Skip to main content


Guofei Gu
Roberto Perdisci
  • Nicholas Carlini, Research Scientist, Google DeepMind
    "Computer Security in the Age of Large Language Models"

Kevin Butler
Heng Yin
  • Michelle Mazurek, Associate Professor, University of Maryland
    "Wait, there are people here? Using HCI methods to answer impactful security and privacy questions"

Kevin Butler
Daphne Yao
  • Distinguished Practitioner – Emily Stark, Tech Lead and Manager, Chrome Security Team, Google
    "When Security Meets Compatibility"

David Balenson
Guofei Gu
  • Distinguished Practitioner – Carrie Gates, Senior Vice President, Global Information Security, Bank of America
    "Can You Get That to Me Soon? Lessons Learned from Life in Industry Research"
  • Distinguished Practitioner – Patrick Traynor, Professor, University of Florida
    "Why Your Tech Transition Will Probably Fail (And Why You Should Do It Anyway)"

David Balenson
Juan Caballero
  • Distinguished Practitioner – Michelle Dennedy, Vice President and Chief Privacy Officer, Cisco
    "Why Privacy Engineering Matters Now"
  • Alina Oprea, Professor of Computer Science, Northeastern University
    "AI in Cybersecurity: Applications, Open Problems, and Future Directions"

David Balenson
Davide Balzarotti
  • Distinguished Practitioner – Raffael Marty, VP Security Analytics, Sophos
    "Delivering Security Insights with Data Analytics and Visualization"
  • Invited Essayist – Christian Collberg, Professor of Computer Science, University of Arizona
    "Dare to Share: Risks and Rewards of Artifact Sharing in Computer Science"

Stephen Schwab
Wil Robertson
  • Distinguished Practitioner – Dr. Paul Vixie, CEO, Farsight Security
    "Scaling Properties of Software and System Security"
  • Invited Essayist – Dr. Úlfar Erlingsson, Manager of Security Research, Google
    "Software Security in the Real World"

Stephen Schwab
Micah Sherr

Charlie Payne
Kevin Butler

Charlie Payne
Patrick Traynor
  • Distinguished Practitioner – William Young and Nancy Leveson, MIT
    "Applying Systems Thinking to Security and Safety"
  • Invited Essayist – Dr. Carl E. Landwehr, Cyber Security Policy and Research Institute, George Washington University
    "A Building Code for Building Code: Putting What We Know Works to Work"

Robert H'obbes' Zakon
Michael Locasto
  • Distinguished Practitioner – Ron Ross, Fellow, National Institute of Standards and Technology
    "Opening up a Second Front on Risk Management: Integrating Cyber Security Requirements into Main Stream Organizational Mission and Business Processes"
  • Invited Essayist – Susan Alexander, Director, Safe and Secure Operations, IARPA
    "Trust Engineering — Rejecting the Tyranny of the Weakest Link"
  • Classic Book – Ross Anderson, Author and Professor, University of Cambridge, UK
    "Security Economics - A Personal Perspective"
  • Industry – Eran Feigenbaum, Director of Security, Google
    "Is Cloud Computing the End of Security and Privacy As We Know It?"

Robert H'obbes' Zakon
John McDermott
  • Distinguished Practitioner – Susan Landau, Visiting Scholar, Computer Science, Harvard University
    "Privacy: It's All in the Use Case"
  • Invited Essayist – Terry Benzel, USC Information Sciences Institute
    "The Science of Cyber Security Experimentation: The DETER Project"
  • Classic Paper – Paul Syverson, US Naval Research Laboratory
    "A Peel of Onion"
  • Classic Paper – Matt Blaze, University of Pennsylvania
    "Key Escrow from a Safe Distance"

Carrie Gates
Michael Franz
  • Outstanding Paper – "A Quantitative Analysis of The Insecurity of Embedded Network Devices: Results of a Wide-area Scan"
  • Outstanding Student Paper – "Detecting Spammers On Social Networks"
  • Distinguished Practitioner – Douglas Maughan, U.S. Department of Homeland Security
    "Putting Basic Research To Work"
  • Invited Essayist – Thomas Longstaff, Johns Hopkins University Applied Physics Laboratory
    "Barriers to Science in Security"
  • Classic Paper – Giovanni Vigna, UC Santa Barbara
    "Network Intrusion Detection: Dead or Alive?"
  • Classic Paper – William Cheswick, AT&T Labs—Research
    "Back to Berferd"

