| 2009 | 18th USENIX Security Symposium, Montreal, Canada, August 10-14, 2009, Proceedings Fabian Monrose |
| 2009 | A Practical Congestion Attack on Tor Using Long Paths. Nathan S. Evans, Roger Dingledine, Christian Grothoff |
| 2009 | Baggy Bounds Checking: An Efficient and Backwards-Compatible Defense against Out-of-Bounds Errors. Periklis Akritidis, Manuel Costa, Miguel Castro, Steven Hand |
| 2009 | CCCP: Secure Remote Storage for Computational RFIDs. Mastooreh Salajegheh, Shane S. Clark, Benjamin Ransford, Kevin Fu, Ari Juels |
| 2009 | Compromising Electromagnetic Emanations of Wired and Wireless Keyboards. Martin Vuagnoux, Sylvain Pasini |
| 2009 | Cross-Origin JavaScript Capability Leaks: Detection, Exploitation, and Defense. Adam Barth, Joel Weinberger, Dawn Song |
| 2009 | Crying Wolf: An Empirical Study of SSL Warning Effectiveness. Joshua Sunshine, Serge Egelman, Hazim Almuhimedi, Neha Atri, Lorrie Faith Cranor |
| 2009 | Detecting Spammers with SNARE: Spatio-temporal Network-level Automatic Reputation Engine. Shuang Hao, Nadeem Ahmed Syed, Nick Feamster, Alexander G. Gray, Sven Krasser |
| 2009 | Dynamic Test Generation to Find Integer Bugs in x86 Binary Linux Programs. David Molnar, Xue Cong Li, David A. Wagner |
| 2009 | Effective and Efficient Malware Detection at the End Host. Clemens Kolbitsch, Paolo Milani Comparetti, Christopher Kruegel, Engin Kirda, Xiao-yong Zhou, Xiaofeng Wang |
| 2009 | Efficient Data Structures For Tamper-Evident Logging. Scott A. Crosby, Dan S. Wallach |
| 2009 | GATEKEEPER: Mostly Static Enforcement of Security and Reliability Policies for JavaScript Code. Salvatore Guarnieri, V. Benjamin Livshits |
| 2009 | Improving Tor using a TCP-over-DTLS Tunnel. Joel Reardon, Ian Goldberg |
| 2009 | Jamming-resistant Broadcast Communication without Shared Keys. Christina Pöpper, Mario Strasser, Srdjan Capkun |
| 2009 | Locating Prefix Hijackers using LOCK. Tongqing Qiu, Lusheng Ji, Dan Pei, Jia Wang, Jun (Jim) Xu, Hitesh Ballani |
| 2009 | Memory Safety for Low-Level Software/Hardware Interactions. John Criswell, Nicolas Geoffray, Vikram S. Adve |
| 2009 | NOZZLE: A Defense Against Heap-spraying Code Injection Attacks. Paruj Ratanaworabhan, V. Benjamin Livshits, Benjamin G. Zorn |
| 2009 | Nemesis: Preventing Authentication & Access Control Vulnerabilities in Web Applications. Michael Dalton, Christos Kozyrakis, Nickolai Zeldovich |
| 2009 | Peeping Tom in the Neighborhood: Keystroke Eavesdropping on Multi-User Systems. Kehuan Zhang, Xiaofeng Wang |
| 2009 | Physical-layer Identification of RFID Devices. Boris Danev, Thomas S. Heydt-Benjamin, Srdjan Capkun |
| 2009 | Protecting Confidential Data on Personal Computers with Storage Capsules. Kevin Borders, Eric Vander Weele, Billy Lau, Atul Prakash |
| 2009 | Return-Oriented Rootkits: Bypassing Kernel Code Integrity Protection Mechanisms. Ralf Hund, Thorsten Holz, Felix C. Freiling |
| 2009 | Static Enforcement of Web Application Integrity Through Strong Typing. William K. Robertson, Giovanni Vigna |
| 2009 | The Multi-Principal OS Construction of the Gazelle Web Browser. Helen J. Wang, Chris Grier, Alexander Moshchuk, Samuel T. King, Piali Choudhury, Herman Venter |
| 2009 | VPriv: Protecting Privacy in Location-Based Vehicular Services. Raluca A. Popa, Hari Balakrishnan, Andrew J. Blumberg |
| 2009 | Vanish: Increasing Data Privacy with Self-Destructing Data. Roxana Geambasu, Tadayoshi Kohno, Amit A. Levy, Henry M. Levy |
| 2009 | xBook: Redesigning Privacy Control in Social Networking Platforms. Kapil Singh, Sumeer Bhola, Wenke Lee |