The inaugural Information Security Practice and Experience Conference (ISPEC) was held on April 11-14, 2005, in Singapore. As applications of information security technologies become pervasive, - sues pertaining to their deployment and operation are becoming increasingly important. ISPEC is intended to be an annual conference that brings together researchers and practitioners to provide a con?uence of new information se- rity technologies, their applications and their integration with IT systems in various vertical sectors. The Program Committee consisted of leading experts in the areas of information security, information systems, and domain experts in applications of IT in vertical business segments. The topics of the conference covered security applications and case studies, access control, network security, data security, secure architectures, and cryp- graphic techniques. Emphasis was placed on the application of security research to meet practical user requirements, both in the paper selection process and in the invited speeches. Acceptance into the conference proceedings was very competitive. The Call for Papers attracted more than 120 submissions, out of which the Program Committee selected only 35 papers for inclusion in the proceedings. Thisconferencewasmadepossibleonlythroughthecontributionsfrommany individuals and organizations. We would like to thank all the authors who s- mitted papers. We also gratefully acknowledge the members of the Program Committee and the external reviewers, for the time and e?ort they put into reviewing the submissions. Special thanks are due to Ying Qiu for managing the website for paper s- mission,reviewandnoti?cation.PatriciaLohwaskindenoughtoarrangeforthe conference venue, and took care of the administration in running the conference.

Network Security.- Risk Assessment of Production Networks Using Honeynets - Some Practical Experience.- POSSET - Policy-Driven Secure Session Transfer.- Modeling and Evaluation of Security Architecture for Wireless Local Area Networks by Indexing Method: A Novel Approach.- Robust Routing in Malicious Environment for Ad Hoc Networks.- Cryptographic Techniques I.- Short Linkable Ring Signatures for E-Voting, E-Cash and Attestation.- Tracing Traitors by Guessing Secrets. The q-Ary Case.- Probabilistic Analyses on Finding Optimal Combinations of Primality Tests in Real Applications.- Countermeasures for Preventing Comb Method Against SCA Attacks.- Secure Architecture I.- An Email Worm Vaccine Architecture.- Enforcing the Principle of Least Privilege with a State-Based Privilege Control Model.- Security On-demand Architecture with Multiple Modules Support.- Measuring Resistance to Social Engineering.- Access Control.- Conformance Checking of RBAC Policy and its Implementation.- A Practical Aspect Framework for Enforcing Fine-Grained Access Control in Web Applications.- A Task-Oriented Access Control Model for WfMS.- Intrusion Detection.- A Brief Observation-Centric Analysis on Anomaly-Based Intrusion Detection.- Detection of Distributed Denial of Service Attacks Using Statistical Pre-processor and Unsupervised Neural Networks.- Visual Spoofing of SSL Protected Web Sites and Effective Countermeasures.- Model Redundancy vs. Intrusion Detection.- Applications and Case Studies.- An Open Approach for Designing Secure Electronic Immobilizers.- An Empirical Study on the Usability of Logout in a Single Sign-on System.- Secure Software Delivery and Installation in Embedded Systems.- A Restricted Multi-show Credential System and Its Application on E-Voting.- Secure ArchitectureII.- Recard: Using Recommendation Cards Approach for Building Trust in Peer-to-Peer Networks.- Using Trust for Restricted Delegation in Grid Environments.- Computer Vulnerability Evaluation Using Fault Tree Analysis.- An Identity-Based Grid Security Infrastructure Model.- Data Security.- Towards Multilateral-Secure DRM Platforms.- Hiding Data in Binary Images.- Performance Analysis of CDMA-Based Watermarking with Quantization Scheme.- Protecting Mass Data Basing on Small Trusted Agent.- Cryptographic Techniques II.- On the Security of Some Nonrepudiable Threshold Proxy Signature Schemes.- Token-Controlled Public Key Encryption.- A New Class of Codes for Fingerprinting Schemes.- t-Out-of-n String/Bit Oblivious Transfers Revisited.