This book constitutes the proceedings of the 17th International Conference on Risks and Security of Internet and Systems, CRiSIS 2022, which took place in Sousse, Tunesia, during December 7-9, 2022. The 14full papers and 4 short papers included in this volume were carefully reviewed and selected from 39 submissions. The papers detail security issues in internet-related applications, networks and systems.

This book constitutes the thoroughly refereed post-conference proceedings of the Third International Workshop on the Security of Industrial Control Systems and of Cyber-Physical Systems, CyberICPS 2017, and the First International Workshop on Security and Privacy Requirements Engineering, SECPRE 2017, held in Oslo, Norway, in September 2017, in conjunction with the 22nd European Symposium on Research in Computer Security, ESORICS 2017. The CyberICPS Workshop received 32 submissions from which 10 full and 2 short papers were selected for presentation. They cover topics related to threats, vulnerabilities and risks that cyber-physical systems and industrial control systems face; cyber attacks that may be launched against such systems; and ways of detecting and responding to such attacks. From the SECPRE Workshop 5 full papers out of 14 submissions are included. The selected papers deal with aspects of security and privacy requirements assurance and evaluation; and security requirements elicitation and modelling.

This book constitutes the carefully refereed and revised selected papers of the 5th Canada-France ETS Symposium on Foundations and Practice of Security, FPS 2012, held in Montreal, QC, Canada, in October 2012. The book contains a revised version of 21 full papers, accompanied by 3 short papers. The papers were carefully reviewed and selected from 62 submissions. The papers are organized in topical section on cryptography and information theory, key management and cryptographic protocols, privacy and trust, policies and applications security, and network and adaptive security.

This book constitutes the refereed proceedings of the 26th IFIP WG 11.3 International Conference on Data and Applications Security and Privacy, DBSec 2012, held in Paris, France in July 2012. The 17 revised full and 15 short papers presented together with 1 invited paper were carefully reviewed and selected from 49 submissions. The papers are organized in topical sections on access control, confidentiality and privacy, smart cards security, privacy-preserving technologies, data management, intrusion and malware, probabilistic attacks and protection, and cloud computing.

This book constitutes the thoroughly refereed joint post proceedings of two international workshops, the 6th International Workshop on Data Privacy Management, DPM 2011, and the 4th International Workshop on Autonomous and Spontaneous Security, SETOP 2011, held in Leuven, Belgium, in September 2011. The volume contains 9 full papers and 1 short paper from the DPM workshop and 9 full papers and 2 short papers from the SETOP workshop, as well as the keynote paper. The contributions from DPM cover topics from location privacy, privacy-based metering and billing, record linkage, policy-based privacy, application of data privacy in recommendation systems, privacy considerations in user profiles, in RFID, in network monitoring, in transactions protocols, in usage control, and in customer data. The topics of the SETOP contributions are access control, policy derivation, requirements engineering, verification of service-oriented-architectures, query and data privacy, policy delegation and service orchestration.

This book constitutes the thoroughly refereed post-conference proceedings of the two international workshops DPM 2009, the 4th International Workshop on Data Privacy Management, and SETOP 2009, the Second International Workshop on Autonomous and Spontaneous Security, collocated with the ESORICS 2009 symposium in St. Malo, France, in September 2009.

The 8 revised full papers for DPM 2009, selected from 23 submissions, presented together with two keynote lectures are accompanied by 9 revised full papers of SETOP 2009; all papers were carefully reviewed and selected for inclusion in the book. The DPM 2009 papers cover topics such as privacy in service oriented architectures, privacy-preserving mechanisms, crossmatching and indistinguishability techniques, privacy policies, and disclosure of information. The SETOP 2009 papers address all current issues within the sope of security policies, identification and privacy, as well as security mechanisms.

