Inthe?eldofformalmethodsincomputerscience,concurrencytheoryisreceivinga constantlyincreasinginterest.Thisisespeciallytrueforprocessalgebra.Althoughit had been originally conceived as a means for reasoning about the semantics of c- current programs, process algebraic formalisms like CCS, CSP, ACP, ?-calculus, and their extensions (see, e.g., [154,119,112,22,155,181,30]) were soon used also for comprehendingfunctionaland nonfunctionalaspects of the behaviorof com- nicating concurrent systems. The scienti?c impact of process calculi and behavioral equivalences at the base of process algebra is witnessed not only by a very rich literature. It is in fact worth mentioningthe standardizationprocedurethat led to the developmentof the process algebraic language LOTOS [49], as well as the implementation of several modeling and analysis tools based on process algebra, like CWB [70] and CADP [93], some of which have been used in industrial case studies. Furthermore, process calculi and behavioral equivalencesare by now adopted in university-levelcourses to teach the foundations of concurrent programming as well as the model-driven design of concurrent, distributed, and mobile systems. Nevertheless, after 30 years since its introduction, process algebra is rarely adopted in the practice of software development. On the one hand, its technica- ties often obfuscate the way in which systems are modeled. As an example, if a process term comprises numerous occurrences of the parallel composition operator, it is hard to understand the communicationscheme among the varioussubterms. On the other hand, process algebra is perceived as being dif?cult to learn and use by practitioners, as it is not close enough to the way they think of software systems.

This work represents a milestone for the "ULOOP User-centric Wireless Local Loop" project funded by the EU IST Seventh Framework Programme. ULOOP is focused on the robust, secure, and autonomic deployment of user-centric wireless networks. Contributions by ULOOP partners as well as invited tutorials by international experts in the field. The expected impact is to increase awareness to user-centric networking in terms, e.g., of business opportunities and quality of experience, and to present adequate technology to sustain the growth of user-friendly wireless architectures. Throughout the last 3 years, ULOOP has developed enabling technologies for user-centricity in wireless networks, with particular emphasis on social trust management, cooperation incentives, community building, mobility estimation, and resource management. This work will be of interest to researchers, policymakers, operators, vendors, and end-users interested in the current and future directions of user-centric access networks.

This work represents a milestone for the "ULOOP User-centric Wireless Local Loop" project funded by the EU IST Seventh Framework Programme. ULOOP is focused on the robust, secure, and autonomic deployment of user-centric wireless networks. Contributions by ULOOP partners as well as invited tutorials by international experts in the field. The expected impact is to increase awareness to user-centric networking in terms, e.g., of business opportunities and quality of experience, and to present adequate technology to sustain the growth of user-friendly wireless architectures. Throughout the last 3 years, ULOOP has developed enabling technologies for user-centricity in wireless networks, with particular emphasis on social trust management, cooperation incentives, community building, mobility estimation, and resource management. This work will be of interest to researchers, policymakers, operators, vendors, and end-users interested in the current and future directions of user-centric access networks.

Inthe?eldofformalmethodsincomputerscience,concurrencytheoryisreceivinga constantlyincreasinginterest.Thisisespeciallytrueforprocessalgebra.Althoughit had been originally conceived as a means for reasoning about the semantics of c- current programs, process algebraic formalisms like CCS, CSP, ACP, ?-calculus, and their extensions (see, e.g., [154,119,112,22,155,181,30]) were soon used also for comprehendingfunctionaland nonfunctionalaspects of the behaviorof com- nicating concurrent systems. The scienti?c impact of process calculi and behavioral equivalences at the base of process algebra is witnessed not only by a very rich literature. It is in fact worth mentioningthe standardizationprocedurethat led to the developmentof the process algebraic language LOTOS [49], as well as the implementation of several modeling and analysis tools based on process algebra, like CWB [70] and CADP [93], some of which have been used in industrial case studies. Furthermore, process calculi and behavioral equivalencesare by now adopted in university-levelcourses to teach the foundations of concurrent programming as well as the model-driven design of concurrent, distributed, and mobile systems. Nevertheless, after 30 years since its introduction, process algebra is rarely adopted in the practice of software development. On the one hand, its technica- ties often obfuscate the way in which systems are modeled. As an example, if a process term comprises numerous occurrences of the parallel composition operator, it is hard to understand the communicationscheme among the varioussubterms. On the other hand, process algebra is perceived as being dif?cult to learn and use by practitioners, as it is not close enough to the way they think of software systems.

