Abstract :
The following topics are dealt with: reusable security use cases for mobile grid environments; resolving least privilege violations in software architectures; intrusion detection using signatures extracted from execution profiles; a hybrid analysis framework for detecting Web application vulnerabilities; SWAP: mitigating XSS attacks using a reverse proxy; metamodel for privacy policies within SOA; MUTEC: mutation-based testing of cross site scripting; RUP-based process model for security requirements engineering in value-added service development; improving perimeter security with security-oriented program transformations; and generating formal specifications for security-critical applications - a model-driven approach.
Keywords :
Internet; data privacy; digital signatures; formal specification; grid computing; mobile computing; security of data; software architecture; SWAP; Web application vulnerability detection; XSS attack mitigation; cross site scripting; execution profiles; formal specifications; hybrid analysis framework; intrusion detection; least privilege violations; metamodel; mobile grid environments; mutation-based testing; perimeter security; privacy policy; process model; reusable security use cases; reverse proxy; security requirements engineering; security-critical applications; security-oriented program transformations; service-oriented architecture; signatures; software architectures; value-added service development;
Conference_Titel :
Software Engineering for Secure Systems, 2009. SESS '09. ICSE Workshop on
Conference_Location :
Vancouver, BC
Print_ISBN :
978-1-4244-3725-2
DOI :
10.1109/IWSESS.2009.5068440
