Coverart for item
The Resource Engineering Secure Software and Systems : 6th International Symposium, ESSoS 2014, Munich, Germany, February 26-28, 2014, Proceedings

Engineering Secure Software and Systems : 6th International Symposium, ESSoS 2014, Munich, Germany, February 26-28, 2014, Proceedings

Label
Engineering Secure Software and Systems : 6th International Symposium, ESSoS 2014, Munich, Germany, February 26-28, 2014, Proceedings
Title
Engineering Secure Software and Systems
Title remainder
6th International Symposium, ESSoS 2014, Munich, Germany, February 26-28, 2014, Proceedings
Creator
Contributor
Subject
Language
eng
Cataloging source
MiAaPQ
Literary form
non fiction
Nature of contents
dictionaries
Engineering Secure Software and Systems : 6th International Symposium, ESSoS 2014, Munich, Germany, February 26-28, 2014, Proceedings
Label
Engineering Secure Software and Systems : 6th International Symposium, ESSoS 2014, Munich, Germany, February 26-28, 2014, Proceedings
Link
http://libproxy.rpi.edu/login?url=https://ebookcentral.proquest.com/lib/rpi/detail.action?docID=3101121
Publication
Copyright
Related Contributor
Related Location
Related Agents
Related Authorities
Related Subjects
Carrier category
online resource
Carrier category code
cr
Carrier MARC source
rdacarrier
Color
multicolored
Content category
text
Content type code
txt
Content type MARC source
rdacontent
Contents
  • Preface -- Conference Organization -- Table of Contents -- Model-Based Security -- Detecting Code Reuse Attacks with a Model of Conformant Program Execution -- 1 Introduction -- 2 Background and Related Work -- 2.1 Gaining Control of the Program -- 2.2 Gadget Execution -- 2.3 Gadget Discovery -- 2.4 Other Approaches -- 3 Conformant Program Execution -- 3.1 Notation -- 3.2 Conformant Program Execution -- 3.3 Code Reuse Attacks -- 3.4 Observed Conformant Program Execution -- 4 Implementation -- 4.1 Process Monitoring -- 4.2 Instruction Validity -- 4.3 Callstack Validity -- 5 Evaluation -- 6 Conclusion -- References -- Security@Runtime: A Flexible MDE Approach to Enforce Fine-grained Security Policies -- 1 Introduction -- 2 The Security@Runtime Approach -- 2.1 Architecture Overview -- 2.2 Security Rules (SR) -- 2.3 Declarations and Dynamic Security Rules -- 3 Example: The Medical System (MS) -- 4 Implementation -- 4.1 Application Monitoring Layer -- 4.2 Policy Representation Layer -- 4.3 The Policy Decision Point (PDP) -- 4.4 Policy Update -- 5 Validation -- 6 Discussion and Related Work -- 7 Conclusion -- References -- Idea: Towards a Vision of Engineering Controlled Interaction Execution for Information Services -- 1 Introduction -- 2 From a Required Vision to Available Ideas -- 3 Summary of Controlled Interaction Execution -- 4 Architectural Design -- 5 Uniformity for Specific Engineering Tasks -- 6 Experiences, Further Issues, and Concluding Remarks -- References -- Formal Methods -- Automated Formal Verification of Application-specific Security Properties -- 1 Introduction -- 2 Related Work -- 3 Background -- 3.1 ProVerif -- 3.2 The JavaSPI Framework -- 3.3 Java Pathfinder -- 4 The Extended JavaSPI -- 5 The Case Study Application Development -- 5.1 The Development Workflow -- 5.2 Developing the JavaSPI Abstract Protocol Model
  • 5.3 Formal Protocol Verification -- 5.4 Protocol Code Generation -- 5.5 Application Logic Development -- 5.6 Checking the Application Code -- 6 Conclusions -- References -- Fault-Tolerant Non-interference -- 1 Introduction and Overview -- 2 Transient Fault Based Attacks on SME -- 2.1 Syntax -- 2.2 Direct Control Flow and Memory Faults -- 2.3 Indirect Control Flow and Memory Faults -- 3 Fault-Tolerant Secure Multi-execution -- 3.1 Fault-Tolerant Layout for Code and Memory -- 3.2 Control Flow Integrity -- 3.3 Formal Definition of Fault-Tolerant SME -- 4 Security Guarantees Provided by -- 4.1 Semantics -- 4.2 Modeling Faults -- 4.3 Fault-Tolerant Non-interference -- 5 Transparency Guarantees Provided by -- 6 Related Work -- 7 Conclusion and Further Work -- References -- Quantitative Security Analysis for Programs with Low Input and Noisy Output -- 1 Introduction -- 2 Preliminaries -- 2.1 Probabilistic Distribution -- 2.2 Min-entropy -- 2.3 Information-Theoretic Channel -- 2.4 Basic Settings for the Analysis -- 3 Quantitative Security Analysis for Programs with Low Input -- 3.1 Classical Models of Quantitative Security Analysis -- 3.2 Leakage of Programs with Low Input -- 3.3 Case Studies -- 4 Adding Noise to the Output -- 4.1 Negative Information Flow -- 4.2 Noisy-Output Policy -- 5 Related Work -- 6 Conclusions and Future Work -- References -- A Modeling and Formal Approach for the Precise Specification of Security Patterns -- 1 Introduction -- 2 The Nature of Patterns within PBSE (Pattern-Based System and software Engineering) -- 2.1 Motivational Example: Secure Communication Pattern (SCP) -- 2.2 Definitions and Concepts -- 3 Pattern Modeling Process -- 3.1 Pattern Specification Metamodel (SEPM) -- 3.2 Specification Process -- 4 Pattern Validation Process -- 4.1 Pattern Formalization -- 4.2 Pattern Validation
