security

---

security

Tag #security

881 papers:

ASPLOS-2020-Ainsworth0 #hardware #parallel #programmable

The Guardian Council: Parallel Programmable Hardware Security (SA, TMJ0), pp. 1277–1293.

ASPLOS-2020-XuSS #memory management #named #performance #persistent #reduction

MERR: Improving Security of Persistent Memory Objects via Efficient Memory Exposure Reduction and Randomization (YX, YS, XS), pp. 987–1000.

CSL-2020-Cortier #protocol #verification

Verification of Security Protocols (Invited Talk) (VC), p. 2.

ECSA-2019-Yasaweerasinghelage #architecture #optimisation #performance

Optimising Architectures for Performance, Cost, and Security (RY, MS, HYP, IW), pp. 161–177.

ICSA-2019-GerkingS #architecture #component #cyber-physical #data flow #policy #refinement #verification

Component-Based Refinement and Verification of Information-Flow Security Policies for Cyber-Physical Microservice Architectures (CG, DS), pp. 61–70.

ICSA-2019-GonzalezAM #architecture #empirical #industrial

Architectural Security Weaknesses in Industrial Control Systems (ICS) an Empirical Study Based on Disclosed Software Vulnerabilities (DG, FA, MM), pp. 31–40.

ICSA-2019-UllahB #adaptation #approach #architecture #big data

An Architecture-Driven Adaptation Approach for Big Data Cyber Security Analytics (FU, MAB), pp. 41–50.

ICSME-2019-RahmanRW #python #smell

Share, But be Aware: Security Smells in Python Gists (MRR, AR, LW), pp. 536–540.

SCAM-2019-BergerSK #architecture

The Architectural Security Tool Suite - ARCHSEC (BJB, KS, RK), pp. 250–255.

FM-2019-SmithCM #data flow #memory management #modelling

Value-Dependent Information-Flow Security on Weak Memory Models (GS, NC, TM), pp. 539–555.

ECIR-p2-2019-IonescuMPDPRTLG #multi #retrieval

ImageCLEF 2019: Multimedia Retrieval in Lifelogging, Medical, Nature, and Security Applications (BI, HM, RP, DTDN, LP, MR, MTT, ML, CG, YDC, VL, VK, ABA, SAH, VVD, JL, DDF, OP, CMF, JC, AC, AGSdH, NG, EK, CRdB, CC, NV, KK), pp. 301–308.

POPL-2019-ParkerVH #data flow #multi #named #web

LWeb: information flow security for multi-tier web applications (JP, NV, MH0), p. 30.

ICSE-2019-ChenFMWG #crowdsourcing #how #implementation #question #reliability

How reliable is the crowdsourced knowledge of security implementation? (MC, FF, NM, XW, JG), pp. 536–547.

ICSE-2019-RahmanPW #framework #smell

The seven sins: security smells in infrastructure as code scripts (AR, CP, LW), pp. 164–175.

ASPLOS-2019-ZhangGFABNOA #architecture

Architectural Support for Containment-based Security (HZ, SG, JF, SA, SRB, NPN, TO, DIA), pp. 361–377.

FASE-2019-HuangK #constraints #safety #verification

Formal Verification of Safety & Security Related Timing Constraints for a Cooperative Automotive System (LH, EYK0), pp. 210–227.

CADE-2019-LiT #automation #protocol #proving #theorem proving #verification

Combining ProVerif and Automated Theorem Provers for Security Protocol Verification (DLL, AT), pp. 354–365.

CAV-2019-ErnstM #concurrent #logic #named

SecCSL: Security Concurrent Separation Logic (GE, TM), pp. 208–230.

ICST-2019-PiantadosiSO #case study #open source

Fixing of Security Vulnerabilities in Open Source Projects: A Case Study of Apache HTTP Server and Apache Tomcat (VP, SS, RO), pp. 68–78.

ICTSS-2019-RiveraOMCVV #industrial #monitoring #platform

Industrial IoT Security Monitoring and Test on Fed4Fire+ Platforms (DR, EMdO, WM, ARC, BV, MV), pp. 270–278.

ECSA-2018-GerkingS #architecture #composition #cyber-physical #data flow #towards

Towards Preserving Information Flow Security on Architectural Composition of Cyber-Physical Systems (CG, DS), pp. 147–155.

ICSME-2018-BagheriWAM #analysis #android #performance

Efficient, Evolutionary Security Analysis of Interacting Android Apps (HB, JW, JA, SM), pp. 357–368.

MSR-2018-DecanMC #dependence #network #on the

On the impact of security vulnerabilities in the npm package dependency network (AD, TM, EC), pp. 181–191.

MSR-2018-GkortzisMS #dataset #named #open source

VulinOSS: a dataset of security vulnerabilities in open-source systems (AG, DM, DS), pp. 18–21.

SCAM-2018-JimenezTP #analysis

[Engineering Paper] Enabling the Continuous Analysis of Security Vulnerabilities with VulData7 (MJ, YLT, MP), pp. 56–61.

FM-2018-Cohen #object-oriented #proving

Object-Oriented Security Proofs (EC), pp. 671–674.

FM-2018-KastnerMF #abstract interpretation #on the #safety

On Software Safety, Security, and Abstract Interpretation (DK, LM, CF), pp. 662–665.

IFM-2018-DoughertyGR #analysis #protocol #smt #using

Security Protocol Analysis in Context: Computing Minimal Executions Using SMT and CPSA (DJD, JDG, JDR), pp. 130–150.

ECIR-2018-SanagavarapuMAR #information retrieval

SIREN - Security Information Retrieval and Extraction eNgine (LMS, NM, SA, YRR), pp. 811–814.

ICML-2018-AthalyeC0 #obfuscation

Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples (AA, NC, DAW0), pp. 274–283.

ICPR-2018-LocBO #documentation #image #network #using

Document Images Watermarking for Security Issue using Fully Convolutional Networks (CVL, JCB, JMO), pp. 1091–1096.

ECMFA-2018-Ramadan0SRJ #detection #modelling #process #requirements

Detecting Conflicts Between Data-Minimization and Security Requirements in Business Process Models (QR, DS, MS, VR, JJ), pp. 179–198.

OOPSLA-2018-LiZ #framework

A derivation framework for dependent security label inference (PL, DZ), p. 26.

ASE-2018-LiuLZJS #contract #named #semantics #towards

S-gram: towards semantic-aware security auditing for Ethereum smart contracts (HL, CL, WZ, YJ0, JS), pp. 814–819.

ICSE-2018-FreyRAPN #case study #cyber-physical #game studies

The good, the bad and the ugly: a study of security decisions in a cyber-physical systems game (SF, AR, PA, MPA, SAN), p. 496.

ICSE-2018-LabunetsMPMO #assessment #comparison #comprehension #empirical #risk management #visual notation

Model comprehension for security risk assessment: an empirical comparison of tabular vs. graphical representations (KL, FM, FP, SM, FMdO), p. 395.

GPCE-2018-Peldszus0J #analysis #feature model #modelling #product line

Model-based security analysis of feature-oriented software product lines (SP, DS0, JJ), pp. 93–106.

CAV-2018-Cook #reasoning #web #web service

Formal Reasoning About the Security of Amazon Web Services (BC), pp. 38–47.

CAV-2018-BauerCS0 #model checking #protocol #random

Model Checking Indistinguishability of Randomized Security Protocols (MSB, RC, APS, MV0), pp. 117–135.

CAV-2018-YangVSGM #composition #lazy evaluation #self #verification

Lazy Self-composition for Security Verification (WY, YV, PS, AG, SM), pp. 136–156.

ICST-2018-RayROMO #energy #framework #testing

Bluetooth Low Energy Devices Security Testing Framework (AR, VR, MO, AM, SO), pp. 384–393.

ICTSS-2018-BozicW #testing

Security Testing for Chatbots (JB, FW), pp. 33–38.

TAP-2018-VorobyovKS #c #case study #detection #experience #runtime #using #verification

Detection of Security Vulnerabilities in C Code Using Runtime Verification: An Experience Report (KV, NK, JS), pp. 139–156.

ICSA-2017-SantosPMGVS #architecture #comprehension #empirical #php

Understanding Software Vulnerabilities Related to Architectural Security Tactics: An Empirical Investigation of Chromium, PHP and Thunderbird (JCSS, AP, MM, MG, JVV, AS), pp. 69–78.

ICSME-2017-CaiR #android #comprehension #programming

Understanding Android Application Programming and Security: A Dynamic Study (HC, BGR), pp. 364–375.

SANER-2017-LaverdiereM #modelling #using

Computing counter-examples for privilege protection losses using security models (MAL, EM), pp. 240–249.

SCAM-2017-GhafariGN #android #smell

Security Smells in Android (MG, PG, ON), pp. 121–130.

SCAM-2017-NashaatAM #detection #object-oriented #php #source code

Detecting Security Vulnerabilities in Object-Oriented PHP Programs (MN, KA0, JM0), pp. 159–164.

SEFM-2017-GreinerMB #component #composition #data flow #verification

Modular Verification of Information Flow Security in Component-Based Systems (SG, MM, BB), pp. 300–315.

CIKM-2017-DongCWT0LLC #enterprise #performance #sequence

Efficient Discovery of Abnormal Event Sequences in Enterprise Security Systems (BD, ZC, WHW, LAT, KZ0, YL, ZL, HC), pp. 707–715.

MoDELS-2017-RamadanS0JG #modelling #process #verification

From Secure Business Process Modeling to Design-Level Security Verification (QR, MS, DS, JJ, PG), pp. 123–133.

ASE-2017-LeeYSNM #android #detection #named #visualisation

SEALANT: a detection and visualization tool for inter-app security vulnerabilities in Android (YKL, PY, AS, DN, NM), pp. 883–888.

ESEC-FSE-2017-AhmadianPRJ #analysis #modelling #privacy

Model-based privacy and security analysis with CARiSMA (ASA, SP, QR, JJ), pp. 989–993.

ESEC-FSE-2017-AliabadiKGP #cyber-physical #detection #invariant #named

ARTINALI: dynamic invariant detection for cyber-physical system security (MRA, AAK, JGS, KP), pp. 349–361.

ESEC-FSE-2017-BuXXZTX #android #industrial #internet #mobile #program analysis

When program analysis meets mobile security: an industrial study of misusing Android internet sockets (WB, MX, LX, YZ, ZT, TX), pp. 842–847.

ESEC-FSE-2017-Hilton0TMD #assurance #flexibility #integration #trade-off

Trade-offs in continuous integration: assurance, security, and flexibility (MH, NN0, TT, DM, DD), pp. 197–207.

ESEC-FSE-2017-Pashchenko #benchmark #difference #metric #static analysis #testing #tool support

FOSS version differentiation as a benchmark for static analysis security testing tools (IP), pp. 1056–1058.

ESEC-FSE-2017-Williams

The rising tide lifts all boats: the advancement of science in cyber security (invited talk) (LW), p. 1.

ESEC-FSE-2017-ZhouS #automation #commit #debugging #identification

Automated identification of security issues from commit messages and bug reports (YZ, AS), pp. 914–919.

ICSE-2017-KafaliJPWS #case study #how #policy

How good is a security policy against real breaches?: a HIPAA case study (ÖK, JJ, MP, LW, MPS), pp. 530–540.

ICSE-2017-LeeBSSZM #android

A SEALANT for inter-app security holes in android (YKL, JYB, GS, AS, YZ, NM), pp. 312–323.

ICSE-2017-XuCCLS #analysis #comprehension #named #towards

SPAIN: security patch analysis for binaries towards understanding the pain and pills (ZX, BC0, MC, YL0, FS), pp. 462–472.

ASPLOS-2017-ChisnallDGBJWMM #c #java

CHERI JNI: Sinking the Java Security Model into the C (DC, BD, KG, DB, AJ, JW, ATM, JEM, RMN, SDS, MR, SWM, PGN, BL, RNMW), pp. 569–583.

ASPLOS-2017-FerraiuoloXZMS #analysis #architecture #data flow #hardware #verification

Verification of a Practical Hardware Security Architecture Through Static Information Flow Analysis (AF, RX, DZ, ACM, GES), pp. 555–568.

ASPLOS-2017-ZhangSGCS #identification #verification

Identifying Security Critical Properties for the Dynamic Verification of a Processor (RZ, NS, CG, AC, CS), pp. 541–554.

CASE-2017-LiuMR #analysis #cyber-physical

Security analysis of continuous-time cyber-physical system against sensor attacks (XL, YM, XR), pp. 1586–1591.

CASE-2017-WangXBYL #constraints #evaluation #grid #hybrid #power management #reliability

Reliability evaluation of AC/DC hybrid power grid considering transient security constraints (CW, HX, ZB, CY, YL), pp. 1237–1242.

FASE-2017-Henda0LNSS #analysis #named

OpenSAW: Open Security Analysis Workbench (NBH, BJ0, PL, KN, PS, OS), pp. 321–337.

ICST-2017-Al-QahtaniER #api #approach #modelling #ontology #semantics #traceability

Recovering Semantic Traceability Links between APIs and Security Vulnerabilities: An Ontological Modeling Approach (SSAQ, EEE, JR), pp. 80–91.

ICTSS-2017-SalvaR #integration #testing #using

Using Data Integration for Security Testing (SS, LR), pp. 178–194.

ECSA-2016-SchmerlGSBMCG #analysis #android #architecture #modelling

Architecture Modeling and Analysis of Security in Android Systems (BRS, JG, AS, HB, SM, JC, DG), pp. 274–290.

WICSA-2016-FengKCMX #analysis #approach #architecture #towards

Towards an Architecture-Centric Approach to Security Analysis (QF, RK, YC, RM, LX0), pp. 221–230.

WICSA-2016-TaspolatogluH #analysis #architecture

Context-Based Architectural Security Analysis (ET, RH), pp. 281–282.

WICSA-2016-YuanM #architecture #component #detection #interactive #mining

Mining Software Component Interactions to Detect Security Threats at the Architectural Level (EY, SM), pp. 211–220.

SCAM-2016-BiaseBB #code review #overview

A Security Perspective on Code Review: The Case of Chromium (MdB, MB, AB), pp. 21–30.

FM-2016-LetanCHNM #named #specification #verification

SpecCert: Specifying and Verifying Hardware-Based Security Enforcement (TL, PC, GH, PN, BM), pp. 496–512.

FM-2016-LiSD #automation #protocol #verification

Automated Verification of Timed Security Protocols with Clock Drift (LL0, JS0, JSD), pp. 513–530.

CIKM-2016-Grushka-CohenSB #assessment #database #elicitation #named #risk management

CyberRank: Knowledge Elicitation for Risk Assessment of Database Security (HGC, OS, OB, BS, LR), pp. 2009–2012.

KDD-2016-Diffie #evolution

The Evolving Meaning of Information Security (WD), p. 5.

ECOOP-2016-FennellT #named #object-oriented

LJGS: Gradual Security Types for Object-Oriented Languages (LF, PT0), p. 26.

OOPSLA-2016-GollamudiC #automation #policy #using

Automatic enforcement of expressive security policies using enclaves (AG, SC), pp. 494–513.

PLDI-2016-CostanzoSG #assembly #c #data flow #source code #verification

End-to-end verification of information-flow security for C and assembly programs (DC, ZS, RG), pp. 648–664.

ASE-2016-CeccatoNAB #automation #black box #injection #named #testing

SOFIA: an automated security oracle for black-box testing of SQL-injection vulnerabilities (MC, CDN, DA, LCB), pp. 167–177.

FSE-2016-KangMJ #analysis #multi

Multi-representational security analysis (EK, AM, DJ0), pp. 181–192.

ICSE-2016-NearJ #data access #debugging #using #web

Finding security bugs in web applications using a catalog of access control patterns (JPN, DJ0), pp. 947–958.

CGO-2016-HawkinsDT #lightweight #monitoring #named #off the shelf

BlackBox: lightweight security monitoring for COTS binaries (BH, BD, MBT), pp. 261–272.

ICTSS-2016-SimosKGGL #approach #combinator #testing #web

A Combinatorial Approach to Analyzing Cross-Site Scripting (XSS) Vulnerabilities in Web Application Security Testing (DES, KK, LSGG, BG, YL), pp. 70–85.

ECSA-2015-FernandezAP #architecture

Revisiting Architectural Tactics for Security (EBF, HA, GPG), pp. 55–69.

QoSA-2015-MyllarniemiRM #configuration management #product line #representation #variability

Representing and Configuring Security Variability in Software Product Lines (VM, MR, TM), pp. 1–10.

ITiCSE-2015-AlshammariAH #adaptation #education #learning

The Impact of Learning Style Adaptivity in Teaching Computer Security (MA, RA, RJH), pp. 135–140.

SIGITE-2015-LinckeH #case study #development

The Development of a Longitudinal Security Case Study (SJL, SRH), pp. 49–54.

SIGITE-2015-WangBH #education

Hands-on Exercises for IT Security Education (XW, YB, GCH), pp. 161–166.

SANER-2015-CadariuBVD

Tracking known security vulnerabilities in proprietary software systems (MC, EB, JV, AvD), pp. 516–519.

SCAM-2015-RenatusBE #modelling #using

Improving prioritization of software weaknesses using security models with AVUS (SR, CB, JE), pp. 259–264.

CIAA-2015-DangDFH #automaton

Security of Numerical Sensors in Automata (ZD, DD, TRF, WJHI), pp. 76–88.

FM-2015-LiSLD #protocol #verification

Verifying Parameterized Timed Security Protocols (LL, JS, YL, JSD), pp. 342–359.

FM-2015-LiuH #analysis #android #case study #kernel

Case Study: Static Security Analysis of the Android Goldfish Kernel (TL, RH), pp. 589–592.

CHI-2015-EgelmanP #behaviour #scalability

Scaling the Security Wall: Developing a Security Behavior Intentions Scale (SeBIS) (SE, EP), pp. 2873–2882.

CHI-2015-HangLH #authentication #exclamation #smarttech #what

I Know What You Did Last Week! Do You?: Dynamic Security Questions for Fallback Authentication on Smartphones (AH, ADL, HH), pp. 1383–1392.

