J. Biskup, Javier López
{"title":"Editorial ESORICS 2007","authors":"J. Biskup, Javier López","doi":"10.1145/1805974.1805975","DOIUrl":null,"url":null,"abstract":"This issue of TISSEC consists of three articles that elaborate research results originally contributed to the 12th European Symposium on Research in Computer Security (ESORICS’07) held in Dresden, Germany, September 24–26, 2007. The conference series of ESORICS has become the European research event in computer security. The symposium started in 1990 and has been organized on alternate years in different European countries. Since 2002, it has taken place annually. The contributions to ESORICS present theory, mechanisms, applications, or practical experience on all traditional or emerging topics relevant for security in computing systems. The three articles of this special issue have been selected from 39 papers presented during the symposium out of 164 submissions. The articles examplarily demonstrate the scope of ESORICS, dealing with an advanced formal model for state-dependent access control, sophisticated language-based security for information-flow control, and security and privacy in databases employing cryptography. A common theme of the articles is to enable programmers and system administrators to reliably control the flow of information in complex computing environments. Becker and Nanz consider state-modifying authorization policies where actually granted access requests can have effects on the current state of the access control system. They show how to efficiently organize state updates in a well-structured architecture, and they provide both thorough semantics based on Transaction Logic and a sound and complete proof system for analyzing the actual achievements of state-modifying authorization policies. Barthe, Rezk, Russo, and Sabelfeld enhance language-based informationflow security by inspecting the subtle impact of the concept of multithreading for low-level programs as used, for example, in mobile code scenarios. In particular, they deal with the control of the timing behavior of an execution as exhibited by a security-aware scheduler. They achieve this goal by presenting a security-preserving compilation to be employed as part of the overall approach to proof carrying code. Ciriani, De Capitani di Vimercati, Foresti, Jajodia, Paraboschi, and Samarati contribute to security on the application level. More specifically, for enforcing confidentiality constraints in the context of data outsourcing, they study how to break sensitive associations among composed data by fragmentation and to encrypt the resulting fragments such that processing of the fragmented and encrypted data still remains sufficiently efficient. We would like to thank all the authors for following our invitation to contribute to this special issue and all the reviewers for their insightful and helpful comments. We are also grateful to Michael Reiter, former Editor-in-Chief,","PeriodicalId":50912,"journal":{"name":"ACM Transactions on Information and System Security","volume":"51 1","pages":"19:1-19:2"},"PeriodicalIF":0.0000,"publicationDate":"2010-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Information and System Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1805974.1805975","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q","JCRName":"Engineering","Score":null,"Total":0}
引用次数: 0

摘要

这期TISSEC由三篇文章组成,这些文章详细阐述了最初为2007年9月24日至26日在德国德累斯顿举行的第12届欧洲计算机安全研究研讨会(ESORICS ' 07)贡献的研究成果。ESORICS系列会议已成为欧洲计算机安全领域的研究盛会。该研讨会始于1990年,在不同的欧洲国家隔年举办一次。自2002年以来,每年举行一次。对ESORICS的贡献展示了与计算系统安全相关的所有传统或新兴主题的理论、机制、应用或实践经验。本期特刊的三篇文章是从本次研讨会上提交的164篇论文中的39篇论文中挑选出来的。这两篇文章举例说明了ESORICS的范围,讨论了用于依赖状态的访问控制的高级形式化模型、用于信息流控制的复杂的基于语言的安全性,以及使用加密技术的数据库中的安全性和隐私性。这些文章的一个共同主题是使程序员和系统管理员能够可靠地控制复杂计算环境中的信息流。Becker和Nanz考虑了状态修改授权策略,其中实际授予的访问请求可能对访问控制系统的当前状态产生影响。它们展示了如何在结构良好的体系结构中有效地组织状态更新,并提供了基于事务逻辑的完整语义和用于分析状态修改授权策略实际成果的健全完整的证明系统。Barthe、Rezk、Russo和Sabelfeld通过研究多线程概念对低级程序(例如在移动代码场景中)的微妙影响,增强了基于语言的信息流安全性。特别是,它们处理由安全感知调度器显示的执行计时行为的控制。他们通过提供一种安全保护编译来实现这一目标,该编译将被用作携带证明代码的总体方法的一部分。Ciriani、De Capitani di Vimercati、Foresti、Jajodia、Paraboschi和Samarati对应用程序级别的安全性做出了贡献。更具体地说,为了在数据外包的背景下加强机密性约束,他们研究了如何通过碎片来打破组合数据之间的敏感关联,并对产生的碎片进行加密,从而使碎片化和加密数据的处理仍然足够有效。我们要感谢所有的作者接受我们的邀请为本期特刊撰稿,感谢所有的审稿人提出的有见地和有益的意见。我们还要感谢前主编Michael Reiter,
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Editorial ESORICS 2007
This issue of TISSEC consists of three articles that elaborate research results originally contributed to the 12th European Symposium on Research in Computer Security (ESORICS’07) held in Dresden, Germany, September 24–26, 2007. The conference series of ESORICS has become the European research event in computer security. The symposium started in 1990 and has been organized on alternate years in different European countries. Since 2002, it has taken place annually. The contributions to ESORICS present theory, mechanisms, applications, or practical experience on all traditional or emerging topics relevant for security in computing systems. The three articles of this special issue have been selected from 39 papers presented during the symposium out of 164 submissions. The articles examplarily demonstrate the scope of ESORICS, dealing with an advanced formal model for state-dependent access control, sophisticated language-based security for information-flow control, and security and privacy in databases employing cryptography. A common theme of the articles is to enable programmers and system administrators to reliably control the flow of information in complex computing environments. Becker and Nanz consider state-modifying authorization policies where actually granted access requests can have effects on the current state of the access control system. They show how to efficiently organize state updates in a well-structured architecture, and they provide both thorough semantics based on Transaction Logic and a sound and complete proof system for analyzing the actual achievements of state-modifying authorization policies. Barthe, Rezk, Russo, and Sabelfeld enhance language-based informationflow security by inspecting the subtle impact of the concept of multithreading for low-level programs as used, for example, in mobile code scenarios. In particular, they deal with the control of the timing behavior of an execution as exhibited by a security-aware scheduler. They achieve this goal by presenting a security-preserving compilation to be employed as part of the overall approach to proof carrying code. Ciriani, De Capitani di Vimercati, Foresti, Jajodia, Paraboschi, and Samarati contribute to security on the application level. More specifically, for enforcing confidentiality constraints in the context of data outsourcing, they study how to break sensitive associations among composed data by fragmentation and to encrypt the resulting fragments such that processing of the fragmented and encrypted data still remains sufficiently efficient. We would like to thank all the authors for following our invitation to contribute to this special issue and all the reviewers for their insightful and helpful comments. We are also grateful to Michael Reiter, former Editor-in-Chief,
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
ACM Transactions on Information and System Security
ACM Transactions on Information and System Security 工程技术-计算机:信息系统
CiteScore
4.50
自引率
0.00%
发文量
0
审稿时长
3.3 months
期刊介绍: ISSEC is a scholarly, scientific journal that publishes original research papers in all areas of information and system security, including technologies, systems, applications, and policies.
期刊最新文献
An Efficient User Verification System Using Angle-Based Mouse Movement Biometrics A New Framework for Privacy-Preserving Aggregation of Time-Series Data Behavioral Study of Users When Interacting with Active Honeytokens Model Checking Distributed Mandatory Access Control Policies Randomization-Based Intrusion Detection System for Advanced Metering Infrastructure*
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1