First Workshop on
Quality of Protection
Milan, Italy - September 15, 2005.

Workshop co-located with ESORICS & METRICS


QoP 2005 Proceedings


Invited Speaker

Call for papers


QoP 2006

QoP 2007

QoP 2008

MetriSec 2009

Workshop Programme

09:00 - 10:15

Invited Talk

Helmut Kurth -
@sec Information Security
- Software Quality and Metrics: an Industrial Experience

10:15 - 10:30

Security Metrics

Andrea Atzeni, Antonio Lioy
- Why to adopt a security metric? A little survey (short presentation)
Abstract. Slides

10:30 - 11:00

Coffee Break

11:00 - 12:30

Measuring Reliability vs Security

Andy Ozment
- Software Security Growth Modeling: Examining Vulnerabilities with Reliability Growth Models
Abstract. Slides

Swapna Gokhale, Robert Mullen
- A Discrete Lognormal Model for Software Defects affecting QoP

Alata Eric, Dacier Marc, Deswarte Yves, Kaaniche Mohamed, Kortchinsky Kostya, Nicomette Vincent, Pham Van-Hau, Pouget Fabien
- Collection and analysis of attack data based on honeypots deployed on the Internet (short presentation)
Abstract Slides

Davide Balzarotti, Mattia Monga, Sabrina Sicari
- Assessing the risk of using vulnerable components (short presentation)

12:30 - 14:00


14:00 - 15:30

Metrics for Anonymity and Confidentiality

Dogan Kesdogan and Lexi Pimenidis
- The Lower Bound of Attacks on Anonymity Systems -- A Unicity Distance Approach

Reine Lundin, Stefan Lindskog, Anna Brunstrom, Simone Fischer-Hübner
- Using Guesswork as a Measure for Confidentiality of Selectively Encrypted Messages

Dogan Kesdogan, Lexi Pimenidis, Tobias Kölsch.
- Intersection Attacks on Web-Mixes: Bringing the Theory into Praxis (short presentation)
Abstract Slides

Ernesto Damiani, Sabrina De Capitani di Vimercati, Sara Foresti, Pierangela Samarati, Marco Viviani
- Measuring Inference Exposure in Outsourced Encrypted Databases (short presentation)

15:30 - 16:00

Coffee Break

16:00 - 18:00

Quantitative Security Models

Simon Foley, Stefano Bistaelli, Barry O'Sullivan, John Herbert and Garret Swart
- Multilevel Security and Quality of Protection

Judith E. Y. Rossebø, Mass Soldal Lund, Knut Eilif Husa and Atle Refsdal
- A Conceptual Model for Service Availability

Miles McQueen, Wayne Boyer, Mark Flynn and George Beitel.
- Time-to-compromise Model for Cyber Risk Reduction Estimation

Valentina Casola, Antonino Mazzeo, Nicola Mazzocca and Massimiliano Rak
- A SLA evaluation methodology in Service Oriented Architectures (short presentation)
Abstract. Slides

Günter Karjoth, Birgit Pfitzmann, Matthias Schunter and Michael Waidner
- Service-oriented Assurance - Comprehensive Security by Explicit Assurances (short presentation)

Iliano Cervesato
- Towards a Notion of  Quantitative Security Analysis

Program with abstract