These proceedings contain the papers selected for presentation at the 13th European Symposium on Research in Computer Security¿¿ESORICS 2008¿¿held October 6¿8, 2008 in Torremolinos (Malaga), Spain, and hosted by the University of Malaga, C- puter Science Department. ESORICS has become the European research event in computer security. The symposium started in 1990 and has been organized on alternate years in different European countries. From 2002 it has taken place yearly. It attracts an international audience from both the academic and industrial communities. In response to the call for papers, 168 papers were submitted to the symposium. These papers were evaluated on the basis of their significance, novelty, and technical quality. Each paper was reviewed by at least three members of the Program Comm- tee. The Program Committee meeting was held electronically, holding intensive d- cussion over a period of two weeks. Finally, 37 papers were selected for presentation at the symposium, giving an acceptance rate of 22%.

Session 1: Intrusion Detection and Network Vulnerability Analysis.- Multiprimary Support for the Availability of Cluster-Based Stateful Firewalls Using FT-FW.- Identifying Critical Attack Assets in Dependency Attack Graphs.- Online Risk Assessment of Intrusion Scenarios Using D-S Evidence Theory.- Session 2: Network Security.- Strongly-Resilient and Non-interactive Hierarchical Key-Agreement in MANETs.- Efficient Handling of Adversary Attacks in Aggregation Applications.- Symmetric Key Approaches to Securing BGP - A Little Bit Trust Is Enough.- Session 3: Smart Cards and Identity Management.- Dismantling MIFARE Classic.- A Browser-Based Kerberos Authentication Scheme.- CROO: A Universal Infrastructure and Protocol to Detect Identity Fraud.- Session 4: Data and Applications Security.- Disclosure Analysis and Control in Statistical Databases.- TRACE: Zero-Down-Time Database Damage Tracking, Quarantine, and Cleansing with Negligible Run-Time Overhead.- Access Control Friendly Query Verification for Outsourced Data Publishing.- Session 5: Privacy Enhancing Technologies.- Sharemind: A Framework for Fast Privacy-Preserving Computations.- Modeling Privacy Insurance Contracts and Their Utilization in Risk Management for ICT Firms.- Remote Integrity Check with Dishonest Storage Server.- Session 6: Anonymity and RFID Privacy.- A Low-Variance Random-Walk Procedure to Provide Anonymity in Overlay Networks.- RFID Privacy Models Revisited.- A New Formal Proof Model for RFID Location Privacy.- Session 7: Access Control and Trust Negotiation.- Distributed Authorization by Multiparty Trust Negotiation.- Compositional Refinement of Policies in UML - Exemplified for Access Control.- On the Security of Delegation in Access Control Systems.- Session 8: Information Flow and Non-transferability.- Termination-Insensitive Noninterference Leaks More Than Just a Bit.- Security Provisioning in Pervasive Environments Using Multi-objective Optimization.- Improved Security Notions and Protocols for Non-transferable Identification.- Session 9: Secure Electronic Voting and Web Applications Security.- Human Readable Paper Verification of Prêt à Voter.- A Distributed Implementation of the Certified Information Access Service.- Exploring User Reactions to New Browser Cues for Extended Validation Certificates.- A Framework for the Analysis of Mix-Based Steganographic File Systems.- Session 10: VoIP Security, Malware, and DRM.- An Adaptive Policy-Based Approach to SPIT Management.- Structured Peer-to-Peer Overlay Networks: Ideal Botnets Command and Control Infrastructures?.- Eureka: A Framework for Enabling Static Malware Analysis.- New Considerations about the Correct Design of Turbo Fingerprinting Codes.- Session 11: Formal Models and Cryptographic Protocols.- Formally Bounding the Side-Channel Leakage in Unknown-Message Attacks.- Cryptographic Protocol Explication and End-Point Projection.- State Space Reduction in the Maude-NRL Protocol Analyzer.- Session 12: Language-Based and Hardware Security.- Code-Carrying Authorization.- CPU Bugs, CPU Backdoors and Consequences on Security.