Angelos D. Keromytis

According to our database1, Angelos D. Keromytis authored at least 234 papers between 1998 and 2019.

Collaborative distances:

Awards

ACM Fellow

ACM Fellow 2017, "For contributions to the theory and practice of systems and network security".

IEEE Fellow

IEEE Fellow 2018, "For contributions to network security systems".

Timeline

Legend:

Book 
In proceedings 
Article 
PhD thesis 
Other 

Links

Homepage:

On csauthors.net:

Bibliography

2019
Kernel Protection Against Just-In-Time Code Reuse.
ACM Trans. Priv. Secur., 2019

Defending Against Web Application Attacks: Approaches, Challenges and Implications.
IEEE Trans. Dependable Sec. Comput., 2019

A Methodology for Retrofitting Privacy and Its Application to e-Shopping Transactions.
Proceedings of the Advances in Cyber Security: Principles, Techniques, and Applications., 2019

2018
Redirect2Own: Protecting the Intellectual Property of User-uploaded Content through Off-site Indirect Access.
CoRR, 2018

Privacy in e-Shopping Transactions: Exploring and Addressing the Trade-Offs.
Proceedings of the Cyber Security Cryptography and Machine Learning, 2018

2017
Evaluating the Privacy Guarantees of Location Proximity Services.
ACM Trans. Priv. Secur., 2017

Tug-of-War: Observations on Unified Content Handling.
CoRR, 2017

SlowFuzz: Automated Domain-Independent Detection of Algorithmic Complexity Vulnerabilities.
CoRR, 2017

HVLearn: Automated Black-Box Analysis of Hostname Verification in SSL/TLS Implementations.
Proceedings of the 2017 IEEE Symposium on Security and Privacy, 2017

NEZHA: Efficient Domain-Independent Differential Testing.
Proceedings of the 2017 IEEE Symposium on Security and Privacy, 2017

kR^X: Comprehensive Kernel Protection against Just-In-Time Code Reuse.
Proceedings of the Twelfth European Conference on Computer Systems, 2017

SlowFuzz: Automated Domain-Independent Detection of Algorithmic Complexity Vulnerabilities.
Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, TX, USA, October 30, 2017

2016
A Stack Memory Abstraction and Symbolic Analysis Framework for Executables.
ACM Trans. Softw. Eng. Methodol., 2016

How to Train Your Browser: Preventing XSS Attacks Using Contextual Script Fingerprints.
ACM Trans. Priv. Secur., 2016

That's the Way the Cookie Crumbles: Evaluating HTTPS Enforcing Mechanisms.
Proceedings of the 2016 ACM on Workshop on Privacy in the Electronic Society, 2016

Provable Network Activity for Protecting Users Against False Accusation.
Proceedings of the Information Security Theory and Practice, 2016

The Cracked Cookie Jar: HTTP Cookie Hijacking and the Exposure of Private Information.
Proceedings of the IEEE Symposium on Security and Privacy, 2016

Back in Black: Towards Formal, Black Box Analysis of Sanitizers and Filters.
Proceedings of the IEEE Symposium on Security and Privacy, 2016

I am Robot: (Deep) Learning to Break Semantic Image CAPTCHAs.
Proceedings of the IEEE European Symposium on Security and Privacy, 2016

NaClDroid: Native Code Isolation for Android Applications.
Proceedings of the Computer Security - ESORICS 2016, 2016

Protecting Insecure Communications with Topology-aware Network Tunnels.
Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 2016

SFADiff: Automated Evasion Attacks and Fingerprinting Using Black-box Differential Automata Learning.
Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 2016

2015
Attacking the Internet Using Broadcast Digital Television.
ACM Trans. Inf. Syst. Secur., 2015

Detection and analysis of eavesdropping in anonymous communication networks.
Int. J. Inf. Sec., 2015

The Spy in the Sandbox - Practical Cache Attacks in Javascript.
CoRR, 2015

An efficient and easily deployable method for dealing with DoS in SIP services.
Computer Communications, 2015

Privacy Threats in E-Shopping (Position Paper).
Proceedings of the Data Privacy Management, and Security Assurance, 2015

