Monday, May 20, 2019

Engineering Secure Software and Systems (Free PDF)

File Size: 5.86 Mb

It is our pleasure to welcome you to the proceedings of the 7th International Symposium on Engineering Secure Software and Systems (ESSoS 2015). This event is part of a maturing series of symposia that attempts to bridge the gap between the software engineering and security scientific communities with the goal of supporting secure software development. The parallel technical sponsorship from ACM SIGSAC (the ACM interest group in security) and ACM SIGSOFT (the ACM interest group in software engineering) demonstrates the support from both communities and the need for providing such a bridge.

Security mechanisms and the act of software development usually go hand in hand. It is generally not enough to ensure correct functioning of the security mechanisms used. They cannot be blindly inserted into a security-critical system, but the overall system development must take security aspects into account in a coherent way. Building trustworthy components does not suffice, since the interconnections and interactions of components play a significant role in trustworthiness. Lastly, while functional requirements are generally analyzed carefully in systems development, security considerations often arise after the fact. Adding security as an afterthought, however, often leads to problems. Ad hoc development can lead to the deployment of systems that do not satisfy important security requirements. Thus, a sound methodology supporting secure systems development is needed. The presentations and associated publications at ESSoS 2015 contribute to this goal in several directions: First, improving methodologies for secure software engineering (such as formal methods and machine learning). Second, with secure software engineering results for specific application domains (such as access control, cloud, and password security). Finally, a set of presentations on security measurements and ontologies for software and systems.

*Formal Methods
1. Formal Verification of Liferay RBAC
2. Formal Verification of Privacy Properties in Electric Vehicle Charging
3. Idea: Unwinding Based Model-Checking and Testing for Non-Interference on EFSMs
*Machine Learning
1. Are Your Training Datasets Yet Relevant? An Investigation into the Importance of Timeline in Machine Learning-Based Malware Detection
2. Learning How to Prevent Return-Oriented Programming Efficiently
*Cloud and Passwords
1. Re-thinking Kernelized MLS Database Architectures in the Context of Cloud-Scale Data Stores
2. Idea: Optimising Multi-Cloud Deployments with Security Controls as Constraints
3. Idea: Towards an Inverted Cloud
4. OMEN: Faster Password Guessing Using an Ordered Markov Enumerator
*Measurements and Ontologies
1. The Heavy Tails of Vulnerability Exploitation
2. Idea: Benchmarking Indistinguishability Obfuscation – A Candidate Implementation
3. A Security Ontology for Security Requirements Elicitation
*Access Control
1. Producing Hook Placements to Enforce Expected Access Control Policies
2. Improving Reuse of Attribute-Based Access Control Policies Using Policy Templates.
3. Monitoring Database Access Constraints with an RBAC Metamodel: A Feasibility Study
Author Index

Author Details
"Frank Piessens"

"Juan Caballero"

"Nataliia Bielova (Eds.)"

Download Drive-1

You May Also Like These E-Books:-

No comments:

Post a Comment