Skip to main content
SpringerLink
Log in
SpringerLink
Log in

Engineering Secure Software and Systems

Second International Symposium, ESSoS 2010, Pisa, Italy, February 3-4, 2010, Proceedings

  • Conference proceedings
  • © 2010

Overview

Editors:
  1. Fabio Massacci

    1. Dipartimento Ingegneria e Scienza dell’Informazione, Università di Trento, Povo (Trento), Italy

    View editor publications

    You can also search for this editor in PubMed   Google Scholar

  2. Dan Wallach

    1. Department of Computer Science, Rice University, Houston, USA

    View editor publications

    You can also search for this editor in PubMed   Google Scholar

  3. Nicola Zannone

    1. Faculty of Mathematics and Computer Science, Eindhoven University of Technology, Eindhoven, The Netherlands

    View editor publications

    You can also search for this editor in PubMed   Google Scholar

  • Fast track conference proceeding
  • Unique visibility
  • State of the art research

Part of the book series: Lecture Notes in Computer Science (LNCS, volume 5965)

Part of the book sub series: Security and Cryptology (LNSC)

Included in the following conference series:

Conference proceedings info: ESSoS 2010.

This is a preview of subscription content, log in via an institution to check access.

Access this book

Log in via an institution
eBook USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Other ways to access

Licence this eBook for your library

Institutional subscriptions

Table of contents (18 papers)

  1. Front Matter

    Download chapter PDF

  2. Session 1. Attack Analysis and Prevention I

    1. BuBBle: A Javascript Engine Level Countermeasure against Heap-Spraying Attacks

      • Francesco Gadaleta, Yves Younan, Wouter Joosen
      Pages 1-17

    2. CsFire: Transparent Client-Side Mitigation of Malicious Cross-Domain Requests

      • Philippe De Ryck, Lieven Desmet, Thomas Heyman, Frank Piessens, Wouter Joosen
      Pages 18-34

    3. Idea: Opcode-Sequence-Based Malware Detection

      • Igor Santos, Felix Brezo, Javier Nieves, Yoseba K. Penya, Borja Sanz, Carlos Laorden et al.
      Pages 35-43

  3. Session 2. Attack Analysis and Prevention II

    1. Experiences with PDG-Based IFC

      • Christian Hammer
      Pages 44-60

    2. Idea: Java vs. PHP: Security Implications of Language Choice for Web Applications

      • James Walden, Maureen Doyle, Robert Lenhof, John Murray
      Pages 61-69

    3. Idea: Towards Architecture-Centric Security Analysis of Software

      • Karsten Sohr, Bernhard Berger
      Pages 70-78

  4. Session 3. Policy Verification and Enforcement I

    1. Formally-Based Black-Box Monitoring of Security Protocols

      • Alfredo Pironti, Jan Jürjens
      Pages 79-95

    2. Secure Code Generation for Web Applications

      • Martin Johns, Christian Beyerlein, Rosemaria Giesecke, Joachim Posegga
      Pages 96-113

    3. Idea: Reusability of Threat Models – Two Approaches with an Experimental Evaluation

      • Per HÃ¥kon Meland, Inger Anne Tøndel, Jostein Jensen
      Pages 114-122

  5. Session 4. Policy Verification and Enforcement II

    1. Model-Driven Security Policy Deployment: Property Oriented Approach

      • Stere Preda, Nora Cuppens-Boulahia, Frédéric Cuppens, Joaquin Garcia-Alfaro, Laurent Toutain
      Pages 123-139

    2. Category-Based Authorisation Models: Operational Semantics and Expressive Power

      • Clara Bertolissi, Maribel Fernández
      Pages 140-156

    3. Idea: Efficient Evaluation of Access Control Constraints

      • Achim D. Brucker, Helmut Petritsch
      Pages 157-165

  6. Session 5. Secure System and Software Development I

    1. Formal Verification of Application-Specific Security Properties in a Model-Driven Approach

      • Nina Moebius, Kurt Stenzel, Wolfgang Reif
      Pages 166-181

    2. Idea: Enforcing Consumer-Specified Security Properties for Modular Software

      • Giacomo A. Galilei, Vincenzo Gervasi
      Pages 182-191

    3. Idea: Using System Level Testing for Revealing SQL Injection-Related Error Message Information Leaks

      • Ben Smith, Laurie Williams, Andrew Austin
      Pages 192-200

  7. Session 6. Secure System and Software Development II

    1. Automatic Generation of Smart, Security-Aware GUI Models

      • David Basin, Manuel Clavel, Marina Egea, Michael Schläpfer
      Pages 201-217

    2. Report: Modular Safeguards to Create Holistic Security Requirement Specifications for System of Systems

      • Albin Zuccato, Nils Daniels, Cheevarat Jampathom, Mikael Nilson
      Pages 218-230

    3. Idea: A Feasibility Study in Model Based Prediction of Impact of Changes on System Quality

      • Aida Omerovic, Anette Andresen, HÃ¥vard Grindheim, Per Myrseth, Atle Refsdal, Ketil Stølen et al.
      Pages 231-240

  8. Back Matter

    Download chapter PDF
Back to top

Other volumes

  1. Engineering Secure Software and Systems

Keywords

About this book

It is our pleasure to welcome you to the proceedings of the Second International Symposium on Engineering Secure Software and Systems. This unique event aimed at bringing together researchersfrom softwareen- neering and security engineering, which might help to unite and further develop the two communities in this and future editions. The parallel technical spons- ships from the ACM SIGSAC (the ACM interest group in security) and ACM SIGSOF (the ACM interest group in software engineering) is a clear sign of the importance of this inter-disciplinary research area and its potential. The di?culty of building secure software systems is no longer focused on mastering security technology such as cryptography or access control models. Other important factors include the complexity of modern networked software systems, the unpredictability of practical development life cycles, the intertw- ing of and trade-o? between functionality, security and other qualities, the d- culty of dealing with human factors, and so forth. Over the last years, an entire research domain has been building up around these problems. The conference program included two major keynotes from Any Gordon (Microsoft Research Cambridge) on the practical veri?cation of security pro- cols implementation and Angela Sasse (University College London) on security usability and an interesting blend of research, industry and idea papers.

Editors and Affiliations

  • Dipartimento Ingegneria e Scienza dell’Informazione, Università di Trento, Povo (Trento), Italy

    Fabio Massacci

  • Department of Computer Science, Rice University, Houston, USA

    Dan Wallach

  • Faculty of Mathematics and Computer Science, Eindhoven University of Technology, Eindhoven, The Netherlands

    Nicola Zannone

Bibliographic Information

Publish with us

Policies and ethics

Back to top

Search

Navigation