| 2008 | All Your iFRAMEs Point to Us. Niels Provos, Panayiotis Mavrommatis, Moheeb Abu Rajab, Fabian Monrose |
| 2008 | An Empirical Security Study of the Native Code in the JDK. Gang Tan, Jason Croft |
| 2008 | An Improved Clock-skew Measurement Technique for Revealing Hidden Services. Sebastian Zander, Steven J. Murdoch |
| 2008 | AutoISES: Automatically Inferring Security Specification and Detecting Violations. Lin Tan, Xiaolan Zhang, Xiao Ma, Weiwei Xiong, Yuanyuan Zhou |
| 2008 | Automatic Generation of XSS and SQL Injection Attacks with Goal-Directed Model Checking. Michael C. Martin, Monica S. Lam |
| 2008 | BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection. Guofei Gu, Roberto Perdisci, Junjie Zhang, Wenke Lee |
| 2008 | CloudAV: N-Version Antivirus in the Network Cloud. Jon Oberheide, Evan Cooke, Farnam Jahanian |
| 2008 | Helios: Web-based Open-Audit Voting. Ben Adida |
| 2008 | Highly Predictive Blacklisting. Jian Zhang, Phillip A. Porras, Johannes Ullrich |
| 2008 | Hypervisor Support for Identifying Covertly Executing Binaries. Lionel Litty, H. Andrés Lagar-Cavilla, David Lie |
| 2008 | Lest We Remember: Cold Boot Attacks on Encryption Keys. J. Alex Halderman, Seth D. Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A. Calandrino, Ariel J. Feldman, Jacob Appelbaum, Edward W. Felten |
| 2008 | Measurement and Classification of Humans and Bots in Internet Chat. Steven Gianvecchio, Mengjun Xie, Zhengyu Wu, Haining Wang |
| 2008 | Multi-flow Attacks Against Network Flow Watermarking Schemes. Negar Kiyavash, Amir Houmansadr, Nikita Borisov |
| 2008 | NetAuth: Supporting User-Based Network Services. Manigandan Radhakrishnan, Jon A. Solworth |
| 2008 | Panalyst: Privacy-Aware Remote Error Analysis on Commodity Software . Rui Wang, Xiaofeng Wang, Zhuowei Li |
| 2008 | Practical Symmetric Key Cryptography on Modern Graphics Hardware. Owen Harrison, John Waldron |
| 2008 | Privacy-Preserving Location Tracking of Lost or Stolen Devices: Cryptographic Techniques and Replacing Trusted Third Parties with DHTs. Thomas Ristenpart, Gabriel Maganis, Arvind Krishnamurthy, Tadayoshi Kohno |
| 2008 | Proactive Surge Protection: A Defense Mechanism for Bandwidth-Based Attacks. Jerry Chi-Yuan Chou, Bill Lin, Subhabrata Sen, Oliver Spatscheck |
| 2008 | Proceedings of the 17th USENIX Security Symposium, July 28-August 1, 2008, San Jose, CA, USA Paul C. van Oorschot |
| 2008 | Real-World Buffer Overflow Protection for Userspace and Kernelspace. Michael Dalton, Hari Kannan, Christos Kozyrakis |
| 2008 | Reverse-Engineering a Cryptographic RFID Tag. Karsten Nohl, David Evans, Starbug, Henryk Plötz |
| 2008 | Securing Frame Communication in Browsers. Adam Barth, Collin Jackson, John C. Mitchell |
| 2008 | Selective Versioning in a Secure Disk System. Swaminathan Sundararaman, Gopalan Sivathanu, Erez Zadok |
| 2008 | The Practical Subtleties of Biometric Key Generation. Lucas Ballard, Seny Kamara, Michael K. Reiter |
| 2008 | To Catch a Predator: A Natural Language Approach for Eliciting Malicious Payloads. Sam Small, Joshua Mason, Fabian Monrose, Niels Provos, Adam Stubblefield |
| 2008 | Unidirectional Key Distribution Across Time and Space with Applications to RFID Security. Ari Juels, Ravikanth Pappu, Bryan Parno |
| 2008 | Verifying Compliance of Trusted Programs. Sandra Julieta Rueda, Dave King, Trent Jaeger |
| 2008 | VoteBox: A Tamper-evident, Verifiable Electronic Voting System. Daniel Sandler, Kyle Derr, Dan S. Wallach |