Engineering Secure Software and Systems

1. Front Matter

   Pages I-X

   PDF

2. Security Testing Beyond Functional Tests

   • Mohammad Torabi Dashti , David Basin

   Pages 1-19

3. Progress-Sensitive Security for SPARK

   • Willard Rafnsson, Deepak Garg, Andrei Sabelfeld

   Pages 20-37

4. Sound and Precise Cross-Layer Data Flow Tracking

   • Enrico Lovat, Martín Ochoa, Alexander Pretschner

   Pages 38-55

5. Automatically Extracting Threats from Extended Data Flow Diagrams

   • Bernhard J. Berger, Karsten Sohr, Rainer Koschke

   Pages 56-71

6. On the Static Analysis of Hybrid Mobile Apps

   • Achim D. Brucker, Michael Herzberg

   Pages 72-88

7. Semantics-Based Repackaging Detection for Mobile Apps

   • Quanlong Guan, Heqing Huang, Weiqi Luo, Sencun Zhu

   Pages 89-105

8. Accelerometer-Based Device Fingerprinting for Multi-factor Mobile Authentication

   • Tom Van Goethem, Wout Scheepers, Davy Preuveneers, Wouter Joosen

   Pages 106-121

9. POODLEs, More POODLEs, FREAK Attacks Too: How Server Administrators Responded to Three Serious Web Vulnerabilities

   • Benjamin Fogel, Shane Farmer, Hamza Alkofahi, Anthony Skjellum, Munawar Hafiz

   Pages 122-137

10. HexPADS: A Platform to Detect “Stealth” Attacks

    • Mathias Payer

    Pages 138-154

11. Analyzing the Gadgets

    • Andreas Follner, Alexandre Bartel, Eric Bodden

    Pages 155-172

12. Empirical Analysis and Modeling of Black-Box Mutational Fuzzing

    • Mingyi Zhao, Peng Liu

    Pages 173-189

13. On the Security Cost of Using a Free and Open Source Component in a Proprietary Product

    • Stanislav Dashevskyi, Achim D. Brucker, Fabio Massacci

    Pages 190-206

14. Idea: Usable Platforms for Secure Programming – Mining Unix for Insight and Guidelines

    • Sven Türpe

    Pages 207-215

15. AppPAL for Android

    • Joseph Hallett, David Aspinall

    Pages 216-232

16. Inferring Semantic Mapping Between Policies and Code: The Clue is in the Language

    • Pauline Anthonysamy, Matthew Edwards, Chris Weichel, Awais Rashid

    Pages 233-250

17. Idea: Supporting Policy-Based Access Control on Database Systems

    • Jasper Bogaerts, Bert Lagaisse, Wouter Joosen

    Pages 251-259

18. Idea: Enforcing Security Properties by Solving Behavioural Equations

    • Eric Rothstein Morris, Joachim Posegga

    Pages 260-268

19. Back Matter

    PDF

This book constitutes the refereed proceedings of the 8th International Symposium on Engineering Secure Software and Systems, ESSoS 2016, held in London, UK, in April 2016. The 13 full papers presented together with 3 short papers and 1 invited talk were carefully reviewed and selected from 50 submissions. 

The goal of this symposium, is to bring together researchers and practitioners to advance the states of the art and practice in secure software engineering. The presentations and associated publications at ESSoS 2016 contribute to this goal in several directions: First, by improving methodologies for secure software engineering (such as flow analysis and policy
compliance). Second, with results for the detection and analysis of software vulnerabilities and the attacks they enable. Finally, for securing software for specific application domains (such as mobile devices and access control).

• Cloud security
• Embedded software security
• Malware detection
• Security measurements
• Web applications security
• Code analysis for security
• Computer forensics
• Domain-specific languages
• Mobile devices security
• Model checking for security
• Operating system security
• Program rewriting
• Programming models
• Programming paradigms
• Reverse-engineering
• Secure software engineering
• Security testing
• Security-oriented software reconfiguration
• Verification techniques
• Vulnerability analysis

• IMDEA Software Institute, Madrid, Spain

  Juan Caballero

• Paderborn University & Fraunhofer IEM, Paderborn, Germany

  Eric Bodden

• VU University, Amsterdam, The Netherlands

  Elias Athanasopoulos

Policies and ethics