Where's Wally?: Precise User Discovery Attacks in Location Proximity Services.
Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, 2015

The Spy in the Sandbox: Practical Cache Attacks in JavaScript and their Implications.
Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, 2015

DynaGuard: Armoring Canary-based Protections against Brute-force Attacks.
Proceedings of the 31st Annual Computer Security Applications Conference, 2015

2014
From the Aether to the Ethernet - Attacking the Internet using Broadcast Digital Television.
Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, August 20-22, 2014., 2014

ret2dir: Rethinking Kernel Isolation.
Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, August 20-22, 2014., 2014

Blind Seer: A Scalable Private DBMS.
Proceedings of the 2014 IEEE Symposium on Security and Privacy, 2014

Dynamic Reconstruction of Relocation Information for Stripped Binaries.
Proceedings of the Research in Attacks, Intrusions and Defenses, 2014

On the Effectiveness of Traffic Analysis against Anonymity Networks Using Flow Records.
Proceedings of the Passive and Active Measurement - 15th International Conference, 2014

Faces in the Distorting Mirror: Revisiting Photo-based Social Authentication.
Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, 2014

Security and Privacy Measurements in Social Networks: Experiences and Lessons Learned.
Proceedings of the Third International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, 2014

IntFlow: improving the accuracy of arithmetic error detection using information flow tracking.
Proceedings of the 30th Annual Computer Security Applications Conference, 2014

Computational Decoys for Cloud Security.
Proceedings of the Secure Cloud Computing, 2014

2013
Practical Software Diversification Using In-Place Code Randomization.
Proceedings of the Moving Target Defense II, 2013

Transparent ROP Exploit Mitigation Using Indirect Branch Tracing.
Proceedings of the 22th USENIX Security Symposium, Washington, DC, USA, August 14-16, 2013, 2013

CloudFence: Data Flow Tracking as a Cloud Service.
Proceedings of the Research in Attacks, Intrusions, and Defenses, 2013

An Accurate Stack Memory Abstraction and Symbolic Analysis Framework for Executables.
Proceedings of the 2013 IEEE International Conference on Software Maintenance, 2013

Cloudopsy: An Autopsy of Data Flows in the Cloud.
Proceedings of the Human Aspects of Information Security, Privacy, and Trust, 2013

CellFlood: Attacking Tor Onion Routers on the Cheap.
Proceedings of the Computer Security - ESORICS 2013, 2013

SecureGov: secure data sharing for government services.
Proceedings of the 14th Annual International Conference on Digital Government Research, 2013

SAuth: protecting user accounts from password database leaks.
Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, 2013

ShadowReplica: efficient parallelization of dynamic data flow tracking.
Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, 2013

A Privacy-Preserving Entropy-Driven Framework for Tracing DoS Attacks in VoIP.
Proceedings of the 2013 International Conference on Availability, Reliability and Security, 2013

2012
kGuard: Lightweight Kernel Protection.
;login:, 2012

A system for generating and injecting indistinguishable network decoys.
Journal of Computer Security, 2012

A Comprehensive Survey of Voice over IP Security Research.
IEEE Communications Surveys and Tutorials, 2012

libdft: practical dynamic data flow tracking for commodity systems.
Proceedings of the 8th International Conference on Virtual Execution Environments, 2012

Privacy-Preserving Social Plugins.
Proceedings of the 21th USENIX Security Symposium, Bellevue, WA, USA, August 8-10, 2012, 2012

kGuard: Lightweight Kernel Protection against Return-to-User Attacks.
Proceedings of the 21th USENIX Security Symposium, Bellevue, WA, USA, August 8-10, 2012, 2012

Fog Computing: Mitigating Insider Data Theft Attacks in the Cloud.
Proceedings of the 2012 IEEE Symposium on Security and Privacy Workshops, 2012

Smashing the Gadgets: Hindering Return-Oriented Programming Using In-place Code Randomization.
Proceedings of the IEEE Symposium on Security and Privacy, 2012

Towards a Universal Data Provenance Framework Using Dynamic Instrumentation.
Proceedings of the Information Security and Privacy Research, 2012

