LEADER 04282nam 2200673Ia 450 001 9910484892503321 005 20200520144314.0 010 $a1-280-38563-4 010 $a9786613563552 010 $a3-642-11747-3 024 7 $a10.1007/978-3-642-11747-3 035 $a(CKB)2670000000003386 035 $a(SSID)ssj0000355494 035 $a(PQKBManifestationID)11261334 035 $a(PQKBTitleCode)TC0000355494 035 $a(PQKBWorkID)10319764 035 $a(PQKB)10805868 035 $a(DE-He213)978-3-642-11747-3 035 $a(MiAaPQ)EBC3065025 035 $a(PPN)149057113 035 $a(Association for Computing Machinery)10.5555/2175005 035 $a(EXLCZ)992670000000003386 100 $a20100127d2010 uy 0 101 0 $aeng 135 $aurnn#008mamaa 181 $ctxt 182 $cc 183 $acr 200 10$aEngineering secure software and systems $esecond International Symposium, ESSoS 2010, Pisa, Italy, February 3-4, 2010 ; proceedings /$fFabio Massacci, Dan Wallach, Nicola Zannone (eds.) 205 $a1st ed. 2010. 210 $aBerlin $cSpringer$dc2010 215 $a1 online resource (X, 241 p.) 225 1 $aLecture notes in computer science,$x0302-9743 ;$v5965 300 $aBibliographic Level Mode of Issuance: Monograph 311 $a3-642-11746-5 320 $aIncludes bibliographical references and index. 327 $aSession 1. Attack Analysis and Prevention I -- BuBBle: A Javascript Engine Level Countermeasure against Heap-Spraying Attacks -- CsFire: Transparent Client-Side Mitigation of Malicious Cross-Domain Requests -- Idea: Opcode-Sequence-Based Malware Detection -- Session 2. Attack Analysis and Prevention II -- Experiences with PDG-Based IFC -- Idea: Java vs. PHP: Security Implications of Language Choice for Web Applications -- Idea: Towards Architecture-Centric Security Analysis of Software -- Session 3. Policy Verification and Enforcement I -- Formally-Based Black-Box Monitoring of Security Protocols -- Secure Code Generation for Web Applications -- Idea: Reusability of Threat Models ? Two Approaches with an Experimental Evaluation -- Session 4. Policy Verification and Enforcement II -- Model-Driven Security Policy Deployment: Property Oriented Approach -- Category-Based Authorisation Models: Operational Semantics and Expressive Power -- Idea: Efficient Evaluation of Access Control Constraints -- Session 5. Secure System and Software Development I -- Formal Verification of Application-Specific Security Properties in a Model-Driven Approach -- Idea: Enforcing Consumer-Specified Security Properties for Modular Software -- Idea: Using System Level Testing for Revealing SQL Injection-Related Error Message Information Leaks -- Session 6. Secure System and Software Development II -- Automatic Generation of Smart, Security-Aware GUI Models -- Report: Modular Safeguards to Create Holistic Security Requirement Specifications for System of Systems -- Idea: A Feasibility Study in Model Based Prediction of Impact of Changes on System Quality. 330 $aThis book constitutes the refereed proceedings of the Second International Symposium on Engineering Secure Software and Systems, ESSoS 2010, held in Pisa, Italy, in February 2010. The 9 revised full papers presented together with 8 ideas papers were carefully reviewed and selected from 58 submissions. The papers are organized in topical sections on attack analysis and prevention, policy verification and enforcement, and secure system and software development. 410 0$aLecture notes in computer science ;$v5965. 517 3 $aESSoS 2010 606 $aComputer security$vCongresses 606 $aSensor networks$vCongresses 606 $aSoftware engineering$vCongresses 615 0$aComputer security 615 0$aSensor networks 615 0$aSoftware engineering 676 $a005.8 686 $aSS 4800$2rvk 701 $aMassacci$b Fabio$01757823 701 $aWallach$b Dan Seth$f1971-$01757824 701 $aZannone$b Nicola$01757825 712 12$aESSoS (Symposium) 801 0$bMiAaPQ 801 1$bMiAaPQ 801 2$bMiAaPQ 906 $aBOOK 912 $a9910484892503321 996 $aEngineering secure software and systems$94195789 997 $aUNINA