| Attack Analysis and Prevention I / Session 1: |
| BuBBle: A Javascript Engine Level Countermeasure against Heap-Spraying Attacks / Francesco Gadaleta ; Yves Younan ; Wouter Joosen |
| CsFire: Transparent Client-Side Mitigation of Malicious Cross-Domain Requests / Philippe De Ryck ; Lieven Desmet ; Thomas Heyman ; Frank Piessens |
| Idea: Opcode-Sequence-Based Malware Detection / Igor Santos ; Felix Brezo ; Javier Nieves ; Yoseba K. Penya ; Borja Sanz ; Carlos Laorden ; Pablo G. Bringas |
| Attack Analysis and Prevention II / Session 2: |
| Experiences with PDG-Based IFC / Christian Hammer |
| Idea: Java vs. PHP: Security Implications of Language Choice for Web Applications / James Walden ; Maureen Doyle ; Robert Lenhof ; John Murray |
| Idea: Towards Architecture-Centric Security Analysis of Software / Karsten Sohr ; Bernhard Berger |
| Policy Verification and Enforcement I / Session 3: |
| Formally-Based Black-Box Monitoring of Security Protocols / Alfredo Pironti ; Jan Jürjens |
| Secure Code Generation for Web Applications / Martin Johns ; Christian Beyerlein ; Rosemaria Giesecke ; Joachim Posegga |
| Idea: Reusability of Threat Models - Two Approaches with an Experimental Evaluation / Per Håkon Meland ; Inger Anne Tøndel ; Jostein Jensen |
| Policy Verification and Enforcement II / Session 4: |
| Model-Driven Security Policy Deployment: Property Oriented Approach / Stere Preda ; Nora Cuppens-Boulahia ; Frédéric Cuppens ; Joaquin Garcia-Alfaro ; Laurent Toutain |
| Category-Based Authorisation Models: Operational Semantics and Expressive Power / Clara Bertolissi ; Maribel Fernández |
| Idea: Efficient Evaluation of Access Control Constraints / Achim D. Brucker ; Helmut Petritsch |
| Secure System and Software Development I / Session 5: |
| Formal Verification of Application-Specific Security Properties in a Model-Driven Approach / Nina Moebius ; Kurt Stenzel ; Wolfgang Reif |
| Idea: Enforcing Consumer-Specified Security Properties for Modular Software / Giacomo A. Galilei ; Vincenzo Gervasi |
| Idea: Using System Level Testing for Revealing SQL Injection-Related Error Message Information Leaks / Ben Smith ; Laurie Williams ; Andrew Austin |
| Secure System and Software Development II / Session 6: |
| Automatic Generation of Smart, Security-Aware GUI Models / David Basin ; Manuel Clavel ; Marina Egea ; Michael Schläpfer |
| Report: Modular Safeguards to Create Holistic Security Requirement Specifications for System of Systems / Albin Zuccato ; Nils Daniels ; Cheevarat Jampathom ; Mikael Nilson |
| Idea: A Feasibility Study in Model Based Prediction of Impact of Changes on System Quality / Aida Omerovic ; Anette Andresen ; Håvard Grindheim ; Per Myrseth ; Atle Refsdal ; Ketil Stølen ; Jon Ølnes |
| Author Index |
| Attack Analysis and Prevention I / Session 1: |
| BuBBle: A Javascript Engine Level Countermeasure against Heap-Spraying Attacks / Francesco Gadaleta ; Yves Younan ; Wouter Joosen |
| CsFire: Transparent Client-Side Mitigation of Malicious Cross-Domain Requests / Philippe De Ryck ; Lieven Desmet ; Thomas Heyman ; Frank Piessens |
| Idea: Opcode-Sequence-Based Malware Detection / Igor Santos ; Felix Brezo ; Javier Nieves ; Yoseba K. Penya ; Borja Sanz ; Carlos Laorden ; Pablo G. Bringas |
| Attack Analysis and Prevention II / Session 2: |
| Experiences with PDG-Based IFC / Christian Hammer |
電子ブック
SESS '06: Proceedings of the 2006 international workshop on Software engineering for secure systems