CHI-2015-IsmailAKR #crowdsourcing

Crowdsourced Exploration of Security Configurations (QI, TA, AK, MKR), pp. 467–476.

CHI-2015-WinklerGLHSDR #smarttech

Glass Unlock: Enhancing Security of Smartphone Unlocking through Leveraging a Private Near-eye Display (CW, JG, ADL, GH, PS, DD, ER), pp. 1407–1410.

CSCW-2015-DasKDH #social

The Role of Social Influence in Security Feature Adoption (SD, ADIK, LAD, JIH), pp. 1416–1426.

HCI-DE-2015-SugiuraSO #implementation #metric #using

Improving IT Security Through Security Measures: Using Our Game-Theory-Based Model of IT Security Implementation (MS, HS, TO), pp. 82–95.

HCI-DE-2015-Uchida #approach

A Psychological Approach to Information Security — Some Ideas for Establishing Information Security Psychology (KU), pp. 96–104.

HCI-UC-2015-FukuzawaSU #overview #risk management

Survey on Risk Management Based on Information Security Psychology (YF, MS, HU), pp. 396–408.

HIMI-IKD-2015-TrevisanPMG #big data #health #industrial #problem #visualisation

Big Data Visualization for Occupational Health and Security Problem in Oil and Gas Industry (DGT, NSP, LM, ACBG), pp. 46–54.

ICEIS-v2-2015-MazurKW #data access #modelling #on the #performance

On the Modelling of the Influence of Access Control Management to the System Security and Performance (KM, BK, AW), pp. 346–354.

SEKE-2015-FaniB #ontology

An Ontology for Describing Security Events (HF, EB), pp. 455–460.

SEKE-2015-HuangWSQ #android #fine-grained #named #policy

DefDroid: Securing Android with Fine-Grained Security Policy (CH, SW, HS, ZQ), pp. 375–378.

SIGIR-2015-YangS #information retrieval #privacy

Privacy-Preserving IR 2015: When Information Retrieval Meets Privacy and Security (HY, IS), pp. 1157–1158.

MoDELS-2015-NguyenYHKST #design pattern #named

SoSPa: A system of Security design Patterns for systematically engineering secure systems (PHN, KY, TH, JK, RS, YLT), pp. 246–255.

PLDI-2015-JohnsonWMC #dependence #graph

Exploring and enforcing security guarantees via program dependence graphs (AJ, LW, SM, SC), pp. 291–302.

POPL-2015-NgoMMP #black box #policy #runtime #source code

Runtime Enforcement of Security Policies on Black Box Reactive Programs (MN, FM, DM, FP), pp. 43–54.

QAPL-2015-MartinelliMS #specification

Semiring-based Specification Approaches for Quantitative Security (FM, IM, FS), pp. 95–109.

REFSQ-2015-GramaticaLMPT #assessment #empirical #risk management

The Role of Catalogues of Threats and Security Controls in Security Risk Assessment: An Empirical Study with ATM Professionals (MdG, KL, FM, FP, AT), pp. 98–114.

REFSQ-2015-LiHM #requirements #specification

Analyzing and Enforcing Security Mechanisms on Requirements Specifications (TL, JH, JM), pp. 115–131.

ESEC-FSE-2015-Feth #optimisation #trade-off #usability

User-centric security: optimization of the security-usability trade-off (DF), pp. 1034–1037.

ESEC-FSE-2015-GhaisasMBGKV #automation #towards

Towards automating the security compliance value chain (SG, MM, BB, AG, RK, HMV), pp. 1014–1017.

ESEC-FSE-2015-SmithJMCL #developer #static analysis

Questions developers ask while diagnosing potential security vulnerabilities with static analysis (JS, BJ, ERMH, BC, HRL), pp. 248–259.

ESEC-FSE-2015-WitscheyZWMMZ #developer #tool support

Quantifying developers’ adoption of security tools (JW, OZ, AKW, ERMH, CBM, TZ), pp. 260–271.

ICSE-v1-2015-YskoutSJ #design #question

Do Security Patterns Really Help Designers? (KY, RS, WJ), pp. 292–302.

ICSE-v2-2015-Berghe #analysis #towards

Towards a Practical Security Analysis Methodology (AvDB), pp. 883–886.

ICSE-v2-2015-DoligezFHM #development #functional #programming #validation #xml

Avoiding Security Pitfalls with Functional Programming: A Report on the Development of a Secure XML Validator (DD, CF, TH, MM), pp. 209–218.

ICSE-v2-2015-HollandDKMR #android #detection #novel

Security Toolbox for Detecting Novel and Sophisticated Android Malware (BH, TD, SK, JM, NR), pp. 733–736.

ICSE-v2-2015-Morrison #evaluation #framework

A Security Practices Evaluation Framework (PM), pp. 935–938.

ICSE-v2-2015-SadeghiBM #analysis #android #using

Analysis of Android Inter-App Security Vulnerabilities Using COVERT (AS, HB, SM), pp. 725–728.

ICSE-v2-2015-SimpsonMCFMR #case study #delivery #education #experience

Experiences in Developing and Delivering a Programme of Part-Time Education in Software and Systems Security (ACS, AM, CJFC, IF, IM, KBR), pp. 435–444.

ICSE-v2-2015-TsigkanosPGN #adaptation #cyber-physical #named

Ariadne: Topology Aware Adaptive Security for Cyber-Physical Systems (CT, LP, CG, BN), pp. 729–732.

SAC-2015-BeckersHMG #internet

Engineering trust- and reputation-based security controls for future internet systems (KB, MH, FM, MCFG), pp. 1344–1349.

SAC-2015-OliveiraLV #framework #performance #web #web service

Characterizing the performance of web service frameworks under security attacks (RAO, NL, MV), pp. 1711–1718.

SAC-2015-PiMMG #analysis #health #ontology

Ontology definition and cognitive analysis in ocupational health and security (OHS) environments (NSP, LM, JMM, ACBG), pp. 201–206.

SAC-2015-ShahriarH #approach #assessment #metric #risk management #web

Security assessment of clickjacking risks in web applications: metrics based approach (HS, HMH), pp. 791–797.

SAC-2015-TambeN #behaviour #game studies #modelling #resource management #robust

Robust resource allocation in security games and ensemble modeling of adversary behavior (AT, TN), pp. 277–282.

SAC-2015-VecchiatoVM #android #assessment

A security configuration assessment for android devices (DV, MV, EM), pp. 2299–2304.

SAC-2015-WangYCDGW #documentation #named #physics

Cryptopaper: digital information security for physical documents (PW, XY, SC, PD, SG, TW), pp. 2157–2164.

ASPLOS-2015-ZhangWSM #data flow #design #hardware #information management

A Hardware Design Language for Timing-Sensitive Information-Flow Security (DZ, YW, GES, ACM), pp. 503–516.

DAC-2015-GuoDJFM #formal method #perspective #validation #verification

Pre-silicon security verification and validation: a formal perspective (XG, RGD, YJ, FF, PM), p. 6.

DAC-2015-LiuWLCWBQ #challenge #design

Cloning your mind: security challenges in cognitive system designs and their solutions (BL, CW, HL, YC, QW, MB, QQ), p. 5.

DAC-2015-MundhenkSLFC #analysis #architecture #model checking #probability #using

Security analysis of automotive architectures using probabilistic model checking (PM, SS, ML, SAF, SC), p. 6.

DAC-2015-Peeters #architecture

SoC security architecture: current practices and emerging needs (EP), p. 6.

DAC-2015-RayYBB #correctness #design #validation

Correctness and security at odds: post-silicon validation of modern SoC designs (SR, JY, AB, SB), p. 6.

DAC-2015-SadeghiWW #challenge #industrial #internet #privacy

Security and privacy challenges in industrial internet of things (ARS, CW, MW), p. 6.

DAC-2015-ShreejithF #embedded #generative #network

Security aware network controllers for next generation automotive embedded systems (SS, SAF), p. 6.

DAC-2015-WachsI #challenge #design #hardware #integration

Design and integration challenges of building security hardware IP (MW, DI), p. 6.

DAC-2015-ZhengLDGZS #design #verification

Design and verification for transportation system security (BZ, WL, PD, LG, QZ, NS), p. 6.

DATE-2015-LeeLMHP #monitoring #named

Extrax: security extension to extract cache resident information for snoop-based external monitors (JL, YL, HM, IH, YP), pp. 151–156.

PDP-2015-FedorchenkoKC #analysis #database #design #network

Design of Integrated Vulnerabilities Database for Computer Networks Security Analysis (AF, IVK, AC), pp. 559–566.

PDP-2015-KotenkoD #metric

Countermeasure Selection in SIEM Systems Based on the Integrated Complex of Security Metrics (IVK, ED), pp. 567–574.

TACAS-2015-ArmandoBCCMMM #framework #mobile #named #platform #static analysis #verification

SAM: The Static Analysis Module of the MAVERIC Mobile App Security Verification Platform (AA, GB, GC, GC, GDM, RM, AM), pp. 225–230.

ICST-2015-CarboneCPP #identification #testing

Security Threat Identification and Testing (RC, LC, AP, SEP), pp. 1–8.

ICST-2015-KobashiYWFYOK #design pattern #named #testing #verification

TESEM: A Tool for Verifying Security Design Pattern Applications by Model Testing (TK, MY, HW, YF, NY, TO, HK), pp. 1–8.

ISSTA-2015-DahseH #case study #empirical #experience #php

Experience report: an empirical study of PHP security mechanism usage (JD, TH), pp. 60–70.

ISSTA-2015-Hothersall-Thomas #automation #named #testing

BrowserAudit: automated testing of browser security features (CHT, SM, CN), pp. 37–47.

ECSA-2014-HorcasPF #policy #runtime

Runtime Enforcement of Dynamic Security Policies (JMH, MP, LF), pp. 340–356.

SIGMOD-2014-BenderKG #database #relational

Explainable security for relational databases (GB, LK, JG), pp. 1411–1422.

EDM-2014-BoutnaruH #education #quality #student

Teachers and Students Learn Cyber Security: Comparing Software Quality, Security (SB, AH), pp. 292–295.

ITiCSE-2014-GuoBQLH #assurance #education

Enhancing the information assurance and security (IAS) in CS education with mobile-device based hands-on labs (MG, PB, KQ, CTDL, XH), p. 343.

ITiCSE-2014-SirajGTH #topic

Empowering faculty to embed security topics into computer science courses (AS, SG, JT, AH), pp. 99–104.

ITiCSE-2014-WangCMSW #data access #education #multi #named #using #visualisation

MLSvisual: a visualization tool for teaching access control using multi-level security (MW, SC, JM, CKS, CW), pp. 93–98.

SIGITE-2014-Kumar #design

Designing a graduate program in information security and analytics: masters program in information security and analytics (MISA) (SAK), pp. 141–146.

SIGITE-2014-PeltsvergerZ #analysis #education

Bottleneck analysis with NetKit: teaching information security with hands-on labs (SP, CZ), pp. 45–50.

SIGITE-2014-Trabelsi #approach #comprehension #education #network #using

Enhancing the comprehension of network sniffing attack in information security education using a hands-on lab approach (ZT), pp. 39–44.

CSMR-WCRE-2014-BuchlerHMMGO #model inference #testing

Model inference and security testing in the spacios project (MB, KH, PFM, MM, RG, CO), pp. 411–414.

CSMR-WCRE-2014-MihanceaM #named #verification #web

JMODEX: Model extraction for verifying security properties of web applications (PFM, MM), pp. 450–453.

MSR-2014-PleteaVS #analysis #git #sentiment

Security and emotion: sentiment analysis of security discussions on GitHub (DP, BV, AS), pp. 348–351.

SCAM-2014-TliliFBDH #scalability #verification

Scalable Security Verification of Software at Compile Time (ST, JMF, AB, BD, SH), pp. 115–124.

IFM-2014-BruniSNN #analysis #protocol

Formal Security Analysis of the MaCAN Protocol (AB, MS, FN, HRN), pp. 241–255.

IFM-2014-KordyPS #framework #probability

A Probabilistic Framework for Security Scenarios with Dependent Actions (BK, MP, PS), pp. 256–271.

IFM-2014-RamsdellDGR #analysis #hybrid #protocol

A Hybrid Analysis for Security Protocols with State (JDR, DJD, JDG, PDR), pp. 272–287.

CHI-2014-HarbachHWS #communication #privacy #using

Using personal examples to improve risk communication for security & privacy decisions (MH, MH, SW, MS), pp. 2647–2656.

CHI-2014-VanieaRW #case study #experience #how

Betrayed by updates: how negative experiences affect future security (KV, EJR, RW), pp. 2671–2674.

CHI-2014-ZhangWKGS #mobile #towards

Effects of security warnings and instant gratification cues on attitudes toward mobile websites (BZ, MW, HK, EG, SSS), pp. 111–114.

CSCW-2014-XiaoWM #development #social #tool support #why

Social influences on secure development tool adoption: why security tools spread (SX, JW, ERMH), pp. 1095–1106.

DUXU-TMT-2014-CoventryBJM #behaviour #named

SCENE: A Structured Means for Creating and Evaluating Behavioral Nudges in a Cyber Security Environment (LMC, PB, DJ, APAvM), pp. 229–239.

LCT-NLE-2014-LaugassonK #open source

File Formats Security — Proprietary vs. Open-Source (EL, KK), pp. 63–72.

CAiSE-2014-LiH #approach #requirements

Dealing with Security Requirements for Socio-Technical Systems: A Holistic Approach (TL, JH), pp. 285–300.

EDOC-2014-KormanSHBE #assessment #enterprise #overview #risk management

Overview of Enterprise Information Needs in Information Security Risk Assessment (MK, TS, JH, JEB, ME), pp. 42–51.

ICPR-2014-KumarK #adaptation #multimodal #recognition #set #using

Adaptive Security for Human Surveillance Using Multimodal Open Set Biometric Recognition (AK, AK), pp. 405–410.

ICPR-2014-LetchfordGZ

Smoothing Security Prices (AL, JG, LZ), pp. 1037–1042.

KDD-2014-Waltzman

Information environment security (RW), p. 1521.

KDD-2014-ZhuXGC #mobile #privacy #recommendation

Mobile app recommendations with security and privacy awareness (HZ, HX, YG, EC), pp. 951–960.

KDIR-2014-KurasEAH #data mining #mining

The GDR Through the Eyes of the Stasi — Data Mining on the Secret Reports of the State Security Service of the former German Democratic Republic (CK, TE, CA, GH), pp. 360–365.

KEOD-2014-KruppS0 #mobile #ontology #policy #privacy

An Ontology for Enforcing Security and Privacy Policies on Mobile Devices (BK, NS, WZ), pp. 288–295.

KMIS-2014-DaviesB

Determining the Value of Information Security Investments — A Decision Support System (HLD, AJCB), pp. 426–433.

SEKE-2014-El-KharboutlyGF #analysis

Industry-wise Analysis of Security Breaches in Data Loss Incidents (REK, SSG, LF), pp. 615–619.

SEKE-2014-SantosRBC #elicitation #requirements

Persona Security: A Technique for Supporting the Elicitation of Security Requirements (MADS, JR, RdSB, TC), pp. 603–608.

SIGIR-2014-SiY #information retrieval #privacy

Privacy-preserving IR: when information retrieval meets privacy and security (LS, HY), p. 1295.

PLATEAU-2014-KurilovaPA #design #named #programming language

Wyvern: Impacting Software Security via Programming Language Design (DK, AP, JA), pp. 57–58.

PEPM-J-2013-WeijersHH14 #fault #higher-order #polymorphism

Security type error diagnosis for higher-order, polymorphic languages (JW, JH, SH), pp. 200–218.

RE-2014-Anton #privacy

Now more than ever: Privacy and security are required (AIA), p. 2.

RE-2014-GartnerRBSJ #maintenance #requirements

Maintaining requirements for long-living software systems by incorporating security knowledge (SG, TR, JB, KS, JJ), pp. 103–112.

RE-2014-Ionita #evaluation #identification #information management #risk management

Context-sensitive Information security Risk identification and evaluation techniques (DI), pp. 485–488.

RE-2014-RiazKSW #automation #identification #natural language #requirements

Hidden in plain sight: Automatically identifying security requirements from natural language artifacts (MR, JTK, JS, LAW), pp. 183–192.

RE-2014-SlavinLNB #diagrams #feature model #requirements #using

Managing security requirements patterns using feature diagram hierarchies (RS, JML, JN, TDB), pp. 193–202.

RE-2014-TsigkanosPMGN #adaptation #requirements #runtime

Engineering topology aware adaptive security: Preventing requirements violations at runtime (CT, LP, CM, CG, BN), pp. 203–212.

ASE-2014-NearJ #analysis #interactive #named #web

Derailer: interactive security analysis for web applications (JPN, DJ), pp. 587–598.

SAC-2014-BeckersCG #in the cloud #requirements

A catalog of security requirements patterns for the domain of cloud computing systems (KB, IC, LG), pp. 337–342.

SAC-2014-ShoshitaishviliIDV #analysis #scalability #trade-off

Do you feel lucky?: a large-scale analysis of risk-rewards trade-offs in cyber security (YS, LI, AD, GV), pp. 1649–1656.

ASPLOS-2014-0001KOTRKSHC #named #policy

Sapper: a language for hardware-level security policy enforcement (XL, VK, JKO, MT, VRR, RK, TS, BH, FTC), pp. 97–112.

CGO-2014-KashyapH

Security Signature Inference for JavaScript-based Browser Addons (VK, BH), p. 219.

DAC-2014-HuWTT #hardware #monitoring #network

System-Level Security for Network Processors with Hardware Monitors (KH, TW, TT, RT), p. 6.

DAC-2014-TrimbergerM

FPGA Security: From Features to Capabilities to Trusted Systems (ST, JM), p. 4.

DATE-2014-Jin #evaluation #proving #tool support #trust

EDA tools trust evaluation through security property proofs (YJ), pp. 1–4.

