LEADER 05729nam 22008775 450 001 996465522803316 005 20200630143831.0 010 $a1-280-38563-4 010 $a9786613563552 010 $a3-642-11747-3 024 7 $a10.1007/978-3-642-11747-3 035 $a(CKB)2670000000003386 035 $a(SSID)ssj0000355494 035 $a(PQKBManifestationID)11261334 035 $a(PQKBTitleCode)TC0000355494 035 $a(PQKBWorkID)10319764 035 $a(PQKB)10805868 035 $a(DE-He213)978-3-642-11747-3 035 $a(MiAaPQ)EBC3065025 035 $a(PPN)149057113 035 $a(Association for Computing Machinery)10.5555/2175005 035 $a(EXLCZ)992670000000003386 100 $a20100301d2010 u| 0 101 0 $aeng 135 $aurnn#008mamaa 181 $ctxt 182 $cc 183 $acr 200 10$aEngineering Secure Software and Systems $eSecond International Symposium, ESSoS 2010, Pisa, Italy, February 3-4, 2010, Proceedings /$fedited by Fabio MASSACCI, Dan Wallach, Nicola Zannone 205 $a1st ed. 2010. 210 1$aBerlin, Heidelberg :$cSpringer Berlin Heidelberg :$cImprint: Springer,$d2010. 215 $a1 online resource (X, 241 p.) 225 1 $aSecurity and Cryptology ;$v5965 300 $aBibliographic Level Mode of Issuance: Monograph 311 $a3-642-11746-5 320 $aIncludes bibliographical references and index. 327 $aSession 1. Attack Analysis and Prevention I -- BuBBle: A Javascript Engine Level Countermeasure against Heap-Spraying Attacks -- CsFire: Transparent Client-Side Mitigation of Malicious Cross-Domain Requests -- Idea: Opcode-Sequence-Based Malware Detection -- Session 2. Attack Analysis and Prevention II -- Experiences with PDG-Based IFC -- Idea: Java vs. PHP: Security Implications of Language Choice for Web Applications -- Idea: Towards Architecture-Centric Security Analysis of Software -- Session 3. Policy Verification and Enforcement I -- Formally-Based Black-Box Monitoring of Security Protocols -- Secure Code Generation for Web Applications -- Idea: Reusability of Threat Models ? Two Approaches with an Experimental Evaluation -- Session 4. Policy Verification and Enforcement II -- Model-Driven Security Policy Deployment: Property Oriented Approach -- Category-Based Authorisation Models: Operational Semantics and Expressive Power -- Idea: Efficient Evaluation of Access Control Constraints -- Session 5. Secure System and Software Development I -- Formal Verification of Application-Specific Security Properties in a Model-Driven Approach -- Idea: Enforcing Consumer-Specified Security Properties for Modular Software -- Idea: Using System Level Testing for Revealing SQL Injection-Related Error Message Information Leaks -- Session 6. Secure System and Software Development II -- Automatic Generation of Smart, Security-Aware GUI Models -- Report: Modular Safeguards to Create Holistic Security Requirement Specifications for System of Systems -- Idea: A Feasibility Study in Model Based Prediction of Impact of Changes on System Quality. 330 $aThis book constitutes the refereed proceedings of the Second International Symposium on Engineering Secure Software and Systems, ESSoS 2010, held in Pisa, Italy, in February 2010. The 9 revised full papers presented together with 8 ideas papers were carefully reviewed and selected from 58 submissions. The papers are organized in topical sections on attack analysis and prevention, policy verification and enforcement, and secure system and software development. 410 0$aSecurity and Cryptology ;$v5965 517 3 $aESSoS'10 606 $aComputer communication systems 606 $aSoftware engineering 606 $aData encryption (Computer science) 606 $aData structures (Computer science) 606 $aComputer science?Mathematics 606 $aComputers 606 $aComputer Communication Networks$3https://scigraph.springernature.com/ontologies/product-market-codes/I13022 606 $aSoftware Engineering/Programming and Operating Systems$3https://scigraph.springernature.com/ontologies/product-market-codes/I14002 606 $aCryptology$3https://scigraph.springernature.com/ontologies/product-market-codes/I28020 606 $aData Structures and Information Theory$3https://scigraph.springernature.com/ontologies/product-market-codes/I15009 606 $aMath Applications in Computer Science$3https://scigraph.springernature.com/ontologies/product-market-codes/I17044 606 $aModels and Principles$3https://scigraph.springernature.com/ontologies/product-market-codes/I18016 608 $aKongress.$2swd 608 $aPisa (2010)$2swd 615 0$aComputer communication systems. 615 0$aSoftware engineering. 615 0$aData encryption (Computer science). 615 0$aData structures (Computer science). 615 0$aComputer science?Mathematics. 615 0$aComputers. 615 14$aComputer Communication Networks. 615 24$aSoftware Engineering/Programming and Operating Systems. 615 24$aCryptology. 615 24$aData Structures and Information Theory. 615 24$aMath Applications in Computer Science. 615 24$aModels and Principles. 676 $a005.8 686 $aSS 4800$2rvk 702 $aMASSACCI$b Fabio$4edt$4http://id.loc.gov/vocabulary/relators/edt 702 $aWallach$b Dan$4edt$4http://id.loc.gov/vocabulary/relators/edt 702 $aZannone$b Nicola$4edt$4http://id.loc.gov/vocabulary/relators/edt 712 12$aESSoS (Symposium) 906 $aBOOK 912 $a996465522803316 996 $aEngineering Secure Software and Systems$9774151 997 $aUNISA