MetriSec 2011 - International Workshop on Security Measurements and Metrics

Workshop program

8:45-9:00

Welcome

9:00-10:00 Session 1 - Vulnerabilities

Session Chair: Riccardo Scandariato, Katholieke Universiteit Leuven, Belgium

Golnaz Elahi, Eric Yu and Nicola Zannone. Security Risk Management by Qualitative Vulnerability Analysis [pdf]
Maureen Doyle and James Walden. An Empirical Study of the Evolution of PHP Web Application Security [pdf]

10:00-10:30

Coffee Break

10:30-12:00 Session 2 - Alerts

Session Chair: Laurie Williams, NCSU, USA

Stewart Kowalski, Rostyslav Barabanov and Robert Hoffmann. Cyber Security Alert Warning System:A Socio-Techinal Coordinate System Proposal [pdf]
Harpreet Kohli, Dale Lindskog, Pavol Zavarsky and Ron Ruhl. An Enhanced Threat Identification Approach For Collusion Threats [pdf]
Sufatrio and Roland H.C. Yap. Quantifying the Effects of More Timely Certificate Revocation on Lightweight Mobile Devices [pdf]

12:00-13:30

Lunch (Vista Dining Room)

13:30-15:00 Session 3 - Privacy and Short Talks

Session Chair: Maureen Doyle, Northern Kentucky University, USA

Sebastian Banescu and Nicola Zannone. Measuring Privacy Compliance with Process Specifications [pdf]
Emmanuel Ibidokun Tope, Pavol Zavarsky, Ron Ruhl and Dale Lindskog, Performance Evaluation of Oracle VM Server Virtualization Software 64 bit Linux Environment [pdf]
Erland Jonsson and Laleh Pirzadeh, A Framework for Security Metrics Based on Operational System Attributes [pdf]
Jeffrey Stuckman and James Purtilo, A testbed for the evaluation of web intrusion prevention systems [pdf]
Kihun Jang and Heung-Youl Youm, Authentication Protocol for Preventing Damage by Loss and Theft of Smartphone [pdf]
Laleh Pirzadeh and Erland Jonsson, A Cause and Effect Approach Towards Risk Analysis [pdf]
Lukas Demetz, Daniel Bachlechner, Stefan Thalmann and Ronald Maier, Performance measurement in cross-organizational security settings [pdf]

15:00-15:30

Coffee Break

15:30-17:00 Breakout Session

Session Chair: James Walden, Northern Kentucky University, USA

Olav S. Ligaarden, Atle Refsdal and Ketil Stølen, Experiences from Using Indicators to Validate Expert Judgments in Security Risk Analysis [pdf]
Miles McQueen, Jason Wright, Lawrence Wellman, Are Vulnerability Disclosure Deadlines Justified? [pptx]

In the remaining time in this session, we will discuss common problems in empirical software security research, such as the quality of data sources for research.