Modern society heavily relies on large, heterogeneous and complex software-intensive systems to support all kinds of daily activities. Services such as urban transportation, logistics, health-care, data communication, railway, aerospace, and power distribution, to name a few, are becoming more and more dependent on the availability of such infrastructures. Any discontinuity of service may lead to serious problems, from severe financial losses to fatalities or injuries; the causes have different natures, either human errors, unexpected acts of nature, or intentional attacks like sabotage. Safety and security (S&S) assessments in critical infrastructures measure how these disruptions are handled and what is the impact suffered by the critical infrastructure under stress. These assessments are normally performed using analytical or simulation-based techniques often addressing one single specific aspect at a time rather than studying these infrastructures in a holistic manner. This workshop aims at providing a forum for people from academia and industry to communicate their latest results on theoretical advances, industrial case studies, practical scenarios, and lessons learned in the assurance of S&S for critical infrastructures. Since the special interest on S&S assurance, a special focus will be put on model-based approaches; to the joint modelling and analysis of both cyber and physical aspects of critical infrastructures; and to the definition of unifying modelling and analysis methodologies. Research papers focused on safety or security assurance only are also welcome.

Topics of interest: Methods and Methodologies: Threat, Vulnerability and Risk Assessment; Model-Based Penetration Testing; Security Metrics Definition and Evaluation; RAMSS Analysis; Crisis and Emergency Management; Unifying Modelling Methodologies for Cyber and Physical Security; Resilience Engineering. Modelling: Stochastic Modeling; Formal Methods; Domain Specific Languages and Model-Driven Engineering; Multi-Level Hierarchical Modeling; Multi-Paradigm Modeling. Analysis: Quantitative & Qualitative Evaluation; Interconnections Among Non-Functional Aspects (e.g., Reliability vs. Safety, Security vs. Performance); Multisolution Processes; Resilience Analysis. Domains: Cyber-Physical Systems; Critical Infrastructure Protection; SCADA and Control Systems Security; Homeland Security; Automotive; Transport, Manufacturing, Energy, Health and Banking Applications; Computer Networks and Cloud Infrastructures.