Proceedings of the fourth ACM workshop on Formal methods in security

Abstract

This volume contains the proceedings of the Fourth ACM Workshop on Formal Methods in Security Engineering (FMSE'06) held in Fairfax, Virginia, November 3rd 2006, in conjunction with the 13th ACM Conference on Computer and Communications Security.Information security has become a crucial concern for the commercial deployment of almost all applications and middleware. Although this is commonly recognized, the incorporation of security requirements in the software development process is not yet well understood. The deployment of security mechanisms is often ad hoc, without a formal security specification or analysis, and practically always without a formal security validation of the final product. Progress is being made, but there remains a wide gap between high-level security models and actual code development.The purpose of FMSE is to bring together researchers and practitioners from both the security and the software engineering communities, from academia and industry, who are working to apply formal methods to the design and validation of large-scale systems. The scope of the workshop -- as indicated by the call for papers -- covers the security and formal methods aspects of: security specification techniques, formal trust models, combination of formal techniques with semi-formal techniques like UML, formal analyses of specific security properties relevant to software development, security-preserving composition and refinement of processes, symbolic and computational models of security protocols, integration of security aspects into formal development methods and tools, access control policies, information flow, risk management and network security, formal analysis of firewalls and intrusion detection systems, trusted computing, and case studies.As for previous years, the paper selection process was very competitive. Our call for papers attracted 21 submissions from Asia, North Africa, Canada, Europe, Russia, and the United States. The program committee accepted 7 papers for presentation at the workshop. Many high-quality papers had to be rejected. In addition, the program includes invited talks from Joshua Guttman and Steve Zdancewic.