Third Workshop on Quality of Protection Workshop co-located with CCS-2007 Mon. Oct. 29 - Alexandria VA, USA Hilton Alexandria Mark Center

Home Programme Invited Speaker Accepted papers Call For Papers Call For Participation Committees Registration Acknowledgments QoP 2005 QoP 2006 QoP 2008 MetriSec 2009

Workshop Programme 08:00 - 09:00 Breakfast 09:00 - 09:15 Opening Guenter Karjoth (chair) Ketil Stolen (chair) 09:15 - 10:45 Session 1: Software Security (Chair: Guenter Karjoth) Vadim Okun, William F. Guthrie, Romain Gaucher and Paul E. Black - Effect of Static Analysis Tools on Software Security: Preliminary Investigation Abstract Andy Ozment - Improving Vulnerability Discovery Models: Problems with definitions and assumptions Abstract Hongxia Jin and Ginger Myles - A technique for self-certifying tamper resistant software Abstract 10:45 - 11:00 Coffee Break 11:00 - 11:20 Session 1: continued Bertrand Anckaert, Matias Madou, Bjorn De Sutter, Bruno De Bus, Koen De Bosschere and Bart Preneel - Program Obfuscation: A Quantitative Approach (short) Abstract 11:20 - 12:20 Invited Talk (chair: Ketil Stolen) Shari Lawrence Pfleeger - Measuring Up: How to Keep Security Metrics Useful and Realistic Synopsis 12:20 - 13:30 Lunch 13:30 - 14:40 Session 2: Business Security Metrics (chair: Andy Ozment) Fabio Massacci and Artsiom Yautsiukhin - An algorithm for the security appraisal for complex business processes Abstract Reijo Savola - A Taxonomy for Information Security Metrics Development for ICT Product Industry (short) Abstract Idongesit Mkpong-Ruffin, David Umphress, John Hamilton and Juan Gilbert - Quantitative Software Security Risk Assessment Model (short) Abstract 14:40 - 15:30 Sesssion 3: Network Security (chair: Fabio Massacci) Daniel Boteanu, Edouard Reich, Jose M. Fernandez and John McHugh - Experimental verification of DoS counter-measure performance Abstract Mohammed S. Gad El Rab, Anas Abou El Kalam and Yves Deswarte - Defining Categories to Select Representative Attack Test-Cases (short) Abstract 15:30 - 15:45 Coffee Break 15:45 - 16:45 Session 4. Risk Analysis (chair: Ketil Stolen) Marco Domenico Aime, Andrea Atzeni and Paolo Carlo Pomi - AMBRA: Automated Model-Based Risk Analysis Abstract Lingyu Wang, Anoop Singhal and Sushil Jajodia - Measuring Network Security Using Attack Graphs Abstract 16:45 - 17:30 Panel Session: - Can we effectively research, assess, and use security metrics? 17:30 - 18:00 Conclusion 18:00 - 21:00 Reception for attendees of ACM CCS Short paper presentations should be at most 20 minutes. Long paper presentations should be at most 30 minutes.