Engineering Secure Software and Systems

1. Front Matter

   Pages I-X

   PDF

2. SEQUOIA: Scalable Policy-Based Access Control for Search Operations in Data-Driven Applications

   • Jasper Bogaerts, Bert Lagaisse, Wouter Joosen

   Pages 1-18

3. A Voucher-Based Security Middleware for Secure Business Process Outsourcing

   • Emad Heydari Beni, Bert Lagaisse, Ren Zhang, Danny De Cock, Filipe Beato, Wouter Joosen

   Pages 19-35

4. LASARUS: Lightweight Attack Surface Reduction for Legacy Industrial Control Systems

   • Anhtuan Le, Utz Roedig, Awais Rashid

   Pages 36-52

5. Exploring the Relationship Between Architecture Coupling and Software Vulnerabilities

   • Robert Lagerström, Carliss Baldwin, Alan MacCormack, Dan Sturtevant, Lee Doolan

   Pages 53-69

6. Natural Language Insights from Code Reviews that Missed a Vulnerability

   • Nuthan Munaiah, Benjamin S. Meyers, Cecilia O. Alm, Andrew Meneely, Pradeep K. Murukannaiah, Emily Prud’hommeaux et al.

   Pages 70-86

7. Idea: Optimized Automatic Sanitizer Placement

   • Gebrehiwet Biyane Welearegai, Christian Hammer

   Pages 87-96

8. FPRandom: Randomizing Core Browser Objects to Break Advanced Device Fingerprinting Techniques

   • Pierre Laperdrix, Benoit Baudry, Vikas Mishra

   Pages 97-114

9. Control What You Include!

   • Dolière Francis Somé, Nataliia Bielova, Tamara Rezk

   Pages 115-132

10. Idea-Caution Before Exploitation: The Use of Cybersecurity Domain Knowledge to Educate Software Engineers Against Software Vulnerabilities

    • Tayyaba Nafees, Natalie Coull, Robert Ian Ferguson, Adam Sampson

    Pages 133-142

11. Defeating Zombie Gadgets by Re-randomizing Code upon Disclosure

    • Micah Morton, Hyungjoon Koo, Forrest Li, Kevin Z. Snow, Michalis Polychronakis, Fabian Monrose

    Pages 143-160

12. KASLR is Dead: Long Live KASLR

    • Daniel Gruss, Moritz Lipp, Michael Schwarz, Richard Fellner, Clémentine Maurice, Stefan Mangard

    Pages 161-176

13. JTR: A Binary Solution for Switch-Case Recovery

    • Lucian Cojocar, Taddeus Kroes, Herbert Bos

    Pages 177-195

14. A Formal Approach to Exploiting Multi-stage Attacks Based on File-System Vulnerabilities of Web Applications

    • Federico De Meo, Luca Viganò

    Pages 196-212

15. A Systematic Study of Cache Side Channels Across AES Implementations

    • Heiko Mantel, Alexandra Weber, Boris Köpf

    Pages 213-230

16. Idea: A Unifying Theory for Evaluation Systems

    • Giampaolo Bella, Rosario Giustolisi

    Pages 231-239

17. Back Matter

    Pages 241-241

    PDF

This book constitutes the refereed proceedings of the 9th International Symposium on Engineering Secure Software and Systems, ESSoS 2017, held in Bonn,  Germany in July 2017. The 12 full papers presented together with 3 short papers were carefully reviewed and selected from 32 submissions. 

The goal of this symposium is to bring together researchers and practitioners to advance the states of the art and practice in secure software engineering.

• Data security
• Semantics
• Software engineering
• Computer architecture
• Cloud security
• Mobile devices security
• virtualization for security
• Malware
• Embedded software security
• Computer forensics
• Security in critical infrastructures

• University of Paderborn, Paderborn, Germany

  Eric Bodden

• Purdue University, West Lafayette, USA

  Mathias Payer

• University of Cyprus, Nicosia, Cyprus

  Elias Athanasopoulos

Policies and ethics