This volume contains the papers presented at the 22nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSEC) held in L- don, UK, July 13–16, 2008. This year’s working conference continued its tra- tion of being a forum for disseminating original research results and practical experiences in data and applications security. This year we had an excellent program that consists of 9 research paper s- sions with 22 high-quality research papers, which were selected from a total of 56 submissions after a rigorous reviewing process by the Program Committee members and external reviewers. These sessions included such topics as access control, privacy, auditing, systems security and data security in advanced app- cation domains. In addition, the programincluded a keynote address, an invited talk and a panel session. The success of this conference was a result of the e?orts of many people. I would like to extend my appreciation to the Program Committee members and external reviewers for their hard work. I would like to thank the General Chair, Steve Barker, fortakingcareoftheorganizationaspectsoftheconferenceandfor arranging the keynote address and the panel session. I would also like to thank Claudio Ardagna for serving as the Publicity Chair and for promptly updating the conference Web page, and Don Lokuadassuriyage for serving as the Local Arrangements Chair. Special thanks go to Alfred Hofmann, Editorial Director at Springer, for agreeing to include these conference proceedings in the Lecture Notes in Computer Science series.
Cuprins
Access Control.- Dynamic Meta-level Access Control in SQL.- On the Formal Analysis of a Spatio-temporal Role-Based Access Control Model.- Audit and Logging.- A Unified Audit Expression Model for Auditing SQL Queries.- A New Approach to Secure Logging.- Keynote.- Security, Functionality and Scale?.- Privacy I.- P4A: A New Privacy Model for XML.- Privacy-Aware Collaborative Access Control in Web-Based Social Networks.- A Privacy-Preserving Ticketing System.- The Analysis of Windows Vista Disk Encryption Algorithm.- Shared and Searchable Encrypted Data for Untrusted Servers.- Secure Construction of Contingency Tables from Distributed Data.- Web Services Security: Techniques and Challenges (Extended Abstract).- Empirical Analysis of Certificate Revocation Lists.- Using New Tools for Certificate Repositories Generation in MANETs.- Privacy II.- Exclusive Strategy for Generalization Algorithms in Micro-data Disclosure.- Protecting the Publishing Identity in Multiple Tuples.- Panel Session: What Are the Key Challenges in Distributed Security?.- On the Applicability of Trusted Computing in Distributed Authorization Using Web Services.- Sharing but Protecting Content Against Internal Leakage for Organisations.- Regulating Exceptions in Healthcare Using Policy Spaces.- Towards Automation of Testing High-Level Security Properties.- An Attack Graph-Based Probabilistic Security Metric.- An Opinion Model for Evaluating Malicious Activities in Pervasive Computing Systems.- DIWe Da – Detecting Intrusions in Web Databases.- Securing Workflows with XACML, RDF and BPEL.