Engineering Secure Software and Systems Third International Symposium ESSoS 2011 Madrid Spain February 9 10 2011 Proceedings 1st Edition by Ulfar Erlingsson, Roel Wieringa, Nicola Zannone ISBN 9783642191244 by Benjamin Aziz, Alvaro E. Arenas, Michael Wilson (auth.), Úlfar Erlingsson, Roel Wieringa, Nicola Zannone (eds.) 9783642191244, 364219124X instant download after payment.

Engineering Secure Software and Systems Third International Symposium ESSoS 2011 Madrid Spain February 9 10 2011 Proceedings 1st Edition by Ulfar Erlingsson, Roel Wieringa, Nicola Zannone - Ebook PDF Instant Download/Delivery: 9783642191244 
Full download Engineering Secure Software and Systems Third International Symposium ESSoS 2011 Madrid Spain February 9 10 2011 Proceedings 1st Edition after payment

Product details:

ISBN 13: 9783642191244
Author: Ulfar Erlingsson, Roel Wieringa, Nicola Zannone

This book constitutes the refereed proceedings of the Third International Symposium on Engineering Secure Software and Systems, ESSoS 2011, held in Madrid, Italy, in February 2011. The 18 revised full papers presented together with 3 idea papers were carefully reviewed and selected from 63 submissions. The papers are organized in topical sections on model-based security, tools and mechanisms, Web security, security requirements engineering, and authorization.

Engineering Secure Software and Systems Third International Symposium ESSoS 2011 Madrid Spain February 9 10 2011 Proceedings 1st Table of contents:

