Data and applications security XX : 20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Sophia Antipolis, France, July 31- August 2, 2006 : proceedings

This book constitutes the refereed proceedings of the 20th Annual Working Conference on Data and Applications Security held in Sophia Antipolis, France, in July/August 2006. The 22 revised full papers presented were carefully reviewed and selected from 56 submissions. The papers explore theory, technique, applications, and practical experience of data and application security covering a number of diverse research topics such as access control, privacy, and identity management.

Creating Objects in the Flexible Authorization Framework.- Detection and Resolution of Anomalies in Firewall Policy Rules.- On Finding an Inference-Proof Complete Database for Controlled Query Evaluation.- Consolidating the Access Control of Composite Applications and Workflows.- Authenticating Multi-dimensional Query Results in Data Publishing.- Xml Streams Watermarking.- Aggregation Queries in the Database-As-a-Service Model.- Policy Classes and Query Rewriting Algorithm for XML Security Views.- Interactive Analysis of Attack Graphs Using Relational Queries.- Notarized Federated Identity Management for Web Services.- Resolving Information Flow Conflicts in RBAC Systems.- Policy Transformations for Preventing Leakage of Sensitive Information in Email Systems.- Term Rewriting for Access Control.- Discretionary and Mandatory Controls for Role-Based Administration.- A Distributed Coalition Service Registry for Ad-Hoc Dynamic Coalitions: A Service-Oriented Approach.- Enhancing User Privacy Through Data Handling Policies.- Efficient Enforcement of Security Policies Based on Tracking of Mobile Users.- A Framework for Flexible Access Control in Digital Library Systems.- Authrule: A Generic Rule-Based Authorization Module.- Aspect-Oriented Risk Driven Development of Secure Applications.- From Business Process Choreography to Authorization Policies.- Information Theoretical Analysis of Two-Party Secret Computation.