Quality of Protection: Security Measurements and Metrics is an edited volume based on the Quality of Protection Workshop in Milano, Italy (September 2005). This volume discusses how security research can progress towards quality of protection in security comparable to quality of service in networking and software measurements, and metrics in empirical software engineering. Information security in the business setting has matured in the last few decades. Standards such as IS017799, the Common Criteria (ISO15408), and a number of industry certifications and risk analysis methodologies have raised the bar for good security solutions from a business perspective.

Designed for a professional audience composed of researchers and practitioners in industry, Quality of Protection: Security Measurements and Metrics is also suitable for advanced-level students in computer science.

Quality of Protection: Security Measurements and Metrics is an edited volume based on the Quality of Protection Workshop in Milano, Italy (September 2005). This volume discusses how security research can progress towards quality of protection in security comparable to quality of service in networking and software measurements, and metrics in empirical software engineering. Information security in the business setting has matured in the last few decades. Standards such as IS017799, the Common Criteria (ISO15408), and a number of industry certifications and risk analysis methodologies have raised the bar for good security solutions from a business perspective.

Designed for a professional audience composed of researchers and practitioners in industry, Quality of Protection: Security Measurements and Metrics is also suitable for advanced-level students in computer science.

It is our pleasure to welcome you to the proceedings of the Second International Symposium on Engineering Secure Software and Systems. This unique event aimed at bringing together researchersfrom softwareen- neering and security engineering, which might help to unite and further develop the two communities in this and future editions. The parallel technical spons- ships from the ACM SIGSAC (the ACM interest group in security) and ACM SIGSOF (the ACM interest group in software engineering) is a clear sign of the importance of this inter-disciplinary research area and its potential. The di?culty of building secure software systems is no longer focused on mastering security technology such as cryptography or access control models. Other important factors include the complexity of modern networked software systems, the unpredictability of practical development life cycles, the intertw- ing of and trade-o? between functionality, security and other qualities, the d- culty of dealing with human factors, and so forth. Over the last years, an entire research domain has been building up around these problems. The conference program included two major keynotes from Any Gordon (Microsoft Research Cambridge) on the practical veri?cation of security pro- cols implementation and Angela Sasse (University College London) on security usability and an interesting blend of research, industry and idea papers.

As intelligent autonomous agents and multiagent system applications become more pervasive, it becomes increasingly important to understand the risks associated with using these systems. Incorrect or inappropriate agent behavior can have harmful - fects, including financial cost, loss of data, and injury to humans or systems. For - ample, NASA has proposed missions where multiagent systems, working in space or on other planets, will need to do their own reasoning about safety issues that concern not only themselves but also that of their mission. Likewise, industry is interested in agent systems that can search for new supply opportunities and engage in (semi-) automated negotiations over new supply contracts. These systems should be able to securely negotiate such arrangements and decide which credentials can be requested and which credentials may be disclosed. Such systems may encounter environments that are only partially understood and where they must learn for themselves which aspects of their environment are safe and which are dangerous. Thus, security and safety are two central issues when developing and deploying such systems. We refer to a multiagent system's security as the ability of the system to deal with threats that are intentionally caused by other intelligent agents and/or s- tems, and the system's safety as its ability to deal with any other threats to its goals.

It is our pleasure to welcome you to the ?rst edition of the International S- posium on Engineering Secure Software and Systems. This unique events aims at bringing together researchers from Software - gineeringandSecurity Engineering, helping to unite and further developthe two communitiesinthisandfutureeditions.Theparalleltechnicalsponsorshipsfrom the ACM SIGSAC (the ACM interest group in security) and ACM SIGSOFT (the ACM interest groupin softwareengineering) and the IEEE TCSE is a clear sign of the importance of this inter-disciplinary research area and its potential. The di?culty of building secure software systems is no longer focused on mastering security technology such as cryptography or access control models. Other important, and less controllable, factors include the complexity of m- ern networked software systems, the unpredictability of practical development lifecycles, the intertwining of and trade-o? between functionality, security and other qualities, the di?culty of dealing with human factors, and so forth. Over the last few years, an entire research domain has been building up around these problems. And although some battles have been won, the jury is still out on the ?nal verdict. The conference program included two major keynotes from Axel Van L- sweerde (U. Louvain) and Wolfram Schulte (Microsoft Research) and an int- esting blend of research, industry and idea papers

This book constitutes the refereed proceedings of the 4th International Conference on Trust Management, iTrust 2006. 30 revised full papers and 4 revised short papers are presented together with 1 keynote paper and 7 trust management tool and systems demonstration reports. Besides technical issues in distributed computing and open systems, topics from law, social sciences, business, and philosophy are addressed.