Carrie Gates
Charlie Payne
  • Outstanding Paper – "Semantically Rich Application-Centric Security in Android"
  • Outstanding Student Paper – "Analyzing Information Flow in JavaScript-based Browser Extensions"
  • Distinguished Practitioner – Lorrie Faith Cranor, Carnegie Mellon University
    "Users do the darndest things: True stories from the CyLab Usable Privacy and Security Laboratory"
  • Invited Essayist – Mary Ann Davidson, Oracle
    "The Good, The Bad, And The Ugly: Stepping on the Security Scale"
  • Classic Paper – Matt Bishop, UC Davis
    "Reflections on UNIX Vulnerabilities"
  • Classic Paper – Li Gong, Mozilla Online Ltd., China
    "Java Security: A Ten Year Retrospective"
  • Luncheon – Peter Neumann, SRI
    "Risk Futures: Who (or What) May Be Eating Your Lunch?"

Cristina Serban
Pierangela Samarati
  • Outstanding Paper – "Soft-Timer Driven Transient Kernel Control Flow Attacks and Defense"
  • Outstanding Student Paper – "Automatic Inference and Enforcement of Kernel Data Structure Invariants"
  • Distinguished Practitioner – Whitfield Diffie, Chief Security Officer, Sun Microsystems
    "Insecurity in a Web-Services World"
  • Invited Essayist – O. Sami Saydjari, CEO, Cyber Defense Agency LLC
    "Structuring for Strategic Cyber Defense: A Cyber Manhattan Project Blueprint "
  • Classic Paper – Barbara Y. Fraser and Stephen D. Crocker, Cisco Systems and Shinkuro, Inc.
    "Seventeen Years -- Network Security is even worse than a plague of locusts"
  • Classic Paper – Stephanie Forrest, University of New Mexico
    "System-call Monitoring Revisited"

Cristina Serban
Pierangela Samarati
  • Distinguished Practitioner – Dr. Richard Kemmerer, University of California, Santa Barbara
    "So You Think You Can Dance?"
  • Invited Essayist – Tom Haigh, Adventium Labs
    " Personal privacy without computational obscurity: Rethinking privacy protection strategies for open information networks"
  • Classic Paper – John Rushby, SRI International
    " Distributed Secure Systems: Then and Now "

Dan Thomsen
Christoph Schuba
  • Distinguished Practitioner – Dr. Dixie Baker, SAIC
    "Privacy and Security in Public Health: Maintaining the Delicate Balance between Personal Privacy and Population Safety"
  • Invited Essayist – Brian Witten, Symantec Corporation
    "Engineering Sufficiently Secure Computing"
  • Classic Paper – Jeremy Epstein, webMethods, Inc.
    "Fifteen Years after TX: A Look Back at High Assurance Multi-Level Secure Windowing"
  • Classic Paper – Peter G. Neumann, SRI International Computer Science Lab
    "Risks of Untrustworthiness"

Dan Thomsen
Christoph Schuba

Daniel Faigin
Daniel Thomsen
  • Distinguished Practitioner – Steven B. Lipner, Director of Security Engineering Strategy, Microsoft
    "Practical Assurance: Evolution of a Security Development Lifecycle"
  • Invited Essayist – Rebecca Mercuri
    "Transparency and Trust in Computational Systems"
  • Classic Paper – Marv Schaefer presented by Paul Karger, IBM
    "If A1 is the Answer, What was the Question? An Edgy Naïf's Retrospective on Promulgating the Trusted Computer Systems Evaluation Criteria"
  • Classic Paper – Steven M. Bellovin, AT&T Labs - Research
    "A Look Back at "Security Problems in the TCP/IP Protocol Suite""