Session 1. Model-Based Security I
Model-Based Refinement of Security Policies in Collaborative Virtual Organisations
Introduction
A Case Study: Distributed Geographical Map Processing
Background
VO Policy Management
VO Policies
Resource Policies
From VO to Deployable Resource Policies
VO-Resource Hierarchies
Policy Refinement
The ATL-Based Policy Refinement Engine
The Atlas Transformation Language (ATL)
The VO2RESOURCE Policy Transformation
The RESOURCE_POLICY_DEPLOYMENT Transformation
Interfacing with the Engine
Related Work
Conclusion and Future Work
References
Automatic Conformance Checking of Role-Based Access Control Policies via Alloy
Introduction
Background
RBAC
Alloy
RBAC Policy Tool
An Alloy Representation of RBAC
Instances
Example
Discussion
References
Security Validation of Business Processes via Model-Checking
Introduction
A Motivating Example
An Outline of Our Approach
Formalization
Assessment
Related Work
Conclusion and Future Work
References
Session 2. Tools and Mechanisms
On-Device Control Flow Verification for Java Programs
Introduction
Model for Controlling Service Calls between Applications
Technological Context
Systems and Security Policies
Semantics of the Security Policy
Generic Security Policies
Application to GlobalPlatform/Java Card Systems
On-Device Algorithms
Addition of a New Application
Addition of New Domains
Integration in GlobalPlatform/Java Card
Application to a Multi-application Use Case for Smart Cards
Related Work
Conclusion
References
Efficient Symbolic Execution for Analysing Cryptographic Protocol Implementations
Introduction
LLVM
Syntax
Semantics
Concrete Semantics
Symbolic Semantics and Symbolic Execution
Symbolic Functions
Symbolic Functions
Semantics
Specifying the Behavior of a Symbolic Function
Operational Correspondence under Symbolic Functions
Prototype
Conclusions and Future Work
References
Predictability of Enforcement
Introduction
The Contribution of This Paper
Running Example
Standard Notations of Enforcement
Metrics and Distances
From Sound to Bounded Monitors
Predictability
Conclusions
References
Session 3. Web Security
SessionShield: Lightweight Protection against Session Hijacking
Introduction
Background
Session Identifiers
Cross-Site Scripting Attacks
HTTP-Only and Sessions
SessionShield Design
Core Functionality
Naming Conventions of Session Identifiers
Statistical Characteristics of Session Identifiers
Evaluation
False Positives and False Negatives
Performance Overhead
Implementation
Related Work
Conclusion
References
Security Sensitive Data Flow Coverage Criterion for Automatic Security Testing of Web Applications
Introduction
Background
Web Application Vulnerabilities
Automatic Security Testing
Traditional Coverage Criteria
Branch Coverage-Based Security Testing
Sink Coverage-Based Security Testing
Problem Summary and Our Approach
Security Sensitive Data Flow Coverage Criterion
Definition
Security Sensitive Data Flow Coverage-Based Security Testing
Determining Security Sensitive Branch
Discussion
Experiment
Experiment Setup
Experiment Results
Discussion
Related Work
Conclusion
References
Middleware Support for Complex and Distributed Security Services in Multi-tier Web Applications
Introduction
Motivation and Background
Challenges for Complex Security Services in Web Architectures
Support for Complex Security Services
Middleware Support
Detailed Design Based on a Non-repudiation Case Study
Prototype and Evaluation
Prototype Implementation and Configuration
Analysis of the Security Middleware
Discussion
Conclusion
References
Session 4. Model-Based Security II
Lightweight Modeling and Analysis of Security Concepts
Introduction
Requirements, Background, and Related Work
Basic Requirements
Information Security Management
IT Baseline Protection Methodology
Related Work
Modeling Security Concepts with SeCoML
The Modeling Language
Analysis of Security Concepts
Implementation and Integration in the Tool Chain
Early Experience with SeCoML
Summary and Outlook
References
A Tool-Supported Method for the Design and Implementation of Secure Distributed Applications
Introduction
Collaborative Specification Style
Security Goals
Overview of the Method
Building Blocks for Secure Connections
Preparing the Runtime Support-System
Building Block for the Secure Mode Establishment
Building Block for the Secure Mode Termination
Building Block for the Secure Mode Error Listener
Integration of the Security Mechanisms
Step 1: Risk Assessment and Check of Preconditions
Step 2: Embedding Security Functions
Step 3: Integrating the Secured Collaborations
Discussion and Proof
Related Work
Concluding Remarks
References
An Architecture-Centric Approach to Detecting Security Patterns in Software
Introduction
The Bauhaus Tool
Security Aspects and the RFG
Early Case Studies
Single Access Point Pattern
Case Study: Spark
Case Study: Simple Android Instant Messaging Application
Conclusion
Related Work
Outlook
References
Session 5. Security Requirements Engineering
The Security Twin Peaks
Introduction
Related Work
Architectural Security Patterns Revisited
Key Notions for Co-development
Revisiting the Pattern Documentation
The Security Twin Peaks
Overview
Discussion
Conclusion
References
Evolution of Security Requirements Tests for Service–Centric Systems
Introduction
Test Evolution Methodology
Metamodel
Evolution Process
Case Study
Related Work
Conclusions
References
After-Life Vulnerabilities:A Study on Firefox Evolution, Its Vulnerabilities, and Fixes
Introduction
Data Acquisition and Experiment Setup
Versions and Vulnerabilities
After-Life Vulnerabilities and the Security Ecosystem
``Milk or Wine'' Revisited
The Slow Pace of Software Evolution
Threats to Validity
Related Work
Discussion and Conclusions
References
Session 6. Authorization
Authorization Enforcement Usability Case Study
Introduction
Authorization Usability in Software Development
Policy Specification
Authorization Enforcement
Authorization Framework: declarative_authorization
Authorization Development Case Study
Methodology
Results
Discussion
Advice on Authorization Enforcement Design
Conclusion
References
Scalable Authorization Middleware for Service Oriented Architectures
Introduction
Motivation
Architecture
Managed Authorization Components
Distribution Layer
Manager
Prototype
Evaluation and Discussion
Related Work
Conclusion
References
Adaptable Authentication Model: Exploring Security with Weaker Attacker Models
Introduction
Related Work
Overview of the Approach
Adaptable Authentication Model
Case Study: A Simple RFID System
Discussion
Conclusion
References
Session 7. Ideas
Idea: Interactive Support for Secure Software Development
Introduction
Interactive Code Refactoring
Interactive Code Annotation
Initial Evaluations
Open Source Project Evaluation
Model-Theoretic Analysis
Discussions
References
Idea: A Reference Platform for Systematic Information Security Management Tool Support
Introduction
Security Management Reference Platform
Unified Information Model
Enterprise-Level Repository
Extensible Application and Integration Platform
Proof-of-Concept Prototype
Summary and Outlook
References
Idea: Simulation Based Security Requirement Verification for Transaction Level Models
Introduction
Related Work
The Common Criteria Process
Transaction Level Modeling
Formal System Verification
Simulation Based Security Requirement Verification
Iterative TLM Verification
HW/SW Verification Approaches
Verification Rules
Proof of Concept Implementation
Results and Discussion
Conclusion and Future Work
References
Author Index

People also search for Engineering Secure Software and Systems Third International Symposium ESSoS 2011 Madrid Spain February 9 10 2011 Proceedings 1st:

    
engineering secure software and systems
    
engineering safe and secure software systems
    
what does a software systems engineer do
    
systems security engineering principles
    
types of engineering software

Tags: Ulfar Erlingsson, Roel Wieringa, Nicola Zannone, Engineering, Secure