| 2009 | A Guided Tour Puzzle for Denial of Service Prevention. Mehmud Abliz, Taieb Znati |
| 2009 | A Network Access Control Mechanism Based on Behavior Profiles. Vanessa Frías-Martínez, Joseph Sherrick, Salvatore J. Stolfo, Angelos D. Keromytis |
| 2009 | A New Approach for Anonymous Password Authentication. Yanjiang Yang, Jianying Zhou, Jian Weng, Feng Bao |
| 2009 | A Study of User-Friendly Hash Comparison Schemes. Hsu-Chun Hsiao, Yue-Hsun Lin, Ahren Studer, Cassandra Studer, King-Hang Wang, Hiroaki Kikuchi, Adrian Perrig, Hung-Min Sun, Bo-Yin Yang |
| 2009 | A Survey of Vendor Software Assurance Practices. Jeremy Epstein |
| 2009 | Active Botnet Probing to Identify Obscure Command and Control Channels. Guofei Gu, Vinod Yegneswaran, Phillip A. Porras, Jennifer Stoll, Wenke Lee |
| 2009 | An Empirical Approach to Modeling Uncertainty in Intrusion Analysis. Xinming Ou, Siva Raj Rajagopalan, Sakthiyuvaraja Sakthivelmurugan |
| 2009 | Analyzing Information Flow in JavaScript-Based Browser Extensions. Mohan Dhawan, Vinod Ganapathy |
| 2009 | Analyzing and Detecting Malicious Flash Advertisements. Sean Ford, Marco Cova, Christopher Kruegel, Giovanni Vigna |
| 2009 | BAF: An Efficient Publicly Verifiable Secure Audit Logging Scheme for Distributed Systems. Attila Altay Yavuz, Peng Ning |
| 2009 | Computer-Related Risk Futures. Peter G. Neumann |
| 2009 | Deploying and Monitoring DNS Security (DNSSEC). Eric Osterweil, Daniel Massey, Lixia Zhang |
| 2009 | Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces. Roberto Perdisci, Igino Corona, David Dagon, Wenke Lee |
| 2009 | Detecting Software Theft via System Call Based Birthmarks. Xinran Wang, Yoon-chan Jhi, Sencun Zhu, Peng Liu |
| 2009 | Enabling Secure Secret Sharing in Distributed Online Social Networks. Le-Hung Vu, Karl Aberer, Sonja Buchegger, Anwitaman Datta |
| 2009 | Evaluating Network Security With Two-Layer Attack Graphs. Anmin Xie, Zhuhua Cai, Cong Tang, Jian-bin Hu, Zhong Chen |
| 2009 | Evaluation of a DPA-Resistant Prototype Chip. Mario Kirschbaum, Thomas Popp |
| 2009 | FIRE: FInding Rogue nEtworks. Brett Stone-Gross, Christopher Kruegel, Kevin C. Almeroth, Andreas Moser, Engin Kirda |
| 2009 | FPValidator: Validating Type Equivalence of Function Pointers on the Fly. Hua Wang, Yao Guo, Xiangqun Chen |
| 2009 | HIMA: A Hypervisor-Based Integrity Measurement Agent. Ahmed M. Azab, Peng Ning, Emre Can Sezer, Xiaolan Zhang |
| 2009 | How to Securely Break into RBAC: The BTG-RBAC Model. Ana Ferreira, David W. Chadwick, Pedro Farinha, Ricardo João Cruz Correia, Gansen Zhao, Rui Chilro, Luis Filipe Coelho Antunes |
| 2009 | Identification of Bot Commands by Run-Time Execution Monitoring. Young Hee Park, Douglas S. Reeves |
| 2009 | Java Security: A Ten Year Retrospective. Li Gong |
| 2009 | Justifying Integrity Using a Virtual Machine Verifier. Joshua Schiffman, Thomas Moyer, Christopher Shal, Trent Jaeger, Patrick D. McDaniel |
| 2009 | Leveraging Cellular Infrastructure to Improve Fraud Prevention. Frank S. Park, Chinmay Gangakhedkar, Patrick Traynor |