This book constitutes the proceedings of the 17th International Conference on Risks and Security of Internet and Systems, CRiSIS 2021, which took place during November 11-13, 2021. The conference was originally planned to take place in Ames, IA, USA, but had to change to an online format due to the COVID-19 pandemic. The 9 full and 3 short papers included in this volume were carefully reviewed and selected from 23 submissions. The papers were organized in topical sections named: CPS and hardware security; attacks, responses, and security management; network and data security.

This book constitutes the refereed proceedings of six International Workshops that were held in conjunction with the 26th European Symposium on Research in Computer Security, ESORICS 2021, which took place during October 4-6, 2021. The conference was initially planned to take place in Darmstadt, Germany, but changed to an online event due to the COVID-19 pandemic.The 32 papers included in these proceedings stem from the following workshops: the 7th Workshop on the Security of Industrial Control Systems and of Cyber-Physical Systems, CyberICPS 2021, which accepted 7 papers from 16 submissions; the 5th International Workshop on Security and Privacy Requirements Engineering, SECPRE 2021, which accepted 5 papers from 8 submissions; the 4th International Workshop on Attacks and Defenses for Internet-of-Things, ADIoT 2021, which accepted 6 full and 1 short paper out of 15 submissions; the 3rd Workshop on Security, Privacy, Organizations, and Systems Engineering, SPOSE 2021, which accepted 5 full and 1 short paper out of 13 submissions. the 2nd Cyber-Physical Security for Critical Infrastructures Protection, CPS4CIP 2021, which accepted 3 full and 1 short paper out of 6 submissions; and the 1st International Workshop on Cyber Defence Technologies and Secure Communications at the Network Edge, CDT & SECOMANE 2021, which accepted 3 papers out of 7 submissions. The following papers are available open access under a Creative Commons Attribution 4.0 International License via link.springer.com:Why IT Security Needs Therapy by Uta Menges, Jonas Hielscher, Annalina Buckmann, Annette Kluge, M. Angela Sasse, and Imogen Verret Transferring Update Behavior from Smartphones to Smart Consumer Devices by Matthias Fassl, Michaela Neumayr, Oliver Schedler, and Katharina Krombholz Organisational Contexts of Energy Cybersecurity by Tania Wallis, Greig Paul, and James Irvine SMILE - Smart eMaIl Link domain Extractor by Mattia Mossano, Benjamin Berens, Philip Heller, Christopher Beckmann, Lukas Aldag, Peter Mayer, and Melanie Volkamer A Semantic Model for Embracing Privacy as Contextual Integrity in the Internet of Things by Salatiel Ezennaya-Gomez, Claus Vielhauer, and Jana Dittmann Data Protection Impact Assessments in Practice - Experiences from Case Studies by Michael Friedewald, Ina Schiering, Nicholas Martin, and Dara Hallinan

This book constitutes the proceedings of the 15th International Conference on Risks and Security of Internet and Systems, CRiTIS 2020, which took place during November 4-6, 2020. The conference was originally planned to take place in Paris, France, but had to change to an online format due to the COVID-19 pandemic. The 16 full and 7 short papers included in this volume were carefully reviewed and selected from 44 submissions. In addition, the book contains one invited talk in full paper length. The papers were organized in topical sections named: vulnerabilities, attacks and intrusion detection; TLS, openness and security control; access control, risk assessment and security knowledge; risk analysis, neural networks and Web protection; infrastructure security and malware detection.

This book constitutes the refereed post-conference proceedings of the 6th International Workshop on Security of Industrial Control Systems and Cyber-Physical Systems, CyberICPS 2020, the Second International Workshop on Security and Privacy Requirements Engineering, SECPRE 2020, and the Third International Workshop on Attacks and Defenses for Internet-of-Things, ADIoT 2020, held in Guildford, UK, in September 2020 in conjunction with the 25th European Symposium on Research in Computer Security, ESORICS 2020. Due to COVID-19 pandemic the conference was held virtually The CyberICPS Workshop received 21 submissions from which 5 full papers were selected for presentation. They cover topics related to threats, vulnerabilities and risks that cyber-physical systems and industrial control systems face; cyberattacks that may be launched against such systems; and ways of detecting and responding to such attacks. From the SECPRE Workshop 4 full papers out of 7 submissions are included. The selected papers deal with aspects of security and privacy requirements assurance and evaluation; and security requirements elicitation and modelling and to GDPR compliance. From the ADIoT Workshop 2 full papers and 2 short papers out of 12 submissions are included. The papers focus on IoT attacks and defenses and discuss either practical or theoretical solutions to identify IoT vulnerabilities and IoT security mechanisms.

