The EuropeanSymposium on Researchin Computer Security (ESORICS) has a tradition that goes back two decades. It tries to bring together the international research community in a top-quality event that covers all the areas of computer security, ranging from theory to applications. ESORICS 2010 was the 15th edition of the event. It was held in Athens, Greece, September 20-22, 2010. The conference received 201 submissions. The papers went through a careful review process. In a ?rst round, each paper - ceived three independent reviews. For the majority of the papers an electronic discussion was also organized to arrive at the ?nal decision. As a result of the review process, 42 papers were selected for the ?nal program, resulting in an - ceptance rate of as low as 21%. The authors of accepted papers were requested to revise their papers, based on the comments received. The program was c- pleted with an invited talk by Udo Helmbrecht, Executive Director of ENISA (European Network and Information Security Agency). ESORICS 2010 was organized under the aegisof three Ministries of the G- ernment of Greece, namely: (a) the Ministry of Infrastructure, Transport, and Networks, (b) the General Secretariat for Information Systems of the Ministry of Economy and Finance, and (c) the General Secretariat for e-Governance of the Ministry of Interior, Decentralization, and e-Government.

RFID and Privacy.- A New Framework for RFID Privacy.- Readers Behaving Badly.- Privacy-Preserving, Taxable Bank Accounts.- Formal Analysis of Privacy for Vehicular Mix-Zones.- Software Security.- IntPatch: Automatically Fix Integer-Overflow-to-Buffer-Overflow Vulnerability at Compile-Time.- A Theory of Runtime Enforcement, with Results.- Enforcing Secure Object Initialization in Java.- Flexible Scheduler-Independent Security.- Cryptographic Protocols.- Secure Multiparty Linear Programming Using Fixed-Point Arithmetic.- A Certifying Compiler for Zero-Knowledge Proofs of Knowledge Based on ?-Protocols.- Short Generic Transformation to Strongly Unforgeable Signature in the Standard Model.- DR@FT: Efficient Remote Attestation Framework for Dynamic Systems.- Traffic Analysis.- Website Fingerprinting and Identification Using Ordered Feature Sequences.- Web Browser History Detection as a Real-World Privacy Threat.- On the Secrecy of Spread-Spectrum Flow Watermarks.- Traffic Analysis against Low-Latency Anonymity Networks Using Available Bandwidth Estimation.- End-User Security.- A Hierarchical Adaptive Probabilistic Approach for Zero Hour Phish Detection.- Kamouflage: Loss-Resistant Password Management.- Formal Analysis.- Sequential Protocol Composition in Maude-NPA.- Verifying Security Property of Peer-to-Peer Systems Using CSP.- Modeling and Analyzing Security in the Presence of Compromising Adversaries.- On Bounding Problems of Quantitative Information Flow.- E-voting and Broadcast.- On E-Vote Integrity in the Case of Malicious Voter Computers.- Election Verifiability in Electronic Voting Protocols.- Pretty Good Democracy for More Expressive Voting Schemes.- Efficient Multi-dimensional Key Management in Broadcast Services.- Authentication, Access Control, Authorization and Attestation.- Caught in the Maze of Security Standards.- User-Role Reachability Analysis of Evolving Administrative Role Based Access Control.- An Authorization Framework Resilient to Policy Evaluation Failures.- Optimistic Fair Exchange with Multiple Arbiters.- Anonymity and Unlinkability.- Speaker Recognition in Encrypted Voice Streams.- Evaluating Adversarial Partitions.- Providing Mobile Users' Anonymity in Hybrid Networks.- Complexity of Anonymity for Security Protocols.- Network Security and Economics.- k-Zero Day Safety: Measuring the Security Risk of Networks against Unknown Attacks.- Are Security Experts Useful? Bayesian Nash Equilibria for Network Security Games with Limited Information.- RatFish: A File Sharing Protocol Provably Secure against Rational Users.- A Service Dependency Model for Cost-Sensitive Intrusion Response.- Secure Update, DOS and Intrustion Detection.- Secure Code Update for Embedded Devices via Proofs of Secure Erasure.- D(e|i)aling with VoIP: Robust Prevention of DIAL Attacks.- Low-Cost Client Puzzles Based on Modular Exponentiation.- Expressive, Efficient and Obfuscation Resilient Behavior Based IDS.