Session 1: Anonymity and Privacy.- On the Effectiveness of Privacy Breach Disclosure Legislation in Europe: Empirical Evidence from the US Stock Market.- Facilitating the Adoption of Tor by Focusing on a Promising Target Group.- A Parallelism-Based Approach to Network Anonymization.- Security Usability of Petname Systems.- Session 2: Modelling and Design.- An Analysis of Widget Security.- Trade-Offs in Cryptographic Implementations of Temporal Access Control.- Blunting Differential Attacks on PIN Processing APIs.- Session 3: Network Layer Security.- Characterising Anomalous Events Using Change - Point Correlation on Unsolicited Network Traffic.- An Improved Attack on TKIP.- Session 4: Security for Mobile Users.- ContikiSec: A Secure Network Layer for Wireless Sensor Networks under the Contiki Operating System.- A Mechanism for Identity Delegation at Authentication Level.- Introducing Sim-Based Security Tokens as Enabling Technology for Mobile Real-Time Services.- Towards True Random Number Generation in Mobile Environments.- Session 5: Embedded Systems and Mechanisms.- Towards Modelling Information Security with Key-Challenge Petri Nets.- Security and Trust for the Norwegian E-Voting Pilot Project E-valg 2011.- Advanced SIM Capabilities Supporting Trust-Based Applications.- Towards Practical Enforcement Theories.- Session 6: Protocols and Protocol Analysis.- Security Analysis of AN.ON’s Payment Scheme.- Formal Analysis of the Estonian Mobile-ID Protocol.- Generating In-Line Monitors for Rabin Automata.

This book constitutes the refereed proceedings of the 14th International Conference on Secure IT Systems, NordSec 2009, held in Oslo, Norway, October 14-16, 2009.

The 20 revised full papers and 8 short papers presented were carefully reviewed and selected from 52 submissions. Under the theme Identity and Privacy in the Internet Age, this year's conference explored policies, strategies and technologies for protecting identities and the growing flow of personal information passing through the Internet and mobile networks under an increasingly serious threat picture. Among the contemporary security issues discussed were Security Services Modeling, Petri Nets, Attack Graphs, Electronic Voting Schemes, Anonymous Payment Schemes, Mobile ID-Protocols, SIM Cards, Network Embedded Systems, Trust, Wireless Sensor Networks, Privacy, Privacy Disclosure Regulations, Financial Cryptography, PIN Verification, Temporal Access Control, Random Number Generators, and some more.