Lecture Notes in Computer Science 5965 CommencedPublicationin1973 FoundingandFormerSeriesEditors: GerhardGoos,JurisHartmanis,andJanvanLeeuwen EditorialBoard DavidHutchison LancasterUniversity,UK TakeoKanade CarnegieMellonUniversity,Pittsburgh,PA,USA JosefKittler UniversityofSurrey,Guildford,UK JonM.Kleinberg CornellUniversity,Ithaca,NY,USA AlfredKobsa UniversityofCalifornia,Irvine,CA,USA FriedemannMattern ETHZurich,Switzerland JohnC.Mitchell StanfordUniversity,CA,USA MoniNaor WeizmannInstituteofScience,Rehovot,Israel OscarNierstrasz UniversityofBern,Switzerland C.PanduRangan IndianInstituteofTechnology,Madras,India BernhardSteffen TUDortmundUniversity,Germany MadhuSudan MicrosoftResearch,Cambridge,MA,USA DemetriTerzopoulos UniversityofCalifornia,LosAngeles,CA,USA DougTygar UniversityofCalifornia,Berkeley,CA,USA GerhardWeikum Max-PlanckInstituteofComputerScience,Saarbruecken,Germany Fabio Massacci Dan Wallach Nicola Zannone (Eds.) Engineering Secure Software and Systems Second International Symposium, ESSoS 2010 Pisa, Italy, February 3-4, 2010 Proceedings 1 3 VolumeEditors FabioMassacci UniversitàdiTrento,DipartimentoIngegneriaeScienzadell’Informazione ViaSommarive14,38050Povo(Trento),Italy E-mail:[email protected] DanWallach RiceUniversity,DepartmentofComputerScience 3122DuncanHall,6100MainStreet,Houston,TX77005,USA E-mail:[email protected] NicolaZannone UniversityofTechnology,FacultyofMathematicsandComputerScience DenDolech2,5612AZEindhoven,TheNetherlands E-mail:[email protected] LibraryofCongressControlNumber:2009943930 CRSubjectClassification(1998):C.2,E.3,D.4.6,K.6.5,J.2 LNCSSublibrary:SL4–SecurityandCryptology ISSN 0302-9743 ISBN-10 3-642-11746-5SpringerBerlinHeidelbergNewYork ISBN-13 978-3-642-11746-6SpringerBerlinHeidelbergNewYork Thisworkissubjecttocopyright.Allrightsarereserved,whetherthewholeorpartofthematerialis concerned,specificallytherightsoftranslation,reprinting,re-useofillustrations,recitation,broadcasting, reproductiononmicrofilmsorinanyotherway,andstorageindatabanks.Duplicationofthispublication orpartsthereofispermittedonlyundertheprovisionsoftheGermanCopyrightLawofSeptember9,1965, initscurrentversion,andpermissionforusemustalwaysbeobtainedfromSpringer.Violationsareliable toprosecutionundertheGermanCopyrightLaw. springer.com ©Springer-VerlagBerlinHeidelberg2010 PrintedinGermany Typesetting:Camera-readybyauthor,dataconversionbyScientificPublishingServices,Chennai,India Printedonacid-freepaper SPIN:12989713 06/3180 543210 Preface Itis ourpleasureto welcomeyoutothe proceedingsofthe SecondInternational Symposium on Engineering Secure Software and Systems. Thisuniqueeventaimedatbringingtogetherresearchersfromsoftwareengi- neering andsecurityengineering,whichmight helpto unite andfurther develop the two communities in this and future editions. The paralleltechnicalsponsor- ships from the ACM SIGSAC (the ACM interest group in security) and ACM SIGSOF (the ACM interest groupin software engineering)is a clear sign of the importance of this inter-disciplinary research area and its potential. The difficulty of building secure software systems is no longer focused on mastering security technology such as cryptography or access control models. Other important factors include the complexity of modern networked software systems, the unpredictability of practical development life cycles, the intertwin- ing of and trade-offbetween functionality, security andother qualities, the diffi- culty of dealing with human factors,and so forth. Over the last years,an entire researchdomain has been building up around these problems. The conference program included two major keynotes from Any Gordon (Microsoft Research Cambridge) on the practical verification of security proto- cols implementation and Angela Sasse (University College London) on security