2. ESSoS 2010: Pisa, Italy

Fabio Massacci, Dan S. Wallach, Nicola Zannone (Eds.): Engineering Secure Software and Systems, Second International Symposium, ESSoS 2010, Pisa, Italy, February 3-4, 2010. Proceedings. Lecture Notes in Computer Science 5965 Springer 2010, ISBN 978-3-642-11746-6

Attack Analysis and Prevention I

Francesco Gadaleta, Yves Younan, Wouter Joosen:
BuBBle: A Javascript Engine Level Countermeasure against Heap-Spraying Attacks. 1-17
Philippe De Ryck, Lieven Desmet, Thomas Heyman, Frank Piessens, Wouter Joosen:
CsFire: Transparent Client-Side Mitigation of Malicious Cross-Domain Requests. 18-34
Igor Santos, Felix Brezo, Javier Nieves, Yoseba K. Penya, Borja Sanz, Carlos Laorden, Pablo Garcia Bringas:
Idea: Opcode-Sequence-Based Malware Detection. 35-43

Christian Hammer:
Experiences with PDG-Based IFC. 44-60
James Walden, Maureen Doyle, Robert Lenhof, John Murray:
Idea: Java vs. PHP: Security Implications of Language Choice for Web Applications. 61-69
Karsten Sohr, Bernhard J. Berger:
Idea: Towards Architecture-Centric Security Analysis of Software. 70-78

Alfredo Pironti, Jan Jürjens:
Formally-Based Black-Box Monitoring of Security Protocols. 79-95
Martin Johns, Christian Beyerlein, Rosemaria Giesecke, Joachim Posegga:
Secure Code Generation for Web Applications. 96-113
Per Håkon Meland, Inger Anne Tøndel, Jostein Jensen:
Idea: Reusability of Threat Models - Two Approaches with an Experimental Evaluation. 114-122

Stere Preda, Nora Cuppens-Boulahia, Frédéric Cuppens, Joaquín García-Alfaro, Laurent Toutain:
Model-Driven Security Policy Deployment: Property Oriented Approach. 123-139
Clara Bertolissi, Maribel Fernández:
Category-Based Authorisation Models: Operational Semantics and Expressive Power. 140-156
Achim D. Brucker, Helmut Petritsch:
Idea: Efficient Evaluation of Access Control Constraints. 157-165

Nina Moebius, Kurt Stenzel, Wolfgang Reif:
Formal Verification of Application-Specific Security Properties in a Model-Driven Approach. 166-181
Giacomo A. Galilei, Vincenzo Gervasi:
Idea: Enforcing Consumer-Specified Security Properties for Modular Software. 182-191
Ben H. Smith, Laurie Williams, Andrew Austin:
Idea: Using System Level Testing for Revealing SQL Injection-Related Error Message Information Leaks. 192-200

David A. Basin, Manuel Clavel, Marina Egea, Michael Schläpfer:
Automatic Generation of Smart, Security-Aware GUI Models. 201-217
Albin Zuccato, Nils Daniels, Cheevarat Jampathom, Mikael Nilson:
Report: Modular Safeguards to Create Holistic Security Requirement Specifications for System of Systems. 218-230
Aida Omerovic, Anette Andresen, Håvard Grindheim, Per Myrseth, Atle Refsdal, Ketil Stølen, Jon Ølnes:
Idea: A Feasibility Study in Model Based Prediction of Impact of Changes on System Quality. 231-240

Last update Wed May 23 00:45:43 2012 CET by the DBLP Team —

Data released under the ODC-BY 1.0 license — See also our legal information page