This book constitutes the refereed proceedings of the 12th European Symposium on Research in Computer Security, ESORICS 2007, held in Dresden, Germany in September 2007. The 39 revised full papers presented were carefully reviewed and selected from 164 submissions. ESORICS is confirmed as the European research event in computer security; it presents original research contributions, case studies and implementation experiences addressing any aspect of computer security - in theory, mechanisms, applications, or practical experience. This book constitutes the refereed proceedings of the 12th European Symposium on Research in Computer Security, ESORICS 2007, held in Dresden, Germany in September 2007. It features 39 revised full papers. ESORICS is confirmed as the European research event in computer security. It presents original research contributions, case studies and implementation experiences that address any aspect of computer security, in theory, mechanisms, applications, or practical experience. Invited Lecture Trustworthy Services and the Biological Analogy 1 Michael K. Reiter Security Architecture and Secure Components I Security of Multithreaded Programs by Compilation 2 Gilles Barthe, Tamara Rezk, Alejandro Russo, and Andrei Sabelfeld Efficient Proving for Practical Distributed Access-Control Systems 19 Lujo Bauer, Scott Garriss, and Michael K. Reiter Maintaining High Performance Communication Under Least Privilege Using Dynamic Perimeter Control 38 Paul Z. Kolano Access Control I Pragmatic XML Access Control Using Off-the-Shelf RDBMS 55 Bo Luo, Dongwon Lee, and Peng Liu Conditional Privacy-Aware Role Based Access Control 72 Qun Ni, Dan Lin, Elisa Bertino, and Jorge Lobo Satisfiability and Resiliency in Workflow Systems 90 Qihua Wang and Ninghui Li Applied Cryptography I Completeness of the Authentication Tests 106 Shaddin F. Dogh,rni, Joshua D. Guttman, and F. Javier Thayer SILENTKNocK: Practical, Provably Undetectable Authentication 122 Eugene Y. Vasserman, Nicholas Hopper, John Laxson, and James Tyra Generalized Key Delegation for Hierarchical Identity-Based Encryption 139 Michel Abdalla Eike Kiltz, and Gregory Neven Security Management and Secure Electronic Activities Change-Impact Analysis of Firewall Policies 155 Alex X. Liu Fragmentation and Encryption to Enforce Privacy in Data Storage 171 Valentina Ciriani, Sabrina De Capitani di Vimercati, Sara Foresti, Sushil Jajodia, Stefano Paraboschi, and Pierangela Samarati Information Confinement, Privacy, and Security in RFID Systems 187 Roberto Di Pietro and Refik Molva Formal Methods in Security I A Logic for State-Modifying Authorization Policies 203 Moritz Y. Becker and Sebastian Nanz Inductive Proofs of Computational Secrecy 219 Arnab Roy, Anupam Datta, Ante Derek, and John C. Mitchell What, Indeed, Is Intransitive Noninterference? (Extended Abstract) 235 Ron van der Meyden Information Control and Access Control Traceability and Integrity of Execution in Distributed Workflow Management Systems 251 Frederic Montagut and Refik Molva Dynamic Information Flow Control Architecture for Web Applications 267 Sachiko Yoshihama, Takeo Yoshizawa, Yuji Watanabe, Michiharu Kudoh. and Kazuko Oyanagi Cloak: A Ten-Fold Way for Reliable Covert Communications 283 Xiapu Luo, Edmond W.W. Chan, and Rocky K.C. Chang Applied Cryptography II Efficient Password-Based Authenticated Key Exchange Without Public Information 299 Jun Shao, Zherifu Cao, Licheng Wang, and Rongxing Lu Improved Anonymous Timed-Release Encryption 311 Konstantinos Chalkias, Dimitrios Hristu-Varsakelis, and George Stephanides Encryption Techniques for Secure Database Outsourcing 327 Sergei Evdokimov and Oliver G nther Access Control II Click Passwords Under Investigation 343 Krzysztof Golofit Graphical Password Authentication Using Cued Click Points 359 Sonia Chiasson, P.C. van Oorschot, and Robert Biddle Obligations and Their Interaction with Programs 375 Daniel J. Dougherty, Kathi Fisler, and Shriram Krishnamurthi Applied Cryptography III On the Privacy of Concealed Data Aggregation 390 Aldar C.-F. Chan and Claude Castelluccia Synthesizing Secure Protocols 406 Veronique Cortier, Bogdan Warinschi, and Eugen Zalinescu A Cryptographic Model for Branching Time Security Properties The Case of Contract Signing Protocols 422 Veronique Cortier, Ralf K sters, and Bogdan Warinschi Security Architecture and Secure Components II Security Evaluation of Scenarios Based on the TCG's TPM Specification 438 Sigrid G rgens, Carsten Rudolph, Dirk Scheuermann, Marion Atts, and Rainer Plaga Analyzing Side Channel Leakage of Masked Implementations with Stochastic Methods 454 Kerstin Lemke-Rust and Christof Paar Insider Attacks Enabling Data Broadcasting on Crypto-Enforced Unicast Links 469 Andr delsbach and Ulrich Greveler Security Management Towards Modeling Trust Based Decisions: A Game Theoretic Approach 485 Vidyaraman Sankaranarayanan, Madhusudhanan Chandrasekaran, and Shambhu Upadhyaya Fxtending the Common Services of eduGAIN with a Credential Conversion Service, 501 Gabriel L pez, car C vas, Diego R. Lopez, and Antonio F. G mez-Skarmeta Incorporating Temporal Capabilities in Existing Key Management Schemes 515 Mikhail J. Atallah, Marina Blanton, and Keith B. Frikken Secure Electronic Activities A Policy Language for Distributed Usage Control 531 M. Hilty, A. Pretschner, D. Basin, C. Schaefer, and T. Walter Countering Statistical Disclosure with Receiver-Bound Cover Traffic 547 Nayantara Mallesh and Matthew Wright Renewable Traitor Tracing: A Trace-Revoke-Trace System For Anonymous Attack 563 Hongxia Jin and Jeffery Lotspiech Formal Methods in Security III Modular Access Control Via Strategic Rewriting 578 Daniel J. Dougherty, Claude Kirchner, H ne Kirchner, and Anderson Santana de Oliveira On the Automated Correction of Security Protocols Susceptible to a Replay Attack 594 Juan C. Lopez P., Ra l Monroy, and Dieter Butter Adaptive Soundness of Static Equivalence 610 Steve Kremer and Laurent Mazar TD> Author Index 627