Book Volume 5965 2010

Engineering Secure Software and Systems

Second International Symposium, ESSoS 2010, Pisa, Italy, February 3-4, 2010. Proceedings

Editors:

ISBN: 978-3-642-11746-6 (Print) 978-3-642-11747-3 (Online)

Table of contents (18 chapters)

  1. Front Matter

    Pages -

  2. Session 1. Attack Analysis and Prevention I

    1. No Access

      Chapter

      Pages 1-17

      BuBBle: A Javascript Engine Level Countermeasure against Heap-Spraying Attacks

    2. No Access

      Chapter

      Pages 18-34

      CsFire: Transparent Client-Side Mitigation of Malicious Cross-Domain Requests

    3. No Access

      Chapter

      Pages 35-43

      Idea: Opcode-Sequence-Based Malware Detection

  3. Session 2. Attack Analysis and Prevention II

    1. No Access

      Chapter

      Pages 44-60

      Experiences with PDG-Based IFC

    2. No Access

      Chapter

      Pages 61-69

      Idea: Java vs. PHP: Security Implications of Language Choice for Web Applications

    3. No Access

      Chapter

      Pages 70-78

      Idea: Towards Architecture-Centric Security Analysis of Software

  4. Session 3. Policy Verification and Enforcement I

    1. No Access

      Chapter

      Pages 79-95

      Formally-Based Black-Box Monitoring of Security Protocols

    2. No Access

      Chapter

      Pages 96-113

      Secure Code Generation for Web Applications

    3. No Access

      Chapter

      Pages 114-122

      Idea: Reusability of Threat Models – Two Approaches with an Experimental Evaluation

  5. Session 4. Policy Verification and Enforcement II

    1. No Access

      Chapter

      Pages 123-139

      Model-Driven Security Policy Deployment: Property Oriented Approach

    2. No Access

      Chapter

      Pages 140-156

      Category-Based Authorisation Models: Operational Semantics and Expressive Power

    3. No Access

      Chapter

      Pages 157-165

      Idea: Efficient Evaluation of Access Control Constraints

  6. Session 5. Secure System and Software Development I

    1. No Access

      Chapter

      Pages 166-181

      Formal Verification of Application-Specific Security Properties in a Model-Driven Approach

    2. No Access

      Chapter

      Pages 182-191

      Idea: Enforcing Consumer-Specified Security Properties for Modular Software

    3. No Access

      Chapter

      Pages 192-200

      Idea: Using System Level Testing for Revealing SQL Injection-Related Error Message Information Leaks

  7. Session 6. Secure System and Software Development II

    1. No Access

      Chapter

      Pages 201-217

      Automatic Generation of Smart, Security-Aware GUI Models

    2. No Access

      Chapter

      Pages 218-230

      Report: Modular Safeguards to Create Holistic Security Requirement Specifications for System of Systems

    3. No Access

      Chapter

      Pages 231-240

      Idea: A Feasibility Study in Model Based Prediction of Impact of Changes on System Quality

  8. Back Matter

    Pages -