+612 9045 4394
Engineering Secure Software and Systems : Second International Symposium, ESSoS 2010, Pisa, Italy, February 3-4, 2010, Proceedings - Fabio Massacci

Engineering Secure Software and Systems

Second International Symposium, ESSoS 2010, Pisa, Italy, February 3-4, 2010, Proceedings

By: Fabio Massacci (Editor), Daniel Wallach (Editor), Nicola Zannone (Editor)

Paperback Published: 27th January 2010
ISBN: 9783642117466
Number Of Pages: 240

Share This Book:


or 4 easy payments of $33.88 with Learn more
Ships in 5 to 9 business days

It is our pleasure to welcome you to the proceedings of the Second International Symposium on Engineering Secure Software and Systems. This unique event aimed at bringing together researchersfrom softwareen- neering and security engineering, which might help to unite and further develop the two communities in this and future editions. The parallel technical spons- ships from the ACM SIGSAC (the ACM interest group in security) and ACM SIGSOF (the ACM interest group in software engineering) is a clear sign of the importance of this inter-disciplinary research area and its potential. The di?culty of building secure software systems is no longer focused on mastering security technology such as cryptography or access control models. Other important factors include the complexity of modern networked software systems, the unpredictability of practical development life cycles, the intertw- ing of and trade-o? between functionality, security and other qualities, the d- culty of dealing with human factors, and so forth. Over the last years, an entire research domain has been building up around these problems. The conference program included two major keynotes from Any Gordon (Microsoft Research Cambridge) on the practical veri?cation of security pro- cols implementation and Angela Sasse (University College London) on security usability and an interesting blend of research, industry and idea papers.

Attack Analysis and Prevention I
BuBBle: A Javascript Engine Level Countermeasure against Heap-Spraying Attacksp. 1
CsFire: Transparent Client-Side Mitigation of Malicious Cross-Domain Requestsp. 18
Idea: Opcode-Sequence-Based Malware Detectionp. 35
Attack Analysis and Prevention II
Experiences with PDG-Based IFCp. 44
Idea: Java vs. PHP: Security Implications of Language Choice for Web Applicationsp. 61
Idea: Towards Architecture-Centric Security Analysis of Softwarep. 70
Policy Verification and Enforcement I
Formally-Based Black-Box Monitoring of Security Protocolsp. 79
Secure Code Generation for Web Applicationsp. 96
Idea: Reusability of Threat Models - Two Approaches with an Experimental Evaluationp. 114
Policy Verification and Enforcement II
Model-Driven Security Policy Deployment: Property Oriented Approachp. 123
Category-Based Authorisation Models: Operational Semantics and Expressive Powerp. 140
Idea: Efficient Evaluation of Access Control Constraintsp. 157
Secure System and Software Development I
Formal Verification of Application-Specific Security Properties in a Model-Driven Approachp. 166
Idea: Enforcing Consumer-Specified Security Properties for Modular Softwarep. 182
Idea: Using System Level Testing for Revealing SQL Injection-Related Error Message Information Leaksp. 192
Secure System and Software Development II
Automatic Generation of Smart, Security-Aware GUI Modelsp. 201
Report: Modular Safeguards to Create Holistic Security Requirement Specifications for System of Systemsp. 218
Idea: A Feasibility Study in Model Based Prediction of Impact of Changes on System Qualityp. 231
Author Indexp. 241
Table of Contents provided by Ingram. All Rights Reserved.

ISBN: 9783642117466
ISBN-10: 3642117465
Series: Lecture Notes in Computer Science
Audience: General
Format: Paperback
Language: English
Number Of Pages: 240
Published: 27th January 2010
Publisher: Springer-Verlag Berlin and Heidelberg Gmbh & Co. Kg
Country of Publication: DE
Dimensions (cm): 23.11 x 15.24  x 1.52
Weight (kg): 0.39