Attack Analysis and Prevention I / Session 1: |
BuBBle: A Javascript Engine Level Countermeasure against Heap-Spraying Attacks / Francesco Gadaleta ; Yves Younan ; Wouter Joosen |
CsFire: Transparent Client-Side Mitigation of Malicious Cross-Domain Requests / Philippe De Ryck ; Lieven Desmet ; Thomas Heyman ; Frank Piessens |
Idea: Opcode-Sequence-Based Malware Detection / Igor Santos ; Felix Brezo ; Javier Nieves ; Yoseba K. Penya ; Borja Sanz ; Carlos Laorden ; Pablo G. Bringas |
Attack Analysis and Prevention II / Session 2: |
Experiences with PDG-Based IFC / Christian Hammer |
Idea: Java vs. PHP: Security Implications of Language Choice for Web Applications / James Walden ; Maureen Doyle ; Robert Lenhof ; John Murray |
Idea: Towards Architecture-Centric Security Analysis of Software / Karsten Sohr ; Bernhard Berger |
Policy Verification and Enforcement I / Session 3: |
Formally-Based Black-Box Monitoring of Security Protocols / Alfredo Pironti ; Jan Jürjens |
Secure Code Generation for Web Applications / Martin Johns ; Christian Beyerlein ; Rosemaria Giesecke ; Joachim Posegga |
Idea: Reusability of Threat Models - Two Approaches with an Experimental Evaluation / Per Håkon Meland ; Inger Anne Tøndel ; Jostein Jensen |
Policy Verification and Enforcement II / Session 4: |
Model-Driven Security Policy Deployment: Property Oriented Approach / Stere Preda ; Nora Cuppens-Boulahia ; Frédéric Cuppens ; Joaquin Garcia-Alfaro ; Laurent Toutain |
Category-Based Authorisation Models: Operational Semantics and Expressive Power / Clara Bertolissi ; Maribel Fernández |
Idea: Efficient Evaluation of Access Control Constraints / Achim D. Brucker ; Helmut Petritsch |
Secure System and Software Development I / Session 5: |
Formal Verification of Application-Specific Security Properties in a Model-Driven Approach / Nina Moebius ; Kurt Stenzel ; Wolfgang Reif |
Idea: Enforcing Consumer-Specified Security Properties for Modular Software / Giacomo A. Galilei ; Vincenzo Gervasi |
Idea: Using System Level Testing for Revealing SQL Injection-Related Error Message Information Leaks / Ben Smith ; Laurie Williams ; Andrew Austin |
Secure System and Software Development II / Session 6: |
Automatic Generation of Smart, Security-Aware GUI Models / David Basin ; Manuel Clavel ; Marina Egea ; Michael Schläpfer |
Report: Modular Safeguards to Create Holistic Security Requirement Specifications for System of Systems / Albin Zuccato ; Nils Daniels ; Cheevarat Jampathom ; Mikael Nilson |
Idea: A Feasibility Study in Model Based Prediction of Impact of Changes on System Quality / Aida Omerovic ; Anette Andresen ; Håvard Grindheim ; Per Myrseth ; Atle Refsdal ; Ketil Stølen ; Jon Ølnes |
Author Index |
Attack Analysis and Prevention I / Session 1: |
BuBBle: A Javascript Engine Level Countermeasure against Heap-Spraying Attacks / Francesco Gadaleta ; Yves Younan ; Wouter Joosen |
CsFire: Transparent Client-Side Mitigation of Malicious Cross-Domain Requests / Philippe De Ryck ; Lieven Desmet ; Thomas Heyman ; Frank Piessens |
Idea: Opcode-Sequence-Based Malware Detection / Igor Santos ; Felix Brezo ; Javier Nieves ; Yoseba K. Penya ; Borja Sanz ; Carlos Laorden ; Pablo G. Bringas |
Attack Analysis and Prevention II / Session 2: |
Experiences with PDG-Based IFC / Christian Hammer |