:30 – 12:00: Security Risk Management (Session 1)
Session chair: Jürgen Großmann
10:30 – 10:45
Welcome by Jürgen Großmann and Michael Felderer
10:45-11:10
Johannes Viehmann: Business Driven ICT Risk Management in the Banking Domain with RACOMAT
11:10- 11:35
Gencer Erdogan, Marit Natvig, Aida Omerovic and Isabelle C.R. Tardy: Towards Transparent Real-Time Privacy Risk Assessment of Intelligent Transport Systems
11:35 -12:00
Benjamin Aziz and Jeyong Jung: Check Your Blind Spots: A New Cyber-Security Metric for Measuring Incident Response Readiness
13:20 – 15:00: Security Risk Analysis (Session 2)
Session Chair: Michael Felderer
13:20 – 13:45
Pontus Johnson, Alexandre Vernotte, Dan Gorton, Mathias Ekstedt and Robert Lagerström: Quantitative Information Security Risk Estimation using Probabilistic Attack Graphs
13:45 – 14:10
Steve Muller, Carlo Harpes and Cédric Muller: Fast and Optimal Countermeasure Selection for Attack Defence Trees
14:10 – 14:35
Laurens Lemaire, Jan Vossaert, Bart De Decker and Vincent Naessens: An Assessment of Security Analysis Tools for Cyber-Physical Systems
14:35 – 15:00
Daniel Angermeier, Alexander Nieding and Jörn Eichler: Supporting risk assessment with the systematic identification, merging and validation of security goals
15:30 – 17:30: Risk-based Testing (Session 3)
Session chair: Jürgen Großmann
15:30 – 15:55
Gencer Erdogan and Ketil Stølen: Design Decisions in the Development of a Graphical Language for Risk-Driven Security Testing
15:55 – 16:20
Rudolf Ramler and Michael Felderer: Towards a Lightweight Approach for Estimating Probability in Risk-Based Software Testing
16:20 – 16:45
Martin Schneider and Marc-Florian Wendland: Gaining Certainty about Uncertainty Testing for Uncertainties of Cyber-Physical Systems at the Application Level
16:45 – 17:10
Michael Felderer, Florian Auer and Johannes Bergsmann: Risk Management during Development: Results of a Survey in Software Houses from Germany, Austria and Switzerland
17:10 – 17:30
Wrap up and next steps
Program committee (to be completed):
• Ina Schieferdecker (TU Berlin/Fraunhofer FOKUS, Germany)
• Ketil Stolen (SINTEF ICT, Norway)
• Ruth Breu (University of Innsbruck, Austria)
• Ron Kenett (KPA Ltd. and Univ. of Torino, Italy)
• Sardar Muhammad Sulaman (Lund University, Sweden)
• Markus Schacher (KnowGravity Inc., Switzerland)
• Rudolf Ramler (Software Competence Center Hagenberg, Austria)
• Alessandra Bagnato (Softeam, France)
• Kenji Taguchi (AIST, Japan)
• Zhen Ru Dai (University of Applied Science Hamburg, Germany)
• Fredrik Seehusen (SINTEF ICT, Norway)
• Michael Felderer (University of Innsbruck, Austria)
• Jürgen Großmann (Fraunhofer FOKUS, Germany)
• Per Håkon Meland (SINTEF, Norway)
• Luca Compagna (SAP Labs, France)
• Fabio Martinelli (CNR-IIT Pisa, Italy)
• Jörn Eichler (Fraunhofer AISEC, Germany)
• Bruno Legeard (Femto-ST, France)
• Xiaoying Bai (Tsinghua University, China)
Organizers:
• Michael Felderer (University of Innsbruck, Austria)
• Fredrik Seehusen (SINTEF ICT, Norway)