V Workshop on Regulation, Conformity Evaluation, Tests and Security Patterns (WRAC+)


The Workshop on Regulation, Conformity Evaluation, Tests and Security Patterns (WRAC+) is a forum where Regulators, Certification Bodies, Laboratories, Government, Academia and Industry can discuss different aspects of Conformity Evaluation in the area of Information and Computer Systems Security.

The cyberspace includes a set of software, hardware and communication networks often invisible, though it supports most of the applications we use every day. This space contains Internet and its computers, and also includes a great number of intelligent devices and equipment dedicated to specific applications, in addition to networks interconnecting all of them - those networks may be connected to the Internet or may simply be an isolated network.

More and more, it becomes evident that engendered attacks in Cyberspace may have a major impact on the Society welfare. Thus, cyberspace should be subject to some sort of control by the State, in search for its safe operation. Such control takes place by means of a regulatory process in which the State establishes some rules and conduct patterns in order to ensure minimum security in cyberspace - or part of it.

The fifth edition of WRAC+ will again be held as a satellite event of the Brazilian Symposium on Information and Computational Systems Security (SBSeg), and will provide a forum in which all actors involved with cybersecurity issues can interact and discuss the best path for the construction of rules that allow Brazil to achieve an adequate security status in its cybernetic space.

Topics of Interest

Although V WRAC+ is mainly focused on regulation and conformity evaluation, information systems and any devices with embedded software are very important objects in assessment process. Therefore, we are also concerned about issues involving Software and Smart Devices Security. V WRAC+ intends to deepen discussions related to "security requirements specification" for software and smart devices and its "validation" with respect to a given set of requirements.

This workshop's topics address issues of interest to the Academy, Industry and Government, such as:

  • Which areas are subject to some sort of regulation/control by the State?
  • How to define a set of appropriate requirements for each kind of application?
  • How to specify systematic procedures (tests) to assess compliance with requirements as regarding equipment, software or smart devices operating in Cyberspace?
  • How to evaluate laboratory competency as for the implementation of security assessment activities of equipment, software or smart devices?
  • How to set up a conformity assessment infrastructure and how to integrate it to approval/registration by regulators bodies?
  • What are the technical limitations of conformity assessment tools?

Topics of interest include - but are not limited to - the following:

  • Software protection and analysis
  • Software testing, verification and validation
  • Software debugging and understanding
  • Metrics, measurement and software analysis
  • Software Vulnerabilities
  • Formal methods
  • Malware detection and analysis
  • Risk management
  • Security regulations and standards
  • Hardware Security: invasive, semi-invasive and non-invasive methods
  • Products and Processes conformity assessment
  • Laboratory accreditation for security testing

Instructions for Authors

Papers may be submitted in two categories:

  • Full papers: A full paper should present a research work developed to the point of producing original and relevant results, fully analyzed and validated. They are limited to a maximum of 10 pages.
  • Short papers: A short paper should describe a research work in progress or practical experiments and "cases". They should contain between 4 and 6 pages.

Papers must be written in English or Portuguese. They must be submitted through SBC's JEMS system and shall be exclusively in PDF format. Authors must follow the SBC template available on the SBC portal.

All submissions will be evaluated by a body of reviewers in a double-blind manner (without any identification of authors, reviewers or institutions). Accepted papers will be presented at the workshop and published in the proceedings. At least one author must be registered per paper, and the paper presentation is required in order for it to be included in the proceedings.

A committee will select the best papers of all the full papers accepted and presented in the workshop.

Important Dates

Register and submission deadline: 06/24/2019 (EXTENDED AND FIRM 07/10/2019 07/17/2019)
Notification of decision: 07/22/2019 (EXTENDED AND FIRM 07/31/2019 08/07/2019)
Authors' registration and camera-ready version: 07/29/2019 (EXTENDED AND FIRM 08/05/2019 08/12/2019)

Program Committee

Altair Santin (PUCPR)
Carlos Davila (UFRJ)
Claudio de Farias (UFRJ)
Daniel Menasche (UFRJ)
Davidson Boccardo (Clavis Segurança da Informação)
Guilherme Garcia (INMETRO)
Luiz Fernando Rust da Costa Carmo (INMETRO)
Luiz Tarelho (INMETRO)
Mário Benevides (UFRJ)
Rodolfo Souza (INMETRO)
Rodrigo David (INMETRO)

Organizing Committee

V WRAC+ Chairs:
Lucila Bento (Inmetro)
Raphael Machado (Inmetro)

SBSeg 2019 Chairs:
Routo Terada (IME-USP)
Daniel Macêdo Batista (IME-USP)


SBSeg 2019 is an initiative by the Brazilian Computer Society (SBC).