  • 4.3 Correspondence between DIPM and DSPM -- 5 Related Works -- 6 Conclusion and Future Work -- References -- On the Relation between Redactable and Sanitizable Signature Schemes -- 1 Introduction -- 2 Preliminaries and Security of SSS and RSS -- 3 Generic Transformation -- 4 Conclusion and Future Work -- References -- Idea: Towards a Working Fully Homomorphic Crypto-processor -- 1 Introduction -- 2 Word Size and Hardware Design -- 3 ABC Encoding -- 4 Conclusion -- References -- Web and Mobile Security -- Architectures for Inlining Security Monitors in Web Applications -- 1 Introduction -- 2 Architectures -- 2.1 Browser Extension -- 2.2 Web Proxy -- 2.3 Suffix Proxy (Service) -- 2.4 Integrator -- 2.5 Summary of Architectures -- 3 Implementation -- 3.1 Browser Extension -- 3.2 Web Proxy -- 3.3 Suffix Proxy (Service) -- 4 Instantiation -- 5 Related Work -- 6 Conclusions -- References -- Automatic and Robust Client-Side Protection for Cookie-Based Sessions -- 1 Introduction -- 2 Background -- 2.1 Session Cookies: Attacks and Defenses -- 2.2 Formal Browser Models -- 2.3 Reactive Noninterference -- 3 Formalizing Session Security -- 3.1 Extending Featherweight Firefox -- 3.2 Threat Model -- 3.3 Noninterference for Session Cookies -- 4 Strengthening Session Security -- 4.1 Session Cookie Protection in Existing Systems -- 4.2 The Need for a Client-Side Defense -- 4.3 Client-Side Protection with CookiExt -- 4.4 Noninterference in Theory and in Practice -- 4.5 Experiments -- 5 Related Work -- 6 Conclusion -- References -- Security Testing of GSM Implementations -- 1 Introduction -- 2 GSM -- 3 Fuzzing -- 3.1 Fuzzing GSM Phones -- 4 Our Fuzzing -- 4.1 How Do We Fuzz? -- 4.2 Fuzzing Results -- 4.3 Related Work -- 5 Conclusions and Directions for Future Work -- References -- Applications -- User-Centric Security Assessment of Software Configurations: A Case Study
  • 1 Introduction -- 2 Motivating Case Study: Security-Aware Selection of Amazon Machine Images -- 3 Vulnerability Score Aggregation Based on Attack Trees -- 3.1 Building the Base Attack Pattern -- 3.2 Quantitatively Reasoning about Attack Trees -- 4 Economic Driven Weighting of Security Goals -- 4.1 Including The Economic Perspective -- 4.2 Running Example - Business Profiling -- 4.3 Economic Driven Approach for Weighting Security Goals -- 5 MCDA-Based Ranking of Software Configurations -- 6 Evaluation: Security Ranking of Amazon EC2's AMIs -- 6.1 Experimental Setup -- 6.2 Evaluating the Methodology's Coverage -- 6.3 Ranking Existing AMIs -- 7 Related Work -- 8 Conclusions -- References -- Idea: Security Engineering Principles for Day Two Car2X Applications -- 1 Introduction -- 2 The ETSI Communication and Security Architecture -- 3 Trust Assumptions and Robustness Principles -- 4 How Much Damage Can You Do with One Set of User Credentials? -- 5 Discussion and Solutions -- References -- Idea: Embedded Fault Injection Simulator on Smartcard -- 1 Introduction -- 2 Physical Threats to Smartcards -- 2.1 Side Channel Analysis -- 2.2 Fault Injection Attacks -- 3 Fault Injection Simulation -- 4 Embedded Injection Fault Simulator Concept -- 4.1 Concept -- 4.2 Advantages -- 4.3 Prototype Implementation -- 5 Fault Simulator Impact on Real Smartcards -- 5.1 Impact on Commands -- 5.2 Impact on Side Channel -- 6 Conclusion -- References -- Author Index
http://library.link/vocab/cover_art
https://contentcafe2.btol.com/ContentCafe/Jacket.aspx?Return=1&Type=S&Value=9783319048970&userID=ebsco-test&password=ebsco-test
Dimensions
unknown
http://library.link/vocab/discovery_link
{'f': 'http://opac.lib.rpi.edu/record=b4383608'}
Extent
1 online resource (245 pages)
Form of item
online
Isbn
9783319048970
Media category
computer
Media MARC source
rdamedia
Media type code
c
Sound
unknown sound
Specific material designation
remote

Library Locations

    • Folsom LibraryBorrow it
      110 8th St, Troy, NY, 12180, US
      42.729766 -73.682577
Processing Feedback ...