| Date | Time | Topic(s) | Speaker(s) |
| June 18 | 0800 | Registrations | |
| 0900 | Introduction to the Summer School and preparatory lecture | Prasad Naldurg | |
| 1100 | Foundations of Privacy I: Logical methods for specification and enforcement of privacy policies | Anupam Dutta | |
| 1400 | Practicum: Buffer Overflows | Saikat Guha | |
| 1600 | Practicum: Buffer Overflows | Saikat Guha | |
| June 19 | Off-day | ||
| June 20 | 0900 | Privacy Preserving Data Publication I | Marianne Winslett |
| 1100 | Foundations of Privacy II: Game-theoretic and learning-theoretic techniques for enforcing privacy policies | Anupam Dutta | |
| 1400 | Your ISP and the Government: Best Friends Forever | Christopher Soghoian | |
| 1600 | Panel discussion – Web Privacy Is Obsolete! So Now What? | Christopher Soghoian, Marianne Winslett, Anupam Datta | |
| June 21 | 0900 | Privacy Preserving Data Publication II | Marianne Winslett |
| 1100 | Can you hear me now? What we know about law enforcement surveillance of Internet and mobile communications | Christopher Soghoian | |
| 1400 | Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL | Christopher Soghoian | |
| 1600 | Paper presentation – VEX: Vetting Browser Extensions for Security Vulnerabilities | Authors: Sruthi Bandhakavi, Samuel T. King, P. Madhusudan, and Marianne Winslett (UIUC) | |
| June 22 | 0900 | Privacy Preserving Data Publication III | Marianne Winslett |
| 1100 | Logical analysis of security protocols I | SP Suresh | |
| 1400 | Automated Worm Detection: the NetSift Experience | George Varghese | |
| 1600 | Paper presentation – Baaz: A System for Detecting Access Control Misconfigurations | Authors: Tathagata Das, Ranjita Bhagwan, and Prasad Naldurg (Microsoft Research India) | |
| June 23 | 0900 | User Authentication: A Developing World Perspective | Saurabh Panjwani |
| 1100 | Logical analysis of security protocols II | SP Suresh | |
| 1400 | Rethinking Network Security: Why Handling Evasion in IPS Devices is fundmentally hard without Protocol Changes | George Varghese | |
| 1600 | Paper presentation | ||
| June 24 | 0900 | Internet surveillance law and policy Part 1: from Data Protection to the “Crypto Wars” | Caspar Bowden |
| 1100 | Logical analysis of security protocols III | SP Suresh | |
| 1400 | Retroffiting Legacy Code for Security | Somesh Jha | |
| 1600 | Panel discussion | ||
| June 25 | 0900 | Internet surveillance law and policy Part 1: from Data Protection to the “Crypto Wars” | Caspar Bowden |
| 1100 | Behavior-Based Malware Detection | Somesh Jha | |
| 1400 | Practicum: SQL Injection and XSS | Saikat Guha | |
| 1600 | Practicum: SQL Injection and XSS | Saikat Guha | |
| June 26 | Off-day | ||
| June 27 | 0900 | An Introduction to Differential Privacy: Definitions and Early Uses | Frank McSherry |
| 1100 | Atomic Execution in Untrusted Environments | Ramarathnam Venkatesan | |
| 1400 | Provable Security: A Primer | Sanjit Chaterjee | |
| 1600 | Rump session | ||
| June 28 | 0900 | Programming with Differential Privacy: PINQ and other Languages | Frank McSherry |
| 1100 | Privacy Regulation in India | Malvika Jayaram | |
| 1400 | Authentication and UID | Saurabh Panjwani | |
| 1600 | Noiseless Differential Privacy | Raghav Bhaskar | |
| June 29 | 0900 | Applications of Differential Privacy: Synthetic Datasets and Network Trace Analysis | Frank McSherry |
| 1100 | Security Emergency Response: Process and Case Studies | S. S. Sarma | |
| 1400 | Issues in Electronic Voting | Josh Benaloh, Ron Rivest (video) | |
| 1600 | Practicum: Brute Force Cracking with the GPU | Saikat Guha | |
| June 30 | 0900 | Foundations of Dynamic Access Control | Prasad Naldurg |
| 1100 | Practical Privacy in Online Advertising | Saikat Guha | |
| 1400 | Entropy-based Information Leakage in Programs | Deepak D’Souza | |
| 1600 | Capture the Flag | Team from Amrita University | |