標(biāo)題: Titlebook: Engineering Secure Software and Systems; Second International Fabio Massacci,Dan Wallach,Nicola Zannone Conference proceedings 2010 Springe [打印本頁(yè)] 作者: burgeon 時(shí)間: 2025-3-21 20:07
書目名稱Engineering Secure Software and Systems影響因子(影響力)
書目名稱Engineering Secure Software and Systems影響因子(影響力)學(xué)科排名
書目名稱Engineering Secure Software and Systems網(wǎng)絡(luò)公開度
書目名稱Engineering Secure Software and Systems網(wǎng)絡(luò)公開度學(xué)科排名
書目名稱Engineering Secure Software and Systems被引頻次
書目名稱Engineering Secure Software and Systems被引頻次學(xué)科排名
書目名稱Engineering Secure Software and Systems年度引用
書目名稱Engineering Secure Software and Systems年度引用學(xué)科排名
書目名稱Engineering Secure Software and Systems讀者反饋
書目名稱Engineering Secure Software and Systems讀者反饋學(xué)科排名
作者: Contend 時(shí)間: 2025-3-21 22:39 作者: 可耕種 時(shí)間: 2025-3-22 02:42 作者: 圖表證明 時(shí)間: 2025-3-22 08:36
Experiences with PDG-Based IFCalth of techniques to ensure a given security policy, there is only a small number of implementations, and even these are mostly restricted to theoretical languages or a subset of an existing language..Previously, we presented the theoretical foundations and algorithms for dependence-graph-based inf作者: 小木槌 時(shí)間: 2025-3-22 11:35 作者: 館長(zhǎng) 時(shí)間: 2025-3-22 14:32
Idea: Towards Architecture-Centric Security Analysis of Softwareugs such as buffer overflows, Cross-Site Scripting and SQL injection vulnerabilities. Complementarily to commercial static code review tools, we present an approach to the static security analysis which is based upon the software architecture using a reverse engineering tool suite called Bauhaus. Th作者: 館長(zhǎng) 時(shí)間: 2025-3-22 19:27 作者: 態(tài)學(xué) 時(shí)間: 2025-3-22 23:00 作者: 平庸的人或物 時(shí)間: 2025-3-23 04:34 作者: 價(jià)值在貶值 時(shí)間: 2025-3-23 08:05 作者: Adenoma 時(shí)間: 2025-3-23 10:01
Category-Based Authorisation Models: Operational Semantics and Expressive Powerta-model, we show how several traditional access control models, and also some novel models, can be defined as special cases. The operational specification that we give permits declarative representation of access control requirements, is suitable for fast prototyping of access control checking, and作者: 爆炸 時(shí)間: 2025-3-23 17:56
Idea: Efficient Evaluation of Access Control Constraints context information only available at runtime. Thus, the efficient evaluation of dynamic constraints, e.g., expressing separation of duties requirements, becomes an important factor for the overall performance of the access control enforcement..In distributed systems, e. g., based on the service-or作者: 消毒 時(shí)間: 2025-3-23 19:28
Formal Verification of Application-Specific Security Properties in a Model-Driven Approach protocols is very difficult and error-prone and most tool-based verification approaches only consider standard security properties such as secrecy or authenticity. In our opinion, application-specific security properties give better guarantees. In this paper we illustrate how to verify properties t作者: 可商量 時(shí)間: 2025-3-23 23:02
Idea: Enforcing Consumer-Specified Security Properties for Modular Softwareidespread. In these dynamic environments the code that is going to be executed is not known at compile-time, and often not even at application start-up, neither by the application producer nor by the user. This turns reliable, well designed software into a dangerous and potentially malicious softwar作者: 剛開始 時(shí)間: 2025-3-24 04:01 作者: Radiculopathy 時(shí)間: 2025-3-24 08:15 作者: 解開 時(shí)間: 2025-3-24 13:45 作者: flamboyant 時(shí)間: 2025-3-24 15:48
Idea: A Feasibility Study in Model Based Prediction of Impact of Changes on System Qualityous analysis of several quality attributes and their trade-offs. This paper argues for the feasibility of the PREDIQT method based on a comprehensive industrial case study targeting a system for managing validation of electronic certificates and signatures worldwide. We give an overview of the PREDI作者: DRILL 時(shí)間: 2025-3-24 22:11
CsFire: Transparent Client-Side Mitigation of Malicious Cross-Domain Requests has been implemented to autonomously mitigate CSRF attacks as precise as possible. Evaluation was done using specific CSRF scenarios, as well as in real-life by a group of test users. Third, the granularity of the client-side policy is improved even further by incorporating server-specific policy r作者: 小樣他閑聊 時(shí)間: 2025-3-25 02:12 作者: ADOPT 時(shí)間: 2025-3-25 07:05
