Nicola Zannone – författare

It is our pleasure to welcome you to the ?rst edition of the International S- posium on Engineering Secure Software and Systems. This unique events aims at bringing together researchers from Software - gineeringandSecurity Engineering,helping to unite and further developthe two communitiesinthisandfutureeditions.Theparalleltechnicalsponsorshipsfrom the ACM SIGSAC (the ACM interest group in security) and ACM SIGSOFT (the ACM interest groupin softwareengineering) and the IEEE TCSE is a clear sign of the importance of this inter-disciplinary research area and its potential. The di?culty of building secure software systems is no longer focused on mastering security technology such as cryptography or access control models. Other important, and less controllable, factors include the complexity of m- ern networked software systems, the unpredictability of practical development lifecycles, the intertwining of and trade-o? between functionality, security and other qualities, the di?culty of dealing with human factors, and so forth. Over the last few years, an entire research domain has been building up around these problems.And although some battles have been won, the jury is still out on the ?nal verdict. The conference program included two major keynotes from Axel Van L- sweerde (U. Louvain) and Wolfram Schulte (Microsoft Research) and an int- esting blend of research, industry and idea papers.

It is our pleasure to welcome you to the proceedings of the Second International Symposium on Engineering Secure Software and Systems. This unique event aimed at bringing together researchersfrom softwareen- neering and security engineering, which might help to unite and further develop the two communities in this and future editions. The parallel technical spons- ships from the ACM SIGSAC (the ACM interest group in security) and ACM SIGSOF (the ACM interest group in software engineering) is a clear sign of the importance of this inter-disciplinary research area and its potential. The di?culty of building secure software systems is no longer focused on mastering security technology such as cryptography or access control models. Other important factors include the complexity of modern networked software systems, the unpredictability of practical development life cycles, the intertw- ing of and trade-o? between functionality, security and other qualities, the d- culty of dealing with human factors, and so forth. Over the last years, an entire research domain has been building up around these problems. The conference program included two major keynotes from Any Gordon (Microsoft Research Cambridge) on the practical veri?cation of security pro- cols implementation and Angela Sasse (University College London) on security usability and an interesting blend of research, industry and idea papers.

It is our pleasure to welcome you to the proceedings of the Second International Symposium on Engineering Secure Software and Systems. This unique event aimed at bringing together researchersfrom softwareen- neering and security engineering, which might help to unite and further develop the two communities in this and future editions. The parallel technical spons- ships from the ACM SIGSAC (the ACM interest group in security) and ACM SIGSOF (the ACM interest group in software engineering) is a clear sign of the importance of this inter-disciplinary research area and its potential. The di?culty of building secure software systems is no longer focused on mastering security technology such as cryptography or access control models. Other important factors include the complexity of modern networked software systems, the unpredictability of practical development life cycles, the intertw- ing of and trade-o? between functionality, security and other qualities, the d- culty of dealing with human factors, and so forth. Over the last years, an entire research domain has been building up around these problems. The conference program included two major keynotes from Any Gordon (Microsoft Research Cambridge) on the practical veri?cation of security pro- cols implementation and Angela Sasse (University College London) on security usability and an interesting blend of research, industry and idea papers.

This book constitutes the refereed proceedings of the Third International Symposium on Engineering Secure Software and Systems, ESSoS 2011, held in Madrid, Italy, in February 2011. The 18 revised full papers presented together with 3 idea papers were carefully reviewed and selected from 63 submissions. The papers are organized in topical sections on model-based security, tools and mechanisms, Web security, security requirements engineering, and authorization.