DATE-2014-RostamiWPK #challenge #roadmap

Quo vadis, PUF?: Trends and challenges of emerging physical-disorder based security (MR, JBW, MP, FK), pp. 1–6.

DATE-2014-SubramanyanA #design #verification

Formal verification of taint-propagation security properties in a commercial SoC design (PS, DA), pp. 1–2.

OSDI-2014-HawblitzelHLNPZZ #automation #verification

Ironclad Apps: End-to-End Security via Automated Full-System Verification (CH, JH, JRL, AN, BP, DZ, BZ), pp. 165–181.

PDP-2014-KotenkoDC #game studies #graph #metric

Security Metrics Based on Attack Graphs for the Olympic Games Scenario (IVK, ED, AC), pp. 561–568.

PDP-2014-NesterukNK #adaptation #fuzzy #knowledge base

Creation of a Fuzzy Knowledge Base for Adaptive Security Systems (PN, LN, IVK), pp. 574–577.

PDP-2014-RiekeRZE #monitoring #process

Monitoring Security Compliance of Critical Processes (RR, JR, MZ, JE), pp. 552–560.

FASE-2014-SadeghiEM #analysis #mining #repository

Mining the Categorized Software Repositories to Improve the Analysis of Security Vulnerabilities (AS, NE, SM), pp. 155–169.

ICTSS-2014-WotawaB #automation #exclamation #testing

Plan It! Automated Security Testing Based on Planning (FW, JB), pp. 48–62.

ISSTA-2014-TrippFP #analysis #hybrid #javascript #partial evaluation #web

Hybrid security analysis of web JavaScript code via dynamic partial evaluation (OT, PF, MP), pp. 49–59.

VLDB-2013-Kozak #performance #similarity

Efficiency and Security in Similarity Cloud Services (SK), pp. 1450–1455.

ITiCSE-2013-PatitsasL

Dr. Horrible’s fork bomb: a lab for introducing security issues in CS2 (EAP, DL), p. 318.

ITiCSE-2013-QianYGBT #authentication #learning #mobile #network

Mobile device based authentic learning for computer network and security (KQ, MY, MG, PB, LT), p. 335.

CSMR-2013-BergerSK #architecture

Extracting and Analyzing the Implemented Security Architecture of Business Applications (BJB, KS, RK), pp. 285–294.

ICALP-v2-2013-ChretienCD #automaton #protocol

From Security Protocols to Pushdown Automata (RC, VC, SD), pp. 137–149.

FDG-2013-RyanSVC #education #game studies #network #using

Network Nightmares: Using games to teach networks and security (WR, JS, DV, JC), pp. 413–416.

DUXU-NTE-2013-Langhorne #evaluation #online

Department of Homeland Security Websites Uncoupled: An Evaluation of Online Counterterrorism and Security Information across Agencies (ALL), pp. 112–119.

HIMI-D-2013-LiaoLH #concept #modelling #ontology #perspective #towards

Towards an Ontological Interpretation on the i* Modeling Language Extended with Security Concepts: A Bunge-Wand-Weber Model Perspective (GYL, PJL, LTH), pp. 322–328.

HIMI-HSM-2013-MoodyW #mobile #what

Security, But at What Cost? — An Examination of Security Notifications within a Mobile Application (GM, DW), pp. 391–399.

OCSC-2013-KaratasBK #towards #visual notation

Towards Visual Configuration Support for Interdependent Security Goals (FK, MB, DK), pp. 375–384.

ICEIS-J-2013-SuB13a #fine-grained #graph #identification

Foundation for Fine-Grained Security and DRM Control Based on a Service Call Graph Context Identification (ZS, FB), pp. 226–241.

ICEIS-v2-2013-DelgadoORHG #information management #social

Proposal of an Interoperability Model for Social Security Information Systems (FDA, SO, RJR, JRH, JMG), pp. 451–458.

ICEIS-v3-2013-NassarBBB #architecture #design #towards

Towards Security Awareness in Designing Service-oriented Architectures (PBN, YB, FB, KB), pp. 347–355.

KDD-2013-Marty #how #visual notation

Cyber security: how visual analytics unlock insight (RM), p. 1139.

KDIR-KMIS-2013-CostaS #assessment #concept #enterprise #using

Enterprise to Cloud Security Assessment — A Method using OSSTMM 3.0 Concepts (RC, CS), pp. 571–578.

KDIR-KMIS-2013-Hugl #challenge

Crying for the Moon? — Current Challenges in Corporate Information Security Management (UH), pp. 579–586.

SEKE-2013-AlshammariFC #bytecode #java #metric #source code

Security Metrics for Java Bytecode Programs (BA, CJF, DC), pp. 394–399.

MoDELS-2013-PerezGCCC #analysis #modelling #network #policy

Model-Driven Extraction and Analysis of Network Security Policies (SMP, JGA, FC, NCB, JC), pp. 52–68.

Onward-2013-ValleeWZFK #modelling #problem #reasoning

Usable security as a static-analysis problem: modeling and reasoning about user permissions in social-sharing systems (HQdlV, JMW, WZ, KF, SK), pp. 1–16.

PEPM-2013-WeijersHH #fault #higher-order #polymorphism

Security type error diagnosis for higher-order, polymorphic languages (JW, JH, SH), pp. 3–12.

PLDI-2013-Schneider #programming language

Programming languages in security: keynote (FBS), pp. 139–140.

POPL-2013-LivshitsC #automation #classification #towards

Towards fully automatic placement of security sanitizers and declassifiers (BL, SC), pp. 385–398.

QAPL-2013-NgoH #analysis #concurrent #multi #source code #thread

Quantitative Security Analysis for Multi-threaded Programs (TMN, MH), pp. 34–48.

ICSE-2013-AlmorsyGI #analysis #architecture #automation #using

Automated software architecture security risk analysis using formalized signatures (MA, JG, ASI), pp. 662–671.

ICSE-2013-Rimba #assurance #platform #using

Building high assurance secure applications using security patterns for capability-based platforms (PR), pp. 1401–1404.

SAC-2013-AccorsiSM #mining #on the #process

On the exploitation of process mining for security audits: the process discovery case (RA, TS, GM), pp. 1462–1468.

SAC-2013-CampioloSBG #twitter

Evaluating the utilization of Twitter messages as a source of security alerts (RC, LAFS, DMB, MAG), pp. 942–943.

SAC-2013-CarlosMPC

An updated threat model for security ceremonies (MCC, JEM, GP, RFC), pp. 1836–1843.

SAC-2013-JeonKKC #android

Enhancing security enforcement on unmodified Android (CJ, WK, BK, YC), pp. 1655–1656.

SAC-2013-KaratasK #approach #composition #flexibility

A flexible approach for considering interdependent security objectives in service composition (FK, DK), pp. 1919–1926.

SAC-2013-MartinaP #induction #multi #protocol #using #verification

Verifying multicast-based security protocols using the inductive method (JEM, LCP), pp. 1824–1829.

SAC-2013-ShinYR #android #visual notation

Supporting visual security cues for WebView-based Android apps (DS, HY, UR), pp. 1867–1876.

SAC-2013-TranLZ #architecture #metadata

Derivation of domain-specific architectural knowledge views from governance and security compliance metadata (HT, IL, UZ), pp. 1728–1733.

SAC-2013-VukovicD #distributed #estimation #on the

On the security of distributed power system state estimation under targeted attacks (OV, GD), pp. 666–672.

ASPLOS-2013-MaiPXKM #invariant #verification

Verifying security invariants in ExpressOS (HM, EP, HX, STK, PM), pp. 293–304.

CGO-2013-ArthurMRAB #debugging #named #profiling #scalability

Schnauzer: scalable profiling for likely security bug sites (WA, BM, RR, TMA, VB), p. 11.

DAC-2013-FanRRV #design #encryption #energy

Low-energy encryption for medical devices: security adds an extra design dimension (JF, OR, VR, IV), p. 6.

DAC-2013-RostamiBKJ #question

Balancing security and utility in medical devices? (MR, WB, FK, AJ), p. 6.

DAC-2013-YinQ

Improving PUF security with regression-based distiller (CEDY, GQ), p. 6.

DATE-2013-DiazSSR #analysis #network #performance #simulation

Wireless sensor network simulation for security and performance analysis (AD, PS, JS, JR), pp. 432–435.

DATE-2013-LeestT #hardware

Anti-counterfeiting with hardware intrinsic security (VvdL, PT), pp. 1137–1142.

DATE-2013-SagstetterLSWBHJPPC #architecture #challenge #design #hardware

Security challenges in automotive hardware/software architecture design (FS, ML, SS, MW, AB, WRH, SJ, TP, AP, SC), pp. 458–463.

PDP-2013-BasileCLP #analysis #reachability

Improved Reachability Analysis for Security Management (CB, DC, AL, CP), pp. 534–541.

PDP-2013-NovikovaK #visualisation

Analytical Visualization Techniques for Security Information and Event Management (EN, IVK), pp. 519–525.

FASE-2013-TrippPCCG #analysis #named #scalability #web

Andromeda: Accurate and Scalable Security Analysis of Web Applications (OT, MP, PC, RC, SG), pp. 210–225.

STOC-2013-ChungPS #simulation

Non-black-box simulation from one-way functions and applications to resettable security (KMC, RP, KS), pp. 231–240.

CAV-2013-BiondiLTW #imperative #named

QUAIL: A Quantitative Security Analyzer for Imperative Code (FB, AL, LMT, AW), pp. 702–707.

CAV-2013-MeierSCB #analysis #protocol #proving

The TAMARIN Prover for the Symbolic Analysis of Security Protocols (SM, BS, CC, DAB), pp. 696–701.

CAV-2013-SosnovichGN #network #protocol #using

Finding Security Vulnerabilities in a Network Protocol Using Parameterized Systems (AS, OG, GN), pp. 724–739.

ICST-2013-Buchler #testing

Security Testing with Fault-Models and Properties (MB), pp. 501–502.

ICST-2013-CompagnaGB #as a service #process #validation

Business Process Compliance via Security Validation as a Service (LC, PG, ADB), pp. 455–462.

ICST-2013-MunetohY #agile #development #framework #named #testing

RAILROADMAP: An Agile Security Testing Framework for Web-application Development (SM, NY), pp. 491–492.

ICTSS-2013-PellegrinoCM #developer #protocol

A Tool for Supporting Developers in Analyzing the Security of Web-Based Security Protocols (GP, LC, TM), pp. 277–282.

ISSTA-2013-TrippWG #approach #learning #testing #web

Finding your way in the testing jungle: a learning approach to web security testing (OT, OW, LG), pp. 347–357.

LICS-2013-Comon-Lundh #logic #modelling #named #problem

LICS: Logic in Computer Security — Some Attacker’s Models and Related Decision Problems (HCL), p. 1.

LICS-2013-Halpern #first-order #logic #proving #using

From Qualitative to Quantitative Proofs of Security Properties Using First-Order Conditional Logic (JYH), pp. 2–3.

WICSA-ECSA-2012-Al-AzzaniB #architecture #evaluation #named #testing

SecArch: Architecture-level Evaluation and Testing for Security (SAA, RB), pp. 51–60.

SIGITE-2012-Lincke #case study #health

Planning organizational security: the health first case study (SJL), pp. 3–8.

FM-2012-Abadi #formal method

Software Security: A Formal Perspective — (Notes for a Talk) (MA), pp. 1–5.

SEFM-2012-VorobyovKS #approach #data flow

A Low-Overhead, Value-Tracking Approach to Information Flow Security (KV, PK, PS), pp. 367–381.

VS-Games-2012-OliveiraCGR #game studies

Serious Game in Security: A Solution for Security Trainees (VO, AC, RG, CR), pp. 274–282.

VS-Games-2012-TeseiBK #game studies #overview #safety

Survey on Serious Games Applied to Security, Safety and Crisis Management (AT, AB, RTK), pp. 320–321.

CHI-2012-BullingAS #using #visual notation

Increasing the security of gaze-based cued-recall graphical passwords using saliency masks (AB, FA, AS), pp. 3011–3020.

CSCW-2012-ChiaC #web

Community-based web security: complementary roles of the serious and casual contributors (PHC, JC), pp. 1023–1032.

ICPR-2012-MaLWZH #authentication #multimodal

Enhancing biometric security with wavelet quantization watermarking based two-stage multimodal authentication (BM, CL, YW, ZZ, DH), pp. 2416–2419.

KDIR-2012-Martiny

Unsupervised Discovery of Significant Candlestick Patterns for Forecasting Security Price Movements (KM), pp. 145–150.

KEOD-2012-PereiraS #approach #design #information management #ontology

An Ontology Approach in Designing Security Information Systems to Support Organizational Security Risk Knowledge (TSMP, HMDS), pp. 461–466.

SEKE-2012-ChenL #approach #behaviour #elicitation #ontology #requirements

Eliciting Security Requirements in the Commanded Behavior Frame: An Ontology based Approach (XC, JL), pp. 61–65.

SEKE-2012-MaarabaniAC #policy #testing

Testing Interoperability Security Policies (MEM, CA, ARC), pp. 464–469.

Onward-2012-HafizAJ #pattern matching

Growing a pattern language (for security) (MH, PA, REJ), pp. 139–158.

HILT-2012-HardinSWP #domain-specific language

A DSL for cross-domain security (DSH, KS, MWW, THP), pp. 53–62.

RE-2012-PajaDPRG #named #requirements #social

STS-tool: Socio-technical Security Requirements through social commitments (EP, FD, MP, PR, PG), pp. 331–332.

RE-2012-SalehiePOAN #adaptation #runtime

Requirements-driven adaptive security: Protecting variable assets at runtime (MS, LP, IO, RA, BN), pp. 111–120.

RE-2012-TawhidBCAMSABR #towards

Towards outcome-based regulatory compliance in aviation security (RT, EB, NC, MA, GM, AS, DA, SAB, GR), pp. 267–272.

REFSQ-2012-ChowdhuryMSK #diagrams #requirements #risk management

Aligning Mal-activity Diagrams and Security Risk Management for Security Requirements Definitions (MJMC, RM, GS, PK), pp. 132–139.

ASE-2012-HwangXKMT #evolution #policy #testing

Selection of regression system tests for security policy evolution (JH, TX, DEK, TM, YLT), pp. 266–269.

FSE-2012-PasqualeMSCON #adaptation #named

SecuriTAS: a tool for engineering adaptive security (LP, CM, MS, LC, IO, BN), p. 19.

FSE-2012-XiaoPTX #automation #documentation #policy

Automated extraction of security policies from natural-language software documents (XX, AMP, ST, TX), p. 12.

ICSE-2012-Avancini #research #testing #web

Security testing of web applications: A research plan (AA), pp. 1491–1494.

ICSE-2012-YskoutSJ #architecture #question

Does organizing security patterns focus architectural choices? (KY, RS, WJ), pp. 617–627.

SAC-2012-AccorsiS #consistency #mining #on the #process

On the exploitation of process mining for security audits: the conformance checking case (RA, TS), pp. 1709–1716.

SAC-2012-BalduzziZBKL #analysis

A security analysis of amazon’s elastic compute cloud service (MB, JZ, DB, EK, SL), pp. 1427–1434.

SAC-2012-BeusterG #modelling #policy #smarttech

Formal security policy models for smart card evaluations (GB, KG), pp. 1640–1642.

SAC-2012-MonakovaBS #process #safety

Security and safety of assets in business processes (GM, ADB, AS), pp. 1667–1673.

SAC-2012-RodoperBJT #framework #mobile #performance

An efficient security framework for mobile WiMAX (MR, AB, EJ, WT), pp. 1494–1501.

DAC-2012-RajendranPSK #analysis #logic #obfuscation

Security analysis of logic obfuscation (JR, YP, OS, RK), pp. 83–89.

DATE-2012-BeaumontHN #architecture #execution #hardware #replication #using

SAFER PATH: Security architecture using fragmented execution and replication for protection against trojaned hardware (MRB, BDH, TN), pp. 1000–1005.

DATE-2012-JiangEP #co-evolution #communication #constraints #design #distributed #embedded #realtime

Co-design techniques for distributed real-time embedded systems with communication security constraints (KJ, PE, ZP), pp. 947–952.

OSDI-2012-WangCJZK #integer

Improving Integer Security for Systems with KINT (XW, HC, ZJ, NZ, MFK), pp. 163–177.

PDP-2012-BaumannS #analysis #markov #modelling #network

Markovian Modeling and Security Measure Analysis for Networks under Flooding DoS Attacks (HB, WS), pp. 298–302.

PDP-2012-GavaGP #algorithm #performance #protocol

Performance Evaluations of a BSP Algorithm for State Space Construction of Security Protocols (FG, MG, FP), pp. 170–174.

PDP-2012-OchsenschlagerR #requirements

Security Requirements for Uniformly Parameterised Cooperations (PO, RR), pp. 288–292.

PDP-2012-RuizHMDKC #analysis #component #embedded #modelling

A Methodology for the Analysis and Modeling of Security Threats and Attacks for Systems of Embedded Components (JFR, RH, AM, VD, IVK, AC), pp. 261–268.

TACAS-2012-ArmandoAABCCCCCCEFMMOPPRRDTV #architecture #automation #framework #platform #trust #validation

The AVANTSSAR Platform for the Automated Validation of Trust and Security of Service-Oriented Architectures (AA, WA, TA, MB, AC, AC, RC, YC, LC, JC, GE, SF, MM, SM, DvO, GP, SEP, MR, MR, MTD, MT, LV), pp. 267–282.

ICST-2012-ChoudharyDBJOI #challenge #internet #modelling #testing

Solving Some Modeling Challenges when Testing Rich Internet Applications for Security (SC, MED, GvB, GVJ, IVO, PI), pp. 850–857.

ICST-2012-WehbiOB #monitoring #using

Events-Based Security Monitoring Using MMT Tool (BW, EMdO, MB), pp. 860–863.

IJCAR-2012-DelauneKP #constraints #protocol

Security Protocols, Constraint Systems, and Group Theories (SD, SK, DP), pp. 164–178.