Idea: Java vs. PHP: Security Implications of Language Choice for Web Applicationsprovement, with a decline from 6.25 to 2.36 vulnerabilities/KLOC compared to 1.15 to 0.63 in Java. These changes arose from an increase in code size in both languages and a decrease in vulnerabilities in PHP. The variation between projects was greater than the variation between languages, ranging fr作者: Dorsal 時(shí)間: 2025-3-25 09:22
Idea: Enforcing Consumer-Specified Security Properties for Modular Softwareacilities of the so-called virtual execution environments to encode directly into the meta-data of object code a well structured specification. Once the dynamic component is loaded at run-time by the main application, the framework will recover such specifications and check them against the requirem作者: Substance 時(shí)間: 2025-3-25 14:46
0302-9743 es, the d- culty of dealing with human factors, and so forth. Over the last years, an entire research domain has been building up around these problems. The conference program included two major keynotes from Any Gordon (Microsoft Resea978-3-642-11746-6978-3-642-11747-3Series ISSN 0302-9743 Series E-ISSN 1611-3349 作者: 金桌活畫面 時(shí)間: 2025-3-25 17:28
https://doi.org/10.1057/9781137328113 has been implemented to autonomously mitigate CSRF attacks as precise as possible. Evaluation was done using specific CSRF scenarios, as well as in real-life by a group of test users. Third, the granularity of the client-side policy is improved even further by incorporating server-specific policy r作者: cushion 時(shí)間: 2025-3-25 20:41
https://doi.org/10.1007/978-1-349-19453-7ts and elevated practicability. Finally, we show that the scalability of our analysis is not limited by the sheer size of either the security lattice or the dependence graph that represents the program.作者: 多產(chǎn)魚 時(shí)間: 2025-3-26 03:58
Ale? Lebeda,Gerald J Holmes,Michael J. Jegerprovement, with a decline from 6.25 to 2.36 vulnerabilities/KLOC compared to 1.15 to 0.63 in Java. These changes arose from an increase in code size in both languages and a decrease in vulnerabilities in PHP. The variation between projects was greater than the variation between languages, ranging fr作者: Enteropathic 時(shí)間: 2025-3-26 07:23
https://doi.org/10.1007/978-1-4684-4145-1acilities of the so-called virtual execution environments to encode directly into the meta-data of object code a well structured specification. Once the dynamic component is loaded at run-time by the main application, the framework will recover such specifications and check them against the requirem作者: 一致性 時(shí)間: 2025-3-26 11:39 作者: alliance 時(shí)間: 2025-3-26 14:43
Making Ethical Sense of , with Levinas-spraying attack: a new kind of attack that combines the notoriously hard to reliably exploit heap-based buffer overflow with the use of an in-browser scripting language for improved reliability. A typical heap-spraying attack allocates a high number of objects containing the attacker’s code on the 作者: 不容置疑 時(shí)間: 2025-3-26 20:37
https://doi.org/10.1057/9781137328113ng the mainstream news. One of the more harmful attacks is cross-site request forgery (CSRF), which allows an attacker to make requests to certain web applications while impersonating the user without their awareness. Existing client-side protection mechanisms do not fully mitigate the problem or ha作者: prostate-gland 時(shí)間: 2025-3-26 22:49 作者: Projection 時(shí)間: 2025-3-27 02:43 作者: implore 時(shí)間: 2025-3-27 07:21 作者: 和平主義者 時(shí)間: 2025-3-27 11:45
Natural history of , and oomycete symbioses,ugs such as buffer overflows, Cross-Site Scripting and SQL injection vulnerabilities. Complementarily to commercial static code review tools, we present an approach to the static security analysis which is based upon the software architecture using a reverse engineering tool suite called Bauhaus. Th作者: idiopathic 時(shí)間: 2025-3-27 15:53 作者: 從容 時(shí)間: 2025-3-27 20:27 作者: otic-capsule 時(shí)間: 2025-3-27 23:34 作者: 易于 時(shí)間: 2025-3-28 02:29
https://doi.org/10.1007/978-94-015-0941-1rity requirements, related to a given system, ensures the deployment of an anomaly free abstract security policy. We also describe how to develop appropriate algorithms by using a theorem proving approach with a modeling language allowing the specification of the system, of the link between the syst作者: 推崇 時(shí)間: 2025-3-28 07:40
