Engineering Secure Software and Systems

This book constitutes the refereed proceedings of the 8th International Symposium on Engineering Secure Software and Systems, ESSoS 2016, held in London, UK, in April 2016. The 13 full papers presented together with 3 short papers and 1 invited talk were carefully reviewed and selected from 50 submissions. The goal of this symposium, is to bring together researchers and practitioners to advance the states of the art and practice in secure software engineering. The presentations and associated publications at ESSoS 2016 contribute to this goal in several directions: First, by improving methodologies for secure software engineering (such as flow analysis and policycompliance). Second, with results for the detection and analysis of software vulnerabilities and the attacks they enable. Finally, for securing software for specific application domains (such as mobile devices and access control).

Inhalt

Security Testing beyond Functional Tests.- Progress-Sensitive Security for SPARK.- Sound and Precise Cross-Layer Data Flow Tracking.- Automatically Extracting Threats from Extended Data Flow Diagrams.- On the Static Analysis of Hybrid Mobile Apps.- Semantics-based Repackaging Detection for Mobile Apps.- Accelerometer-based Device Fingerprinting for Multi-factor Mobile Authentication.- POODLEs, More POODLEs, FREAK Attacks too: How Server Administrators Responded to Three Serious Web Vulnerabilities.- PADS: a platform to detect stealth attacks.- Analyzing the Gadgets - Towards a Metric to Measure Gadget Quality.- Empirical Analysis and Modeling of Black-Box Mutational Fuzzing.- On the Security Cost of Using a Free and Open Source Component in a Proprietary Product.- Idea: Usable Platforms for Secure Programming { Mining Unix for Insight and Guidelines.- AppPAL for Android: Capturing and Checking Mobile App Policies.- Inferring Semantic Mapping Between Policies and Code: The Clue is in the Language.- Idea: Supporting Policy-Based Access Control on Database Systems.- Idea: Enforcing Security Properties by Solving Behavioural Equations.