TAP-2012-ArmandoPCMB #automation #model checking #protocol #testing

From Model-Checking to Automated Testing of Security Protocols: Bridging the Gap (AA, GP, RC, AM, DB), pp. 3–18.

QoSA-ISARCS-2011-ArissX #modelling

Modeling security attacks with statecharts (OeA, DX), pp. 123–132.

QoSA-ISARCS-2011-KhanZ #component #embedded #monitoring

Building components with embedded security monitors (MUAK, MZ), pp. 133–142.

WICSA-2011-FaniyiBEK #architecture #predict

Evaluating Security Properties of Architectures in Unpredictable Environments: A Case for Cloud (FF, RB, AE, RK), pp. 127–136.

CSEET-2011-ChookittikulM #collaboration #effectiveness

Effective real-world project collaboration: Strategies from a cyber security degree program (WC, PEM), pp. 429–433.

ITiCSE-2011-GuimaraesSA #education #game studies #using #video

Using video games to teach security (MAMG, HES, RA), p. 346.

ITiCSE-2011-TaylorK #injection #student

Security injections: modules to help students remember, understand, and apply secure coding techniques (BT, SK), pp. 3–7.

SIGITE-2011-BaiT #contest #student

Cyber defense competition: enhancing student competency in information security (YB, CT), pp. 305–306.

SIGITE-2011-BassiouniG #development #education #network #research

Enhancing network security education with research and development content (MAB, RG), pp. 293–298.

MSR-2011-ZamanAH #case study #debugging #performance

Security versus performance bugs: a case study on Firefox (SZ, BA, AEH), pp. 93–102.

SCAM-2011-AvanciniC #approach #search-based #testing #web

Security Testing of Web Applications: A Search-Based Approach for Cross-Site Scripting Vulnerabilities (AA, MC), pp. 85–94.

WCRE-2011-BergerBS #android #case study

An Android Security Case Study with Bauhaus (BJB, MB, KS), pp. 179–183.

WCRE-2011-TreudeFSS #case study #reverse engineering

An Exploratory Study of Software Reverse Engineering in a Security Context (CT, FMFF, MADS, MS), pp. 184–188.

SFM-2011-CostaIMMS #trust

Security and Trust (GC, VI, FM, IM, RS), pp. 393–416.

CHI-2011-AyyavuJ #feedback #heuristic #privacy

Integrating user feedback with heuristic security and privacy management systems (PA, CJ), pp. 2305–2314.

CHI-2011-HayashiHC #authentication #visual notation

Security through a different kind of obscurity: evaluating distortion in graphical authentication schemes (EH, JIH, NC), pp. 2055–2064.

CHI-2011-LucaFMSHKH #internet #visualisation

Does MoodyBoard make internet use more secure?: evaluating an ambient security visualization tool (ADL, BF, MEM, JS, DH, NK, HH), pp. 887–890.

CHI-2011-MathiasenB #design #interactive

Experiencing security in interaction design (NRM, SB), pp. 2325–2334.

HIMI-v1-2011-JeonKLW #analysis #smarttech

A Practical Analysis of Smartphone Security (WJ, JK, YL, DW), pp. 311–320.

HIMI-v1-2011-Pavel11a #approach #composition #design #protocol

An Approach for Security Protocol Design Based on Zero-Knowledge Primitives Composition (OP), pp. 374–378.

CAiSE-2011-SchmidtJ #analysis #design #requirements #using

Connecting Security Requirements Analysis and Secure Design Using Patterns and UMLsec (HS, JJ), pp. 367–382.

ICEIS-v1-2011-WeiY #analysis #behaviour #game studies #metric

Security Investment Analysis on Gaming Theory with Measurements of Cost and Decision Behavior (WW, RY), pp. 519–523.

ICEIS-v2-2011-DingL #database #design

Based on “Scenarios-response” Model of Security Plans for Emergency Management System of Database Design (DD, XL), pp. 210–212.

ICEIS-v3-2011-JiangZC #case study

Study on the Information Security System for Bank in China (XJ, ZZ, FC), pp. 190–195.

ICEIS-v3-2011-ShenYZT #analysis #documentation

Analysis of Core Documents in Information Security Based on Mapping Knowledge Domains (HZS, QJY, QJZ, LyT), pp. 421–427.

KDD-2011-McCue

Operational security analytics: doing more with less (CM), p. 782.

KEOD-2011-BoinskiOSK #integration #ontology

Security Ontology Construction and Integration (TB, PO, JS, HK), pp. 369–374.

SEKE-2011-SanfordWX #analysis #modelling #using

Security Analysis of FileZilla Server Using Threat Models (MS, DW, DX), pp. 678–682.

SEKE-2011-WagnerFF #process #using

Using Security Patterns to Tailor Software Process (RW, LMF, ABF), pp. 672–677.

ECMFA-2011-JurjensMOS #evolution #incremental #modelling #verification

Incremental Security Verification for Evolving UMLsec models (JJ, LM, MO, HS), pp. 52–68.

OOPSLA-2011-SonMS #named #what

RoleCast: finding missing security checks when you do not know what checks are (SS, KSM, VS), pp. 1069–1084.

PLDI-2011-SrivastavaBMS #api #detection #implementation #multi #policy #using

A security policy oracle: detecting security holes using multiple API implementations (VS, MDB, KSM, VS), pp. 343–354.

PPDP-2011-BourdierC #analysis #network #policy #term rewriting #using

Symbolic analysis of network security policies using rewrite systems (TB, HC), pp. 77–88.

SAS-2011-Mitchell #program analysis #web

Program Analysis for Web Security (JCM), p. 4.

RE-2011-FailyF #elicitation #requirements #usability

Eliciting usable security requirements with misusability cases (SF, IF), pp. 339–340.

RE-2011-FranqueiraTYWN

Risk and argument: A risk-based argumentation method for practical security (VNLF, TTT, YY, RW, BN), pp. 239–248.

REFSQ-2011-KnaussHSIJ #requirements

Supporting Requirements Engineers in Recognising Security Issues (EK, SHH, KS, SI, JJ), pp. 4–18.

ICSE-2011-Davies #reuse

Measuring subversions: security and legal risk in reused software artifacts (JD), pp. 1149–1151.

ICSE-2011-Jurjens #automation #evolution #modelling #uml

Automated security hardening for evolving UML models (JJ), pp. 986–988.

ICSE-2011-Smith #functional #requirements #testing #using

Systematizing security test case planning using functional requirements phrases (BS), pp. 1136–1137.

SAC-2011-Blech #encryption #logic #proving

Proving the security of ElGamal encryption via indistinguishability logic (JOB), pp. 1625–1632.

SAC-2011-SohrMN #aspect-oriented #mobile

Software security aspects of Java-based mobile phones (KS, TM, AN), pp. 1494–1501.

SAC-2011-WoodraskaSX #mutation testing #testing

Security mutation testing of the FileZilla FTP server (DW, MS, DX), pp. 1425–1430.

SAC-2011-ZhuYXLYGQLCG #monitoring #named #platform

VASP: virtualization assisted security monitor for cross-platform protection (MZ, MY, MX, BL, PY, SG, ZQ, LL, YC, HG), pp. 554–559.

DAC-2011-WeiP #using

Integrated circuit security techniques using variable supply voltage (SW, MP), pp. 248–253.

DATE-2011-AliCMB #encryption #hardware #multi

Multi-level attacks: An emerging security concern for cryptographic hardware (SA, RSC, DM, SB), pp. 1176–1179.

DATE-2011-SreedharK11a

Physically unclonable functions for embeded security based on lithographic variation (AS, SK), pp. 1632–1637.

PDP-2011-KotenkoSD #analysis #information management #social

Security Analysis of Information Systems Taking into Account Social Engineering Attacks (IVK, MS, ED), pp. 611–618.

PDP-2011-OchsenschlagerR #self

Security Properties of Self-Similar Uniformly Parameterised Systems of Cooperations (PO, RR), pp. 640–645.

PDP-2011-SchmidtFSF #architecture #named

TrustBox: A Security Architecture for Preventing Data Breaches (MS, SF, RS, BF), pp. 635–639.

SOSP-2011-ColpNZACDLW

Breaking up is hard to do: security and functionality in a commodity hypervisor (PC, MN, JZ, WA, GC, TD, PL, AW), pp. 189–202.

ESOP-2011-FournetP #compilation #data flow

Compiling Information-Flow Security to Minimal Trusted Computing Bases (CF, JP), pp. 216–235.

ESOP-2011-HuntS #exponential #polynomial #type system

From Exponential to Polynomial-Time Security Typing via Principal Types (SH, DS), pp. 297–316.

FASE-2011-HateburHJS #design #development #modelling #requirements

Systematic Development of UMLsec Design Models Based on Security Requirements (DH, MH, JJ, HS), pp. 232–246.

STOC-2011-Pass #standard

Limits of provable security from standard assumptions (RP), pp. 109–118.

CADE-2011-AlbertiAR #analysis #automation #named #policy

ASASP: Automated Symbolic Analysis of Security Policies (FA, AA, SR), pp. 26–33.

CADE-2011-ArnaudCD #protocol #recursion #testing

Deciding Security for Protocols with Recursive Tests (MA, VC, SD), pp. 49–63.

ICST-2011-DadeauHK #generative #protocol #testing

Mutation-Based Test Generation from Security Protocols in HLPSL (FD, PCH, RK), pp. 240–248.

ICST-2011-LetarteGM #evolution #php #web

Security Model Evolution of PHP Web Applications (DL, FG, EM), pp. 289–298.

ICST-2011-Zech #in the cloud #testing

Risk-Based Security Testing in Cloud Computing Environments (PZ), pp. 411–414.

TAP-2011-BuchlerOP #testing

Security Mutants for Property-Based Testing (MB, JO, AP), pp. 69–77.

DocEng-2010-SimskeSAE #documentation #ecosystem #forensics

Document imaging security and forensics ecosystem considerations (SJS, MS, GBA, PE), pp. 41–50.

DRR-2010-ChenL #on the #pseudo #usability

On the usability and security of pseudo-signatures (JC, DPL), pp. 1–10.

SIGITE-2010-ChoiLO #distance #education

Feasibility of virtual security laboratory for three-tiered distance education (YBC, SL, THO), pp. 53–58.

SIGITE-2010-LewisL #education #network

TLS man-in-the-middle laboratory exercise for network security education (JL, PL), pp. 117–120.

SIGITE-2010-RutherfoordR #internet #privacy

Privacy and ethical concerns in internet security (RHR, JKR), pp. 131–134.

SIGITE-2010-WangHY #education #network #using

Using VMware VCenter lab manager in undergraduate education for system administration and network security (XW, GCH, RY), pp. 43–52.

MSR-2010-GegickRX #case study #debugging #identification #industrial #mining

Identifying security bug reports via text mining: An industrial case study (MG, PR, TX), pp. 11–20.

MSR-2010-MauczkaSFBG #mining

Mining security changes in FreeBSD (AM, CS, FF, MB, TG), pp. 90–93.

SEFM-2010-Pavlovic #effectiveness #overview #perspective

The Unreasonable Ineffectiveness of Security Engineering: An Overview (DP), pp. 12–18.

SFM-2010-MalacariaH #data flow

Information Theory and Security: Quantitative Information Flow (PM, JH), pp. 87–134.

SFM-2010-WolterR #performance #trade-off

Performance and Security Tradeoff (KW, PR), pp. 135–167.

CHI-2010-BlomVSGAA #mobile #safety

Fear and the city: role of mobile services in harnessing safety and security in urban use contexts (JB, DV, MS, JG, KA, RA), pp. 1841–1850.

CHI-2010-DenningBFGKM

Patients, pacemakers, and implantable defibrillators: human values and security for wireless implantable medical devices (TD, AB, BF, BTG, TK, WHM), pp. 917–926.

ICEIS-ISAS-2010-JiagueFGKLMS #functional #modelling #policy

Model-driven Engineering of Functional Security Policies (MEJ, MF, FG, PK, RL, JM, RSD), pp. 374–379.

ICPR-2010-KunduD #image

Lossless ROI Medical Image Watermarking Technique with Enhanced Security and High Payload Embedding (MKK, SD), pp. 1457–1460.

ICPR-2010-YangBGB

Renewable Minutiae Templates with Tunable Size and Security (BY, CB, DG, PB), pp. 878–881.

KMIS-2010-MacePM #editing #ontology

Ontology Editing Tool for Information Security and Human Factors Experts (JCM, SEP, APAvM), pp. 207–212.

SEKE-2010-El-Attar #analysis #case study #precise #robust

Developing Precise Misuse Cases with Security Robustness Analysis (MEA), pp. 571–576.

SEKE-2010-SeguraS #named #peer-to-peer

P2PSecT: Peer-to-peer Security Testbed (ES, XS), pp. 783–786.

SEKE-2010-WyethZ #architecture #specification

Formal Specification of Software Architecture Security Tactics (AW, CZ), pp. 172–175.

PLDI-2010-ChenCS #compilation #verification

Type-preserving compilation of end-to-end verification of security enforcement (JC, RC, NS), pp. 412–423.

POPL-2010-BhargavanFG #composition #protocol #type system #verification

Modular verification of security protocol code by typing (KB, CF, ADG), pp. 445–456.

REFSQ-2010-IslamMW #elicitation #framework #privacy #requirements #towards

Towards a Framework to Elicit and Manage Security and Privacy Requirements from Laws and Regulations (SI, HM, SW), pp. 255–261.

ASE-2010-Abi-AntounB #architecture

Analyzing security architectures (MAA, JMB), pp. 3–12.

SAC-2010-CappelliCGL #analysis #requirements

Transparency versus security: early analysis of antagonistic requirements (CC, HdSC, BGB, JCSdPL), pp. 298–305.

SAC-2010-ClaycombLSK #network #policy

A group-based security policy for wireless sensor networks (WC, RL, DS, BK), pp. 778–785.

SAC-2010-ClaycombS #analysis #framework

A framework for risk analysis in virtual directory security (WC, DS), pp. 1881–1882.

SAC-2010-GrossklagsRCC #named #network

Nudge: intermediaries’ role in interdependent network security (JG, SR, AAC, JC), pp. 1879–1880.

SAC-2010-LombardiP

Transparent security for cloud (FL, RDP), pp. 414–415.

DAC-2010-WeiMP #hardware

Gate-level characterization: foundations and hardware security applications (SW, SM, MP), pp. 222–227.

DATE-2010-Barker #aspect-oriented #network

Security aspects in 6lowPan networks (RB), p. 660.

OSDI-2010-Chlipala #policy #static analysis

Static Checking of Dynamically-Varying Security Policies in Database-Backed Applications (AC), pp. 105–118.

PDP-2010-GastiC #encryption #mobile

Breaking and Fixing the Self Encryption Scheme for Data Security in Mobile Devices (PG, YC), pp. 624–630.

PDP-2010-MasonGC #architecture #evaluation #network #parallel

Evaluation of a Massively Parallel Architecture for Network Security Applications (BCM, DG, CLC), pp. 85–91.

ESOP-2010-KingJMJJS #automation

Automating Security Mediation Placement (DK, SJ, DM, TJ, SJ, SAS), pp. 327–344.

FoSSaCS-2010-CassezMZ #complexity #data flow

The Complexity of Synchronous Notions of Information Flow Security (FC, RvdM, CZ), pp. 282–296.

CAV-2010-Jha #legacy

Retrofitting Legacy Code for Security (SJ), p. 19.

CSL-2010-BasinC #protocol

Degrees of Security: Protocol Guarantees in the Face of Compromising Adversaries (DAB, CJFC), pp. 1–18.

ICST-2010-ZimmermannNW #predict

Searching for a Needle in a Haystack: Predicting Security Vulnerabilities for Windows Vista (TZ, NN, LAW), pp. 421–428.

IJCAR-2010-ChevalCD #analysis #automation #constraints #equivalence

Automating Security Analysis: Symbolic Equivalence of Constraint Systems (VC, HCL, SD), pp. 412–426.

LICS-2010-Abadi

The Fine Print of Security (MA), p. 110.

ICDAR-2009-GarainH #authentication #documentation

Machine Authentication of Security Documents (UG, BH), pp. 718–722.

SIGMOD-2009-CorcoranSH #web

Cross-tier, label-based security enforcement for web applications (BJC, NS, MWH), pp. 269–282.

SIGMOD-2009-NehmeLBR #approach #data type #named #privacy #towards

StreamShield: a stream-centric approach towards security and privacy in data stream environments (RVN, HSL, EB, EAR), pp. 1027–1030.

ITiCSE-2009-SaidGMJ #database

Database and database application security (HES, MAMG, ZM, LJ), pp. 90–93.

SIGITE-2009-Hartpence #case study #experience #network #source code

Qos content and experiences for IT, networking and security programs (BH), pp. 60–64.

CSMR-2009-NagyM #analysis #fault

Static Security Analysis Based on Input-Related Software Faults (CN, SM), pp. 37–46.

FM-2009-McIverM #case study #composition #refinement

Sums and Lovers: Case Studies in Security, Compositionality and Refinement (AM, CCM), pp. 289–304.

FM-2009-McIverMM #probability

Security, Probability and Nearly Fair Coins in the Cryptographers’ Café (AM, LM, CM), pp. 41–71.

RTA-2009-BursucC #algebra #bound #protocol

Protocol Security and Algebraic Properties: Decision Results for a Bounded Number of Sessions (SB, HCL), pp. 133–147.

HCD-2009-KondoY #case study

HCD Case Study for the Information Security Training System (AK, MY), pp. 979–985.

HIMI-DIE-2009-Ocenasek09b #architecture #towards

Towards Security Issues in ZigBee Architecture (PO), pp. 587–593.

HIMI-DIE-2009-TarasewichNS #mobile #privacy

Exploring Employee Perspectives on Information Privacy and Security in the Mobile Environment (PT, BN, MS), pp. 171–180.

ICEIS-ISAS-2009-ArmenterosMMS #communication #dependence #prototype

Security and Dependability in Ambient Intelligence Scenarios — The Communication Prototype (ÁA, AM, AM, DS), pp. 49–56.

