| 2008 | A class of probabilistic models for role engineering. Mario Frank, David A. Basin, Joachim M. Buhmann |
| 2008 | A formal framework for reflective database access control policies. Lars E. Olson, Carl A. Gunter, P. Madhusudan |
| 2008 | A look in the mirror: attacks on package managers. Justin Cappos, Justin Samuel, Scott M. Baker, John H. Hartman |
| 2008 | A low-cost attack on a Microsoft captcha. Jeff Yan, Ahmad Salah El Ahmad |
| 2008 | Assessing query privileges via safe and efficient permission composition. Sabrina De Capitani di Vimercati, Sara Foresti, Sushil Jajodia, Stefano Paraboschi, Pierangela Samarati |
| 2008 | Authenticated hash tables. Charalampos Papamanthou, Roberto Tamassia, Nikos Triandopoulos |
| 2008 | Black-box accountable authority identity-based encryption. Vipul Goyal, Steve Lu, Amit Sahai, Brent Waters |
| 2008 | BootJacker: compromising computers using forced restarts. Ellick Chan, Jeffrey C. Carlyle, Francis M. David, Reza Farivar, Roy H. Campbell |
| 2008 | Building castles out of mud: practical access pattern privacy and correctness on untrusted storage. Peter Williams, Radu Sion, Bogdan Carbunar |
| 2008 | Code injection attacks on harvard-architecture devices. Aurélien Francillon, Claude Castelluccia |
| 2008 | Computational soundness of observational equivalence. Hubert Comon-Lundh, Véronique Cortier |
| 2008 | Constructions of truly practical secure protocols using standard smartcards. Carmit Hazay, Yehuda Lindell |
| 2008 | Cryptographically verified implementations for TLS. Karthikeyan Bhargavan, Cédric Fournet, Ricardo Corin, Eugen Zalinescu |
| 2008 | Dependent link padding algorithms for low latency anonymity systems. Wei Wang, Mehul Motani, Vikram Srinivasan |
| 2008 | EON: modeling and analyzing dynamic access control systems with logic programs. Avik Chaudhuri, Prasad Naldurg, Sriram K. Rajamani, G. Ramalingam, Lakshmisubrahmanyam Velaga |
| 2008 | Efficient and extensible security enforcement using dynamic data flow analysis. Walter Chang, Brandon Streiff, Calvin Lin |
| 2008 | Efficient attributes for anonymous credentials. Jan Camenisch, Thomas Groß |
| 2008 | Efficient security primitives derived from a secure aggregation algorithm. Haowen Chan, Adrian Perrig |
| 2008 | Enforcing authorization policies using transactional memory introspection. Arnar Birgisson, Mohan Dhawan, Úlfar Erlingsson, Vinod Ganapathy, Liviu Iftode |
| 2008 | Ether: malware analysis via hardware virtualization extensions. Artem Dinaburg, Paul Royal, Monirul Islam Sharif, Wenke Lee |
| 2008 | Extending logical attack graphs for efficient vulnerability analysis. Diptikalyan Saha |
| 2008 | FairplayMP: a system for secure multi-party computation. Assaf Ben-David, Noam Nisan, Benny Pinkas |
| 2008 | Identity-based encryption with efficient revocation. Alexandra Boldyreva, Vipul Goyal, Virendra Kumar |
| 2008 | Increased DNS forgery resistance through 0x20-bit encoding: security via leet queries. David Dagon, Manos Antonakakis, Paul Vixie, Tatuya Jinmei, Wenke Lee |
| 2008 | Information leaks in structured peer-to-peer anonymous communication systems. Prateek Mittal, Nikita Borisov |
| 2008 | Location privacy of distance bounding protocols. Kasper Bonne Rasmussen, Srdjan Capkun |
| 2008 | Machine learning attacks against the Asirra CAPTCHA. Philippe Golle |
| 2008 | Mitigating DNS DoS attacks. Hitesh Ballani, Paul Francis |
