Engineering Secure Software and Systems

Second International Symposium, ESSoS 2010, Pisa, Italy, February 3-4, 2010. Proceedings

  • Fabio Massacci
  • Dan Wallach
  • Nicola Zannone
Conference proceedings ESSoS 2010

DOI: 10.1007/978-3-642-11747-3

Part of the Lecture Notes in Computer Science book series (LNCS, volume 5965)

Table of contents (18 papers)

  1. Front Matter
  2. Session 1. Attack Analysis and Prevention I

    1. BuBBle: A Javascript Engine Level Countermeasure against Heap-Spraying Attacks
      Francesco Gadaleta, Yves Younan, Wouter Joosen
      Pages 1-17
    2. CsFire: Transparent Client-Side Mitigation of Malicious Cross-Domain Requests
      Philippe De Ryck, Lieven Desmet, Thomas Heyman, Frank Piessens, Wouter Joosen
      Pages 18-34
    3. Idea: Opcode-Sequence-Based Malware Detection
      Igor Santos, Felix Brezo, Javier Nieves, Yoseba K. Penya, Borja Sanz, Carlos Laorden et al.
      Pages 35-43
  3. Session 2. Attack Analysis and Prevention II

    1. Experiences with PDG-Based IFC
      Christian Hammer
      Pages 44-60
    2. Idea: Java vs. PHP: Security Implications of Language Choice for Web Applications
      James Walden, Maureen Doyle, Robert Lenhof, John Murray
      Pages 61-69
    3. Idea: Towards Architecture-Centric Security Analysis of Software
      Karsten Sohr, Bernhard Berger
      Pages 70-78
  4. Session 3. Policy Verification and Enforcement I

    1. Formally-Based Black-Box Monitoring of Security Protocols
      Alfredo Pironti, Jan Jürjens
      Pages 79-95
    2. Secure Code Generation for Web Applications
      Martin Johns, Christian Beyerlein, Rosemaria Giesecke, Joachim Posegga
      Pages 96-113
    3. Idea: Reusability of Threat Models – Two Approaches with an Experimental Evaluation
      Per Håkon Meland, Inger Anne Tøndel, Jostein Jensen
      Pages 114-122
  5. Session 4. Policy Verification and Enforcement II

    1. Model-Driven Security Policy Deployment: Property Oriented Approach
      Stere Preda, Nora Cuppens-Boulahia, Frédéric Cuppens, Joaquin Garcia-Alfaro, Laurent Toutain
      Pages 123-139
    2. Category-Based Authorisation Models: Operational Semantics and Expressive Power
      Clara Bertolissi, Maribel Fernández
      Pages 140-156
    3. Idea: Efficient Evaluation of Access Control Constraints
      Achim D. Brucker, Helmut Petritsch
      Pages 157-165
  6. Session 5. Secure System and Software Development I

  7. Session 6. Secure System and Software Development II

    1. Automatic Generation of Smart, Security-Aware GUI Models
      David Basin, Manuel Clavel, Marina Egea, Michael Schläpfer
      Pages 201-217
    2. Report: Modular Safeguards to Create Holistic Security Requirement Specifications for System of Systems
      Albin Zuccato, Nils Daniels, Cheevarat Jampathom, Mikael Nilson
      Pages 218-230
    3. Idea: A Feasibility Study in Model Based Prediction of Impact of Changes on System Quality
      Aida Omerovic, Anette Andresen, Håvard Grindheim, Per Myrseth, Atle Refsdal, Ketil Stølen et al.
      Pages 231-240
  8. Back Matter

About these proceedings


This book constitutes the refereed proceedings of the Second International Symposium on Engineering Secure Software and Systems, ESSoS 2010, held in Pisa, Italy, in February 2010.

The 9 revised full papers presented together with 8 ideas papers were carefully reviewed and selected from 58 submissions. The papers are organized in topical sections on attack analysis and prevention, policy verification and enforcement, and secure system and software development.


Java calculus model checking program rewriting security architecture security assurance security measurement security requirements threat modeling verification verification techniques

Editors and affiliations

  • Fabio Massacci
    • 1
  • Dan Wallach
    • 2
  • Nicola Zannone
    • 3
  1. 1.Dipartimento Ingegneria e Scienza dell’InformazioneUniversità di TrentoPovo (Trento)Italy
  2. 2.Department of Computer ScienceRice UniversityHoustonUSA
  3. 3.Faculty of Mathematics and Computer ScienceEindhoven University of TechnologyEindhovenThe Netherlands

Bibliographic information

  • Copyright Information Springer-Verlag Berlin Heidelberg 2010
  • Publisher Name Springer, Berlin, Heidelberg
  • eBook Packages Computer Science
  • Print ISBN 978-3-642-11746-6
  • Online ISBN 978-3-642-11747-3
  • Series Print ISSN 0302-9743
  • Series Online ISSN 1611-3349