-
Armando, Alessandro; Ranise, Silvio; Traverso, Riccardo; Wrona, Konrad,
Communications and Network Security (CNS), 2015 IEEE Conference on,
IEEE,
2015
, pp. 741-
742
, (IEEE Conference on Communications and Network Security (CNS) 2015,
Florence, Italy,
September 28-30, 2015)
-
dos Santos, Daniel R.; Ranise, Silvio; Compagna, Luca; Ponta, Serena E.,
Data and Applications Security and Privacy XXIX,
Springer International Publishing,
vol.9149,
2015
, pp. 85-
100
, (29th Annual IFIP WG 11.3 Working Conference, DBSec 2015,
Fairfax, VA, USA,
July 13-15, 2015)
-
Turkmen, Fatih; den Hartog, Jerry; Ranise, Silvio; Zannone, Nicola,
Principles of Security and Trust,
Springer Berlin Heidelberg,
vol.9036,
2015
, pp. 115-
134
, (4th International Conference, POST 2015, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2015,
London, UK,
April 11-18, 2015)
-
Ranise, Silvio; Truong, Anh; Viganò, Luca,
Proceedings of the 30th Annual {ACM} Symposium on Applied Computing,
New York, NY, USA,
ACM New York, NY, USA ©2015,
2015
, pp. 2177-
2184
, (30th Annual {ACM} Symposium on Applied Computing 2015,
Salamanca, Spain,
April 13-17, 2015)
-
Ranise, Silvio; Bertolissi, Clara; Uttha, Worachet,
SECRYPT 2015 - Proceedings of the 12th International Conference on Security and Cryptography,
2015
, pp. 293-
300
, (12th International Conference on Security and Cryptography (SECRYPT 2015),
Colmar, France,
20-22 July 2015)
-
De Masellis, Riccardo; Ghidini, Chiara; Ranise, Silvio,
Security and Trust Management, 11th International Workshop, STM 2015, Vienna, Austria, September 21-22, 2015, Proceedings,
Springer International Publishing,
vol.9331,
2015
, pp. 55-
71
, (1th International Workshop on Security and Trust Management (STM),
Vienna, Austria,
September 21-22, 2015)
-
Lutz, Carsten; Ranise, Silvio (eds.),
Springer International Publishing,
2015
-
Daniel, Ricardo dos Santos; Silvio, Ranise; Serena, Elisa Ponta,
An established trend in software engineering insists on using components
(sometimes also called services or packages) to encapsulate a set of related
functionalities or data. By defining interfaces specifying what functionalities
they provide or use, components can be combined with others to form more
complex components. In this way, IT systems can be designed by mostly re-using
existing components and developing new ones to provide new functionalities. In
this paper, we introduce a notion of component and a combination mechanism for
an important class of software artifacts, called security-sensitive workflows.
These are business processes in which execution constraints on the tasks are
complemented with authorization constraints (e.g., Separation of Duty) and
authorization policies (constraining which users can execute which tasks). We
show how well-known workflow execution patterns can be simulated by our
combination mechanism and how authorization constraints can also be imposed
across components. Then, we demonstrate the usefulness of our notion of
component by showing (i) the scalability of a technique for the synthesis of
run-time monitors for security-sensitive workflows and (ii) the design of a
plug-in for the re-use of workflows and related run-time monitors inside an
editor for security-sensitive workflows.,
2015
-
Evandro Alencar Rigon;Carla Merkle Westphall;Daniel Ricardo dos Santos;Carlos Becker Westphall,
A cyclical evaluation model of information security maturity,
in «INTERNATIONAL JOURNAL OF INFORMATION AND COMPUTER SECURITY»,
vol. 22,
2014
, pp. 265 -
278
-
Bruttomesso R.; Ghilardi S.; Ranise S.,
in «ACM TRANSACTIONS ON COMPUTATIONAL LOGIC»,
vol. 15,
n. 1,
2014
