Table of Contents

Invited Lecture.- Trustworthy Services and the Biological Analogy.- Security Architecture and Secure Components I.- Security of Multithreaded Programs by Compilation.- Efficient Proving for Practical Distributed Access-Control Systems.- Maintaining High Performance Communication Under Least Privilege Using Dynamic Perimeter Control.- Access Control I.- Pragmatic XML Access Control Using Off-the-Shelf RDBMS.- Conditional Privacy-Aware Role Based Access Control.- Satisfiability and Resiliency in Workflow Systems.- Applied Cryptography I.- Completeness of the Authentication Tests.- SilentKnock: Practical, Provably Undetectable Authentication.- Generalized Key Delegation for Hierarchical Identity-Based Encryption.- Change-Impact Analysis of Firewall Policies.- Fragmentation and Encryption to Enforce Privacy in Data Storage.- Information Confinement, Privacy, and Security in RFID Systems.- Formal Methods in Security I.- A Logic for State-Modifying Authorization Policies.- Inductive Proofs of Computational Secrecy.- What, Indeed, Is Intransitive Noninterference?.- Traceability and Integrity of Execution in Distributed Workflow Management Systems.- Dynamic Information Flow Control Architecture for Web Applications.- Cloak: A Ten-Fold Way for Reliable Covert Communications.- Applied Cryptography II.- Efficient Password-Based Authenticated Key Exchange Without Public Information.- Improved Anonymous Timed-Release Encryption.- Encryption Techniques for Secure Database Outsourcing.- Access Control II.- Click Passwords Under Investigation.- Graphical Password Authentication Using Cued Click Points.- Obligations and Their Interaction with Programs.- Applied Cryptography III.- On the Privacy of Concealed Data Aggregation.- Synthesizing Secure Prools.- A Cryptographic Model for Branching Time Security Properties – The Case of Contract Signing Prools.- Security Architecture and Secure Components II.- Security Evaluation of Scenarios Based on the TCG’s TPM Specification.- Analyzing Side Channel Leakage of Masked Implementations with Shastic Methods.- Insider Attacks Enabling Data Broadcasting on Crypto-Enforced Unicast Links.- Towards Modeling Trust Based Decisions: A Game Theoretic Approach.- Extending the Common Services of eduGAIN with a Credential Conversion Service.- Incorporating Temporal Capabilities in Existing Key Management Schemes.- A Policy Language for Distributed Usage Control.- Countering Statistical Disclosure with Receiver-Bound Cover Traffic.- Renewable Traitor Tracing: A Trace-Revoke-Trace System For Anonymous Attack.- Formal Methods in Security III.- Modular Access Control Via Strategic Rewriting.- On the Automated Correction of Security Prools Susceptible to a Replay Attack.- Adaptive Soundness of Static Equivalence.