For software applications in domains such as healthcare, the sensitivity of the data processed is such that access must be restricted to authorized users. These applications require a fine-granular enforcement of a context-based access control policy to control access to an asset, based on contextual information that is related to the access request. Due to the complexity and scale of contemporary software systems, the integration of context-based access control in an application constitutes a major engineering challenge. It is hard to obtain uniform access control enforcement in the numerous...

The first Annual Working Conference ofWG11.4oftheInter nationalFederationforInformation Processing (IFIP), focuseson variousstate of the art concepts in the field of Network and Dis tributedSystemsSecurity. Oursocietyisrapidly evolvingand irreversibly set onacourse governedby electronicinteractions. Wehave seen thebirthofe mail in the early seventies, and are now facing new challenging applicationssuchase commerce, e government, ....Themoreour societyrelies on electronicforms ofcommunication, themorethe securityofthesecommunicationnetworks isessentialforitswell functioning. Asaconsequence,...

The first Annual Working Conference ofWG11.4oftheInter nationalFederationforInformation Processing (IFIP), focuseson variousstate of the art concepts in the field of Network and Dis tributedSystemsSecurity. Oursocietyisrapidly evolvingand irreversibly set onacourse governedby electronicinteractions. Wehave seen thebirthofe mail in the early seventies, and are now facing new challenging applicationssuchase commerce, e government, ....Themoreour societyrelies on electronicforms ofcommunication, themorethe securityofthesecommunicationnetworks isessentialforitswell functioning. Asaconsequence,...

This book constitutes the refereed proceedings of the 6th International Symposium on Engineering Secure Software and Systems, ESSoS 2014, held in Munich, Germany, in February 2014. The 11 full papers presented together with 4 idea papers were carefully reviewed and selected from 55 submissions. The symposium features the following topics: model-based security, formal methods, web and mobile security and applications.

This volume illustrates the continuous arms race between attackers and defenders of the Web ecosystem by discussing a wide variety of attacks. In the first part of the book, the foundation of the Web ecosystem is briefly recapped and discussed. Based on this model, the assets of the Web ecosystem are identified, and the set of capabilities an attacker may have are enumerated. In the second part, an overview of the web security vulnerability landscape is constructed. Included are selections of the most representative attack techniques reported in great detail. In addition to descriptions of...

This book constitutes the refereed proceedings of the 7th International Symposium on Engineering Secure Software and Systems, ESSoS 2015, held in Milan, Italy, in March 2015. The 11 full papers presented together with 5 short papers were carefully reviewed and selected from 41 submissions. The symposium features the following topics: formal methods; cloud passwords; machine learning; measurements ontologies; and access control.

This book constitutes the proceedings of the 5th International Conference on Principles of Security and Trust, POST 2016, which took place in Eindhoven, The Netherlands, in April 2016, held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2016.
The 12 full papers presented in this volume were carefully reviewed and selected from 35 submissions. They were organized in topical sections named: information flow; models and applications; protocols.