ICEIS-ISAS-2009-Barjis09a #information management #modelling #process

Information Systems Security based on Business Process Modeling (JB), pp. 213–218.

ICEIS-ISAS-2009-SunyaevKMK #analysis #health

Security Analysis of the German Electronic Health Card’s Peripheral Parts (AS, AK, CM, HK), pp. 19–26.

SEKE-2009-Abu-NimehMM #privacy #requirements

Integrating Privacy Requirements into Security Requirements Engineering (SAN, SM, NRM), pp. 542–547.

MoDELS-2009-LloydJ #analysis #authentication #ml #using

Security Analysis of a Biometric Authentication System Using UMLsec and JML (JL, JJ), pp. 77–91.

MoDELS-2009-LloydJ #analysis #authentication #ml #using

Security Analysis of a Biometric Authentication System Using UMLsec and JML (JL, JJ), pp. 77–91.

ECOOP-2009-DamJLP #java #monitoring #parallel #thread

Security Monitor Inlining for Multithreaded Java (MD, BJ, AL, FP), pp. 546–569.

AdaEurope-2009-DelangePF #architecture #requirements #safety #validation

Validating Safety and Security Requirements for Partitioned Architectures (JD, LP, PHF), pp. 30–43.

RE-2009-ElahiY #analysis #requirements #trade-off #trust

Trust Trade-off Analysis for Security Requirements Engineering (GE, ESKY), pp. 243–248.

RE-2009-LongLYJ #approach #evaluation #requirements

AVT Vector: A Quantitative Security Requirements Evaluation Approach Based on Assets, Vulnerabilities and Trustworthiness of Environment (TL, LL, YY, ZJ), pp. 377–378.

ESEC-FSE-2009-BezemerMD #automation #interactive #testing #web

Automated security testing of web widget interactions (CPB, AM, AvD), pp. 81–90.

SAC-2009-AhamedKHZ #towards #trust

Towards developing a trust-based security solution (SIA, DK, CSH, MZ), pp. 2204–2205.

SAC-2009-HoqueRA #authentication #privacy #protocol #robust #using

Supporting recovery, privacy and security in RFID systems using a robust authentication protocol (MEH, FR, SIA), pp. 1062–1066.

SAC-2009-LombardiP #kernel #linux #named #virtual machine

KvmSec: a security extension for Linux kernel virtual machines (FL, RDP), pp. 2029–2034.

SAC-2009-SchryenK #open source #towards

Open source vs. closed source software: towards measuring security (GS, RK), pp. 2016–2023.

SAC-2009-YokoyamaHSK #internet #operating system #policy

Simplifying security policy descriptions for internet servers in secure operating systems (TY, MH, MS, KK), pp. 326–333.

DATE-2009-PatelPR #architecture #framework #named

CUFFS: An instruction count based architectural framework for security of MPSoCs (KP, SP, RGR), pp. 779–784.

SOSP-2009-YipWZK #data flow

Improving application security with data flow assertions (AY, XW, NZ, MFK), pp. 291–304.

FASE-2009-HermannEE #graph #inheritance #network

Transformation of Type Graphs with Inheritance for Ensuring Security in E-Government Networks (FH, HE, CE), pp. 325–339.

FASE-2009-HuismanT #automaton #ml

A Formal Connection between Security Automata and JML Annotations (MH, AT), pp. 340–354.

STOC-2009-LinPV #concurrent #framework

A unified framework for concurrent security: universal composability from stand-alone non-malleability (HL, RP, MV), pp. 179–188.

CADE-2009-CiobacaDK #convergence #equation #protocol

Computing Knowledge in Security Protocols under Convergent Equational Theories (SC, SD, SK), pp. 355–370.

CAV-2009-AbadiBC #modelling #protocol #proving

Models and Proofs of Protocol Security: A Progress Report (MA, BB, HCL), pp. 35–49.

ICST-2009-MouelhiTB #functional #policy #testing

Transforming and Selecting Functional Test Cases for Security Policy Testing (TM, YLT, BB), pp. 171–180.

TAP-2009-Chetali #certification #formal method #smarttech #testing

Security Testing and Formal Methods for High Levels Certification of Smart Cards (BC), pp. 1–5.

TestCom-FATES-2009-MarchandDJ #automation #data access #testing

Automatic Testing of Access Control for Security Properties (HM, JD, TJ), pp. 113–128.

VMCAI-2009-Cortier #protocol #verification

Verification of Security Protocols (VC), pp. 5–13.

ECSA-2008-ChatzigiannakisLSS

A Security Model for Internet-Based Digital Asset Management Systems (IC, VL, DS, PGS), pp. 326–329.

DocEng-2008-GormishWPH #approach #distributed #documentation #flexibility #metadata

Document logs: a distributed approach to metadata for better security and flexibility (MJG, GW, KWP, PH), pp. 119–122.

CSEET-2008-Epstein08a #process #re-engineering

A Software Engineering Course with an Emphasis on Software Processes and Security (RGE), pp. 67–73.

ITiCSE-2008-CatuognoS #internet #network

An internet role-game for the laboratory of network security course (LC, ADS), pp. 240–244.

SIGITE-2008-Meiselwitz

Information security across disciplines (GM), pp. 99–104.

SIGITE-2008-Walden #education #web

Integrating web application security into the IT curriculum (JW), pp. 187–192.

SIGITE-2008-Wang #concurrent #education #thread

A security thread in a thread-based curriculum (AJAW), pp. 193–200.

ICALP-B-2008-Canetti #analysis #composition #performance

Composable Formal Security Analysis: Juggling Soundness, Simplicity and Efficiency (RC), pp. 1–13.

ICALP-C-2008-PrabhakaranR #encryption

Homomorphic Encryption with CCA Security (MP, MR), pp. 667–678.

ICALP-C-2008-WehnerW #bound #composition

Composable Security in the Bounded-Quantum-Storage Model (SW, JW), pp. 604–615.

FM-2008-ChetaliN #evaluation #formal method #industrial #using

Industrial Use of Formal Methods for a High-Level Security Evaluation (BC, QHN), pp. 198–213.

FM-2008-GrandyBSSR #protocol #verification

Verification of Mondex Electronic Purses with KIV: From a Security Protocol to Verified Code (HG, MB, KS, GS, WR), pp. 165–180.

FM-2008-LintelmanRLS #formal method

Formal Methods for Trustworthy Skies: Building Confidence in the Security of Aircraft Assets Distribution (SL, RR, ML, KS), pp. 406–410.

SEFM-2008-Giacobazzi #abstract interpretation

Abstract Interpretation in Code Security (RG), p. 3.

Haskell-2008-RussoCH #data flow #haskell #library

A library for light-weight information-flow security in haskell (AR, KC, JH), pp. 13–24.

ICGT-2008-Grohmann #encryption #graph

Security, Cryptography and Directed Bigraphs (DG), pp. 487–489.

CHI-2008-ReederBCRBHS #authoring #policy #visualisation

Expandable grids for visualizing and authoring computer security policies (RWR, LB, LFC, MKR, KB, KH, HS), pp. 1473–1482.

CHI-2008-StollTES #named #visualisation

Sesame: informing user security decisions with system visualization (JS, CST, WKE, KS), pp. 1045–1054.

CAiSE-2008-MatuleviciusMMDHG #adaptation #development #information management #risk management

Adapting Secure Tropos for Security Risk Management in the Early Phases of Information Systems Development (RM, NM, HM, ED, PH, NG), pp. 541–555.

EDOC-2008-Quint #as a service #automation #distributed

SOA Security — as a Service Automatic Conversion in Distributed Infrastructures (BQ).

EDOC-2008-SommestadEJ #analysis #architecture #enterprise #graph #modelling

Combining Defense Graphs and Enterprise Architecture Models for Security Analysis (TS, ME, PJ), pp. 349–355.

ICEIS-ISAS2-2008-HuberSK #analysis #framework #health

Security Analysis of the Health Care Telematics Infrastructure in Germany (MJH, AS, HK), pp. 144–153.

ICEIS-ISAS2-2008-KiyomotoOT #automation #generative #on the fly #protocol

On-the-Fly Automatic Generation of Security Protocols (SK, HO, TT), pp. 97–104.

SEKE-2008-LiuLZL #logic #protocol

Supremum of Agent Number Needed in Analyzing Security Protocols Based on Horn Logic (FL, ZL, TZ, ML), pp. 795–801.

SEKE-2008-Shaffer #domain model #source code #static analysis #verification

A Security Domain Model for Static Analysis and Verification of Software Programs (ABS), pp. 673–678.

SEKE-2008-TekbacakTD #approach #certification #data access #semantics #using

A Semantic Based Certification and Access Control Approach Using Security Patterns on SEAGENT (FT, TT, OD), pp. 741–744.

SEKE-2008-TsigkritisS #dependence #runtime

Diagnosing Runtime Violations of Security & Dependability Properties (TT, GS), pp. 661–666.

ECMDA-FA-2008-ClavelSBE #experience #industrial #modelling

Model-Driven Security in Practice: An Industrial Experience (MC, VTdS, CB, ME), pp. 326–337.

MoDELS-2008-MouelhiFBT #deployment #framework #modelling #policy #specification #testing

A Model-Based Framework for Security Policy Specification, Deployment and Testing (TM, FF, BB, YLT), pp. 537–552.

MoDELS-2008-MouelhiFBT #deployment #framework #modelling #policy #specification #testing

A Model-Based Framework for Security Policy Specification, Deployment and Testing (TM, FF, BB, YLT), pp. 537–552.

POPL-2008-FournetR #data flow #encryption #implementation

Cryptographically sound implementations for typed information-flow security (CF, TR), pp. 323–335.

PPDP-2008-OlarteV #monad

The expressivity of universal timed CCP: undecidability of Monadic FLTL and closure operators for security (CO, FDV), pp. 8–19.

RE-2008-CalleleNS #game studies #requirements #video

Balancing Security Requirements and Emotional Requirements in Video Games (DC, EN, KS), pp. 319–320.

RE-2008-WeissM #requirements

Selecting Security Patterns that Fulfill Security Requirements (MW, HM), pp. 169–172.

ICSE-2008-JurjensSB #analysis #mobile #modelling

Model-based security analysis for mobile communications (JJ, JS, PB), pp. 683–692.

ICSE-2008-WhittleWH #case study #execution #modelling

Executable misuse cases for modeling security concerns (JW, DW, MH), pp. 121–130.

ICSE-2008-XiaoLG #distributed #protocol

Developing a security protocol for a distributed decision support system in a healthcare environment (LX, PHL, AG), pp. 673–682.

SAC-2008-DelessyF #process

A pattern-driven security process for SOA applications (NAD, EBF), pp. 2226–2227.

SAC-2008-GarciaT #semantics #using #web #web service

Web service security management using semantic web techniques (DZGG, MBFdT), pp. 2256–2260.

SAC-2008-OlarteV #concurrent #constraints #semantics

Universal concurrent constraint programing: symbolic semantics and applications to security (CO, FDV), pp. 145–150.

SAC-2008-ZhangNLH #approach #enterprise #modelling #network

A model-based semi-quantitative approach for evaluating security of enterprise networks (ZZ, FNA, XL, PHH), pp. 1069–1074.

ASPLOS-2008-LvinNBZ #named #reliability

Archipelago: trading address space for reliability and security (VBL, GN, EDB, BGZ), pp. 115–124.

ASPLOS-2008-NightingalePCF #hardware

Parallelizing security checks on commodity hardware (EBN, DP, PMC, JF), pp. 308–318.

DAC-2008-PatelP #design #hardware #named #reliability

SHIELD: a software hardware design methodology for security and reliability of MPSoCs (KP, SP), pp. 858–861.

DATE-2008-ThoguluvaRC #architecture #performance #programmable #using

Efficient Software Architecture for IPSec Acceleration Using a Programmable Security Processor (JT, AR, STC), pp. 1148–1153.

OSDI-2008-ZeldovichKDK #hardware #memory management #policy #using

Hardware Enforcement of Application Security Policies Using Tagged Memory (NZ, HK, MD, CK), pp. 225–240.

FASE-2008-JurjensSY #analysis #automation #using

Automated Analysis of Permission-Based Security Using UMLsec (JJ, JS, YY), pp. 292–295.

CAV-2008-BackesLMP #abstraction #analysis #protocol

The CASPA Tool: Causality-Based Abstraction for Security Protocol Analysis (MB, SL, MM, KP), pp. 419–422.

CAV-2008-Cremers #analysis #protocol #verification

The Scyther Tool: Verification, Falsification, and Analysis of Security Protocols (CJFC), pp. 414–418.

ICLP-2008-Beauxis #concurrent #modelling #probability

Probabilistic and Concurrent Models for Security (RB), pp. 801–802.

ICLP-2008-BonattiCOS #privacy #trust

Policy-Driven Negotiations and Explanations: Exploiting Logic-Programming for Trust Management, Privacy & Security (PAB, JLDC, DO, LS), pp. 779–784.

ICLP-2008-Tsitovich #detection #model checking #using

Detection of Security Vulnerabilities Using Guided Model Checking (AT), pp. 822–823.

IJCAR-2008-Comon-Lundh #automation #challenge #protocol #verification

Challenges in the Automated Verification of Security Protocols (HCL), pp. 396–409.

ISSTA-2008-BalzarottiBCFKRVV #testing

Are your votes really counted?: testing the security of real-world electronic voting systems (DB, GB, MC, VF, RAK, WKR, FV, GV), pp. 237–248.

MBT-2008-Jurjens #case study #modelling #testing #using

Model-based Security Testing Using UMLsec: A Case Study (JJ), pp. 93–104.

TestCom-FATES-2008-ShuCLLSL #framework #named #network #paradigm #testing

VCSTC: Virtual Cyber Security Testing Capability — An Application Oriented Paradigm for Network Infrastructure Protection (GS, DC, ZL, NL, LS, DL), pp. 119–134.

VMCAI-2008-Pistoia #program analysis #programming language

Program Analysis and Programming Languages for Security (MP), p. 7.

VLDB-2007-WongCHKM #mining #outsourcing

Security in Outsourcing of Association Rule Mining (WKW, DWC, EH, BK, NM), pp. 111–122.

ITiCSE-2007-Ghafarian #assurance

Ideas for projects in undergraduate information assurance and security courses (AG), p. 322.

SIGITE-2007-GuimaraesM #animation #database #education #using

Using animation courseware in the teaching of database security (MAMG, MM), pp. 253–258.

SIGITE-2007-Pan #development

Security auditing course development (YP), pp. 259–266.

ICALP-2007-KiayiasZ #adaptation #composition

Trading Static for Adaptive Security in Universally Composable Zero-Knowledge (AK, HSZ), pp. 316–327.

IFM-2007-BraghinSB #automation #mobile #policy #verification

Automated Verification of Security Policies in Mobile Code (CB, NS, KBA), pp. 37–53.

SEFM-2007-GrandyBSR #encoding #named #protocol

ASN1-light: A Verified Message Encoding for Security Protocols (HG, RB, KS, WR), pp. 195–204.

SEFM-2007-SalehD #approach #novel #verification

Verifying Security Properties of Cryptoprotocols: A Novel Approach (MS, MD), pp. 349–360.

CHI-2007-SinghCDAF #design #social

Password sharing: implications for security design based on social practice (SS, AC, CD, GA, MF), pp. 895–904.

HCI-AS-2007-HuangRS #overview #people

A Survey of Factors Influencing People’s Perception of Information Security (DLH, PLPR, GS), pp. 906–915.

HCI-AS-2007-ZouDDQ #dependence #information management

Dependability and Security in Medical Information System (XZ, YSD, BND, MQ), pp. 549–558.

HCI-IDU-2007-EktareY

The Balancing Act Between Computer Security and Convenience (ME, YY), pp. 731–735.

HCI-IPT-2007-HuangT #scalability #smarttech

A Wearable Computing Environment for the Security of a Large-Scale Factory (JyH, CHT), pp. 1113–1122.

HCI-MIE-2007-CulenR #design #personalisation #privacy

Designing Personalized Media Center with Focus on Ethical Issues of Privacy and Security (ALC, YR), pp. 829–835.

EDOC-2007-ChenAQH #network #self

Self-Configuration of Network Security (HC, YBAN, GQ, SH), pp. 97–110.

EDOC-2007-LiningtonL #approach #behaviour #modelling #using

Incorporating Security Behaviour into Business Models Using a Model Driven Approach (PFL, PL), pp. 405–413.

EDOC-2007-MohammadCWWS #architecture #multi #quality

A Multi-Layer Security Enabled Quality of Service (QoS) Management Architecture (AM, AC, GW, CW, RAS), pp. 423–434.

ICEIS-EIS-2007-Egyhazy #architecture #comparison #design

Comparison of Five Architecture Description Languages on Design Focus, Security and Style (CJE), pp. 270–277.

ICEIS-EIS-2007-EnstromWH #assurance #enterprise

A Reference Model for Enterprise Security — High Assurance Enterprise Security (DWE, DW, SH), pp. 355–364.

ICEIS-EIS-2007-FosterLHS

A Change Strategy for Organisational Security: The Role of Critical Success Factors (SF, KL, PH, AS), pp. 375–380.

ICEIS-EIS-2007-KukhunS #enterprise #information management #pervasive

Interoperability in Pervasive Enterprise Information Systems — A Double-Faced Coin Between Security And Accessability (DAK, FS), pp. 237–242.

ICEIS-EIS-2007-MehrS #modelling #uml

Modelling of Message Security Concerns with UML (FM, US), pp. 365–374.

SEKE-2007-ShiN #component #java #named #static analysis

SAFES: A Static Analysis for Field Security in Java Components (AS, GN), pp. 302–307.

LOPSTR-2007-BossiPR #algebra #process #refinement

Action Refinement in Process Algebra and Security Issues (AB, CP, SR), pp. 201–217.

POPL-2007-Malacaria

Assessing security threats of looping constructs (PM), pp. 225–235.