A General Approach for Efficiently Accelerating Software-based Dynamic Data Flow Tracking on Commodity Hardware.
Proceedings of the 19th Annual Network and Distributed System Security Symposium, 2012

The MEERKATS Cloud Security Architecture.
Proceedings of the 32nd International Conference on Distributed Computing Systems Workshops (ICDCS 2012 Workshops), 2012

Exploiting split browsers for efficiently protecting user data.
Proceedings of the 2012 ACM Workshop on Cloud computing security, 2012

Adaptive defenses for commodity software through virtual application partitioning.
Proceedings of the ACM Conference on Computer and Communications Security, 2012

Self-healing multitier architectures using cascading rescue points.
Proceedings of the 28th Annual Computer Security Applications Conference, 2012

All your face are belong to us: breaking Facebook's social authentication.
Proceedings of the 28th Annual Computer Security Applications Conference, 2012

2011
Voice over IP Security - A Comprehensive Survey of Vulnerabilities and Academic Research.
Springer Briefs in Computer Science 1, Springer, ISBN: 978-1-4419-9866-8, 2011

Global ISR: Toward a Comprehensive Defense Against Unauthorized Code Execution.
Proceedings of the Moving Target Defense, 2011

Network Bandwidth Denial of Service (DoS).
Proceedings of the Encyclopedia of Cryptography and Security, 2nd Ed., 2011

Buffer Overflow Attacks.
Proceedings of the Encyclopedia of Cryptography and Security, 2nd Ed., 2011

The Efficient Dual Receiver Cryptosystem and Its Applications.
I. J. Network Security, 2011

Retrofitting Security in COTS Software with Binary Rewriting.
Proceedings of the Future Challenges in Security and Privacy for Academia and Industry, 2011

Detecting Traffic Snooping in Tor Using Decoys.
Proceedings of the Recent Advances in Intrusion Detection - 14th International Symposium, 2011

ROP payload detection using speculative code execution.
Proceedings of the 6th International Conference on Malicious and Unwanted Software, 2011

Taint-Exchange: A Generic System for Cross-Process and Cross-Host Taint Tracking.
Proceedings of the Advances in Information and Computer Security, 2011

REASSURE: A Self-contained Mechanism for Healing Software Using Rescue Points.
Proceedings of the Advances in Information and Computer Security, 2011

A Multilayer Overlay Network Architecture for Enhancing IP Services Availability against DoS.
Proceedings of the Information Systems Security - 7th International Conference, 2011

Computer Security Research with Human Subjects: Risks, Benefits and Informed Consent.
Proceedings of the Financial Cryptography and Data Security, 2011

The SPARCHS Project: Hardware Support for Software Security.
Proceedings of the First SysSec Workshop 2011, 2011

The MINESTRONE Architecture Combining Static and Dynamic Analysis Techniques for Software Security.
Proceedings of the First SysSec Workshop 2011, 2011

Towards a Forensic Analysis for Multimedia Communication Services.
Proceedings of the 25th IEEE International Conference on Advanced Information Networking and Applications Workshops, 2011

Misuse Detection in Consent-Based Networks.
Proceedings of the Applied Cryptography and Network Security, 2011

Measuring the Deployment Hiccups of DNSSEC.
Proceedings of the Advances in Computing and Communications, 2011

2010
Transport Layer Security (TLS) Authorization Using KeyNote.
RFC, October, 2010

X.509 Key and Signature Encoding for the KeyNote Trust Management System.
RFC, January, 2010

Monitoring Technologies for Mitigating Insider Threats.
Proceedings of the Insider Threats in Cyber Security, 2010

A Look at VoIP Vulnerabilities.
;login:, 2010

A market-based bandwidth charging framework.
ACM Trans. Internet Techn., 2010

On the General Applicability of Instruction-Set Randomization.
IEEE Trans. Dependable Sec. Comput., 2010

On the infeasibility of modeling polymorphic shellcode - Re-thinking the role of learning in intrusion detection systems.
Machine Learning, 2010