usability and an interesting blend of research, industry and idea papers. In response to the call for papers 58 papers were submitted. The Program Committee selected nine papers as research papers (16%), presenting new research results in the realm of engineering secure software and systems. It fur- ther selected one industry report, detailing a concrete case study in industry, andeightideaspapers,thatthe ProgramCommittee judged interestingbut not yet mature for a full paper presentation. Many individuals and organizations contributed to the success of this event. First of all, we would like to express our appreciation to the authors of the submitted papers, and to the ProgramCommittee members and external refer- ees, who provided timely and relevant reviews. Many thanks go to the Steering Committee for supporting this and future editions of the symposium, and to all the members of the Organizing Committee for their tremendous work and for excellingintheirrespectivetasks.TheDistriNetresearchgroupoftheK.U.Leu- vendid anexcellentjobwiththe websiteandthe advertisingforthe conference. Nicola Zannone did a great job by assembling the proceedings for Springer. We owe gratitude to ACM SIGSAC/SIGSOFT, IEEE TCSE and LNCS for supporting us in this new scientific endeavor. An honorable mention should be madeofEasyChair,whichseemstobe“the”systemforconferencemanagement. VI Preface Lastbutnotleast,wewouldliketothankalloursponsors,theSecureChange EUProjectattheUniversityofTrentoforcoveringsomeofthefinancialaspects of the event and the CNR for organizing the symposium. December 2009 Fabio Massacci Dan Wallach Fabio Martinelli Conference Organization General Chair Fabio Martinelli CNR, Italy Program Co-chairs Fabio Massacci Universit`a di Trento, Italy Dan Wallach Rice University, USA Publication Chair Nicola Zannone Eindhoven University of Technology, The Netherlands Publicity Chair Yves Younan Katholieke Universiteit Leuven, Belgium Local Arrangements Chair Adriana Lazzaroni CNR, Italy Steering Committee Jorge Cuellar Siemens AG, Germany Wouter Joosen Katholieke Universiteit Leuven, Belgium Fabio Massacci Universit`a di Trento, Italy Gary McGraw Cigital, USA Bashar Nuseibeh The Open University, UK Daniel Wallach Rice University University, USA Program Committee Juergen Doser IMDEA, Spain Manuel Fa¨hndrich Microsoft Research, USA Michael Franz UC Irvine, USA Dieter Gollmann Hamburg University of Technology, Germany Jan Ju¨rjens Open University, UK Seok-Won Lee University of North Carolina Charlotte, USA VIII Conference Organization Antonio Man˜a University of Malaga, Spain Robert Martin MITRE, USA Mattia Monga Milan University, Italy Fabio Massacci Universit`a di Trento, Italy Haris Mouratidis University of East London, UK Gunther Pernul Universitat Regensburg, Germany Samuel Redwine James Madison University, USA David Sands Chalmers University of Technology, Sweden Riccardo Scandariato Katholieke Universiteit Leuven, Belgium Ketil Stølen Sintef, Norway Jon Whittle Lancaster University, UK Mohammad Zulkernine Queen’s University, Canada Neeraj Suri Technische Universita¨t Darmstadt, Germany Yingjiu Li Singapore Management University, Singapore Hao Chen UC Davis, USA Richard Clayton Cambridge University, UK Eduardo Ferna´ndez-Medina University of Castilla-La Mancha, Spain Yuecel Karabulut SAP Office of CTO, USA Vijay Varadharajan Macquarie University, Australia Jungfeng Yang Columbia University, USA Daniel Wallach Rice University University, USA External Reviewers Birgisson, Arnar Ochoa, Martin Brandeland, Gyrd Omerovic, Aida Buyens, Koen Paleari, Roberto Ceccato, Mariano Passerini, Emanuele Chowdhury, Istehad Phung, Phu H. Desmet, Lieven Pironti, Alfredo Dinkelaker, Tom Pujol, Gimena Drbeck, Stefan Refsdal, Atle Fritsch, Christoph Reisser, Andreas Fu, Ge Riesner, Moritz Gmelch, Oliver Ruiz, Jose F. Hedin, Daniel Scandariato, Riccardo Heldal, Rogart Seehusen, Fredrik Heyman, Thomas Shahriar, Hossain Hossain, Shahriar Solhaug, Bjornar Joosen, Wouter Turkmen, Fatih Koshutanski, Hristo Wang, Yongge Larsson, Andreas Yan, Qiang Li, Yan Yang, Xioafeng Lund, Mass Soldal Yautsiukhin, Artsiom Mun˜oz, Antonio Yskout, Koen Neuhaus, Stephan Table of Contents Session 1. Attack Analysis and Prevention I BuBBle: A Javascript Engine Level Countermeasure against Heap-Spraying Attacks ........................................... 