| 2009 | MAVMM: Lightweight and Purpose Built VMM for Malware Analysis. Anh M. Nguyen, Nabil Schear, HeeDong Jung, Apeksha Godiyal, Samuel T. King, Hai D. Nguyen |
| 2009 | Modeling Modern Network Attacks and Countermeasures Using Attack Graphs. Kyle Ingols, Matthew Chu, Richard Lippmann, Seth E. Webster, Stephen W. Boyer |
| 2009 | On the Security of PAS (Predicate-Based Authentication Service). Shujun Li, Hassan Jameel Asghar, Josef Pieprzyk, Ahmad-Reza Sadeghi, Roland Schmitz, Huaxiong Wang |
| 2009 | Online Signature Generation for Windows Systems. Lixin Li, James E. Just, R. Sekar |
| 2009 | Online Sketching of Network Flows for Real-Time Stepping-Stone Detection. Baris Coskun, Nasir D. Memon |
| 2009 | Privacy through Noise: A Design Space for Private Identification. Karsten Nohl, David Evans |
| 2009 | Protecting Commodity Operating System Kernels from Vulnerable Device Drivers. Shakeel Butt, Vinod Ganapathy, Michael M. Swift, Chih-Cheng Chang |
| 2009 | Protecting Kernel Code and Data with a Virtualization-Aware Collaborative Operating System. Daniela Alvim Seabra de Oliveira, Shyhtsun Felix Wu |
| 2009 | RAD: Reflector Attack Defense Using Message Authentication Codes. Erik Kline, Matt Beaumont-Gay, Jelena Mirkovic, Peter L. Reiher |
| 2009 | Reflections on UNIX Vulnerabilities. Matt Bishop |
| 2009 | RoleVAT: Visual Assessment of Practical Need for Role Based Access Control. Dana Zhang, Kotagiri Ramamohanarao, Steven Versteeg, Rui Zhang |
| 2009 | SHELF: Preserving Business Continuity and Availability in an Intrusion Recovery System. Xi Xiong, Xiaoqi Jia, Peng Liu |
| 2009 | Scalable Web Content Attestation. Thomas Moyer, Kevin R. B. Butler, Joshua Schiffman, Patrick D. McDaniel, Trent Jaeger |
| 2009 | Secure Web 2.0 Content Sharing Beyond Walled Gardens. San-Tsai Sun, Kirstie Hawkey, Konstantin Beznosov |
| 2009 | SecureMR: A Service Integrity Assurance Framework for MapReduce. Wei Wei, Juan Du, Ting Yu, Xiaohui Gu |
| 2009 | Semantically Rich Application-Centric Security in Android. Machigar Ongtang, Stephen E. McLaughlin, William Enck, Patrick D. McDaniel |
| 2009 | Surgically Returning to Randomized lib(c). Giampaolo Fresi Roglia, Lorenzo Martignoni, Roberto Paleari, Danilo Bruschi |
| 2009 | Symmetric Cryptography in Javascript. Emily Stark, Michael Hamburg, Dan Boneh |
| 2009 | The Design of a Trustworthy Voting System. Nathanael Paul, Andrew S. Tanenbaum |
| 2009 | The Good, the Bad, And the Ugly: Stepping on the Security Scale. Mary Ann Davidson |
| 2009 | Transparent Encryption for External Storage Media with Key Management Adapted to Mobile Use. Alf Zugenmaier, Sven Lachmund, Dileesh Jostin |
| 2009 | TrustGraph: Trusted Graphics Subsystem for High Assurance Systems. Hamed Okhravi, David M. Nicol |
| 2009 | Twenty-Fifth Annual Computer Security Applications Conference, ACSAC 2009, Honolulu, Hawaii, USA, 7-11 December 2009 |
| 2009 | Unifying Broadcast Encryption and Traitor Tracing for Content Protection. Hongxia Jin, Jeffrey B. Lotspiech |