FOSAD has been one of the foremost educational events established with the goal of disseminating knowledge in the critical area of security in computer systems and networks. Over the years, both the summer school and the book series have represented a reference point for graduate students and young researchers from academia or industry, interested to approach the field, investigate open problems, and follow priority lines of research. This book presents thoroughly revised versions of nine tutorial lectures given by leading researchers during three International Schools on Foundations of Security Analysis and Design, FOSAD, held in Bertinoro, Italy, in September 2012 and 2013. The topics covered in this book include model-based security, automatic verification of secure applications, information flow analysis, cryptographic voting systems, encryption in the cloud, and privacy preservation.

FOSAD has been one of the foremost educational events established with the goal of disseminating knowledge in the critical area of security in computer systems and networks. Offering a timely spectrum of current research in foundations of security, FOSAD also proposes panels dedicated to topical open problems, and giving presentations about ongoing work in the field, in order to stimulate discussions and novel scientific collaborations. This book presents thoroughly revised versions of nine tutorial lectures given by leading researchers during three International Schools on Foundations of Security Analysis and Design, FOSAD, held in Bertinoro, Italy, in September 2010 and August/September 2011. The topics covered in this book include privacy and data protection; security APIs; cryptographic verification by typing; model-driven security; noninterfer-quantitative information flow analysis; and risk analysis.

overviewofthebestindustrialpracticesinITsecurityanalysis.Inparticular, the paperpresentsrecentresearchresultsinthe areaofformalfoundations andpow- erfultoolsforsecurityanalysis.ThecontributionbyUlfarErlingssonoutlinesthe general issues of low-level software security. Concrete details of low-level attacks anddefensesaregiveninthe caseof CandC++softwarecompiledinto machine code. Fabio Martinelli and Paolo Mori describe a solution to improve the Java native security support. Two examples of the application of the proposed so- tion, with history-based monitoring of the application behavior, are given in the case of grid computing and mobile devices. The purpose of the chapter by Javier Lopez, Cristina Alcaraz, and Rodrigo Roman is to review and discuss critical information infrastructures, and show how to protect their functionalities and performance against attacks. As an example, the chapter also discusses the role of wireless sensor networks technology in the protection of these infrastructures. The paper by Liqun Chen is a survey in the area of asymmetric key cryp- graphic methodologies for identity-based cryptography. Audun Josang gives an overviewofthebackground, currentstatus, andfuturetrendoftrustandrepu- tionsystems.Inthefollowingchapter, MarcinCzenko, SandroEtalle, DongyiLi, and William H. Winsborough present the trust management approach to access controlindistributed systems.Inparticular, they focus onthe RT family ofro- based trust management languages. Chris Mitchell and Eimear Gallery report on the trusted computing technology for the next-generation mobile device

The increasing relevance of security to real-life applications, such as electronic commerce and Internet banking, is attested by the fast-growing number of - search groups, events, conferences, and summer schools that address the study of foundations for the analysis and the design of security aspects. The Int- national School on Foundations of Security Analysis and Design (FOSAD, see http: //www.sti.uniurb.it/events/fosad/)has been one of the foremost events - tablishedwiththegoalofdisseminatingknowledgeinthiscriticalarea, especially for young researchers approaching the ?eld and graduate students coming from less-favoured and non-leading countries. The FOSAD school is held annually at the Residential Centre of Bertinoro (http: //www.ceub.it/), in the fascinating setting of a former convent and ep- copal fortress that has been transformed into a modern conference facility with computing services and Internet access. Since the ?rst school, in 2000, FOSAD hasattractedmorethan250participantsand50lecturersfromallovertheworld. A collection of tutorial lectures from FOSAD 2000 was published in Springer s LNCS volume 2171. Some of the tutorials given at the two successive schools (FOSAD 2001 and 2002) are gathered in a second volume, LNCS 2946. To c- tinue this tradition, the present volume collects a set of tutorials fromthe fourth FOSAD, held in 2004, and from FOSAD 2005."