Daniel Faigin
Louanna Notargiacomo
  • Distinguished Practitioner – Clark Weissman, Information Assurance/Multilevel Security (IA/MLS) Head, Northrop Grumman, Information Systems
    "MLS-PCA: A High Assurance Security Architecture for Future Avionics"
  • Invited Essayist – Lance Spitzner
    "Honeypots: Catching the Insider Threat"

Daniel Faigin
Louanna Notargiacomo
  • Distinguished Practitioner – Earl Boebert, Senior Scientist, Sandia National Laboratories
    "The Common Sense of System Design"
  • Invited Essayist – Dr. Daniel Geer, @stake
    "Penetration Testing: The Science of Insecurity"

Daniel Faigin
Jeremy Epstein
  • Distinguished Practitioner – Dr. Robert Blakley, Senior Scientist, Tivoli Systems Inc., an IBM company
    "Castles in the Sand"
  • Invited Essayist – Dr. Roger R. Schell, President, Aesec
    "Information Security: The State of Science, Pseudoscience, and Flying Pigs"

Dee Akers
Jeremy Epstein
  • Distinguished Lecturer – Dr. Eugene H. Spafford, Purdue University
    "Musings on Disclosure & Vulnerabilities"
  • Invited Essayist – Butler Lampson, Microsoft Corporation and MIT
    "Computer Security in the Real World"

Dee Akers
Klaus Keus

Dee Akers
Klaus Keus
  • Donald Rothwell, Motorola
  • Distinguished Practitioner – Howard E. Glavin, Jr., CSX Technology

Dr. Gary Smith
Dr. Ron Ross
  • Distinguished Lecturer – Marcus J. Ranum, V-ONE, Inc.
    "Security on Internet Time"

Dr. Gary Smith
Dr. Ravi Sandhu
  • Jim Flyzik, U.S. Department of the Treasury
  • Distinguished Lecturer – Dr. Roger Schell , Novell, Inc.

Ann Marmor-Squires
Dr. Gary Smith
  • Paul Strassmann, SAIC
  • Distinguished Lecturer – Bob Courtney, Robert Courtney Co.

Ann Marmor-Squires
Dr. Gary Smith
  • Barbara Valeri, U.S. Department of Defense

Ron Gove
Ann Marmor-Squires
  • Robert Ayers, Director, Center for Information Systems Security, Defense Information Systems Agency
  • Distringuished Lecturer – H. O. Lubbes
    "COMPUSEC, A Personal View"

Ron Gove
Ann Marmor-Squires
  • Daniel J. Ryan, Executive Assistant for Information Systems Security to the Deputy Assistant Secretary of Defense, U.S. Department of Defense
  • Distringuished Lecturer – James P. Anderson, James P. Anderson Co
    "Myths and Mythtakes of Computer Security"

Ron Gove
Ann Marmor-Squires
  • Major General G. W. O'Shaughnesy, Commander Air Force Intelligence Command, U.S. Department of Defense
  • Distringuished Lecturer – Dr. Willis H. Ware, Rand Corporation
    "National Policy Issues in Computer Security"

Marshall Abrams
Ron Gove
  • Ralph V. Carlone, U.S. General Accounting Office
  • Distringuished Lecturer – Dr. Dorothy Denning, Digital Equipment Corporation
    "The Data Encryption Standard; Fifteen Years of Public Scrutiny"

Marshall Abrams
Ron Gove
  • Senator Dennis DeConcini
  • Distinguished Lecturer – Steven T. Walker, President, Trusted Information Systems
    "INFOSEC: How Far We Have Come! How Far Can We Go?"

Dr. Marshall Abrams
Dr. William Bisignani
  • John J. Lane, Vice President, Computer Sciences Corporation

Joel Levy
Steve Walker

Steve Walker
  • Donald C. Latham, ASD(C3I), U.S. Department of Defense
  • Luncheon – Carl Hammer, Ph.D.
    "Beyond the Data Processing Horizon"

Dr. William Bisignani
Frederick G. Tompkins
  • Congressman Dan Glickman
  • Distinguished Lecturer – Thomas P. Quinn, ASD(C3I), U.S. Department of Defense