Invited Papers -- Privacy in the Electronic Society -- A Data Sharing Agreement Framework -- Password Exhaustion: Predicting the End of Password Usefulness -- Network Monitoring for Security and Forensics -- Data and Application Security -- Fairness Strategy for Multilevel Secure Concurrency Control Protocol -- Optimistic Anonymous Participation in Inter-organizational Workflow Instances -- O2O: Virtual Private Organizations to Manage Security Policy Interoperability -- Privacy Preserving Web-Based Email -- Access Control -- Context-Aware Provisional Access Control -- LRBAC: A Location-Aware Role-Based Access Control Model -- Extending Context Descriptions in Semantics-Aware Access Control -- Specification and Realization of Access Control in SPKI/SDSI -- Key Management and Security in Wireless Networks -- Design of Key Establishment Protocol Using One-Way Functions to Avert insider-replay Attack -- An Efficient Key Assignment Scheme for Access Control in a Hierarchy -- Adaptation of IEEE 802.1X for Secure Session Establishment Between Ethernet Peers -- Secure Data Management in Reactive Sensor Networks -- Threat Analysis, Detection and Recovery -- Security Ontology: Simulating Threats to Corporate Assets -- Two-Stage Credit Card Fraud Detection Using Sequence Alignment -- New Malicious Code Detection Using Variable Length n-grams -- A Dead-Lock Free Self-healing Algorithm for Distributed Transactional Processes -- Cryptography and Encryption -- An Efficient Public Key Cryptosystem Secure Against Chosen Ciphertext Attack -- A Partial Image Encryption Method with Pseudo Random Sequences -- High Capacity Lossless Data Hiding -- An Implementation and Evaluation of Online Disk Encryption for Windows Systems -- Short Papers and Research Reports -- Disclosure Risk in Dynamic Two-Dimensional Contingency Tables (Extended Abstract) -- A Survey of Control-Flow Obfuscations -- Filtering Out Unfair Recommendations for Trust Model in Ubiquitous Environments -- Secure Itineraries Framework for Mobile Agent Systems -- Malafide Intension Based Detection of Privacy Violation in Information System -- Design and Development of Malafide Intension Based Privacy Violation Detection System (An Ongoing Research Report) -- Towards a Formal Specification Method for Enterprise Information System Security -- Recent Research on Privacy Preserving Data Mining.