https://doi.org/10.1007/978-1-4613-0115-8ta-model, we show how several traditional access control models, and also some novel models, can be defined as special cases. The operational specification that we give permits declarative representation of access control requirements, is suitable for fast prototyping of access control checking, and作者: 恭維 時(shí)間: 2025-3-28 11:33 作者: 學(xué)術(shù)討論會(huì) 時(shí)間: 2025-3-28 15:32
Subjectivism, Freedom, and Social-Interest protocols is very difficult and error-prone and most tool-based verification approaches only consider standard security properties such as secrecy or authenticity. In our opinion, application-specific security properties give better guarantees. In this paper we illustrate how to verify properties t作者: 糾纏 時(shí)間: 2025-3-28 21:35
https://doi.org/10.1007/978-1-4684-4145-1idespread. In these dynamic environments the code that is going to be executed is not known at compile-time, and often not even at application start-up, neither by the application producer nor by the user. This turns reliable, well designed software into a dangerous and potentially malicious softwar作者: minimal 時(shí)間: 2025-3-28 23:36
https://doi.org/10.1007/978-1-349-15871-3messages caused by SQL injection from revealing sensitive information. The goal of this research is to assess the relative effectiveness of unit and system level testing of web applications to reveal both error message information leak and SQL injection vulnerabilities. To produce 100% test coverage作者: Conflagration 時(shí)間: 2025-3-29 05:16
https://doi.org/10.1007/978-1-349-07984-1between visualization and security: when the application data is protected by an access control policy, the GUI should be aware of this and respect the policy. For example, the GUI should not display options to users for actions that they are not authorized to execute on application data. Taking thi作者: 中止 時(shí)間: 2025-3-29 08:20
https://doi.org/10.1007/978-3-662-59298-4me pressure. This paper describes how we have addressed this problem by using a collection of modular safeguards, which are tailored to the application domain. These safeguards, which are specific but still fairly atomic, are combined into requirement profiles that seamlessly integrate into the over作者: 花爭(zhēng)吵 時(shí)間: 2025-3-29 14:29 作者: Malleable 時(shí)間: 2025-3-29 19:10
Fabio Massacci,Dan Wallach,Nicola ZannoneFast track conference proceeding.Unique visibility.State of the art research作者: Obstacle 時(shí)間: 2025-3-29 23:44
Lecture Notes in Computer Sciencehttp://image.papertrans.cn/e/image/310939.jpg作者: Omnipotent 時(shí)間: 2025-3-30 02:17
https://doi.org/10.1007/978-3-642-11747-3Java; calculus; model checking; program rewriting; security architecture; security assurance; security mea作者: Decongestant 時(shí)間: 2025-3-30 06:50
978-3-642-11746-6Springer-Verlag Berlin Heidelberg 2010作者: 令人不快 時(shí)間: 2025-3-30 09:54
Engineering Secure Software and Systems978-3-642-11747-3Series ISSN 0302-9743 Series E-ISSN 1611-3349 作者: Kernel 時(shí)間: 2025-3-30 13:32
0302-9743 nd International Symposium on Engineering Secure Software and Systems. This unique event aimed at bringing together researchersfrom softwareen- neering and security engineering, which might help to unite and further develop the two communities in this and future editions. The parallel technical spon作者: 設(shè)施 時(shí)間: 2025-3-30 19:12
Rodolfo Novelo-Gutiérrez,Robert W. Sitesying mechanisms, we propose a general approach to outfit modern programming languages with mandatory means for explicit and secure code generation which provide strict separation between data and code. Using an exemplified implementation for the languages Java and HTML/JavaScript respectively, we show how our approach can be realized and enforced.作者: MITE 時(shí)間: 2025-3-30 21:43 作者: Moderate 時(shí)間: 2025-3-31 01:41
https://doi.org/10.1007/978-1-4613-0115-8ation that we give permits declarative representation of access control requirements, is suitable for fast prototyping of access control checking, and facilitates the process of proving properties of access control policies.作者: 殺人 時(shí)間: 2025-3-31 07:13
https://doi.org/10.1007/978-3-642-58130-4industrial case study targeting a system for managing validation of electronic certificates and signatures worldwide. We give an overview of the PREDIQT method, and present an evaluation of the method in terms of a feasibility study.作者: 圓柱 時(shí)間: 2025-3-31 10:33 作者: FUSC 時(shí)間: 2025-3-31 16:52 作者: 容易做 時(shí)間: 2025-3-31 18:31 作者: 耕種 時(shí)間: 2025-3-31 23:13 作者: HARD 時(shí)間: 2025-4-1 05:36
