| 2004 | A PIN-entry method resilient against shoulder surfing. Volker Roth, Kai Richter, Rene Freidinger |
| 2004 | A decision procedure for the verification of security protocols with explicit destructors. Stéphanie Delaune, Florent Jacquemard |
| 2004 | Attacking and repairing the winZip encryption scheme. Tadayoshi Kohno |
| 2004 | Attestation-based policy enforcement for remote access. Reiner Sailer, Trent Jaeger, Xiaolan Zhang, Leendert van Doorn |
| 2004 | Comparing the expressive power of access control models. Mahesh V. Tripunitara, Ninghui Li |
| 2004 | Concealing complex policies with hidden credentials. Robert W. Bradshaw, Jason E. Holt, Kent E. Seamons |
| 2004 | Cryptanalysis of a provably secure CRT-RSA algorithm. David A. Wagner |
| 2004 | Direct anonymous attestation. Ernest F. Brickell, Jan Camenisch, Liqun Chen |
| 2004 | Fragile mixing. Michael K. Reiter, Xiaofeng Wang |
| 2004 | Gray-box extraction of execution graphs for anomaly detection. Debin Gao, Michael K. Reiter, Dawn Xiaodong Song |
| 2004 | Group signatures with verifier-local revocation. Dan Boneh, Hovav Shacham |
| 2004 | ID-based encryption for complex hierarchies with applications to forward security and broadcast encryption. Danfeng Yao, Nelly Fazio, Yevgeniy Dodis, Anna Lysyanskaya |
| 2004 | IP covert timing channels: design and detection. Serdar Cabuk, Carla E. Brodley, Clay Shields |
| 2004 | KNOW Why your access was denied: regulating feedback for usable security. Apu Kapadia, Geetanjali Sampemane, Roy H. Campbell |
| 2004 | Mitigating bandwidth-exhaustion attacks using congestion puzzles. Xiaofeng Wang, Michael K. Reiter |
| 2004 | New client puzzle outsourcing techniques for DoS resistance. Brent Waters, Ari Juels, J. Alex Halderman, Edward W. Felten |
| 2004 | On achieving software diversity for improved network security using distributed coloring algorithms. Adam J. O'Donnell, Harish Sethu |
| 2004 | On mutually-exclusive roles and separation of duty. Ninghui Li, Ziad Bizri, Mahesh V. Tripunitara |
| 2004 | On the difficulty of scalably detecting network attacks. Kirill Levchenko, Ramamohan Paturi, George Varghese |
| 2004 | On the effectiveness of address-space randomization. Hovav Shacham, Matthew Page, Ben Pfaff, Eu-Jin Goh, Nagendra Modadugu, Dan Boneh |
| 2004 | Operational experiences with high-volume network intrusion detection. Holger Dreger, Anja Feldmann, Vern Paxson, Robin Sommer |
| 2004 | Parallel mixing. Philippe Golle, Ari Juels |
| 2004 | Payload attribution via hierarchical bloom filters. Kulesh Shanmugasundaram, Hervé Brönnimann, Nasir D. Memon |
| 2004 | Pong-cache poisoning in GUESS. Neil Daswani, Hector Garcia-Molina |
| 2004 | Privacy and security in library RFID: issues, practices, and architectures. David Molnar, David A. Wagner |
| 2004 | Private inference control. David P. Woodruff, Jessica Staddon |
| 2004 | Proceedings of the 11th ACM Conference on Computer and Communications Security, CCS 2004, Washington, DC, USA, October 25-29, 2004 Vijayalakshmi Atluri, Birgit Pfitzmann, Patrick D. McDaniel |
| 2004 | Reusable cryptographic fuzzy extractors. Xavier Boyen |
| 2004 | Security policies for downgrading. Stephen Chong, Andrew C. Myers |
| 2004 | Testing network-based intrusion detection signatures using mutant exploits. Giovanni Vigna, William K. Robertson, Davide Balzarotti |
| 2004 | The dual receiver cryptosystem and its applications. Theodore Diament, Homin K. Lee, Angelos D. Keromytis, Moti Yung |
| 2004 | Trusting a trusted system. John D. McLean |
| 2004 | Using build-integrated static checking to preserve correctness invariants. Hao Chen, Jonathan S. Shapiro |
| 2004 | Verifying policy-based security for web services. Karthikeyan Bhargavan, Cédric Fournet, Andrew D. Gordon |
| 2004 | Versatile padding schemes for joint signature and encryption. Yevgeniy Dodis, Michael J. Freedman, Stanislaw Jarecki, Shabsi Walfish |
| 2004 | Web tap: detecting covert web traffic. Kevin Borders, Atul Prakash |
| 2004 | k-anonymous secret handshakes with reusable credentials. Shouhuai Xu, Moti Yung |