| 2008 | Multi-use unidirectional proxy re-signatures. Benoît Libert, Damien Vergnaud |
| 2008 | Multisignatures secure under the discrete logarithm assumption and a generalized forking lemma. Ali Bagherzandi, Jung Hee Cheon, Stanislaw Jarecki |
| 2008 | OMash: enabling secure web mashups via object abstractions. Steven Crites, Francis Hsu, Hao Chen |
| 2008 | PEREA: towards practical TTP-free revocation in anonymous authentication. Patrick P. Tsang, Man Ho Au, Apu Kapadia, Sean W. Smith |
| 2008 | Privacy oracle: a system for finding application leaks with black box differential testing. Jaeyeon Jung, Anmol Sheth, Ben Greenstein, David Wetherall, Gabriel Maganis, Tadayoshi Kohno |
| 2008 | Proceedings of the 2008 ACM Conference on Computer and Communications Security, CCS 2008, Alexandria, Virginia, USA, October 27-31, 2008 Peng Ning, Paul F. Syverson, Somesh Jha |
| 2008 | RFIDs and secret handshakes: defending against ghost-and-leech attacks and unauthorized reads with context-aware communications. Alexei Czeskis, Karl Koscher, Joshua R. Smith, Tadayoshi Kohno |
| 2008 | Reconsidering physical key secrecy: teleduplication via optical decoding. Benjamin Laxton, Kai Wang, Stefan Savage |
| 2008 | Reducing protocol analysis with XOR to the XOR-free case in the horn theory based approach. Ralf Küsters, Tomasz Truderung |
| 2008 | Revocation games in ephemeral networks. Maxim Raya, Mohammad Hossein Manshaei, Márk Félegyházi, Jean-Pierre Hubaux |
| 2008 | Robust defenses for cross-site request forgery. Adam Barth, Collin Jackson, John C. Mitchell |
| 2008 | Rootkit-resistant disks. Kevin R. B. Butler, Stephen E. McLaughlin, Patrick D. McDaniel |
| 2008 | SOMA: mutual approval for included content in web pages. Terri Oda, Glenn Wurster, Paul C. van Oorschot, Anil Somayaji |
| 2008 | Spamalytics: an empirical analysis of spam marketing conversion. Chris Kanich, Christian Kreibich, Kirill Levchenko, Brandon Enright, Geoffrey M. Voelker, Vern Paxson, Stefan Savage |
| 2008 | The good, the bad, and the provable. Martín Abadi |
| 2008 | Towards automated proofs for asymmetric encryption schemes in the random oracle model. Judicaël Courant, Marion Daubignard, Cristian Ene, Pascal Lafourcade, Yassine Lakhnech |
| 2008 | Towards automatic reverse engineering of software security configurations. Rui Wang, Xiaofeng Wang, Kehuan Zhang, Zhuowei Li |
| 2008 | Towards practical biometric key generation with randomized biometric templates. Lucas Ballard, Seny Kamara, Fabian Monrose, Michael K. Reiter |
| 2008 | Traitor tracing with constant size ciphertext. Dan Boneh, Moni Naor |
| 2008 | Trust management for secure information flows. Mudhakar Srivatsa, Shane Balfe, Kenneth G. Paterson, Pankaj Rohatgi |
| 2008 | Tupni: automatic reverse engineering of input formats. Weidong Cui, Marcus Peinado, Karl Chen, Helen J. Wang, Luis Irún-Briz |
| 2008 | Type-checking zero-knowledge. Michael Backes, Catalin Hritcu, Matteo Maffei |
| 2008 | Unbounded verification, falsification, and characterization of security protocols by pattern refinement. Cas J. F. Cremers |
| 2008 | Verifiable functional purity in java. Matthew Finifter, Adrian Mettler, Naveen Sastry, David A. Wagner |
| 2008 | When good instructions go bad: generalizing return-oriented programming to RISC. Erik Buchanan, Ryan Roemer, Hovav Shacham, Stefan Savage |