Engineering Secure Software and Systems : First International Symposium, ESSoS 2009 Leuven, Belgium, 2009 Proceedings (Lecture Notes in Computer Science) 〈Vol. 5429〉

Massacci, F. (EDT)/ Redwine, S. (EDT)/ Zannone, N. (EDT)

Springer（2009/02発売）

• 製本 Paperback:紙装版/ペーパーバック版／ページ数 201 p.
• 言語 ENG
• 商品コード 9783642001987
• DDC分類 004

Full Description

It is our pleasure to welcome you to the ?rst edition of the International S- posium on Engineering Secure Software and Systems. This unique events aims at bringing together researchers from Software - gineeringandSecurity Engineering,helping to unite and further developthe two communitiesinthisandfutureeditions.Theparalleltechnicalsponsorshipsfrom the ACM SIGSAC (the ACM interest group in security) and ACM SIGSOFT (the ACM interest groupin softwareengineering) and the IEEE TCSE is a clear sign of the importance of this inter-disciplinary research area and its potential. The di?culty of building secure software systems is no longer focused on mastering security technology such as cryptography or access control models. Other important, and less controllable, factors include the complexity of m- ern networked software systems, the unpredictability of practical development lifecycles, the intertwining of and trade-o? between functionality, security and other qualities, the di?culty of dealing with human factors, and so forth. Over the last few years, an entire research domain has been building up around these problems.
And although some battles have been won, the jury is still out on the ?nal verdict. The conference program included two major keynotes from Axel Van L- sweerde (U. Louvain) and Wolfram Schulte (Microsoft Research) and an int- esting blend of research, industry and idea papers.

Contents

Policy Verification and Enforcement.- Verification of Business Process Entailment Constraints Using SPIN.- From Formal Access Control Policies to Runtime Enforcement Aspects.- Idea: Trusted Emergency Management.- Model Refinement and Program Transformation.- Idea: Action Refinement for Security Properties Enforcement.- Pattern-Based Confidentiality-Preserving Refinement.- Architectural Refinement and Notions of Intransitive Noninterference.- Systematically Eradicating Data Injection Attacks Using Security-Oriented Program Transformations.- Secure System Development.- Report: Measuring the Attack Surfaces of Enterprise Software.- Report: Extensibility and Implementation Independence of the .NET Cryptographic API.- Report: CC-Based Design of Secure Application Systems.- Protection Poker: Structuring Software Security Risk Assessment and Knowledge Transfer.- Attack Analysis and Prevention.- Toward Non-security Failures as a Predictor of Security Faults and Failures.- A Scalable Approach to Full Attack Graphs Generation.- MEDS: The Memory Error Detection System.- Testing and Assurance.- Idea: Automatic Security Testing for Web Applications.- Report: Functional Security Testing Closing the Software - Security Testing Gap: A Case from a Telecom Provider.- Idea: Measuring the Effect of Code Complexity on Static Analysis Results.