| 2009 | A Generic Security API for Symmetric Key Management on Cryptographic Devices. Véronique Cortier, Graham Steel |
| 2009 | A Privacy Preservation Model for Facebook-Style Social Network Systems. Philip W. L. Fong, Mohd M. Anwar, Zhen Zhao |
| 2009 | An Effective Method for Combating Malicious Scripts Clickbots. Yanlin Peng, Linfeng Zhang, J. Morris Chang, Yong Guan |
| 2009 | Attribute-Sets: A Practically Motivated Enhancement to Attribute-Based Encryption. Rakeshbabu Bobba, Himanshu Khurana, Manoj Prabhakaran |
| 2009 | Authentic Time-Stamps for Archival Storage. Alina Oprea, Kevin D. Bowers |
| 2009 | Automatically Generating Models for Botnet Detection. Peter Wurzinger, Leyla Bilge, Thorsten Holz, Jan Goebel, Christopher Kruegel, Engin Kirda |
| 2009 | Client-Side Detection of XSS Worms by Monitoring Payload Propagation. Fangqi Sun, Liang Xu, Zhendong Su |
| 2009 | Computationally Sound Analysis of a Probabilistic Contract Signing Protocol. Mihhail Aizatulin, Henning Schnoor, Thomas Wilke |
| 2009 | Computer Security - ESORICS 2009, 14th European Symposium on Research in Computer Security, Saint-Malo, France, September 21-23, 2009. Proceedings Michael Backes, Peng Ning |
| 2009 | Content Delivery Networks: Protection or Threat? Sipat Triukose, Zakaria Al-Qudah, Michael Rabinovich |
| 2009 | Corruption-Localizing Hashing. Giovanni Di Crescenzo, Shaoquan Jiang, Reihaneh Safavi-Naini |
| 2009 | Cumulative Attestation Kernels for Embedded Systems. Michael LeMay, Carl A. Gunter |
| 2009 | Data Structures with Unpredictable Timing. Darrell Bethea, Michael K. Reiter |
| 2009 | Declassification with Explicit Reference Points. Alexander Lux, Heiko Mantel |
| 2009 | Dynamic Enforcement of Abstract Separation of Duty Constraints. David A. Basin, Samuel J. Burri, Günter Karjoth |
| 2009 | Enabling Public Verifiability and Data Dynamics for Storage Security in Cloud Computing. Qian Wang, Cong Wang, Jin Li, Kui Ren, Wenjing Lou |
| 2009 | Formal Indistinguishability Extended to the Random Oracle Model. Cristian Ene, Yassine Lakhnech, Van Chan Ngo |
| 2009 | Hide and Seek in Time - Robust Covert Timing Channels. Yali Liu, Dipak Ghosal, Frederik Armknecht, Ahmad-Reza Sadeghi, Steffen Schulz, Stefan Katzenbeisser |
| 2009 | ID-Based Secure Distance Bounding and Localization. Nils Ole Tippenhauer, Srdjan Capkun |
| 2009 | Isolating JavaScript with Filters, Rewriting, and Wrappers. Sergio Maffeis, John C. Mitchell, Ankur Taly |
| 2009 | Keep a Few: Outsourcing Data While Maintaining Confidentiality. Valentina Ciriani, Sabrina De Capitani di Vimercati, Sara Foresti, Sushil Jajodia, Stefano Paraboschi, Pierangela Samarati |
| 2009 | Learning More about the Underground Economy: A Case-Study of Keyloggers and Dropzones. Thorsten Holz, Markus Engelberth, Felix C. Freiling |
| 2009 | Lightweight Opportunistic Tunneling (LOT). Yossi Gilad, Amir Herzberg |
| 2009 | Model-Checking DoS Amplification for VoIP Session Initiation. Ravinder Shankesi, Musab AlTurki, Ralf Sasse, Carl A. Gunter, José Meseguer |
| 2009 | New Privacy Results on Synchronized RFID Authentication Protocols against Tag Tracing. Ching Yu Ng, Willy Susilo, Yi Mu, Reihaneh Safavi-Naini |
| 2009 | PCAL: Language Support for Proof-Carrying Authorization Systems. Avik Chaudhuri, Deepak Garg |
| 2009 | Protocol Normalization Using Attribute Grammars. Drew Davidson, Randy Smith, Nic Doyle, Somesh Jha |
| 2009 | ReFormat: Automatic Reverse Engineering of Encrypted Messages. Zhi Wang, Xuxian Jiang, Weidong Cui, Xinyuan Wang, Mike Grace |
| 2009 | Reliable Evidence: Auditability by Typing. Nataliya Guts, Cédric Fournet, Francesco Zappa Nardelli |
| 2009 | Requirements and Protocols for Inference-Proof Interactions in Information Systems. Joachim Biskup, Christian Gogolin, Jens Seiler, Torben Weibert |
| 2009 | Secure Evaluation of Private Linear Branching Programs with Medical Applications. Mauro Barni, Pierluigi Failla, Vladimir Kolesnikov, Riccardo Lazzeretti, Ahmad-Reza Sadeghi, Thomas Schneider |
| 2009 | Secure Ownership and Ownership Transfer in RFID Systems. Ton van Deursen, Sjouke Mauw, Sasa Radomirovic, Pim Vullers |
| 2009 | Secure Pseudonymous Channels. Sebastian Mödersheim, Luca Viganò |
| 2009 | Set Covering Problems in Role-Based Access Control. Liang Chen, Jason Crampton |
| 2009 | Super-Efficient Aggregating History-Independent Persistent Authenticated Dictionaries. Scott A. Crosby, Dan S. Wallach |
| 2009 | The Coremelt Attack. Ahren Studer, Adrian Perrig |
| 2009 | The Wisdom of Crowds: Attacks and Optimal Constructions. George Danezis, Claudia Díaz, Emilia Käsper, Carmela Troncoso |
| 2009 | Towards a Theory of Accountability and Audit. Radha Jagadeesan, Alan Jeffrey, Corin Pitcher, James Riely |
| 2009 | Tracking Information Flow in Dynamic Tree Structures. Alejandro Russo, Andrei Sabelfeld, Andrey Chudnov |
| 2009 | Type-Based Analysis of PIN Processing APIs. Matteo Centenaro, Riccardo Focardi, Flaminia L. Luccio, Graham Steel |
| 2009 | Usable Access Control in Collaborative Environments: Authorization Based on People-Tagging. Qihua Wang, Hongxia Jin, Ninghui Li |
| 2009 | User-Centric Handling of Identity Agent Compromise. Daisuke Mashima, Mustaque Ahamad, Swagath Kannan |
| 2009 | WORM-SEAL: Trustworthy Data Retention and Verification for Regulatory Compliance. Tiancheng Li, Xiaonan Ma, Ninghui Li |