1. dos Santos, Daniel R.; Ponta, Serena Elisa; Ranise, Silvio,
    Proceedings of the 21st {ACM} on Symposium on Access Control Models and Technologies, {SACMAT} 2016,
    , pp. 89-
    99
    , (SACMAT Symposium on Access Control Models and Technologies,
    Shanghai, China,
    June 5-8, 2016)
  2. Compagna, Luca; dos Santos, Daniel Ricardo; Ponta, Serena Elisa; Ranise, Silvio,
    Tools and Algorithms for the Construction and Analysis of Systems,
    Springer Berlin Heidelberg,
    vol.9636,
    , pp. 567-
    572
    , (22nd International Conference, TACAS 2016,
    Eindhoven, The Netherlands,
    April 2-8, 2016)
  3. dos Santos, Daniel R.; Ranise, Silvio; Compagna, Luca; Ponta, Serena E.,
    Data and Applications Security and Privacy XXIX,
    Springer International Publishing,
    vol.9149,
    , pp. 85-
    100
    , (29th Annual IFIP WG 11.3 Working Conference, DBSec 2015,
    Fairfax, VA, USA,
    July 13-15, 2015)
  4. Bertolissi, Clara; dos Santos, Daniel Ricardo; Ranise, Silvio,
    Proceeding ASIA CCS '15 Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security,
    New York, NY, USA,
    ACM New York, NY, USA ©2015,
    , pp. 297-
    308
    , (10th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2015),
    Singapore,
    14-17 April 2015)
  5. Daniel, Ricardo dos Santos; Silvio, Ranise; Serena, Elisa Ponta,
    An established trend in software engineering insists on using components (sometimes also called services or packages) to encapsulate a set of related functionalities or data. By defining interfaces specifying what functionalities they provide or use, components can be combined with others to form more complex components. In this way, IT systems can be designed by mostly re-using existing components and developing new ones to provide new functionalities. In this paper, we introduce a notion of component and a combination mechanism for an important class of software artifacts, called security-sensitive workflows. These are business processes in which execution constraints on the tasks are complemented with authorization constraints (e.g., Separation of Duty) and authorization policies (constraining which users can execute which tasks). We show how well-known workflow execution patterns can be simulated by our combination mechanism and how authorization constraints can also be imposed across components. Then, we demonstrate the usefulness of our notion of component by showing (i) the scalability of a technique for the synthesis of run-time monitors for security-sensitive workflows and (ii) the design of a plug-in for the re-use of workflows and related run-time monitors inside an editor for security-sensitive workflows.,
  6. Evandro Alencar Rigon;Carla Merkle Westphall;Daniel Ricardo dos Santos;Carlos Becker Westphall,
    A cyclical evaluation model of information security maturity,
    in «INTERNATIONAL JOURNAL OF INFORMATION AND COMPUTER SECURITY»,
    vol. 22,
    , pp. 265 -
    278
  7. Stanislav Dashevskyi; Daniel Ricardo dos Santos; Fabio Massacci; Antonino Sabetta,
    TESTREX: a Testbed for Repeatable Exploits,
    7th Workshop on Cyber Security Experimentation and Test (CSET'14),
  8. Paulo F. Silva; Carlos B. Westphall; Carla M. Westphall; Mauro M. Mattos; Daniel Ricardo dos Santos,
    An Architecture for Risk Analysis in Cloud,
    Proceedings of The Tenth International Conference on Networking and Services (ICNS2014),
  9. Daniel Ricardo dos Santos;Carla Merkle Westphall;Carlos Becker Westphall,
    A dynamic risk-based access control architecture for cloud computing,
    2014 IEEE Network Operations and Management Symposium (NOMS),
    , pp. 1-
    9
  10. de Souza R.F.; Westphall C.B.; dos Santos D.R.; Westphall C.M.,
    A Review of PACS on Cloud for Archiving Secure Medical Images,
    in «INTERNATIONAL JOURNAL OF PRIVACY AND HEALTH INFORMATION MANAGEMENT»,
    vol. 1,
    , pp. 53 -
    62