POPL-2007-YuCIS #javascript

JavaScript instrumentation for browser security (DY, AC, NI, IS), pp. 237–249.

SIGAda-2007-Chapman #named

MF1: security by construction (RC), pp. 5–6.

REFSQ-2007-DarimontL #requirements #uml

Security Requirements for Civil Aviation with UML and Goal Orientation (RD, ML), pp. 292–299.

ASE-2007-Abi-AntounWT #consistency #data flow #diagrams #implementation #modelling

Checking threat modeling data flow diagrams for implementation conformance and security (MAA, DW, PT), pp. 393–396.

ASE-2007-JurjensY #modelling #tool support

Tools for model-based security engineering: models vs. code (JJ, YY), pp. 545–546.

ESEC-FSE-2007-Hanna #implementation #lightweight #named #network #protocol #verification

SLEDE: lightweight verification of sensor network security protocol implementations (YH), pp. 591–594.

ICSE-2007-BestJN #distributed #information management #modelling #using

Model-Based Security Engineering of Distributed Information Systems Using UMLsec (BB, JJ, BN), pp. 581–590.

ICSE-2007-PistoiaFFY #enterprise #modelling #policy #validation

When Role Models Have Flaws: Static Validation of Enterprise Security Policies (MP, SJF, RJF, EY), pp. 478–488.

ICSE-2007-RubinM #education #re-engineering

Creating a Computer Security Curriculum in a Software Engineering Program (BSR, BSM), pp. 732–735.

ICSE-2007-SkogsrudBCT #protocol

Managing Impacts of Security Protocol Changes in Service-Oriented Applications (HS, BB, FC, FT), pp. 468–477.

SAC-2007-KoralalageRMGC #approach #lifecycle #privacy

POP method: an approach to enhance the security and privacy of RFID systems used in product lifecycle with an anonymous ownership transferring mechanism (KHSSK, MRS, JM, YG, JC), pp. 270–275.

SAC-2007-MorimotoSGC #specification #verification

Formal verification of security specifications with common criteria (SM, SS, YG, JC), pp. 1506–1512.

SAC-2007-NoordendeBT #mobile #using

Guarding security sensitive content using confined mobile agents (Gv'N, FMTB, AST), pp. 48–55.

SAC-2007-OrlovskyR #distributed #policy

Decentralized enforcement of security policies for distributed computational systems (AO, DR), pp. 241–248.

SAC-2007-SpanoudakisKA #monitoring #towards

Towards security monitoring patterns (GS, CK, KA), pp. 1518–1525.

SAC-2007-YaoKBT #delivery #distributed #web

Decentralized authorization and data security in web content delivery (DY, YK, EB, RT), pp. 1654–1661.

DAC-2007-KoushanfarP #encryption

CAD-based Security, Cryptography, and Digital Rights Management (FK, MP), pp. 268–269.

DATE-2007-VerbauwhedeS #design #trust

Design methods for security and trust (IV, PS), pp. 672–677.

HPDC-2007-DemchenkoSGLGK

Security and dynamics in customer controlled virtual workspace organisation (YD, FS, LG, CTAMdL, DLG, OK), pp. 231–232.

PDP-2007-AldinucciD #cost analysis

The cost of security in skeletal systems (MA, MD), pp. 213–220.

PDP-2007-CilardoCMR #delivery #hardware #programmable #web #web service

Combining Programmable Hardware and Web Services Technologies for Delivering High-Performance and Interoperable Security (AC, LC, AM, LR), pp. 381–386.

PDP-2007-CilardoCMR07a #approach #evaluation #performance

Performance Evaluation of Security Services: An Experimental Approach (AC, LC, AM, LR), pp. 387–394.

ESOP-2007-MantelR #classification #what

Controlling the What and Where of Declassification in Language-Based Security (HM, AR), pp. 141–156.

TACAS-2007-CortierKS #analysis #automation

Automatic Analysis of the Security of XOR-Based Key Management Schemes (VC, GK, GS), pp. 538–552.

A-MOST-2007-MassonJPJD #automation #generative #modelling #testing

Automatic generation of model based tests for a class of security properties (PAM, JJ, JCP, EJ, GD), pp. 12–22.

SIGMOD-2006-ManjhiAMMOT #data-driven #scalability #web

Simultaneous scalability and security for data-intensive web applications (AM, AA, BMM, TCM, CO, AT), pp. 241–252.

CSEET-2006-MeadH #case study #education #re-engineering #requirements

Security Requirements Engineering for Software Systems: Case Studies in Support of Software Engineering Education (NRM, EDH), pp. 149–158.

SIGITE-2006-Gutierrez #approach #learning #named

Stingray: a hands-on approach to learning information security (FG), pp. 53–58.

SIGITE-2006-Holland-Minkley #named

Cyberattacks: a lab-based introduction to computer security (AMHM), pp. 39–46.

SIGITE-2006-LahoudT #distance #education

Information security labs in IDS/IPS for distance education (HAL, XT), pp. 47–52.

WCRE-2006-MoonenM

Code Based Software Security Assessments (LM, SM), p. 313.

ICALP-v2-2006-HarnikN #bound #hybrid #on the

On Everlasting Security in the Hybrid Bounded Storage Model (DH, MN), pp. 192–203.

FM-2006-DelahayeED #using

Certifying Airport Security Regulations Using the Focal Environment (DD, JFÉ, VDG), pp. 48–63.

FM-2006-Johnson #effectiveness #re-engineering

Cost Effective Software Engineering for Security (DRJ), pp. 607–611.

FM-2006-Jurjens #modelling

Model-Based Security Engineering for Real (JJ), pp. 600–606.

FM-2006-Oheimb #formal method

Formal Methods in the Security Business: Exotic Flowers Thriving in an Expanding Niche (DvO), pp. 592–597.

FM-2006-Stephan #formal method #lightweight #plugin

Formal Methods for Security: Lightweight Plug-In or New Engineering Discipline (WS), pp. 587–591.

CHI-2006-WuMG #question

Do security toolbars actually prevent phishing attacks? (MW, RCM, SLG), pp. 601–610.

CAiSE-2006-BrylMMZ #design #modelling #requirements

Designing Security Requirements Models Through Planning (VB, FM, JM, NZ), pp. 33–47.

EDOC-2006-AndersonR #enterprise

Information Security Guidance for Enterprise Transformation (JAA, VR), pp. 459–462.

EDOC-2006-TangCLZY #evaluation #performance #web #web service

A Performance Evaluation of Web Services Security (KT, SC, DL, JZ, BY), pp. 67–74.

EDOC-2006-WangCL #enterprise #persistent

Anonymity and Security Support for Persistent Enterprise Conversation (CW, DKWC, HfL), pp. 471–476.

ICEIS-ISAS-2006-BenferhatB #policy

Argument-Based Approaches in Prioritized Conflicting Security Policies (SB, REB), pp. 349–354.

CIKM-2006-BaileyHM #documentation #enterprise #implementation #performance #trade-off

Secure search in enterprise webs: tradeoffs in efficient implementation for document level security (PB, DH, BM), pp. 493–502.

CIKM-2006-Kielman #realtime

The real-time nature and value of homeland security information (JK), p. 3.

ICPR-v4-2006-XieZH

NDFT-based Audio Watermarking Scheme with High Security (LX, JZ, HH), pp. 270–273.

SEKE-2006-Merz #approach #java #using

Using the Dynamic Proxy Approach to Introduce Role-Based Security to Java Data Objects (MM), pp. 404–409.

SEKE-2006-PilskalnsA #design #ocl #testing #uml #using

Using UML Designs to Generate OCL for Security Testing (OP, AAA), pp. 505–510.

MoDELS-2006-HafnerAB #architecture #modelling #qvt #towards

Towards a MOF/QVT-Based Domain Architecture for Model Driven Security (MH, MA, RB), pp. 275–290.

SPL-BOOK-2006-ArciniegasDRCBO #architecture #evolution #product line #reasoning

Architecture Reasoning for Supporting Product Line Evolution: An Example on Security (JLA, JCD, JLR, RC, JBM, MO), pp. 327–372.

SPL-BOOK-2006-FaegriH #architecture #product line

A Software Product Line Reference Architecture for Security (TEF, SOH), pp. 275–326.

MoDELS-2006-HafnerAB #architecture #modelling #qvt #towards

Towards a MOF/QVT-Based Domain Architecture for Model Driven Security (MH, MA, RB), pp. 275–290.

QAPL-2005-LanotteMT06 #classification #probability

A Classification of Time and/or Probability Dependent Security Properties (RL, AMS, AT), pp. 177–193.

LOPSTR-2006-MantelSK #data flow #proving #verification

Combining Different Proof Techniques for Verifying Information Flow Security (HM, HS, TK), pp. 94–110.

POPL-2006-HuntS #on the

On flow-sensitive security types (SH, DS), pp. 79–90.

QAPL-2006-AdaoMRV #analysis #protocol #towards

Towards a Quantitative Analysis of Security Protocols (PA, PM, TR, LV), pp. 3–25.

ASE-2006-Jurjens #analysis #automation #java #proving #source code #theorem proving #using

Security Analysis of Crypto-based Java Programs using Automated Theorem Provers (JJ), pp. 167–176.

ICSE-2006-JurjensF #modelling #tool support

Tools for model-based security engineering (JJ, JF), pp. 819–822.

SAC-2006-CreeseGRX #ad hoc #multi

Bootstrapping multi-party ad-hoc security (SC, MG, BR, MX), pp. 369–375.

SAC-2006-HeatherS #analysis #infinity #protocol

To infinity and beyond or, avoiding the infinite in security protocol analysis (JH, SS), pp. 346–353.

SAC-2006-MorimotoSGC #specification #standard #verification

A security specification verification technique based on the international standard ISO/IEC 15408 (SM, SS, YG, JC), pp. 1802–1803.

SAC-2006-WelchL #policy

Policy-driven reflective enforcement of security policies (IW, FL), pp. 1580–1584.

CASE-2006-Tan #automation

Automatic Interpretation of Human and Vehicle Motion for Enhanced Security (TT), p. 2.

CGO-2006-ZhangZP #compilation #optimisation

Compiler Optimizations to Reduce Security Overhead (TZ, XZ, SP), pp. 346–357.

DAC-2006-AroraRRSJC #architecture #mobile #multi

Software architecture exploration for high-performance security processing on a multiprocessor mobile SoC (DA, AR, SR, MS, NKJ, STC), pp. 496–501.

DAC-2006-RagelP #monitoring #named #reliability

IMPRES: integrated monitoring for processor reliability and security (RGR, SP), pp. 502–505.

DAC-2006-WangLLYHWH #design #framework #network #platform

A network security processor design based on an integrated SOC design and test platform (CHW, CYL, MSL, JCY, CTH, CWW, SYH), pp. 490–495.

DATE-DF-2006-AkselrodAA #architecture #debugging #framework #independence #multi #platform

Platform independent debug port controller architecture with security protection for multi-processor system-on-chip ICs (DA, AA, YA), pp. 30–35.

HPCA-2006-ShiFGLZY #architecture #in memory #memory management #named

InfoShield: a security architecture for protecting information usage in memory (WS, JBF, GG, HHSL, YZ, JY), pp. 222–231.

STOC-2006-KushilevitzLR #composition #protocol

Information-theoretically secure protocols and security under composition (EK, YL, TR), pp. 109–118.

FATES-RV-2006-FalconeFMR #calculus #framework #network #policy

A Test Calculus Framework Applied to Network Security Policies (YF, JCF, LM, JLR), pp. 55–69.

ICLP-2006-LopezPPRV #concurrent #constraints #declarative #framework #programming

A Declarative Framework for Security: Secure Concurrent Constraint Programming (HAL, CP, JAP, CR, FDV), pp. 449–450.

LICS-2006-Gordon #implementation #protocol

Provable Implementations of Security Protocols (ADG), pp. 345–346.

TestCom-2006-DarmaillacqFGMR #generative #network #testing

Test Generation for Network Security Rules (VD, JCF, RG, LM, JLR), pp. 341–356.

TestCom-2006-ShuL #monitoring #protocol #testing

Message Confidentiality Testing of Security Protocols — Passive Monitoring and Active Checking (GS, DL), pp. 357–372.

PODS-2005-AbadiW #analysis #documentation #encryption #xml

Security analysis of cryptographically controlled access to XML documents (MA, BW), pp. 108–117.

ITiCSE-2005-TobinW #education #using

Using a windows attack intRusion emulator (AWARE) to teach computer security awareness (DLTJ, MSW), pp. 213–217.

SIGITE-2005-Crowley #development #open source

Open source centric information security lab development (EC), pp. 57–63.

SIGITE-2005-DardickL #forensics

Interdisciplinary minor in digital forensics, security and law (GSD, LKL), p. 371.

SIGITE-2005-DarkEL #assurance #education #integration

Integration of information assurance and security into the IT2005 model curriculum (MJD, JJE, BML), pp. 7–14.

SIGITE-2005-Hartpence #education

Teaching wireless security for results (BH), pp. 89–93.

SIGITE-2005-Robila #distributed #education

Distributed computing and computer security education (SAR), pp. 383–384.

SIGITE-2005-RobilaB #requirements

Writing requirements in computer security (SAR, CB), pp. 385–386.

SIGITE-2005-Valentine

Practical computer security: a new service course based upon the national strategy to secure cyberspace (DWV), pp. 185–189.

SIGITE-2005-Wang #interactive

Web-based interactive courseware for information security (AJAW), pp. 199–204.

ICSM-2005-Jurjens #comprehension #implementation

Understanding Security Goals Provided by Crypto-Protocol Implementations (JJ), pp. 643–646.

IWPC-2005-HogganvikS #comprehension #on the

On the Comprehension of Security Risk Scenarios (IH, KS), pp. 115–124.

WCRE-2005-WangCD #using

Enhancing Security Using Legality Assertions (LW, JRC, TRD), pp. 35–44.

ICALP-2005-DattaDMST #logic #polynomial #probability #protocol #semantics

Probabilistic Polynomial-Time Semantics for a Protocol Security Logic (AD, AD, JCM, VS, MT), pp. 16–29.

ICALP-2005-Hopper #on the

On Steganographic Chosen Covertext Security (NH), pp. 311–323.

ICALP-2005-LipmaaWB #verification

Designated Verifier Signature Schemes: Attacks, New Security Notions and a New Construction (HL, GW, FB), pp. 459–471.

ICALP-2005-TamassiaT #bound

Computational Bounds on Hierarchical Data Processing with Applications to Information Security (RT, NT), pp. 153–165.

FM-2005-AndronickCP #embedded #smarttech #source code #verification

Formal Verification of Security Properties of Smart Card Embedded Source Code (JA, BC, CPM), pp. 302–317.

FM-2005-BuchholtzGHM #analysis #framework #performance #platform

End-to-End Integrated Security and Performance Analysis on the DEGAS Choreographer Platform (MB, SG, VH, CM), pp. 286–301.

IFM-2005-BracherK #specification #testing

Enabling Security Testing from Specification to Code (SB, PK), pp. 150–166.

EDOC-2005-JohanssonJ #assessment #enterprise

Assessment of Enterprise Information Security — The Importance of Prioritization (EJ, PJ), pp. 207–218.

ICEIS-v1-2005-Fernandez #design #uml #using

Security Patterns and Secure Systems Design Using UML (EBF), p. 21.

ICEIS-v3-2005-HafnerBB #architecture #standard #web #web service #workflow

A Security Architecture for Inter-Organizational Workflows: Putting Security Standards for Web Services Together (MH, RB, MB), pp. 128–135.

SEKE-2005-CooperDW #approach #architecture #aspect-oriented #modelling #reuse

Modeling Reusable Security Aspects for Software Architectures: a Pattern Driven Approach (KMLC, LD, WEW), pp. 158–162.

SEKE-2005-KongOF #analysis #formal method #workflow

Formal Analysis of Workflow Systems with Security Considerations (WK, KO, KF), pp. 531–536.

MoDELS-2005-HafnerB #modelling #uml #workflow

Realizing Model Driven Security for Inter-organizational Workflows with WS-CDL and UML 2.0 (MH, RB), pp. 39–53.

MoDELS-2005-HafnerB #modelling #uml #workflow

Realizing Model Driven Security for Inter-organizational Workflows with WS-CDL and UML 2.0 (MH, RB), pp. 39–53.

OOPSLA-2005-MartinLL #fault #query #using

Finding application errors and security flaws using PQL: a program query language (MCM, VBL, MSL), pp. 365–383.

QAPL-2004-BodeiCDBNNP05 #evaluation #performance #protocol

Performance Evaluation of Security Protocols Specified in LySa (CB, MC, PD, MB, FN, HRN, CP), pp. 167–189.

PLDI-2005-BauerLW #policy

Composing security policies with polymer (LB, JL, DW), pp. 305–314.

PPDP-2005-EchahedP #declarative #policy

Security policy in a declarative style (RE, FP), pp. 153–163.

PPDP-2005-Mitchell #analysis #logic #network #protocol

Security analysis of network protocols: logical and computational methods (JCM), pp. 151–152.

SAS-2005-Gordon #calculus #process

From Typed Process Calculi to Source-Based Security (ADG), p. 2.

RE-2005-GiorginiMMZ #modelling #requirements

Modeling Security Requirements Through Ownership, Permission and Delegation (PG, FM, JM, NZ), pp. 167–176.

RE-2005-GiorginiMMZ05a #automation #named #requirements

ST-Tool: A CASE Tool for Security Requirements Engineering (PG, FM, JM, NZ), pp. 451–452.

ASE-2005-JurjensY #analysis

Code security analysis with assertions (JJ, MY), pp. 392–395.

ICSE-2005-AvotsDLL #analysis #c #pointer

Improving software security with a C pointer analysis (DA, MD, VBL, MSL), pp. 332–341.

ICSE-2005-Jurjens #effectiveness #modelling #tool support #uml

Sound methods and effective tools for model-based security engineering with UML (JJ), pp. 322–331.

