Engineering Secure Software and Systems

Policy Verification and Enforcement.- Verification of Business Process Entailment Constraints Using SPIN.- From Formal Access Control Policies to Runtime Enforcement Aspects.- Idea: Trusted Emergency Management.- Model Refinement and Program Transformation.- Idea: Action Refinement for Security Properties Enforcement.- Pattern-Based Confidentiality-Preserving Refinement.- Architectural Refinement and Notions of Intransitive Noninterference.- Systematically Eradicating Data Injection Attacks Using Security-Oriented Program Transformations.- Secure System Development.- Report: Measuring the Attack Surfaces of Enterprise Software.- Report: Extensibility and Implementation Independence of the .NET Cryptographic API.- Report: CC-Based Design of Secure Application Systems.- Protection Poker: Structuring Software Security Risk Assessment and Knowledge Transfer.- Attack Analysis and Prevention.- Toward Non-security Failures as a Predictor of Security Faults and Failures.- A Scalable Approach to Full Attack Graphs Generation.- MEDS: The Memory Error Detection System.- Testing and Assurance.- Idea: Automatic Security Testing for Web Applications.- Report: Functional Security Testing Closing the Software - Security Testing Gap: A Case from a Telecom Provider.- Idea: Measuring the Effect of Code Complexity on Static Analysis Results.