Ethics in Security Vulnerability Research.
IEEE Security & Privacy, 2010

Voice-over-IP Security: Research and Practice.
IEEE Security & Privacy, 2010

Automating the injection of believable decoys to detect snooping.
Proceedings of the Third ACM Conference on Wireless Network Security, 2010

An Analysis of Rogue AV Campaigns.
Proceedings of the Recent Advances in Intrusion Detection, 13th International Symposium, 2010

BotSwindler: Tamper Resistant Injection of Believable Decoys in VM-Based Hosts for Crimeware Detection.
Proceedings of the Recent Advances in Intrusion Detection, 13th International Symposium, 2010

DIPLOMA: Distributed Policy Enforcement Architecture for MANETs.
Proceedings of the Fourth International Conference on Network and System Security, 2010

Securing MANET Multicast Using DIPLOMA.
Proceedings of the Advances in Information and Computer Security, 2010

Crimeware Swindling without Virtual Machines.
Proceedings of the Information Security - 13th International Conference, 2010

Evaluation of a Spyware Detection System Using Thin Client Computing.
Proceedings of the Information Security and Cryptology - ICISC 2010, 2010

An Adversarial Evaluation of Network Signaling and Control Mechanisms.
Proceedings of the Information Security and Cryptology - ICISC 2010, 2010

Traffic Analysis against Low-Latency Anonymity Networks Using Available Bandwidth Estimation.
Proceedings of the Computer Security, 2010

Fast and practical instruction-set randomization for commodity systems.
Proceedings of the Twenty-Sixth Annual Computer Security Applications Conference, 2010

2009
Anonymity in Wireless Broadcast Networks.
I. J. Network Security, 2009

Elastic block ciphers: method, security and instantiations.
Int. J. Inf. Sec., 2009

On the Deployment of Dynamic Taint Analysis for Application Communities.
IEICE Transactions, 2009

Randomized Instruction Sets and Runtime Environments Past Research and Future Directions.
IEEE Security & Privacy, 2009

Designing Host and Network Sensors to Mitigate the Insider Threat.
IEEE Security & Privacy, 2009

Dynamic Trust Management.
IEEE Computer, 2009

Baiting Inside Attackers Using Decoy Documents.
Proceedings of the Security and Privacy in Communication Networks, 2009

Deny-by-Default Distributed Security Policy Enforcement in Mobile Ad Hoc Networks.
Proceedings of the Security and Privacy in Communication Networks, 2009

Spectrogram: A Mixture-of-Markov-Chains Model for Anomaly Detection in Web Traffic.
Proceedings of the Network and Distributed System Security Symposium, 2009

A2M: Access-Assured Mobile Desktop Computing.
Proceedings of the Information Security, 12th International Conference, 2009

Adding Trust to P2P Distribution of Paid Content.
Proceedings of the Information Security, 12th International Conference, 2009

F3ildCrypt: End-to-End Protection of Sensitive Information in Web Services.
Proceedings of the Information Security, 12th International Conference, 2009

DoubleCheck: Multi-path verification against man-in-the-middle attacks.
Proceedings of the 14th IEEE Symposium on Computers and Communications (ISCC 2009), 2009

A Survey of Voice over IP Security Research.
Proceedings of the Information Systems Security, 5th International Conference, 2009

BARTER: Behavior Profile Exchange for Behavior-Based Admission and Access Control in MANETs.
Proceedings of the Information Systems Security, 5th International Conference, 2009

ASSURE: automatic software self-healing using rescue points.
Proceedings of the 14th International Conference on Architectural Support for Programming Languages and Operating Systems, 2009

A Network Access Control Mechanism Based on Behavior Profiles.
Proceedings of the Twenty-Fifth Annual Computer Security Applications Conference, 2009

Capturing Information Flow with Concatenated Dynamic Taint Analysis.
Proceedings of the The Forth International Conference on Availability, 2009

2008
Hard Problems and Research Challenges Concluding Remarks.
Proceedings of the Insider Attack and Cyber Security - Beyond the Hacker, 2008