This book constitutes the refereed post-conference proceedings of the 5th International Workshop on Security of Industrial Control Systems and Cyber-Physical Systems, CyberICPS 2019, the Third International Workshop on Security and Privacy Requirements Engineering, SECPRE 2019, the First International Workshop on Security, Privacy, Organizations, and Systems Engineering, SPOSE 2019, and the Second International Workshop on Attacks and Defenses for Internet-of-Things, ADIoT 2019, held in Luxembourg City, Luxembourg, in September 2019, in conjunction with the 24th European Symposium on Research in Computer Security, ESORICS 2019. The CyberICPS Workshop received 13 submissions from which 5 full papers and 2 short papers were selected for presentation. They cover topics related to threats, vulnerabilities and risks that cyber-physical systems and industrial control systems face; cyber attacks that may be launched against such systems; and ways of detecting and responding to such attacks. From the SECPRE Workshop 9 full papers out of 14 submissions are included. The selected papers deal with aspects of security and privacy requirements assurance and evaluation; and security requirements elicitation and modelling and to GDPR compliance. The SPOSE Workshop received 7 submissions from which 3 full papers and 1 demo paper were accepted for publication. They demonstrate the possible spectrum for fruitful research at the intersection of security, privacy, organizational science, and systems engineering. From the ADIoT Workshop 5 full papers and 2 short papers out of 16 submissions are included. The papers focus on IoT attacks and defenses and discuss either practical or theoretical solutions to identify IoT vulnerabilities and IoT security mechanisms.

This book constitutes the revised selected papers from the 14th International Conference on Risks and Security of Internet and Systems, CRiSIS 2019, held in Hammamet, Tunisia, in October 2019. The 20 full papers and 4 short papers presented in this volume were carefully reviewed and selected from 64 submissions. They cover diverse research themes that range from classic topics, such as risk analysis and management; access control and permission; secure embedded systems; network and cloud security; information security policy; data protection and machine learning for security; distributed detection system and blockchain.

This book constitutes the thoroughly refereed post-conference proceedings of the 4th International Workshop on the Security of Industrial Control Systems and Cyber-Physical Systems, CyberICPS 2018, and the Second International Workshop on Security and Privacy Requirements Engineering, SECPRE 2018, held in Barcelona, Spain, in September 2018, in conjunction with the 23rd European Symposium on Research in Computer Security, ESORICS 2018. The CyberICPS Workshop received 15 submissions from which 8 full papers were selected for presentation. They cover topics related to threats, vulnerabilities and risks that cyber-physical systems and industrial control systems face; cyber attacks that may be launched against such systems; and ways of detecting and responding to such attacks. From the SECPRE Workshop 5 full papers out of 11 submissions are included. The selected papers deal with aspects of security and privacy requirements assurance and evaluation; and security requirements elicitation and modelling.

This book constitutes the revised selected papers from the 13th International Conference on Risks and Security of Internet and Systems, CRiSIS 2018, held in Arcachon, France, in October 2018. The 12 full papers and 6 short papers presented in this volume were carefully reviewed and selected from 34 submissions. They cover diverse research themes that range from classic topics, such as vulnerability analysis and classification; apps security; access control and filtering; cloud security; cyber-insurance and cyber threat intelligence; human-centric security and trust; and risk analysis.

