Omschrijving
This book constitutes the refereed proceedings of the 12th European Symposium on Research in Computer Security, ESORICS 2007, held in Dresden, Germany in September 2007.
The 39 revised full papers presented were carefully reviewed and selected from 164 submissions. ESORICS is confirmed as the European research event in computer security; it presents original research contributions, case studies and implementation experiences addressing any aspect of computer security - in theory, mechanisms, applications, or practical experience. This book constitutes the refereed proceedings of the 12th European Symposium on Research in Computer Security, ESORICS 2007, held in Dresden, Germany in September 2007. It features 39 revised full papers. ESORICS is confirmed as the European research event in computer security. It presents original research contributions, case studies and implementation experiences that address any aspect of computer security, in theory, mechanisms, applications, or practical experience. Invited Lecture
Trustworthy Services and the Biological Analogy
1
Michael K. Reiter
Security Architecture and Secure Components I
Security of Multithreaded Programs by Compilation
2
Gilles Barthe, Tamara Rezk, Alejandro Russo, and Andrei Sabelfeld
Efficient Proving for Practical Distributed Access-Control Systems
19
Lujo Bauer, Scott Garriss, and Michael K. Reiter
Maintaining High Performance Communication Under Least Privilege Using Dynamic Perimeter Control
38
Paul Z. Kolano
Access Control I
Pragmatic XML Access Control Using Off-the-Shelf RDBMS
55
Bo Luo, Dongwon Lee, and Peng Liu
Conditional Privacy-Aware Role Based Access Control
72
Qun Ni, Dan Lin, Elisa Bertino, and Jorge Lobo
Satisfiability and Resiliency in Workflow Systems
90
Qihua Wang and Ninghui Li
Applied Cryptography I
Completeness of the Authentication Tests
106
Shaddin F. Dogh,rni, Joshua D. Guttman, and F. Javier Thayer
SILENTKNocK: Practical, Provably Undetectable Authentication
122
Eugene Y. Vasserman, Nicholas Hopper, John Laxson, and James Tyra
Generalized Key Delegation for Hierarchical Identity-Based Encryption
139
Michel Abdalla Eike Kiltz, and Gregory Neven
Security Management and Secure Electronic Activities
Change-Impact Analysis of Firewall Policies
155
Alex X. Liu
Fragmentation and Encryption to Enforce Privacy in Data Storage
171
Valentina Ciriani, Sabrina De Capitani di Vimercati, Sara Foresti, Sushil Jajodia, Stefano Paraboschi, and Pierangela Samarati
Information Confinement, Privacy, and Security in RFID Systems
187
Roberto Di Pietro and Refik Molva
Formal Methods in Security I
A Logic for State-Modifying Authorization Policies
203
Moritz Y. Becker and Sebastian Nanz
Inductive Proofs of Computational Secrecy
219
Arnab Roy, Anupam Datta, Ante Derek, and John C. Mitchell
What, Indeed, Is Intransitive Noninterference? (Extended Abstract)
235
Ron van der Meyden
Information Control and Access Control
Traceability and Integrity of Execution in Distributed Workflow Management Systems
251
Frederic Montagut and Refik Molva
Dynamic Information Flow Control Architecture for Web Applications
267
Sachiko Yoshihama, Takeo Yoshizawa, Yuji Watanabe, Michiharu Kudoh. and Kazuko Oyanagi
Cloak: A Ten-Fold Way for Reliable Covert Communications
283
Xiapu Luo, Edmond W.W. Chan, and Rocky K.C. Chang
Applied Cryptography II
Efficient Password-Based Authenticated Key Exchange Without Public Information
299
Jun Shao, Zherifu Cao, Licheng Wang, and Rongxing Lu
Improved Anonymous Timed-Release Encryption
311
Konstantinos Chalkias, Dimitrios Hristu-Varsakelis, and George Stephanides
Encryption Techniques for Secure Database Outsourcing
327
Sergei Evdokimov and Oliver G nther
Access Control II
Click Passwords Under Investigation
343
Krzysztof Golofit
Graphical Password Authentication Using Cued Click Points
359
Sonia Chiasson, P.C. van Oorschot, and Robert Biddle
Obligations and Their Interaction with Programs
375
Daniel J. Dougherty, Kathi Fisler, and Shriram Krishnamurthi
Applied Cryptography III
On the Privacy of Concealed Data Aggregation
390
Aldar C.-F. Chan and Claude Castelluccia
Synthesizing Secure Protocols
406
Veronique Cortier, Bogdan Warinschi, and Eugen Zalinescu
A Cryptographic Model for Branching Time Security Properties The Case of Contract Signing Protocols
422
Veronique Cortier, Ralf K sters, and Bogdan Warinschi
Security Architecture and Secure Components II
Security Evaluation of Scenarios Based on the TCG's TPM Specification
438
Sigrid G rgens, Carsten Rudolph, Dirk Scheuermann, Marion Atts, and Rainer Plaga
Analyzing Side Channel Leakage of Masked Implementations with Stochastic Methods
454
Kerstin Lemke-Rust and Christof Paar
Insider Attacks Enabling Data Broadcasting on Crypto-Enforced Unicast Links
469
Andr delsbach and Ulrich Greveler
Security Management
Towards Modeling Trust Based Decisions: A Game Theoretic Approach
485
Vidyaraman Sankaranarayanan, Madhusudhanan Chandrasekaran, and Shambhu Upadhyaya
Fxtending the Common Services of eduGAIN with a Credential Conversion Service,
501
Gabriel L pez, car C vas, Diego R. Lopez, and Antonio F. G mez-Skarmeta
Incorporating Temporal Capabilities in Existing Key Management Schemes
515
Mikhail J. Atallah, Marina Blanton, and Keith B. Frikken
Secure Electronic Activities
A Policy Language for Distributed Usage Control
531
M. Hilty, A. Pretschner, D. Basin, C. Schaefer, and T. Walter
Countering Statistical Disclosure with Receiver-Bound Cover Traffic
547
Nayantara Mallesh and Matthew Wright
Renewable Traitor Tracing: A Trace-Revoke-Trace System For Anonymous Attack
563
Hongxia Jin and Jeffery Lotspiech
Formal Methods in Security III
Modular Access Control Via Strategic Rewriting
578
Daniel J. Dougherty, Claude Kirchner, H ne Kirchner, and Anderson Santana de Oliveira
On the Automated Correction of Security Protocols Susceptible to a Replay Attack
594
Juan C. Lopez P., Ra l Monroy, and Dieter Butter
Adaptive Soundness of Static Equivalence
610
Steve Kremer and Laurent Mazar TD>
Author Index
627