FOSAD has been one of the foremost educational events established with the goal of disseminating knowledge in the critical area of security in computer systems and networks. Offering a timely spectrum of current research in foundations of security, FOSAD also proposes panels dedicated to topical open problems, and giving presentations about ongoing work in the field, in order to stimulate discussions and novel scientific collaborations. This book presents thoroughly revised versions of nine tutorial lectures given by leading researchers during three International Schools on Foundations of Security Analysis and Design, FOSAD, held in Bertinoro, Italy, in September 2010 and August/September 2011. The topics covered in this book include privacy and data protection; security APIs; cryptographic verification by typing; model-driven security; noninterfer-quantitative information flow analysis; and risk analysis.
Table of ContentsProtecting Privacy in Data Release.-An Introduction to Security API Analysis.-Cryptographic Verification by Typing for a Sample Protocol Implementation.-Model-Driven Development of Security-Aware GUIs for Data-Centric Applications.-On Intransitive Non-interference in Some Models of Concurrency.-A Method for Security Governance, Risk, and Compliance (GRC): A Goal-Process Approach.-The Geometry of Lattice Cryptography.-Quantitative Information Flow and Applications to Differential Privacy.-Risk Analysis of Changing and Evolving Systems using CORAS.