You are here

Publications

  1. Lutz, Carsten; Ranise, Silvio (eds.),
    Springer International Publishing,
    2015
  2. Daniel, Ricardo dos Santos; Silvio, Ranise; Serena, Elisa Ponta,
    An established trend in software engineering insists on using components
    (sometimes also called services or packages) to encapsulate a set of related
    functionalities or data. By defining interfaces specifying what functionalities
    they provide or use, components can be combined with others to form more
    complex components. In this way, IT systems can be designed by mostly re-using
    existing components and developing new ones to provide new functionalities. In
    this paper, we introduce a notion of component and a combination mechanism for
    an important class of software artifacts, called security-sensitive workflows.
    These are business processes in which execution constraints on the tasks are
    complemented with authorization constraints (e.g., Separation of Duty) and
    authorization policies (constraining which users can execute which tasks). We
    show how well-known workflow execution patterns can be simulated by our
    combination mechanism and how authorization constraints can also be imposed
    across components. Then, we demonstrate the usefulness of our notion of
    component by showing (i) the scalability of a technique for the synthesis of
    run-time monitors for security-sensitive workflows and (ii) the design of a
    plug-in for the re-use of workflows and related run-time monitors inside an
    editor for security-sensitive workflows.
    ,
    2015
  3. Evandro Alencar Rigon;Carla Merkle Westphall;Daniel Ricardo dos Santos;Carlos Becker Westphall,
    A cyclical evaluation model of information security maturity,
    in «INTERNATIONAL JOURNAL OF INFORMATION AND COMPUTER SECURITY»,
    vol. 22,
    2014
    , pp. 265 -
    278
  4. Bruttomesso R.; Ghilardi S.; Ranise S.,
    in «ACM TRANSACTIONS ON COMPUTATIONAL LOGIC»,
    vol. 15,
    n. 1,
    2014
  5. Armando A.; Ponta S. E.,
    in «COMPUTERS & SECURITY»,
    vol. 40,
    2014
    , pp. 1 -
    22
  6. Armando A.; Costa G.; Verderame L.; Merlo A.,
    Securing the "Bring Your Own Device" Paradigm,
    in «COMPUTER»,
    vol. 47,
    n. 6,
    2014
    , pp. 48 -
    56
  7. Armando A.; Costa G.; Merlo A.; Verderame L.,
    in «INTERNATIONAL JOURNAL OF INFORMATION SECURITY»,
    2014
    , pp. 1 -
    18
  8. Armando A.; Benerecetti M.; Mantovani J.,
    in «AUTOMATED SOFTWARE ENGINEERING»,
    vol. 21,
    n. 2,
    2014
    , pp. 225 -
    258
  9. Alberti F.; Bruttomesso R.; Ghilardi S.; Ranise S.; Sharygina N.,
    in «FORMAL METHODS IN SYSTEM DESIGN»,
    vol. 45,
    n. 1,
    2014
    , pp. 63 -
    109
  10. Armando A.; Merlo A.; Verderame L.,
    in «INTERNATIONAL JOURNAL OF CRITICAL INFRASTRUCTURE PROTECTION»,
    vol. 7,
    n. 4,
    2014
    , pp. 247 -
    256

Pages