Program

9:15 - 10:45 Session 1: Policy Enforcement and Monitoring (Chair: Marinella Petrocchi)

Cost-aware Runtime Enforcement of Security Policies
Peter Drabik, Fabio Martinelli, and Charles Morisset

Enforcing More with Less: Formalizing Target-aware Run-time Monitors
Yannis Mallios, Lujo Bauer, Dilsun Kaynar, and Jay Ligatti

Lazy Security Controllers
Giulio Caravagna, Gabriele Costa, and Giovanni Pardini

10:45 - 11:05 Coffee Break

11:05 - 13:05 Session 2: Access Control (Chair: Sjouke Mauw)

Automated Analysis of Scenario-based Specifications of Distributed Access Control Policies with Non-Mechanizable Activities
Michele Barletta, Silvio Ranise, and Luca Viganò

Labeled Goal-directed Search in Access Control Logic
Valerio Genovese, Deepak Garg, and Daniele Rispoli

A Use-based Approach for Enhancing UCON
Christos Grompanopoulos, Antonios Gouglidis, and Ioannis Mavridis

Analysis of Communicating Authorization Policies
Simone Frau and Mohammad Torabi Dashti

12:45 - 14:15 Lunch Break

14:15 - 15:45 Session 3: Trust, Reputation, and Privacy (Chair: Silvio Ranise)

Building Trust and Reputation In: A Development Framework for Trust Models Implementation
Francisco Moyano, Carmen Fernandez-Gago, and Javier Lopez

Matrix Powers Algorithms for Trust Evaluation in Public-Key Infrastructures
Jean-Guillaume Dumas and Hicham Hossayni

Formal Modelling of (De)Pseudonymisation: A Case Study in Health Care Privacy
Meilof Veeningen, Benne de Weger, and Nicola Zannone

15:45 - 16:15 Coffee Break

16:15 - 17:15 Session 4: PhD Award Talk (Chair: Javier Lopez)

Design and Analysis Methods for Privacy Technologies
Carmela Troncoso

17:30 STM Business Meeting

9:15 - 10:45 Session 5: Distributed Systems and Physical Security (Chair: Stelvio Cimato)

Switchwall: Automated Topology Fingerprinting & Behavior Deviation Identification
Nelson Nazzicari, Javier Almillategui, Angelos Stavrou, and Sushil Jajodia

DOT-COM: Decentralized Online Trading and COMmerce
Moti Geva and Amir Herzberg

Formalizing Physical Security Procedures
Catherine Meadows and Dusko Pavlovic

10:45 - 11:05 Coffee Break

11:05 - 13:05 Session 6: Authentication (Chair: Catherine Meadows)

A PUF-based Authentication Protocol to Address Ticket-Switching of RFID-tagged Items
Sjouke Mauw and Selwyn Piramuthu

Authenticating Email Search Results
Olga Ohrimenko, Hobart Reynolds, and Roberto Tamassia

Software Authentication to Enhance Trust in Body Sensor Networks
Joep de Groot, Vinh Bui, Jean-Paul Linnartz, Johan Lukkien, and Richard Verhoeven

YubiSecure? Formal Security Analysis Results for the Yubikey and YubiHSM
Robert Künnemann and Graham Steel

12:45 - 14:15 Lunch Break

14:15 - 15:45 Session 7: Security Policies (Chair: Gabriele Costa)

Boosting Model Checking to Analyse Large ARBAC Policies
Silvio Ranise, Anh Truong, and Alessandro Armando

Constrained Role Mining
Carlo Blundo and Stelvio Cimato

A Datalog Semantics for Paralocks
Bart van Delft, Niklas Broberg, and David Sands

15:45 Coffee Break and Farewell