Engineering Secure Software and Systems

The goal of this symposium, is to bring together researchers and practitioners to advance the states
of the art and practice in secure software engineering.

Security Testing beyond Functional Tests.- Progress-Sensitive Security for SPARK.- Sound and Precise Cross-Layer Data Flow Tracking.- Automatically Extracting Threats from Extended Data Flow Diagrams.- On the Static Analysis of Hybrid Mobile Apps.- Semantics-based Repackaging Detection for Mobile Apps.- Accelerometer-based Device Fingerprinting for Multi-factor Mobile Authentication.- POODLEs, More POODLEs, FREAK Attacks too: How Server Administrators Responded to Three Serious Web Vulnerabilities.- PADS: a platform to detect stealth attacks.- Analyzing the Gadgets - Towards a Metric to Measure Gadget Quality.- Empirical Analysis and Modeling of Black-Box Mutational Fuzzing.- On the Security Cost of Using a Free and Open Source Component in a Proprietary Product.- Idea: Usable Platforms for Secure Programming { Mining Unix for Insight and Guidelines.- AppPAL for Android: Capturing and Checking Mobile App Policies.- Inferring Semantic Mapping Between Policies and Code: The Clue is in the Language.- Idea: Supporting Policy-Based Access Control on Database Systems.- Idea: Enforcing Security Properties by Solving Behavioural Equations.