SAC-2005-AdaikkalavanC #approach #named #web

SmartGate: a smart push-pull approach to support role-based security in web gateways (RA, SC), pp. 1727–1731.

SAC-2005-Khurana #scalability

Scalable security and accounting services for content-based publish/subscribe systems (HK), pp. 801–807.

SAC-2005-Menezes #adaptation #case study #coordination #self

Self-organization and computer security: a case study in adaptive coordination (RM), pp. 467–468.

SAC-2005-SohrDA #information management #policy #specification

Formal specification of role-based security policies for clinical information systems (KS, MD, GJA), pp. 332–339.

SAC-2005-YangEY #database #semistructured data #specification

Mediation security specification and enforcement for heterogeneous databases (LY, RKE, HY), pp. 354–358.

CC-2005-LiCKB #approach

A Compiler-Based Approach to Data Security (FL, GC, MTK, RRB), pp. 188–203.

DAC-2005-ChoM #network #pattern matching

A pattern matching coprocessor for network security (YHC, WHMS), pp. 234–239.

DATE-2005-FaroukS #algorithm #communication #encryption #hybrid #implementation

An Improved FPGA Implementation of the Modified Hybrid Hiding Encryption Algorithm (MHHEA) for Data Communication Security (HAF, MS), pp. 76–81.

HPCA-2005-ZhangGYZG #memory management #multi #named #symmetry

SENSS: Security Enhancement to Symmetric Shared Memory Multiprocessors (YZ, LG, JY, XZ, RG), pp. 352–362.

PDP-2005-TerstyanszkyDGKSWK #legacy

Security Mechanisms for Legacy Code Applications in GT3 Environment (GT, TD, AG, TK, KS, SCW, PK), pp. 220–226.

ESOP-2005-CortierW #automation #protocol #proving

Computationally Sound, Automated Proofs for Security Protocols (VC, BW), pp. 157–171.

ESOP-2005-Myers #policy #programming

Programming with Explicit Security Policies (ACM), pp. 1–4.

FASE-2005-JurjensS #analysis #development #tool support #uml

Tools for Secure Systems Development with UML: Security Analysis with ATPs (JJ, PS), pp. 305–309.

FASE-2005-Mostowski #formal method #java #logic #verification

Formalisation and Verification of Java Card Security Properties in Dynamic Logic (WM), pp. 357–371.

FoSSaCS-2005-FocardiRS #calculus #process

Bridging Language-Based and Process Calculi Security (RF, SR, AS), pp. 299–315.

CADE-2005-Steel #api #constraints #deduction #modelling

Deduction with XOR Constraints in Security API Modelling (GS), pp. 322–336.

CAV-2005-ArmandoBBCCCDHKMMORSTVV #automation #internet #protocol #validation

The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications (AA, DAB, YB, YC, LC, JC, PHD, PCH, OK, JM, SM, DvO, MR, JS, MT, LV, LV), pp. 281–285.

ICLP-2005-CorinSE #analysis #constraints #protocol

PS-LTL for Constraint-Based Security Protocol Analysis (RC, AS, SE), pp. 439–440.

LICS-2005-BlanchetAF #automation #protocol #verification

Automated Verification of Selected Equivalences for Security Protocols (BB, MA, CF), pp. 331–340.

SIGMOD-2004-FanCG #query #xml

Secure XML Querying with Security Views (WF, CYC, MNG), pp. 587–598.

SIGMOD-2004-Maurer #database #encryption

The Role of Cryptography in Database Security (UMM), pp. 5–10.

SIGMOD-2004-RosenthalW #research #scalability #state of the art

Security of Shared Data in Large Systems: State of the Art and Research Directions (AR, MW), pp. 962–964.

VLDB-2004-RosenthalW #research #scalability #state of the art

Security of Shared Data in Large Systems: State of the Art and Research Directions (AR, MW), p. 1242.

CSEET-2004-McGraw

Software Security Clue Distribution (GM), pp. 6–7.

ITiCSE-WGR-2004-Campbell #assurance

IT security and data assurance: a new resource for two-year colleges (RDC), p. 20.

SIGITE-2004-BolzRR

Safely train security engineers regarding the dangers presented by denial of service attacks (CB, WR, BLR), pp. 66–72.

SIGITE-2004-Crowley #design #learning

Experiential learning and security lab design (EC), pp. 169–176.

SIGITE-2004-Dark #assessment #learning #performance #risk management #student

Assessing student performance outcomes in an information security risk assessment, service learning course (MJD), pp. 73–78.

SIGITE-2004-HigbyB

Wireless security patch management system (CH, MB), pp. 165–168.

SIGITE-2004-JonesR #education #named

Honeynets: an educational resource for IT security (JKJ, GWR), pp. 24–28.

SIGITE-2004-MasonJT #approach #collaboration #network

Network and systems security, a collaborative approach (SM, DJ, LT), p. 279.

SIGITE-2004-Morneau #design #network

Designing an information security program as a core competency of network technologists (KAM), pp. 29–32.

SIGITE-2004-RomneyS #education #multi #network #platform

An isolated, multi-platform network sandbox for teaching IT security system engineers (GWR, BRS), pp. 19–23.

SIGITE-2004-StevensonR #architecture #education

Teaching security best practices by architecting and administering an IT security lab (BRS, GWR), pp. 182–187.

ICALP-2004-AbadiC #equation #protocol

Deciding Knowledge in Security Protocols Under Equational Theories (MA, VC), pp. 46–58.

SEFM-2004-LanotteMT #decidability #parametricity #probability

Decidability Results for Parametric Probabilistic Transition Systems with an Application to Security (RL, AMS, AT), pp. 114–121.

EDOC-2004-YoshiokaHF #coordination #performance

Security Patterns: A Method for Constructing Secure and Efficient Inter-Company Coordination Systems (NY, SH, AF), pp. 84–97.

ICEIS-v2-2004-BelsisGSD #implementation #information management

Implementing Knowledge Management Techniques for Security Purposes (PB, SG, CS, ID), pp. 535–540.

ICEIS-v3-2004-ChapmanS #enterprise #guidelines #on the

On Information Security Guidelines for Small/Medium Enterprises (DC, LS), pp. 3–9.

ICEIS-v3-2004-MouratidisGM #design #information management #using

Using Security Attack Scenarios to Analyse Security During Information Systems Design (HM, PG, GAM), pp. 10–17.

ICEIS-v3-2004-Tu #using

Using SAP System Configuration Security Test to Comply with Sarbanesoxley Act (JHT), pp. 581–583.

ICEIS-v3-2004-VasiuD #architecture #web #web service #xml

A Requirement for a XML Web Services Security Architecture (LV, CD), pp. 60–66.

ICEIS-v5-2004-Mikulecky #design #library

Digital Library: Design and Security Considerations (SM), pp. 295–300.

SEKE-2004-GaoDYHBC #case study #design

Applying Aspect-Orientation in Designing Security Systems: A Case Study (SG, YD, HY, XH, KB, KMLC), pp. 360–365.

SEKE-2004-YangEY #approach #aspect-oriented

Enhancing Mediation Security by Aspect-Oriented Approach (LY, RKE, HY), pp. 155–160.

SEKE-2004-YuHDM #architecture #design

Integrating Security Administration into Software Architectures Design (HY, XH, YD, LM), pp. 416–420.

UML-2004-AbieAKMR #uml

Integrating a Security Requirement Language with UML (HA, DBA, TK, SM, TR), pp. 350–364.

UML-2004-JurjensS #automation #modelling #requirements #verification

Automated Verification of UMLsec Models for Security Requirements (JJ, PS), pp. 365–379.

LOPSTR-2004-BossiPR #imperative

Unwinding Conditions for Security in Imperative Languages (AB, CP, SR), pp. 85–100.

SIGAda-2004-ChapmanH #analysis #data flow #modelling #safety

Enforcing security and safety models with an information flow analysis tool (RC, AH), pp. 39–46.

SIGAda-2004-Davis #component #information management #lifecycle

Information systems security engineering: a critical component of the systems engineering lifecycle (JFD), pp. 13–18.

RE-2004-HaleyLMN #requirements #trust

The Effect of Trust Assumptions on the Elaboration of Security Requirements (CBH, RCL, JDM, BN), pp. 102–111.

RE-2004-LinNIJ #bound #problem #using

Using Abuse Frames to Bound the Scope of Security Problems (LL, BN, DCI, MJ), pp. 354–355.

FSE-2004-Wolf #question #re-engineering

Is security engineering really just good software engineering? (ALW), p. 1.

ICSE-2004-Lamsweerde #anti #requirements

Elaborating Security Requirements by Construction of Intentional Anti-Models (AvL), pp. 148–157.

SAC-2004-BellaR

Editoral message: special track on computer security (GB, PR), pp. 373–374.

SAC-2004-BravettiLZG #e-commerce #quality #web #web service

Web Services for E-commerce: guaranteeing security access and quality of service (MB, RL, GZ, RG), pp. 800–806.

SAC-2004-CarvalhoCSBF #mobile #network #using

Using mobile agents as roaming security guards to test and improve security of hosts and networks (MMC, TBC, NS, MRB, KMF), pp. 87–93.

DAC-2004-RaviKLMR #design #embedded

Security as a new dimension in embedded system design (SR, PCK, RBL, GM, AR), pp. 753–760.

DATE-v1-2004-RenaudinBPTSG

High Security Smartcards (MR, GFB, PP, JPT, LS, FG), pp. 228–233.

HPDC-2004-DenisAHVKB #communication #performance #problem

Wide-Area Communication for Grids: An Integrated Solution to Connectivity, Performance and Security Problems (AD, OA, RFHH, KV, TK, HEB), pp. 97–106.

OSDI-2004-RinardCDRLB

Enhancing Server Availability and Security Through Failure-Oblivious Computing (MCR, CC, DD, DMR, TL, WSB), pp. 303–316.

FoSSaCS-2004-RamanathanMST #analysis #bisimulation #equivalence #network #probability #protocol

Probabilistic Bisimulation and Equivalence for Security Analysis of Network Protocols (AR, JCM, AS, VT), pp. 468–483.

STOC-2004-PrabhakaranS

New notions of security: achieving universal composability without trusted setup (MP, AS), pp. 242–251.

TACAS-2004-PiazzaPR #named #persistent

CoPS — Checker of Persistent Security (CP, EP, SR), pp. 144–152.

VMCAI-2004-BartheBR #compilation

Security Types Preserving Compilation: (GB, AB, TR), pp. 2–15.

VMCAI-2004-Guttman #protocol #trust

Security, Protocols, and Trust (JDG), p. 1.

ITiCSE-2003-AzadeganLOWZ

An undergraduate track in computer security (SA, ML, MO, ALW, MZ), pp. 207–210.

CSMR-2003-LundBS #assessment #maintenance

Maintaining Results from Security Assessment (MSL, FdB, KS), pp. 341–350.

ICSM-2003-DaCostaDMP

Characterizing the “Security Vulnerability Likelihood” of Software Functions (DD, CD, SM, VP), p. 266–?.

FME-2003-ArmandoCG #analysis #graph #model checking #protocol #satisfiability #using

SAT-Based Model-Checking of Security Protocols Using Planning Graph Analysis (AA, LC, PG), pp. 875–893.

FME-2003-Vigna

A Topological Characterization of TCP/IP Security (GV), pp. 914–939.

SEFM-2003-BossiFPR #data flow #refinement

Refinement Operators and Information Flow Security (AB, RF, CP, SR), pp. 44–53.

SEFM-2003-LanotteMT #automaton #bisimulation #probability

Weak Bisimulation for Probabilistic Timed Automata and Applications to Security (RL, AMS, AT), pp. 34–43.

CAiSE-2003-MouratidisGM #information management #modelling #towards

Integrating Security and Systems Engineering: Towards the Modelling of Secure Information Systems (HM, PG, GAM), pp. 63–78.

EDOC-2003-BurtBROA #data access #modelling #unification

Model Driven Security: Unification of Authorization Models for Fine-Grain Access Control (CCB, BRB, RRR, AMO, MA), pp. 159–173.

ICEIS-v2-2003-HoeschlBBMRBT

Structured Contextual Search for the Un Security Council (HCH, TCDB, AB, EdSM, MSR, RMB, IT), pp. 100–107.

ICEIS-v3-2003-MouratidisMGG #information management #requirements #using

Analysing Security Requirements of Information Systems Using Tropos (HM, GAM, AG, PG), pp. 623–626.

ICEIS-v3-2003-SerraoNT #analysis #open source #operating system

Open Source Security Analysis — Evaluating Security of Open Source vs. Closed Source Operating Systems (CS, DN, PT), pp. 433–440.

ICEIS-v4-2003-McPhersonHHK #architecture #web #web service #xml

Guardian Knowledge Farm Agents and Security Architectures: Web Services, XML, and Wireless Mappings (MM, GH, BH, GK), pp. 244–253.

ICEIS-v4-2003-Vasiu #trust #web #web service

Security Web Services Based on Trust (LV), pp. 369–376.

SEKE-2003-AbdullahS #framework #towards

A Step toward building Dynamic Security Infrastructure (ISA, EHS), pp. 483–488.

ECOOP-2003-Abadi

Built-in Object Security (MA), p. 1.

ECOOP-2003-Gunter #api #embedded

Open APIs for Embedded Security (CAG), pp. 225–247.

REFSQ-J-2002-AntonEC03 #behaviour #policy #privacy #requirements

Precluding incongruous behavior by aligning software requirements with security and privacy policies (AIA, JBE, RAC), pp. 967–977.

RE-2003-KaiyaSMK #analysis #java #mobile #policy #requirements #trade-off

Trade-off Analysis between Security Policies for Java Mobile Codes and Requirements for Java Application (HK, KS, YM, KK), pp. 357–358.

RE-2003-LinNIJM #requirements

Introducing Abuse Frames for Analysing Security Requirements (LL, BN, DCI, MJ, JDM), pp. 371–372.

RE-2003-LiuYM #analysis #privacy #requirements #social

Security and Privacy Requirements Analysis within a Social Setting (LL, ESKY, JM), pp. 151–161.

ICSE-2003-KemmererV #detection #internet

Internet Security and Intrusion Detection (RAK, GV), pp. 748–749.

SAC-2003-AbendrothJ #framework

A Unified Security Framework for Networked Applications (JA, CDJ), pp. 351–357.

SAC-2003-AtluriAGA #constraints #multi #self

Self-Manifestation of Composite Multimedia Objects to Satisfy Security Constraints (VA, NRA, AG, IA), pp. 927–934.

CGO-2003-ZhangG #slicing

Hiding Program Slices for Software Security (XZ, RG), pp. 325–336.

HPDC-2003-WelchSFBCGKMPT #grid

Security for Grid Services (VW, FS, ITF, JB, KC, JG, CK, SM, LP, ST), pp. 48–57.

PDP-2003-SethiB #ad hoc #named #network

CRESQ: Providing QoS and Security in Ad hoc Networks (PS, GB), p. 544–?.

ESOP-2003-Comon-LundhC

Security Properties: Two Agents Are Sufficient (HCL, VC), pp. 99–113.

ESOP-2003-GiambiagiD #implementation #on the #protocol

On the Secure Implementation of Security Protocols (PG, MD), pp. 144–158.

ESOP-2003-Leroy #perspective #programming language #static analysis

Computer Security from a Programming Language and Static Analysis Perspective (XL), pp. 1–9.

FASE-2003-ScottBM #mobile #policy

Spatial Security Policies for Mobile Agents in a Sentient Computing Environment (DJS, ARB, AM), pp. 102–117.

CAV-2003-BozgaLP #automation #named #protocol #verification

HERMES: An Automatic Tool for Verification of Secrecy in Security Protocols (LB, YL, MP), pp. 219–222.

ICLP-2003-Musumbu #simulation

Simulating Security Systems Based on Logigrams (KM), pp. 498–499.

SAT-2003-ArmandoC #analysis #protocol #satisfiability

Abstraction-Driven SAT-based Analysis of Security Protocols (AA, LC), pp. 257–271.

VMCAI-2003-BossiFPR #bisimulation #verification

Bisimulation and Unwinding for Verifying Possibilistic Security Properties (AB, RF, CP, SR), pp. 223–237.

VLDB-2002-BettiniJWW #policy

Provisions and Obligations in Policy Management and Security Applications (CB, SJ, XSW, DW), pp. 502–513.

ICSM-2002-JiwnaniZ #maintenance #perspective

Maintaining Software with a Security Perspective (KJ, MVZ), pp. 194–203.

RTA-2002-Mitchell #analysis #multi #protocol

Multiset Rewriting and Security Protocol Analysis (JCM), pp. 19–22.

EDOC-2002-AagedalBDGRS #assessment #enterprise #modelling #risk management

Model-Based Risk Assessment to Improve Enterprise Security (JØA, FdB, TD, BAG, DR, KS), p. 51–?.

ICEIS-2002-BelsisGS #enterprise

An Enterprise IT Security Data Model (MAB, ANG, LS), pp. 885–891.

ICEIS-2002-HuangH

Managing Security in Electronic Business (KH, KH), pp. 1086–1091.

ICEIS-2002-PantiSTV #automation #protocol #verification

Automatic Verification of Security in Payment Protocols for Electronic Commerce (MP, LS, ST, SV), pp. 968–974.

ICEIS-2002-Srinivas #concept #java #network

Network Security Concepts and Java (RS), p. 23.

CIKM-2002-AvantBBFSW #semantics

Semantic technology applications for homeland security (DA, MB, CB, MF, APS, YSW), pp. 611–613.

UML-2002-LodderstedtBD #modelling #named #uml

SecureUML: A UML-Based Modeling Language for Model-Driven Security (TL, DAB, JD), pp. 426–441.

LOPSTR-2002-BossiFPR #data flow #proving

A Proof System for Information Flow Security (AB, RF, CP, SR), pp. 199–218.

POPL-2002-AbadiB #logic programming #protocol #source code

Analyzing security protocols with secrecy types and logic programs (MA, BB), pp. 33–44.

SAS-2002-Blanchet #authentication #protocol

From Secrecy to Authenticity in Security Protocols (BB), pp. 342–359.

