Data and Applications Security XX

For 20 years, the IFIP WG 11. 3 Working Conference on Data and Appli- tions Security (DBSEC) has been a major forum for presenting originalresearch results, practical experiences, and innovative ideas in data and applications - curity. Looking back, it is di?cult not to appreciatethe full extent of the change that has occurred in our ?eld. Once considered afterthoughts in systems and application design, data protection, privacy and trust have become the key problems of our day. This central role of security in the information society has however brought increased responsibilities to the research community. - day practitioners and researchers alike need to ?nd new ways to cope with the increasing scale and complexity of the security problems that must be solved on the global information infrastructure. Like the previous conference, the 20th DBSEC has proved to be up to this challenge. DBSEC 2006 received 56 submissions, out of which the program committee selected22 high-qualitypaperscoveringanumber of diverseresearchtopicssuch as access control, privacy, and identity management. We are glad to see that the ?nal program contains a well-balanced mix of theoretical results and practical prototype systems, many of them converging and building o? each other. Also, the DBSEC program includes a number of papers on new, emerging aspects of security research. Putting together a top-level conference like DBSEC is always a team e?ort.

Autorentext
Ernesto Damiani is a professor at the Department of Information Technology of the University of Milan. He is the Vice-Chair of the ACM Special Interest Group on Applied Computing (SIGAPP).

Klappentext

This book constitutes the refereed proceedings of the 20th Annual Working Conference on Data and Applications Security held in Sophia Antipolis, France, in July/August 2006. The 22 revised full papers presented were carefully reviewed and selected from 56 submissions. The papers explore theory, technique, applications, and practical experience of data and application security covering a number of diverse research topics such as access control, privacy, and identity management.

Inhalt
Creating Objects in the Flexible Authorization Framework.- Detection and Resolution of Anomalies in Firewall Policy Rules.- On Finding an Inference-Proof Complete Database for Controlled Query Evaluation.- Consolidating the Access Control of Composite Applications and Workflows.- Authenticating Multi-dimensional Query Results in Data Publishing.- Xml Streams Watermarking.- Aggregation Queries in the Database-As-a-Service Model.- Policy Classes and Query Rewriting Algorithm for XML Security Views.- Interactive Analysis of Attack Graphs Using Relational Queries.- Notarized Federated Identity Management for Web Services.- Resolving Information Flow Conflicts in RBAC Systems.- Policy Transformations for Preventing Leakage of Sensitive Information in Email Systems.- Term Rewriting for Access Control.- Discretionary and Mandatory Controls for Role-Based Administration.- A Distributed Coalition Service Registry for Ad-Hoc Dynamic Coalitions: A Service-Oriented Approach.- Enhancing User Privacy Through Data Handling Policies.- Efficient Enforcement of Security Policies Based on Tracking of Mobile Users.- A Framework for Flexible Access Control in Digital Library Systems.- Authrule: A Generic Rule-Based Authorization Module.- Aspect-Oriented Risk Driven Development of Secure Applications.- From Business Process Choreography to Authorization Policies.- Information Theoretical Analysis of Two-Party Secret Computation.