Engineering Secure Software and Systems
4th International Symposium, ESSoS 2012, Eindhoven, The Netherlands, February, 16-17, 2012, Proceedings
Published on 10. February 2012
XII, 151 pages
978-3-642-28166-2 (ISBN)
Description
This book constitutes the refereed proceedings of the 4th International Symposium on Engineering Secure Software and Systems, ESSoS 2012, held in Eindhoven, The Netherlands, in February 2012. The 7 revised full papers presented together with 7 idea papers were carefully reviewed and selected from 53 submissions. The full papers present new research results in the field of engineering secure software and systems, whereas the idea papers give crisp expositions of interesting, novel ideas in the early stages of development.
More details
Other editions
Additional editions
Gilles Barthe | Ben Livshits | Riccardo Scandariato
Engineering Secure Software and Systems
4th International Symposium, ESSoS 2012, Eindhoven, The Netherlands, February, 16-17, 2012, Proceedings
Book
01/2012
1st Edition
Springer
€53.49
Shipment within 7-9 days
Content
- Title Page
- Preface
- Organization
- Table of Contents
- Application-Replay Attack on Java Cards: When the Garbage Collector Gets Confused
- Introduction
- Java Card Reference Prediction
- Reference Assignment
- Garbage Collection
- Reference Prediction
- Application Replay to Circumvent the Application Firewall
- Java Card Context Isolation : The Application Firewall
- Application Instance Deletion
- Application-Replay" Attack on a Java Card 3.0
- Analysis and Countermeasures
- Conclusion
- References
- Supporting the Development and Documentation of ISO 27001 Information Security Management Systems through Security Requirements Engineering Approaches
- Introduction
- The ISO 27001 Standard
- A Conceptual Framework for Security Requirements Engineering
- Relating the ISO 27001 Standard and Security Requirements Engineering Methods
- Insights
- Related Work
- Conclusion
- References
- Typed Assembler for a RISC Crypto-Processor
- Introduction
- ype-Checking
- Assembler Typing
- The Basic Algorithm
- Taking Account of the Stack
- Conclusion
- Future Work
- References
- Transversal Policy Conflict Detection
- Introduction
- Related Work
- Use Case
- Transversal Conflict Detection
- Domain Description Model
- Class-Specific Policy Models
- Conflict Specification Model
- Conclusion
- References
- Challenges in Implementing an End-to-End Secure Protocol for Java ME-Based Mobile Data Collection in Low-Budget Settings
- Introduction
- Implementation Challenges and Solutions
- Cryptography API Providers
- Key Generation
- Secure Data Upload and Download
- Secure Storage
- Modularity of the API
- API Integration
- Preliminary Performance Test
- Related Work and Conclusions
- References
- Runtime Enforcement of Information Flow Security in Tree Manipulating Processes
- Introduction
- Preliminaries
- The Runtime Monitor
- Formal Treatment of the Monitor
- Guarantees
- Related Work and Conclusion
- References
- Formalisation and Implementation of the XACML Access Control Mechanism
- Introduction
- The XACML Standard
- An Alternative Syntax of XACML
- XACML Formal Semantics
- Tools
- Concluding Remarks
- References
- A Task Ordering Approach for Automatic Trust Establishment
- Introduction
- Related Work
- A Graph-Based Trust Metric Model
- Tasks Dependencies
- Motivation
- Task Domain
- Trust Assumptions
- Model for Automatic Trust Values Computation
- Tasks Comparison
- Case Study: Electronic Health Records Management
- e-Health
- Application of the Model
- Conclusions and Future Work
- References
- An Idea of an Independent Validation of Vulnerability Discovery Models
- Introduction
- Contribution of This Paper
- Research Questions
- Vulnerability Discovery Models
- Validation of VDMs
- Threats to Validity
- Conclusion and Future Work
- References
- A Sound Decision Procedure for the Compositionality of Secrecy
- Introduction
- Preliminaries
- Decision Procedure
- An Insecure Variant of the TLS Protocol
- Validation and Efficiency
- Related Work
- Conclusions
- References
- Plagiarizing Smartphone Applications: Attack Strategies and Defense Techniques
- Introduction
- System and Threat Model
- Android Development Process
- Threat Model
- Obfuscation Model
- Plagiarizing Applications
- Plagiarism Mechanisms and Payload
- Improving Infection Count
- Detecting Plagiarized Applications
- Reverse Engineering and Fingerprinting Android Applications
- Detection Techniques
- Defense Evaluation
- Real-World Plagiarism Detection
- Accuracy
- Obfuscation Resilience
- Computational Feasibility
- Related Work
- Conclusion
- References
- Design of Adaptive Security Mechanisms for Real-Time Embedded Systems
- Introduction
- Background and Motivation
- Approach
- Log Information and Adaptation Mechanism
- Implementation Details
- Evaluation
- Discussion
- Related Work
- Conclusion and Future Work
- References
- Hunting Application-Level Logical Errors
- Introduction
- Related Work
- The APP_LogGIC Framework
- The Invariant-Based Analysis Method (IBM)
- Fuzzy Logic System
- Implementation
- Limitations
- Conclusions and Further Research
- References
- Optimal Trust Mining and Computingon Keyed Map Reduce
- Introduction
- The Motivation Problem
- This Work
- A Keyed MapReduce
- A Keyed MapReduce Function
- Trust Mining on MapReduce
- Pseudonymous of Users
- Trust Mining
- Trust Computing
- Conclusion
- References
- Author Index