SAS-2002-CorinE #constraints #protocol #verification

An Improved Constraint-Based System for the Verification of Security Protocols (RC, SE), pp. 326–341.

SAS-2002-Zanotti #abstract interpretation

Security Typings by Abstract Interpretation (MZ), pp. 360–375.

RE-2002-CrookILN #anti #requirements

Security Requirements Engineering: When Anti-Requirements Hit the Fan (RC, DCI, LL, BN), pp. 203–205.

ICSE-2002-Butler #approach #attribute grammar

Security attribute evaluation method: a cost-benefit approach (SAB), pp. 232–240.

SAC-2002-AljarehR #collaboration #multi #network

A task-based security model to facilitate collaboration in trusted multi-agency networks (SA, BNR), pp. 744–749.

SAC-2002-BarbutiBF #abstract interpretation #bytecode #java

Checking security of Java bytecode by abstract interpretation (RB, CB, NDF), pp. 229–236.

SAC-2002-Bell #interactive #policy #simulation

Interactive simulation of security policies (GB), pp. 247–252.

SAC-2002-BorealeB #analysis #automation #protocol

Experimenting with STA, a tool for automatic analysis of security protocols (MB, MGB), pp. 281–285.

SAC-2002-BurnsideCMMDR #mobile #protocol

Proxy-based security protocols in networked mobile devices (MB, DEC, TM, AM, SD, RLR), pp. 265–272.

SAC-2002-DunningR #communication

Security status display and browser interframe communication (LAD, SR), pp. 237–241.

SAC-2002-TanM #mobile

Certificates for mobile code security (HKT, LM), pp. 76–81.

SAC-2002-ThompsonWM #testing

Software security vulnerability testing in hostile environments (HHT, JAW, FEM), pp. 260–264.

DAC-2002-RaviRPS #design #framework #platform

System design methodologies for a wireless security processing platform (SR, AR, NRP, MS), pp. 777–782.

PDP-2002-BucheggerB #ad hoc #mobile #network #robust #towards

Nodes Bearing Grudges: Towards Routing Security, Fairness, and Robustness in Mobile Ad Hoc Networks (SB, JYLB), pp. 403–410.

STOC-2002-DziembowskiM #bound #proving

Tight security proofs for the bounded-storage model (SD, UMM), pp. 341–350.

CAV-2002-ArmandoBBCCMRTVV #analysis #protocol

The AVISS Security Protocol Analysis Tool (AA, DAB, MB, YC, LC, SM, MR, MT, LV, LV), pp. 349–353.

CAV-2002-ChevalierV #automation #bound #protocol #verification

Automated Unbounded Verification of Security Protocols (YC, LV), pp. 324–337.

VMCAI-2002-BernardeschiF #abstract interpretation #bytecode #java #model checking

Combining Abstract Interpretation and Model Checking for Analysing Security Properties of Java Bytecode (CB, NDF), pp. 1–15.

VMCAI-2002-FocardiPR #bisimulation #data flow #proving

Proofs Methods for Bisimulation Based Information Flow Security (RF, CP, SR), pp. 16–31.

SCAM-2001-WeberSR #case study #constraints #detection #optimisation #using

A Case Study in Detecting Software Security Vulnerabilities Using Constraint Optimization (MW, VS, CR), pp. 3–13.

WCRE-2001-CifuentesWE #analysis #debugging #decompiler

Computer Security Analysis through Decompilation and High-Level Debugging (CC, TW, MVE), pp. 375–380.

FLOPS-2001-Delzanno #case study #debugging #prolog #protocol #specification

Specifying and Debugging Security Protocols via Hereditary Harrop Formulas and λ Prolog — A Case-study (GD), pp. 123–137.

ICEIS-v2-2001-MartinCLG #e-commerce #policy

Planning Security Policy on E-Commerce (MM, AC, JL, RG), pp. 915–919.

CIKM-2001-Rosenthal #documentation #question #what

What Can Researches Do to Improve Security of Data and Documents? (AR), p. 593.

ECOOP-2001-CaromelV #component #java

Reflections on MOPs, Components, and Java Security (DC, JV), pp. 256–274.

TOOLS-USA-2001-McClure #delivery #how #privacy

Hacking = Privacy: How Computer Hacking Can Shore Up Your Defenses and Deliver the Closest Ideal to Security Available (SM), p. 7.

LOPSTR-2001-DelzannoE #debugging #logic programming #protocol #proving

Proof Theory, Transformations, and Logic Programming for Debugging Security Protocols (GD, SE), pp. 76–90.

PADL-2001-BellaB #analysis #constraints #protocol

Soft Constraints for Security Protocol Analysis: Confidentiality (GB, SB), pp. 108–122.

POPL-2001-Mitchell #programming language

Programming language methods in computer security (JCM), pp. 1–3.

SAS-2001-GordonJ #analysis #protocol

A Type and Effect Analysis of Security Protocols (ADG, AJ), p. 432.

SAS-2001-Schneider #what #why

Language-Based Security: What’s Needed and Why (FBS), p. 374.

RE-2001-Hall01a #modelling #network #specification #validation

Specification Modeling and Validation Applied to Network Security Gateways (RJH), pp. 289–291.

RE-2001-Spafford #privacy

The Hidden Meta-Requirements of Security and Privacy (EHS), p. 10.

ASE-2001-ChevalierV #lazy evaluation #protocol #verification

A Tool for Lazy Verification of Security Protocols (YC, LV), pp. 373–376.

ASE-2001-Fenkam #specification #verification

Security Specification and Verification (PF), p. 434.

ASE-2001-Hall #modelling #network #product line #specification #validation

Specification Modeling and Validation Applied to a Family of Network Security Products (RJH), pp. 71–80.

ESEC-FSE-2001-BasinRV #corba

A formal data-model of the CORBA security service (DAB, FR, LV), pp. 303–304.

SAC-2001-VuongSD #distributed #policy #using #xml

Managing security policies in a distributed environment using eXtensible markup language (XML) (NNV, GS, YD), pp. 405–411.

HPDC-2001-HumphreyT #grid

Security Implications of Typical Grid Computing Usage Scenarios (MH, MRT), pp. 95–103.

HPDC-2001-JohnstonTJ #overview

Overview of Security Considerations for Computational and Data Grids (WEJ, ST, KRJ), pp. 439–440.

ESOP-2001-Mitchell #analysis #calculus #polynomial #probability #process #protocol

Probabilistic Polynomial-Time Process Calculus and Security Protocol Analysis (JCM), pp. 23–29.

CAV-2001-SongPP #automation #generative #implementation #named #protocol #verification

AGVI — Automatic Generation, Verification, and Implementation of Security Protocols (DXS, AP, DP), pp. 241–245.

LICS-2001-MitchellRST #analysis #calculus #probability #process #protocol

Probabilistic Polynominal-Time Process Calculus and Security Protocol Analysis (JCM, AR, AS, VT), pp. 3–5.

ICALP-2000-BaudronPS #multi

Extended Notions of Security for Multicast Public Key Cryptosystems (OB, DP, JS), pp. 499–511.

ICFP-2000-SkalkaS

Static enforcement of security with types (CS, SFS), pp. 34–45.

CAiSE-2000-LiuLW #named

CHAOS: An Active Security Mediation System (DL, KHL, GW), pp. 232–246.

ICEIS-2000-Barker #approach #logic

Information Security: A Logic Based Approach (SB), pp. 9–14.

ECOOP-2000-Gong

Developing Security Systems in the Real World (LG), p. 251.

TOOLS-ASIA-2000-KhanHZ #component #composition

Security Characterization of Software Components and Their Composition (KMK, JH, YZ), pp. 240–249.

TOOLS-ASIA-2000-TaoJY #adaptation #mobile #modelling #network #research #self

The Research on Dynamic Self-Adaptive Network Security Model Based on Mobile Agent (JT, LJr, QY), pp. 134–139.

TOOLS-ASIA-2000-XingsheX #corba #design #implementation

Design and Implementation of CORBA Security Service (XZ, XL), pp. 140–147.

TOOLS-PACIFIC-2000-SindreO #case study #elicitation #requirements

Eliciting Security Requirements by Misuse Cases (GS, ALO), pp. 120–131.

TOOLS-USA-2000-MegaacheKJ #architecture

A Role-Based Security Architecture for Business Intelligence (SM, TK, GRRJ), pp. 295–306.

POPL-2000-Walker #policy #type system

A Type System for Expressive Security Policies (DW), pp. 254–267.

ASE-2000-LiuR #automation #using

Automated Security Checking and Patching Using TestTalk (CL, DJR), pp. 261–264.

FoSE-2000-DevanbuS #re-engineering #roadmap

Software engineering for security: a roadmap (PTD, SGS), pp. 227–239.

PDP-2000-PuliafitoT

Security mechanisms for the MAP agent system (AP, OT), pp. 84–91.

STOC-2000-BihamBBMR #proving #quantum

A proof of the security of quantum key distribution (EB, MB, POB, TM, VPR), pp. 715–724.

STOC-2000-KatzY #encryption #probability

Complete characterization of security notions for probabilistic private-key encryption (JK, MY), pp. 245–254.

TACAS-2000-BenerecettiG #logic #model checking #protocol #using

Model Checking Security Protocols Using a Logic of Belief (MB, FG), pp. 519–534.

TACAS-2000-ClarkeJM #partial order #protocol #reduction #verification

Partial Order Reductions for Security Protocol Verification (EMC, SJ, WRM), pp. 503–518.

WRLA-2000-BasinD #analysis #comparison #haskell #maude #protocol

Maude versus Haskell: an Experimental Comparison in Security Protocol Analysis (DAB, GD), pp. 235–256.

WICSA-1999-Butler

Security Issues with the Global Command and Control System (GCCS) (SAB), pp. 407–422.

ICDAR-1999-UrecheP #aspect-oriented #documentation

Document Transport, Transfer, and Exchange: Security and Commercial Aspects (OU, RP), pp. 585–588.

FM-v1-1999-FocardiM #approach

A Uniform Approach for the Definition of Security Properties (RF, FM), pp. 794–813.

FM-v1-1999-LincolnMMS #analysis #equivalence #polynomial #probability

Probabilistic Polynomial-Time Equivalence and Security Analysis (PL, JCM, MM, AS), pp. 776–793.

FM-v1-1999-LotzKW #hardware

A Formal Security Model for Microprocessor Hardware (VL, VK, GW), pp. 718–737.

HCI-EI-1999-Grinchenko #internet #quality

Quality of Information in Internet as an Information Security Basis (TAG), pp. 111–115.

SAC-1999-RowMAW #linux #network

Security Issues in Small Linux Networks (WMR, DJM, BLA, AHW), pp. 506–510.

SOSP-1999-MazieresKKW #file system

Separating key management from file system security (DM, MK, MFK, EW), pp. 124–139.

FoSSaCS-1999-Abadi #protocol #specification

Security Protocols and Specifications (MA), pp. 1–13.

CADE-1999-Weidenbach #analysis #automation #first-order #logic #protocol #towards

Towards an Automatic Analysis of Security Protocols in First-Order Logic (CW), pp. 314–328.

LICS-1999-MalacariaH #game studies #nondeterminism #program analysis

Non-Deterministic Games and Program Analysis: An Application to Security (PM, CH), pp. 443–452.

LICS-1999-Paulson #protocol #proving

Proving Security Protocols Correct (LCP), pp. 370–381.

FM-1998-KoobUW #formal method #modelling #policy #process #topic #using

The New Topicality of Using Formal Models of Security Policy within the Security Engineering Process (FK, MU, SW), pp. 302–310.

KDD-1998-LaneB #concept #identification #learning #online

Approaches to Online Learning and Concept Drift for User Identification in Computer Security (TL, CEB), pp. 259–263.

POPL-1998-LeroyR

Security Properties of Typed Applets (XL, FR), pp. 391–403.

SIGAda-1998-MichellSW #safety

Looking into Safety with the Safety and Security Rapporteur Group (SM, MS, BAW), pp. 7–11.

DAC-1998-HauckK

Data Security for Web-based CAD (SH, SK), pp. 788–793.

CAV-1998-Mitchell #analysis #finite #protocol

Finite-State Analysis of Security Protocols (JCM), pp. 71–76.

ADL-1997-WinslettCJS #library #policy #privacy #transaction #web

Assuring Security and Privacy for Digital Library Transactions on the Web: Client and Server Security Policies (MW, NC, VEJ, IS), pp. 140–152.

ICSM-2000-BasharKKSW #tool support

Low-threat security patches and tools (MAB, GK, MGK, EHS, SSWJ), pp. 306–313.

ESEC-FSE-1997-Kemmerer #distributed

Security Issues in Distributed Software (RAK), pp. 52–59.

ICSE-1997-Hefner #lessons learnt #maturity

Lessons Learned with the Systems Security Engineering Capability Maturity Model (RH), pp. 566–567.

SOSP-1997-WallachBDF #architecture #java

Extensible Security Architecture for Java (DSW, DB, DD, EWF), pp. 116–128.

TAPSOFT-1997-VolpanoS #approach #type system

A Type-Based Approach to Program Security (DMV, GS), pp. 607–621.

SIGMOD-1996-Tajima #database #detection #object-oriented #static analysis

Static Detection of Security Flaws in Object-Oriented Databases (KT), pp. 341–352.

SAC-1996-McBride

Security considerations for active messages (RAM), pp. 463–467.

TACAS-1996-FocardiG #automation #composition #verification

Automatic Compositional Verification of Some Security Properties (RF, RG), pp. 167–186.

STOC-1995-Yao #metric #protocol #quantum

Security of quantum protocols against coherent measurements (ACCY), pp. 67–75.

VLDB-1994-IdrisGC #database

Providing Dynamic Security Control in a Federated Database (NBI, WAG, RFC), pp. 13–23.

FME-1994-Cherkaoui #analysis #specification

Specification and Analysis of a Security Management System (OC), pp. 66–82.

CAiSE-1994-HofmannH #design #information management #quality #requirements

Reaching out for Quality: Considering Security Requirements in the Design of Information Systems (HFH, RH), pp. 105–118.

SAC-1994-ChangGVWO #empirical #reuse #social

A reuse experiment in the social security sector (SCC, APMG, HvV, EW, HO), pp. 94–98.

FME-1993-Boswell #policy #specification #validation

Specification and Validation of a Security Policy Model (AB), pp. 42–51.

CAiSE-1993-Chung #development #information management #requirements

Dealing with Security Requirements During the Development of Information Systems (LC), pp. 234–251.

TOOLS-EUROPE-1993-DollimoreX

The Private Access Channel: A Security Mechanism for Shared Distribution Objects (JD, WX), pp. 211–221.

SOSP-WIP-1991-Reiter92 #distributed

Integrating Security in a Group Oriented Distributed System (MKR), p. 27.

KDD-1991-OLeary #database #information management

Knowledge Discovery as a Threat to Database Security (DEO), pp. 507–516.

ICSE-1991-Jahl #evaluation

The Information Technology Security Evaluation Criteria (CJ), pp. 306–312.

STOC-1991-Maurer #encryption #independence

Perfect Cryptographic Security from Partially Independent Channels (UMM), pp. 561–571.

OOPSLA-1989-Thuraisingham #database #object-oriented

Mandatory Security in Object-Oriented Database Systems (BMT), pp. 203–210.

SIGMOD-1988-MazumdarSS #proving #theorem proving #using

Resolving the Tension between Integrity and Security Using a Theorem Prover (SM, DWS, TS), pp. 233–242.

SIGMOD-1987-Morgenstern #database #knowledge base #multi

Security and Inference in Multilevel Database and Knowledge-Base Systems (MM), pp. 357–373.

VLDB-1986-SpoonerKWSH #ada #component #framework

Framework for the Security Component of an Ada DBMS (DLS, AMK, GW, JS, DH), pp. 347–354.

STOC-1986-Cleve

Limits on the Security of Coin Flips when Half the Processors Are Faulty (RC), pp. 364–369.

STOC-1985-HastadS #encryption

The Cryptographic Security of Truncated Linearly Related Variables (JH, AS), pp. 356–362.

POPL-1983-Strom

Mechanisms for Compile-Time Enforcement of Security (RES), pp. 276–284.

SOSP-1983-Silverman #kernel #operating system #verification

Reflections on the Verification of the Security of an Operating System Kernel (JMS), pp. 143–154.

STOC-1983-Ben-OrCS #encryption #on the

On the Cryptographic Security of Single RSA Bits (MBO, BC, AS), pp. 421–430.

VLDB-1981-BussolatiM #approach #database #modelling

A Database Approach to Modelling and Managing Security Information (UB, GM), pp. 532–542.

SOSP-J-1979-WalkerKP80 #kernel #specification #verification

Specification and Verification of the UCLA Unix Security Kernel (BJW, RAK, GJP), pp. 118–131.

VLDB-1979-DownsP #database

Data Base Management Systems Security and INGRES (DD, GJP), pp. 280–290.

SOSP-1979-WalkerKP #kernel #specification #verification

Specification and Verification of the UCLA Unix Security Kernel (BJW, RAK, GJP), pp. 64–65.

VLDB-1978-Davida #privacy

Security and Privacy (GID), p. 54.

VLDB-1978-HsiaoKM #database #privacy

Privacy and Security of Data Communications and Data Bases (DKH, DSK, SEM), pp. 55–67.

SOSP-1977-FeiertagLR #design #multi #proving

Proving Multilevel Security of a System Design (RJF, KNL, LR), pp. 57–65.

ICSE-1976-NeumannFLR #development #multi #proving

Software Development and Proofs of Multi-Level Security (PGN, RJF, KNL, LR), pp. 421–428.

SOSP-J-1975-Millen76 #kernel #validation

Security Kernel Validation in Practice (JKM), pp. 243–250.

SOSP-1975-JonesL #policy

The Enforcement of Security Policies for Computation (AKJ, RJL), pp. 197–206.

SOSP-1975-Schroeder #kernel #multi

Engineering a Security Kernel for Multics (MDS), pp. 25–32.