This book constitutes the refereed proceedings of the 11th International Workshop on Data Privacy Management, DPM 2016 and the 5th International Workshop on Quantitative Aspects in Security Assurance, QASA 2016, held in Heraklion, Crete, Greece, in September 2016. 9 full papers and 4 short papers out of 24 submissions are included in the DPM 2016 Workshop. They are organized around areas related to the management of privacy-sensitive informations, such as translation of high-level business goals into system-level privacy policies; administration of sensitive identifiers; data integration and privacy engineering. The QASA workshop centeres around research topics with a particular emphasis on the techniques for service oriented architectures, including aspects of dependability, privacy, risk and trust. Three full papers and one short papers out of 8 submissions are included in QASA 2016.

FOSAD has been one of the foremost educational events established with the goal of disseminating knowledge in the critical area of security in computer systems and networks. Over the years, both the summer school and the book series have represented a reference point for graduate students and young researchers from academia and industry, interested to approach the field, investigate open problems, and follow priority lines of research. This book presents thoroughly revised versions of four tutorial lectures given by leading researchers during three International Schools on Foundations of Security Analysis and Design, FOSAD, held in Bertinoro, Italy, in September 2014, 2015 and 2016. The topics covered in this book include zero-knowledge proof systems, JavaScript sandboxing, assessment of privacy, and distributed authorization.

This book constitutes the revised selected papers of the 10th International Workshop on Data Privacy Management, DPM 2015, and the 4th International Workshop on Quantitative Aspects in Security Assurance, QASA 2015, held in Vienna, Austria, in September 2015, co-located with the 20th European Symposium on Research in Computer Security, ESORICS 2015. In the DPM 2015 workshop edition, 39 submissions were received. In the end, 8 full papers, accompanied by 6 short papers, 2 position papers and 1 keynote were presented in this volume. The QASA workshop series responds to the increasing demand for techniques to deal with quantitative aspects of security assurance at several levels of the development life-cycle of systems and services, from requirements elicitation to run-time operation and maintenance. QASA 2015 received 11 submissions, of which 4 papers are presented in this volume as well.

This book constitutes the revised selected papers of the 9th International Workshop on Data Privacy Management, DPM 2014, the 7th International Workshop on Autonomous and Spontaneous Security, SETOP 2014, and the 3rd International Workshop on Quantitative Aspects in Security Assurance, held in Wroclaw, Poland, in September 2014, co-located with the 19th European Symposium on Research in Computer Security (ESORICS 2014). The volume contains 7 full and 4 short papers plus 1 keynote talk from the DPM workshop; 2 full papers and 1 keynote talk from the SETOP workshop; and 7 full papers and 1 keynote talk from the QASA workshop - selected out of 52 submissions. The papers are organized in topical sections on data privacy management; autonomous and spontaneous security; and quantitative aspects in security assurance.

FOSAD has been one of the foremost educational events established with the goal of disseminating knowledge in the critical area of security in computer systems and networks. Offering a good spectrum of current research in foundations of security, FOSAD also proposes panels dedicated to topical open problems, and giving presentations about ongoing work in the field, in order to favour discussions and novel scientific collaborations.

This book presents thoroughly revised versions of ten tutorial lectures given by leading researchers during three International Schools on Foundations of Security Analysis and Design, FOSAD 2007/2008/2009, held in Bertinoro, Italy, in September 2007, August 2008, and August/September 2009. The topics covered in this book include cryptographic protocol analysis, program and resource certification, identity management and electronic voting, access and authorization control, wireless security, mobile code and communications security.