MSR4P&S 2024

2nd International Workshop @ SANER 2024 (Rovaniemi, Finland)

Workshop Theme and Goals

The last decades have put Privacy and Security (P&S) in the spotlight of information technology as data breaches and cyberattacks have spiked globally. Still, P&S are often afterthoughts in software development as their benefits are sometimes difficult to demonstrate and their costs hard to justify. However, such technical debt is becoming hard to sustain as new legal frameworks, such as the EU General Data Protection Regulation (GDPR), demand companies to incorporate P&S features (e.g., transparency, anonymity, and informed consent) at the core of their products. Hence, there is an urgent call for tools and methods supporting the elicitation and deployment of P&S requirements in a by-design approach.

P&S are multifaceted and complex research areas spanning across different knowledge domains (e.g., engineering, law, and psychology). Challenges in P&S cannot be solely addressed from a single discipline as they often involve human factors, technological artefacts, and regulatory/legal frameworks. Particularly, the quest for P&S solutions requires in-deep knowledge and actionable information about its users/stakeholders, vulnerabilities/flaws, and potential attackers.

Mining Software Repositories (MSR) techniques can support this quest by providing means to understand the P&S dimensions of information systems, thus help shaping privacy- and security-friendly software. This workshop aims to explore the application of MSR at the different stages of P&S engineering.

Topics of Interest

We invite MSR researchers and practitioners across multiple disciplines and knowledge backgrounds to submit contributions dealing with the following (or related) topics:

  • MSR applications for security risk assessment
  • MSR applications for privacy requirements engineering
  • MSR applications for security vulnerabilities detection
  • Engineering PETs through MSR methodologies
  • Privacy-Enhancing Technologies through MSR
  • MSR-based research for safety/security by design
  • Privacy-friendly MSRs (including mixed-methods)
  • MSR-based mixed-methods on P&S research
  • Privacy requirements in MSR-based research
  • Integrating MSRs into P&S research (empirical)
  • Analysis of repositories to mine for P&S research
  • Tools supporting MSR-based research for P&S
  • Datasets used for MSR-based research for P&S
  • MSR applications to P&S assurance

Special Topic of Interest

Any paper within the scope of the workshop will be considered. Additionally, this year we especially welcome submissions elaborating on MSR applications for the security and privacy assessment of generative Artificial Intelligence (AI) models (e.g., GPT-3 and GitHub Copilot) and their impact on modern software engineering processes.

Submission Guidelines

Submitted papers must have been neither previously accepted for publication nor concurrently submitted for review in another journal, book, conference, or workshop. All submissions must come in PDF format and conform, at the time of submission, to the IEEE Conference Proceedings Formatting Guidelines: title in 24pt font and full text in 10pt font, LaTEX users must use \textit{$\backslash$documentclass[10pt,conference]{IEEEtran}} without including the \textit{compsoc} or \textit{compsocconf} option. Also, papers must comply with the IEEE Policy on Authorship. All submissions must be in English. Submissions can be of the following types:

  • Regular Papers: Up to 8 pages, including references. Regular papers must describe original contributions in research and/or practice. Although they can be work-in-progress, the authors must present a clear path forward. These will be given a 15-minute presentation during the workshop.
  • Short Papers: Up to 4 pages, including references. Short papers encompass position papers, experience reports, work-in-progress, new trends papers, industrial reports, datasets and tools. These will be given a 7-minutes presentation during the workshop.

The workshop will follow a double-anonymous peer review process in alignment with SANER’s Review Process policies. This means that the papers submitted must not reveal the authors’ identities in any way, omitting the names from the submission and referring to self-citations in the third person. The only exception will be dataset and tools papers, which will employ an optional single-anonymous review process.

All submitted papers will be reviewed regarding technical quality, relevance, significance, and clarity by the program committee. All workshop papers should be submitted electronically in PDF format through the workshop website (IEEE Format, Double Columns). Accepted papers will become part of the workshop proceedings.

Important Dates

The following are submission and workshop dates for all types of submissions:

Paper Submission December 13th, 2023 (AoE)
Main Track Author Notification January 8th, 2024
Camera Ready January 12th, 2024
Date of Workshop March 12th, 2024

Program Committee

The Organising Committee thanks the following generous individuals below:

Reviewer Organisation Twitter
Federica Paci University of Verona (Italy)
Ali Babar University of Adelaide (Australia)
Diego Costa Concordia University (Canada)
Maura Pintor University of Cagliari (Italy)
Clemente Izurieta Montana State University (USA)
Nan Sun Deakin University (Australia)
Dinusha Vatsalan Macquarie University (Australia)
Antonino Sabetta SAP Security Research (France)
Maxwell Young Mississippi State University (USA)
Mariana Peixoto Federal University of Pernambuco (Brazil)