Identification and Authentication I.- Flexible and Transparent User Authentication for Mobile Devices.- Combining Authentication, Reputation and Classification to Make Phishing Unprofitable.- Audio CAPTCHA for SIP-Based VoIP.- Threats and Attacks.- Roving Bugnet: Distributed Surveillance Threat and Mitigation.- On Robust Covert Channels Inside DNS.- Discovering Application-Level Insider Attacks Using Symbolic Execution.- Identification and Authentication II.- Custom JPEG Quantization for Improved Iris Recognition Accuracy.- On the IPP Properties of Reed-Solomon Codes.- A Generic Authentication LoA Derivation Model.- Applications of Cryptography and Information Hiding.- Media-Break Resistant eSignatures in eGovernment: An Austrian Experience.- How to Bootstrap Security for Ad-Hoc Network: Revisited.- Steganalysis of Hydan.- Trusted Computing.- On the Impossibility of Detecting Virtual Machine Monitors.- Implementation of a Trusted Ticket System.- Security Policies.- A Policy Based Approach for the Management of Web Browser Resources to Prevent Anonymity Attacks in Tor.- A Policy Language for Modelling Recommendations.- Validation, Verification, Evaluation.- On the Security Validation of Integrated Security Solutions.- Verification of Security Policy Enforcement in Enterprise Systems.- Optimization of the Controlled Evaluation of Closed Relational Queries.- Privacy Protection - Security Assessment.- Collaborative Privacy – A Community-Based Privacy Infrastructure.- Security and Privacy Improvements for the Belgian eID Technology.- A Structured Security Assessment Methodology for Manufacturers of Critical Infrastructure Components.- Role Mining and Content Protection.- Mining Stable Roles in RBAC.- Privacy-Preserving Content-Based Publish/Subscribe Networks.- Broadcast Encryption for Differently Privileged.- Ontology-Based Secure XML Content Distribution.- Security Protocols.- NGBPA Next Generation BotNet Protocol Analysis.- Non-repudiation Analysis with LySa.- A Provably Secure Secret Handshake with Dynamic Controlled Matching.- Towards a Theory of White-Box Security.- Access Control.- On a Taxonomy of Delegation.- Efficient Key Management for Enforcing Access Control in Outsourced Scenarios.- A Probabilistic Bound on the Basic Role Mining Problem and Its Applications.- Automating Access Control Logics in Simple Type Theory with LEO-II.- Internet and Web Applications Security.- In Law We Trust? Trusted Computing and Legal Responsibility for Internet Security.- Persona: Network Layer Anonymity and Accountability for Next Generation Internet.- Jason: A Scalable Reputation System for the Semantic Web.- Which Web Browsers Process SSL Certificates in a Standardized Way?.

This book constitutes the refereed proceedings of the 24th IFIP TC 11 International Information Security Conference, SEC 2009,  held in Pafos, Cyprus, in May 2009.

The 38 revised full papers presented were carefully reviewed and selected from 176 submissions. The papers are organized in topical sections on identification and authentication, threats and attacks, applications of cryptography and information hiding, trusted computing, security policies, validation, verification and evaluation, privacy protection and security assessment, role mining and content protection, security protocols, access control, and internet and Web applications security.