Security and Trust Management 8th International Workshop, STM 2012, Pisa, Italy, September 13-14, 2012, Revised Selected Papers

This book constitutes the thoroughly refereed post-conference proceedings of the 8th International Workshop on Security and Trust Management, STM 2012, held in Pisa, Italy, in September 2012 - in conjunction with the 17th European Symposium Research in Computer Security (ESORICS 2012). The 20 revised full papers were carefully reviewed and selected from 57 submissions. The papers are organized into topical sections on policy enforcement and monitoring; access control; trust, reputation, and privacy; distributed systems and physical security; authentication and security policies.

Policy Enforcement and Monitoring.- Cost-Aware Runtime Enforcement of Security Policies.- Enforcing More with Less: Formalizing Target-Aware Run-Time Monitors.- Lazy Security Controllers.- Access Control.- Automated Analysis of Scenario-Based Specifications of Distributed Access Control Policies with Non-mechanizable Activities.- Labeled Goal-Directed Search in Access Control Logic.- A Use-Based Approach for Enhancing UCON.- Analysis of Communicating Authorization Policies.- Trust, Reputation, and Privacy Building Trust and Reputation In: A Development Framework for Trust Models Implementation.- Matrix Powers Algorithms for Trust Evaluation in Public-Key Infrastructures.- Formal Modelling of (De)Pseudonymisation: A Case Study in Health Care Privacy.- Distributed Systems and Physical Security.- Switchwall: Automated Topology Fingerprinting and Behavior Deviation Identification.- DOT-COM: Decentralized Online Trading and COMmerce.- Formalizing Physical Security Procedures.- Authentication.- A PUF-Based Authentication Protocol to Address Ticket-Switching of RFID-Tagged Items.- Authenticating Email Search Results.- Software Authentication to Enhance Trust in Body Sensor Networks.- YubiSecure? Formal Security Analysis Results for the Yubikey and YubiHSM.- Security Policies.- Boosting Model Checking to Analyse Large ARBAC Policies.- Constrained Role Mining.- A Datalog Semantics for Paralocks.