Session 1: Intrusion Detection and Network Vulnerability Analysis -- Multiprimary Support for the Availability of Cluster-Based Stateful Firewalls Using FT-FW -- Identifying Critical Attack Assets in Dependency Attack Graphs -- Online Risk Assessment of Intrusion Scenarios Using D-S Evidence Theory -- Session 2: Network Security -- Strongly-Resilient and Non-interactive Hierarchical Key-Agreement in MANETs -- Efficient Handling of Adversary Attacks in Aggregation Applications -- Symmetric Key Approaches to Securing BGP – A Little Bit Trust Is Enough -- Session 3: Smart Cards and Identity Management -- Dismantling MIFARE Classic -- A Browser-Based Kerberos Authentication Scheme -- CROO: A Universal Infrastructure and Protocol to Detect Identity Fraud -- Session 4: Data and Applications Security -- Disclosure Analysis and Control in Statistical Databases -- TRACE: Zero-Down-Time Database Damage Tracking, Quarantine, and Cleansing with Negligible Run-Time Overhead -- Access Control Friendly Query Verification for Outsourced Data Publishing -- Session 5: Privacy Enhancing Technologies -- Sharemind: A Framework for Fast Privacy-Preserving Computations -- Modeling Privacy Insurance Contracts and Their Utilization in Risk Management for ICT Firms -- Remote Integrity Check with Dishonest Storage Server -- Session 6: Anonymity and RFID Privacy -- A Low-Variance Random-Walk Procedure to Provide Anonymity in Overlay Networks -- RFID Privacy Models Revisited -- A New Formal Proof Model for RFID Location Privacy -- Session 7: Access Control and Trust Negotiation -- Distributed Authorization by Multiparty Trust Negotiation -- Compositional Refinement of Policies in UML – Exemplified for Access Control -- On the Security of Delegation in Access Control Systems -- Session 8: Information Flow and Non-transferability -- Termination-Insensitive Noninterference Leaks More Than Just a Bit -- Security Provisioning in Pervasive Environments Using Multi-objective Optimization -- Improved Security Notions and Protocols for Non-transferable Identification -- Session 9: Secure Electronic Voting and Web Applications Security -- Human Readable Paper Verification of Prêt à Voter -- A Distributed Implementation of the Certified Information Access Service -- Exploring User Reactions to New Browser Cues for Extended Validation Certificates -- A Framework for the Analysis of Mix-Based Steganographic File Systems -- Session 10: VoIP Security, Malware, and DRM -- An Adaptive Policy-Based Approach to SPIT Management -- Structured Peer-to-Peer Overlay Networks: Ideal Botnets Command and Control Infrastructures? -- Eureka: A Framework for Enabling Static Malware Analysis -- New Considerations about the Correct Design of Turbo Fingerprinting Codes -- Session 11: Formal Models and Cryptographic Protocols -- Formally Bounding the Side-Channel Leakage in Unknown-Message Attacks -- Cryptographic Protocol Explication and End-Point Projection -- State Space Reduction in the Maude-NRL Protocol Analyzer -- Session 12: Language-Based and Hardware Security -- Code-Carrying Authorization -- CPU Bugs, CPU Backdoors and Consequences on Security.