This book constitutes the refereed post-conference proceedings of the Third International Conference on Interoperability, InterIoT 2017, which was collocated with SaSeIoT 2017, and took place in Valencia, Spain, in November 2017. The 14 revised full papers were carefully reviewed and selected from 22 submissions and cover all aspects of the latest research findings in the area of Internet of Things (IoT).

This book constitutes the revised selected papers from the 12th International Conference on Risk and Security of Internet and Systems, CRISIS 2017, held in Dinard, France, in September 2017.The 12 full papers and 5 short papers presented in this volume were carefully reviewed and selected from 42 submissions. They cover diverse research themes, ranging from classic topics, such as vulnerability analysis and classification; apps security; access control and filtering; cloud security; cyber-insurance and cyber threat intelligence; human-centric security and trust; and risk analysis.

This book constitutes the refereed proceedings of the Second Conference on Security of Industrial Control Systems and Cyber-Physical Systems, CyberICPS 2016, held in Crete, Greece, in September 2016 in conjunction with ESORICS 2016, the 21st annual European Symposium on Research in Computer Security. The 5 revised full papers 2 invited papers presented were carefully reviewed and selected from 18 initial submissions. CyberICPS 2016 focuses on topics related to the management of cyber security in industrial control systems and cyber-physical systems, including security monitoring, trust management, security policies and measures.

This book constitutes the revised selected papers from the 11th International Conference on Risk and Security of Internet and Systems, CRISIS 2016, held in Roscoff, France, in September 2016. The 17 full papers presented in this volume were carefully reviewed and selected from 24 submissions. They cover diverse research themes, ranging from classic topics, such as intrusion detection, applied cryptography, formal methods and methodology for risk and security analysis, to emerging issues, such as ransomware and security of software defined networking or virtualization techniques.

This book constitutes the thoroughly refereed post-conference proceedings of the 9th International Symposium on Foundations and Practice of Security, FPS 2016, held in Quebec City, QC, Canada, in October 2016. The 18 revised regular papers presented together with 5 short papers and 3 invited talks were carefully reviewed and selected from 34 submissions. The accepted papers cover diverse research themes, ranging from classic topics, such as malware, anomaly detection, and privacy, to emerging issues, such as security and privacy in mobile computing and cloud.

This book constitutes the refereed proceedings of the First Conference on Cybersecurity of Industrial Control Systems, CyberICS 2015, and the First Workshop on the Security of Cyber Physical Systems, WOS-CPS 2015, held in Vienna, Austria, in September 2015 in conjunction with ESORICS 2015, the 20th annual European Symposium on Research in Computer Security. The 6 revised full papers and 2 short papers of CyberICS 2015 presented together with 3 revised full papers of WOS-CPS 2015 were carefully reviewed and selected from 28 initial submissions. CyberICS 2015 focuses on topics covering ICSs, including cyber protection and cyber defense of SCADA systems, plant control systems, engineering workstations, substation equipment, programmable logic controllers, PLCs, and other industrial control system. WOS-CPS 2015 deals with the Security of Cyber Physical Systems, that exist everywhere around us, and range in size, complexity and criticality, from embedded systems used in smart vehicles, to SCADA systems in smart grids to control systems in water distribution systems, to smart transportation systems etc.

This book constitutes the revised selected papers of the 8th International Workshop on Data Privacy Management, DPM 2013, and the 6th International Workshop on Autonomous and Spontaneous Security, SETOP 2013, held in Egham, UK, in September 2013 and co-located with the 18th European Symposium on Research in Computer Security (ESORICS 2013). The volume contains 13 full papers selected out of 46 submissions and 1 keynote lecturer from the DPM workshop and 6 full papers together with 5 short papers selected among numerous submissions to the SETOP workshop. The papers cover topics related to the management of privacy-sensitive information and automated configuration of security, focusing in particular on system-level privacy policies, administration of sensitive identifiers, data integration and privacy, engineering authentication and authorization, mobile security and vulnerabilities.