{"title":"Editorial ESORICS 2007","authors":"J. Biskup, Javier López","doi":"10.1145/1805974.1805975","DOIUrl":null,"url":null,"abstract":"This issue of TISSEC consists of three articles that elaborate research results originally contributed to the 12th European Symposium on Research in Computer Security (ESORICS’07) held in Dresden, Germany, September 24–26, 2007. The conference series of ESORICS has become the European research event in computer security. The symposium started in 1990 and has been organized on alternate years in different European countries. Since 2002, it has taken place annually. The contributions to ESORICS present theory, mechanisms, applications, or practical experience on all traditional or emerging topics relevant for security in computing systems. The three articles of this special issue have been selected from 39 papers presented during the symposium out of 164 submissions. The articles examplarily demonstrate the scope of ESORICS, dealing with an advanced formal model for state-dependent access control, sophisticated language-based security for information-flow control, and security and privacy in databases employing cryptography. A common theme of the articles is to enable programmers and system administrators to reliably control the flow of information in complex computing environments. Becker and Nanz consider state-modifying authorization policies where actually granted access requests can have effects on the current state of the access control system. They show how to efficiently organize state updates in a well-structured architecture, and they provide both thorough semantics based on Transaction Logic and a sound and complete proof system for analyzing the actual achievements of state-modifying authorization policies. Barthe, Rezk, Russo, and Sabelfeld enhance language-based informationflow security by inspecting the subtle impact of the concept of multithreading for low-level programs as used, for example, in mobile code scenarios. In particular, they deal with the control of the timing behavior of an execution as exhibited by a security-aware scheduler. They achieve this goal by presenting a security-preserving compilation to be employed as part of the overall approach to proof carrying code. Ciriani, De Capitani di Vimercati, Foresti, Jajodia, Paraboschi, and Samarati contribute to security on the application level. More specifically, for enforcing confidentiality constraints in the context of data outsourcing, they study how to break sensitive associations among composed data by fragmentation and to encrypt the resulting fragments such that processing of the fragmented and encrypted data still remains sufficiently efficient. We would like to thank all the authors for following our invitation to contribute to this special issue and all the reviewers for their insightful and helpful comments. We are also grateful to Michael Reiter, former Editor-in-Chief,","PeriodicalId":50912,"journal":{"name":"ACM Transactions on Information and System Security","volume":"51 1","pages":"19:1-19:2"},"PeriodicalIF":0.0000,"publicationDate":"2010-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Information and System Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1805974.1805975","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q","JCRName":"Engineering","Score":null,"Total":0}
引用次数: 0
摘要
这期TISSEC由三篇文章组成,这些文章详细阐述了最初为2007年9月24日至26日在德国德累斯顿举行的第12届欧洲计算机安全研究研讨会(ESORICS ' 07)贡献的研究成果。ESORICS系列会议已成为欧洲计算机安全领域的研究盛会。该研讨会始于1990年,在不同的欧洲国家隔年举办一次。自2002年以来,每年举行一次。对ESORICS的贡献展示了与计算系统安全相关的所有传统或新兴主题的理论、机制、应用或实践经验。本期特刊的三篇文章是从本次研讨会上提交的164篇论文中的39篇论文中挑选出来的。这两篇文章举例说明了ESORICS的范围,讨论了用于依赖状态的访问控制的高级形式化模型、用于信息流控制的复杂的基于语言的安全性,以及使用加密技术的数据库中的安全性和隐私性。这些文章的一个共同主题是使程序员和系统管理员能够可靠地控制复杂计算环境中的信息流。Becker和Nanz考虑了状态修改授权策略,其中实际授予的访问请求可能对访问控制系统的当前状态产生影响。它们展示了如何在结构良好的体系结构中有效地组织状态更新,并提供了基于事务逻辑的完整语义和用于分析状态修改授权策略实际成果的健全完整的证明系统。Barthe、Rezk、Russo和Sabelfeld通过研究多线程概念对低级程序(例如在移动代码场景中)的微妙影响,增强了基于语言的信息流安全性。特别是,它们处理由安全感知调度器显示的执行计时行为的控制。他们通过提供一种安全保护编译来实现这一目标,该编译将被用作携带证明代码的总体方法的一部分。Ciriani、De Capitani di Vimercati、Foresti、Jajodia、Paraboschi和Samarati对应用程序级别的安全性做出了贡献。更具体地说,为了在数据外包的背景下加强机密性约束,他们研究了如何通过碎片来打破组合数据之间的敏感关联,并对产生的碎片进行加密,从而使碎片化和加密数据的处理仍然足够有效。我们要感谢所有的作者接受我们的邀请为本期特刊撰稿,感谢所有的审稿人提出的有见地和有益的意见。我们还要感谢前主编Michael Reiter,
This issue of TISSEC consists of three articles that elaborate research results originally contributed to the 12th European Symposium on Research in Computer Security (ESORICS’07) held in Dresden, Germany, September 24–26, 2007. The conference series of ESORICS has become the European research event in computer security. The symposium started in 1990 and has been organized on alternate years in different European countries. Since 2002, it has taken place annually. The contributions to ESORICS present theory, mechanisms, applications, or practical experience on all traditional or emerging topics relevant for security in computing systems. The three articles of this special issue have been selected from 39 papers presented during the symposium out of 164 submissions. The articles examplarily demonstrate the scope of ESORICS, dealing with an advanced formal model for state-dependent access control, sophisticated language-based security for information-flow control, and security and privacy in databases employing cryptography. A common theme of the articles is to enable programmers and system administrators to reliably control the flow of information in complex computing environments. Becker and Nanz consider state-modifying authorization policies where actually granted access requests can have effects on the current state of the access control system. They show how to efficiently organize state updates in a well-structured architecture, and they provide both thorough semantics based on Transaction Logic and a sound and complete proof system for analyzing the actual achievements of state-modifying authorization policies. Barthe, Rezk, Russo, and Sabelfeld enhance language-based informationflow security by inspecting the subtle impact of the concept of multithreading for low-level programs as used, for example, in mobile code scenarios. In particular, they deal with the control of the timing behavior of an execution as exhibited by a security-aware scheduler. They achieve this goal by presenting a security-preserving compilation to be employed as part of the overall approach to proof carrying code. Ciriani, De Capitani di Vimercati, Foresti, Jajodia, Paraboschi, and Samarati contribute to security on the application level. More specifically, for enforcing confidentiality constraints in the context of data outsourcing, they study how to break sensitive associations among composed data by fragmentation and to encrypt the resulting fragments such that processing of the fragmented and encrypted data still remains sufficiently efficient. We would like to thank all the authors for following our invitation to contribute to this special issue and all the reviewers for their insightful and helpful comments. We are also grateful to Michael Reiter, former Editor-in-Chief,
期刊介绍:
ISSEC is a scholarly, scientific journal that publishes original research papers in all areas of information and system security, including technologies, systems, applications, and policies.