Computer Security - ESORICS 2005

Foreword from the Program Chairs These proceedings contain the papers selected for presentation at the 10th - ropean Symposium on Research in Computer Security (ESORICS), held S- tember 1214, 2005 in Milan, Italy. In response to the call for papers 159 papers were submitted to the conf- ence. These paperswere evaluated on the basis of their signi?cance, novelty,and technical quality. Each paper was reviewed by at least three members of the program committee. The program committee meeting was held electronically, holding intensive discussion over a period of two weeks. Of the papers subm- ted, 27 were selected for presentation at the conference, giving an acceptance rate of about 16%. The conference program also includes an invited talk by Barbara Simons. There is a long list of people who volunteered their time and energy to put together the symposiom and who deserve acknowledgment. Thanks to all the members of the program committee, and the external reviewers, for all their hard workin evaluating and discussing papers. We are also very grateful to all those people whose work ensured a smooth organizational process: Pierangela Samarati, who served as General Chair, Claudio Ardagna, who served as P- licity Chair, Dieter Gollmann who served as Publication Chair and collated this volume, and Emilia Rosti and Olga Scotti for helping with local arrangements. Last, but certainly not least, our thanks go to all the authors who submitted papers and all the attendees. We hope you ?nd the program stimulating.

Contenu
Computerized Voting Machines: A View from the Trenches.- XML Access Control with Policy Matching Tree.- Semantic Access Control Model: A Formal Specification.- A Generic XACML Based Declarative Authorization Scheme for Java.- Specification and Validation of Authorisation Constraints Using UML and OCL.- Unified Index for Mobile Object Data and Authorizations.- On Obligations.- A Practical Voter-Verifiable Election Scheme.- Machine-Checked Security Proofs of Cryptographic Signature Schemes.- Sanitizable Signatures.- Limits of the Cryptographic Realization of Dolev-Yao-Style XOR.- Security-Typed Languages for Implementation of Cryptographic Protocols: A Case Study.- Augmented Oblivious Polynomial Evaluation Protocol and Its Applications.- Using Attack Trees to Identify Malicious Attacks from Authorized Insiders.- An Efficient and Unified Approach to Correlating, Hypothesizing, and Predicting Intrusion Alerts.- Towards a Theory of Intrusion Detection.- On Scalability and Modularisation inthe Modelling of Network Security Systems.- Sybil-Resistant DHT Routing.- Botnet Tracking: Exploring a Root-Cause Methodology to Prevent Distributed Denial-of-Service Attacks.- Quantifying Probabilistic Information Flow in Computational Reactive Systems.- Enforcing Non-safety Security Policies with Program Monitors.- Soundness of Formal Encryption in the Presence of Key-Cycles.- Privacy Preserving Clustering.- Abstractions Preserving Parameter Confidentiality.- Minimal Disclosure in Hierarchical Hippocratic Databases with Delegation.- Security Notions for Disk Encryption.- Local View Attack on Anonymous Communication.- Browser Model for Security Analysis of Browser-Based Protocols.