4th Workshop on Quality of Protection Workshop co-located with CCS-2008 Mon. Oct. 27, 2008 - Alexandria VA, USA

Home Programme Invited Speaker Submission instructions Accepted papers Call For Papers Call For Participation Committees Registration Acknowledgments QoP 2005 QoP 2006 QoP 2007 MetriSec 2009

Workshop Programme 09:00 - 09:15 Opening Ketil Stølen (SINTEF) Welcome Address 09:15 - 10:15 Invited Talk Gunnar Peterson (Arctec Group) The Economics of Finding and Fixing Vulnerabilities in Distributed Systems Abstract 10:15 - 10:35 Session 1: Security Measurement Chair: Riccardo Scandariato (Katholieke Universiteit Leuven) Karen Scarfone, Peter Mell Vulnerability Scoring for Security Configuration Settings (short) Abstract 10:35 - 11:00 Coffee Break 11:00 - 12:20 Session 1: Security Measurement (continued) Chair: Riccardo Scandariato (Katholieke Universiteit Leuven) Aaron Visaggio, Gerardo Canfora Does Enforcing Anonymity Mean Decreasing Data Usefulness? Abstract Marcel Frigault, Lingyu Wang, Anoop Singhal, Sushil Jajodia Measuring Network Security Using Dynamic Bayesian Network Abstract Yijun Yu, haruhiko kaiya, Hironori Washizaki, Yingfei Xiong, Zhenjiang Hu Enforcing a Security Pattern in Stakeholder Goal Models (short) Abstract 12:20 - 13:45 Lunch 13:45 - 15:05 Session 2: Software Security Chair: Andy Ozment Michael Gegick, Laurie Williams, Jason Osborne, Mladen Vouk Prioritizing Software Security Fortification through Code-Level Security Metrics Abstract Mariano Ceccato, Massimiliano Di Penta, Jasvir Nagra, Paolo Falcarin, Filippo Ricca, Marco Torchiano, Paolo Tonella Towards Experimental Evaluation of Code Obfuscation Techniques Abstract Yonghee Shin and Laurie Williams Is Complexity Really the Enemy of Software Security? (short) Abstract 15:05 - 15:25 Coffee Break 15:25 - 16:45 Sesssion 3: Risk Chair: Ketil Stølen (SINTEF) K. Clark, E. Singleton, S. Tyree, J. Hale Strata-Gem: Risk Assessment Through Mission Modeling Abstract Yudistira Asnar, Nicola Zannone Perceived Risk Assessment Abstract Marco Aime, Andrea Atzeni, Paolo Carlo Pomi The Risks With Security Metrics (short) Abstract 16:45 - 17:00 Coffee Break 17:00 - 17:45 Panel Chair: Riccardo Scandariato (Katholieke Universiteit Leuven) Security Analytics: Status and Roadmap in Security Modeling 17:45 - 18:00 Closing Short paper presentations should be at most 20 minutes. Long paper presentations should be at most 30 minutes.