Engineering Secure Software and Systems

This book constitutes the refereed proceedings of the 6th International Symposium on Engineering Secure Software and Systems, ESSoS 2014, held in Munich, Germany, in February 2014. The 11 full papers presented together with 4 idea papers were carefully reviewed and selected from 55 submissions. The symposium features the following topics: model-based security, formal methods, web and mobile security and applications.

[1]  Joachim Posegga,et al.  Sanitizable Signatures in XML Signature - Performance, Mixing Properties, and Revisiting the Property of Transparency , 2011, ACNS.

[2]  David Clark,et al.  Quantitative Information Flow, Relations and Polymorphic Types , 2005, J. Log. Comput..

[3]  Elisa Bertino,et al.  Privacy-preserving authentication of trees and graphs , 2013, International Journal of Information Security.

[4]  Joachim Posegga,et al.  Malleable Signatures for Resource Constrained Platforms , 2013, WISTP.

[5]  Mário S. Alvim,et al.  Quantitative Information Flow and Applications to Differential Privacy , 2011, FOSAD.

[6]  Michael R. Clarkson,et al.  Quantifying information flow with beliefs , 2009, J. Comput. Secur..

[7]  Mário S. Alvim,et al.  Information Flow in Interactive Systems , 2010, CONCUR.

[8]  Mário S. Alvim,et al.  On the Relation between Differential Privacy and Quantitative Information Flow , 2011, ICALP.

[9]  Geoffrey Smith,et al.  Probabilistic noninterference in a concurrent language , 1998, Proceedings. 11th IEEE Computer Security Foundations Workshop (Cat. No.98TB100238).

[10]  Ron Steinfeld,et al.  Content Extraction Signatures , 2001, ICISC.

[11]  Marieke Huisman,et al.  Scheduler-Specific Confidentiality for Multi-threaded Programs and Its Logic-Based Verification , 2011, FoVeOOS.

[12]  Hideki Imai,et al.  Digitally signed document sanitizing scheme based on bilinear maps , 2006, ASIACCS '06.

[13]  Sari Haj Hussein Refining a Quantitative Information Flow Metric , 2012, 2012 5th International Conference on New Technologies, Mobility and Security (NTMS).

[14]  Christian Cachin,et al.  Entropy measures and unconditional security in cryptography , 1997 .

[15]  Mário S. Alvim,et al.  Measuring Information Leakage Using Generalized Gain Functions , 2012, 2012 IEEE 25th Computer Security Foundations Symposium.

[16]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[17]  Daniel Slamanig,et al.  Generalizations and Extensions of Redactable Signatures with Applications to Electronic Healthcare , 2010, Communications and Multimedia Security.

[18]  Pasquale Malacaria,et al.  Risk assessment of security threats for looping constructs , 2010, J. Comput. Secur..

[19]  Michael R. Clarkson,et al.  Belief in information flow , 2005, 18th IEEE Computer Security Foundations Workshop (CSFW'05).

[20]  Andrew C. Myers,et al.  Observational determinism for concurrent program security , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[21]  Eunjeong Lee,et al.  A short redactable signature scheme using pairing , 2012, Secur. Commun. Networks.

[22]  Ira S. Moskowitz,et al.  Covert channels and anonymizing networks , 2003, WPES '03.

[23]  David A. Basin,et al.  An information-theoretic model for adaptive side-channel attacks , 2007, CCS '07.

[24]  Sari Haj Hussein A Precise Information Flow Measure from Imprecise Probabilities , 2012, 2012 IEEE Sixth International Conference on Software Security and Reliability.

[25]  Yi Mu,et al.  Sanitizable Signatures Revisited , 2008, CANS.

[26]  Robert Tappan Morris,et al.  Privacy-preserving browser-side scripting with BFlow , 2009, EuroSys '09.

[27]  Vladimiro Sassone,et al.  Reconciling Belief and Vulnerability in Information Flow , 2010, 2010 IEEE Symposium on Security and Privacy.

[28]  Joachim Posegga,et al.  On Structural Signatures for Tree Data Structures , 2012, ACNS.

[29]  Mário S. Alvim,et al.  Differential Privacy: On the Trade-Off between Utility and Information Leakage , 2011, Formal Aspects in Security and Trust.

[30]  Hideki Imai,et al.  Digitally Signed Document Sanitizing Scheme with Disclosure Condition Control , 2005, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[31]  Markus Dürmuth,et al.  A Provably Secure and Efficient Countermeasure against Timing Attacks , 2009, 2009 22nd IEEE Computer Security Foundations Symposium.

[32]  Geoffrey Smith,et al.  On the Foundations of Quantitative Information Flow , 2009, FoSSaCS.

[33]  Marieke Huisman,et al.  Quantitative Security Analysis for Multi-threaded Programs , 2013, QAPL.

[34]  Pasquale Malacaria,et al.  Lagrange multipliers and maximum information leakage in different observational models , 2008, PLAS '08.

[35]  Prakash Panangaden,et al.  Anonymity protocols as noisy channels , 2008, Inf. Comput..

[36]  Elisa Bertino,et al.  How to authenticate graphs without leaking , 2010, EDBT '10.

[37]  Sang Joon Kim,et al.  A Mathematical Theory of Communication , 2006 .

[38]  Joachim Posegga,et al.  Redactable Signatures for Independent Removal of Structure and Content , 2012, ISPEC.

[39]  Ana Sokolova,et al.  Information Hiding in Probabilistic Concurrent Systems , 2010, 2010 Seventh International Conference on the Quantitative Evaluation of Systems.

[40]  Hirotoshi Yasuoka,et al.  On Bounding Problems of Quantitative Information Flow , 2010, ESORICS.