Engineering Secure Software and Systems
10th International Symposium, ESSoS 2018, Paris, France, June 26-27, 2018, Proceedings
Published on 19. June 2018
IX, 133 pages
978-3-319-94496-8 (ISBN)
Description
This book constitutes the refereed proceedings of the 10th International Symposium on Engineering Secure Software and Systems, ESSoS 2018, held in Paris, France, in June 2018. The 10 papers, consisting of 7 regular and 3 idea papers, were carefully reviewed and selected from 26 submissions. They focus on the construction of secure software, which is becoming an increasingly challenging task due to the complexity of modern applications, the growing sophistication of security requirements, the multitude of available software technologies, and the progress of attack vectors.
More details
Other editions
Additional editions
Mathias Payer | Awais Rashid | Jose M. Such
Engineering Secure Software and Systems
10th International Symposium, ESSoS 2018, Paris, France, June 26-27, 2018, Proceedings
Book
06/2018
Springer
€58.84
Shipment within 10-15 days
Content
- Intro
- Preface
- Organization
- Contents
- A Vision for Enhancing Security of Cryptography in Executables
- 1 Introduction
- 2 The Vision
- 3 Available Already
- 3.1 Supporting Tools
- 3.2 First Results
- 3.3 Evaluation
- 4 Conclusion
- References
- Enforcing Full-Stack Memory-Safety in Cyber-Physical Systems
- 1 Introduction
- 2 Background
- 2.1 Overview of CPS
- 2.2 Overview of SWaT
- 2.3 ASan
- 2.4 KASan
- 3 Attacker Model and Memory Safety Overhead
- 3.1 Attacker Model
- 3.2 Modeling Memory Safety Overhead
- 3.3 Quantifying Tolerability
- 4 Enforcing Full-Stack Memory-Safety
- 4.1 Enforcing User-Space Memory-Safety
- 4.2 Enforcing Kernel-Space Memory-Safety
- 4.3 Detection and Mitigation
- 5 Experimental Design
- 5.1 open-SWaT
- 5.2 Measurement Details
- 6 Evaluation and Discussion of the Results
- 6.1 Security
- 6.2 Performance
- 6.3 Memory Usage
- 6.4 Validation and Sensitivity Analysis
- 7 Related Work
- 8 Conclusion
- References
- Model Checking the Information Flow Security of Real-Time Systems
- 1 Introduction
- 2 Fundamentals
- 2.1 Timed Automata
- 2.2 Timed Bisimulation
- 2.3 Noninterference
- 2.4 Motivating Example
- 3 Related Work
- 3.1 Complementary Approaches
- 3.2 Time-Dependent Information Flow Security
- 4 Checking Noninterference of Timed Automata
- 4.1 Refinement Checking
- 4.2 Test Automata Construction
- 5 Proof of Concept
- 6 Conclusions and Future Work
- References
- Off-Limits: Abusing Legacy x86 Memory Segmentation to Spy on Enclaved Execution
- 1 Introduction
- 2 Background
- 2.1 Intel SGX and Adversary Model
- 2.2 x86 Memory Management
- 3 Segmentation-Based Attacks
- 3.1 Interaction Between Segmentation and SGX
- 3.2 Attack #1: Page Granular Attacks
- 3.3 Precise Byte Granular Attacks
- 4 A Practical End-to-End Attack Scenario
- 5 Discussion and Mitigations
- 6 Conclusion
- A Vulnerable Microcode Versions
- References
- One Leak Is Enough to Expose Them All
- 1 Introduction
- 2 Background
- 3 Port Scanning
- 4 Experiment
- 4.1 Setup
- 4.2 Result
- 4.3 Threats to Validity
- 5 Risks and Countermeasures
- 5.1 Attacks
- 5.2 WebRTC IP Leak Guard
- 6 Related Work
- 7 Conclusion
- References
- PrivacyMeter: Designing and Developing a Privacy-Preserving Browser Extension
- 1 Introduction
- 2 Design and Interface
- 3 PrivacyMeter's Evaluation
- 4 Crowdsourcing
- 5 Future Work
- 6 Related Work
- 7 Conclusion
- References
- Security Analysis of Drone Communication Protocols
- 1 Introduction
- 2 Related Work
- 3 Protocol Principles
- 3.1 Structure of a Message
- 3.2 Encoding
- 3.3 Modulation
- 3.4 Frequency Hopping Spread Spectrum (FHSS)
- 4 Demonstration
- 4.1 Approach
- 4.2 Practical Implementation
- 5 Summary and Conclusions
- References
- Idea: Automatic Localization of Malicious Behaviors in Android Malware with Hidden Markov Models
- 1 Introduction
- 2 Preliminaries
- 3 Implementation
- 3.1 Data Generation
- 3.2 Training and Detection
- 3.3 Localization
- 4 Evaluation
- 5 Conclusions and Future Work
- References
- Idea: Benchmarking Android Data Leak Detection Tools
- 1 Introduction
- 2 Related Work
- 3 Classification and Selection of Android Analysis Tools
- 4 Benchmark Implementation
- 5 Experimental Setup
- 6 Results
- 7 Threats to Validity
- 8 Conclusions and Future Work
- References
- Idea: Visual Analytics for Web Security
- 1 Introduction
- 2 Motivation
- 3 Case Study
- 4 Design Evaluation
- 4.1 Functionality
- 4.2 Performance
- 4.3 Productivity
- 4.4 Discussion and Future Work
- 5 Conclusion
- References
- Author Index