1 Francesco Gadaleta, Yves Younan, and Wouter Joosen CsFire: Transparent Client-Side Mitigation of Malicious Cross-Domain Requests........................................................ 18 Philippe De Ryck, Lieven Desmet, Thomas Heyman, Frank Piessens, and Wouter Joosen Idea: Opcode-Sequence-Based Malware Detection .................... 35 Igor Santos, Felix Brezo, Javier Nieves, Yoseba K. Penya, Borja Sanz, Carlos Laorden, and Pablo G. Bringas Session 2. Attack Analysis and Prevention II Experiences with PDG-Based IFC ................................. 44 Christian Hammer Idea: Java vs. PHP: Security Implications of Language Choice for Web Applications..................................................... 61 James Walden, Maureen Doyle, Robert Lenhof, and John Murray Idea: Towards Architecture-Centric Security Analysis of Software ...... 70 Karsten Sohr and Bernhard Berger Session 3. Policy Verification and Enforcement I Formally-BasedBlack-Box Monitoring of Security Protocols ........... 79 Alfredo Pironti and Jan Ju¨rjens Secure Code Generation for Web Applications ....................... 96 Martin Johns, Christian Beyerlein, Rosemaria Giesecke, and Joachim Posegga Idea: Reusability of Threat Models – Two Approaches with an Experimental Evaluation.......................................... 114 Per H˚akon Meland, Inger Anne Tøndel, and Jostein Jensen X Table of Contents Session 4. Policy Verification and Enforcement II Model-Driven Security Policy Deployment: Property Oriented Approach ....................................................... 123 Stere Preda, Nora Cuppens-Boulahia, Fr´ed´eric Cuppens, Joaquin Garcia-Alfaro, and Laurent Toutain Category-Based Authorisation Models: Operational Semantics and Expressive Power ................................................ 140 Clara Bertolissi and Maribel Ferna´ndez Idea: Efficient Evaluation of Access Control Constraints............... 157 Achim D. Brucker and Helmut Petritsch Session 5. Secure System and Software Development I Formal Verification of Application-Specific Security Properties in a Model-Driven Approach .......................................... 166 Nina Moebius, Kurt Stenzel, and Wolfgang Reif Idea: Enforcing Consumer-Specified Security Properties for Modular Software ........................................................ 182 Giacomo A. Galilei and Vincenzo Gervasi Idea: Using System Level Testing for Revealing SQL Injection-Related Error Message Information Leaks .................................. 192 Ben Smith, Laurie Williams, and Andrew Austin Session 6. Secure System and Software Development II Automatic Generation of Smart, Security-Aware GUI Models.......... 201 David Basin, Manuel Clavel, Marina Egea, and Michael Schl¨apfer Report: Modular Safeguards to Create Holistic Security Requirement Specifications for System of Systems................................ 218 Albin Zuccato, Nils Daniels, Cheevarat Jampathom, and Mikael Nilson Idea: A Feasibility Study in Model Based Prediction of Impact of Changes on System Quality ....................................... 231 Aida Omerovic, Anette Andresen, H˚avard Grindheim, Per Myrseth, Atle Refsdal, Ketil Stølen, and Jon Ølnes Author Index.................................................. 241