Hard Problems and Research Challenges.
Proceedings of the Insider Attack and Cyber Security - Beyond the Hacker, 2008

Constructing Variable-Length PRPs and SPRPs from Fixed-Length PRPs.
IACR Cryptology ePrint Archive, 2008

Decentralized access control in distributed file systems.
ACM Comput. Surv., 2008

Casting out Demons: Sanitizing Training Data for Anomaly Sensors.
Proceedings of the 2008 IEEE Symposium on Security and Privacy (S&P 2008), 2008

Identifying Proxy Nodes in a Tor Anonymization Circuit.
Proceedings of the 4th IEEE International Conference on Signal Image Technology and Internet Based Systems, 2008

Taming the Devil: Techniques for Evaluating Anonymized Network Data.
Proceedings of the Network and Distributed System Security Symposium, 2008

Authentication on Untrusted Remote Hosts with Public-Key Sudo.
Proceedings of the 22nd Large Installation System Administration Conference, 2008

Return Value Predictability Profiles for Self-healing.
Proceedings of the Advances in Information and Computer Security, 2008

Online Network Forensics for Automatic Repair Validation.
Proceedings of the Advances in Information and Computer Security, 2008

Behavior-Based Network Access Control: A Proof-of-Concept.
Proceedings of the Information Security, 11th International Conference, 2008

Path-Based Access Control for Enterprise Networks.
Proceedings of the Information Security, 11th International Conference, 2008

Constructing Variable-Length PRPs and SPRPs from Fixed-Length PRPs.
Proceedings of the Information Security and Cryptology, 4th International Conference, 2008

Asynchronous policy evaluation and enforcement.
Proceedings of the 2nd ACM Workshop on Computer Security Architecture, 2008

Behavior-Profile Clustering for False Alert Reduction in Anomaly Detection Sensors.
Proceedings of the Twenty-Fourth Annual Computer Security Applications Conference, 2008

Pushback for Overlay Networks: Protecting Against Malicious Insiders.
Proceedings of the Applied Cryptography and Network Security, 6th International Conference, 2008

Methods for Linear and Differential Cryptanalysis of Elastic Block Ciphers.
Proceedings of the Information Security and Privacy, 13th Australasian Conference, 2008

2007
Composite Hybrid Techniques For Defending Against Targeted Attacks.
Proceedings of the Malware Detection, 2007

Requirements for scalable access control and security management architectures.
ACM Trans. Internet Techn., 2007

Virtual Private Services: Coordinated Policy Enforcement for Distributed Applications.
I. J. Network Security, 2007

COVERAGE: detecting and reacting to worm epidemics using cooperation and validation.
Int. J. Inf. Sec., 2007

From STEM to SEAD: Speculative Execution for Automated Defense.
Proceedings of the 2007 USENIX Annual Technical Conference, 2007

Using Rescue Points to Navigate Software Recovery.
Proceedings of the 2007 IEEE Symposium on Security and Privacy (S&P 2007), 2007

The Security of Elastic Block Ciphers Against Key-Recovery Attacks.
Proceedings of the Information Security, 10th International Conference, 2007

A Study of Malcode-Bearing Documents.
Proceedings of the Detection of Intrusions and Malware, 2007

Bridging the Network Reservation Gap Using Overlays.
Proceedings of the Second International Conference on COMmunication System softWAre and MiddlewaRE (COMSWARE 2007), 2007

On the infeasibility of modeling polymorphic shellcode.
Proceedings of the 2007 ACM Conference on Computer and Communications Security, 2007

Elastic block ciphers: the basic design.
Proceedings of the 2007 ACM Symposium on Information, Computer and Communications Security, 2007

SSARES: Secure Searchable Automated Remote Email Storage.
Proceedings of the 23rd Annual Computer Security Applications Conference (ACSAC 2007), 2007

2006
Worm Propagation Strategies in an IPv6 Internet.
;login:, 2006

Cryptography as an operating system service: A case study.
ACM Trans. Comput. Syst., 2006

Execution transactions for defending against software failures: use and evaluation.
Int. J. Inf. Sec., 2006

Privacy as an Operating System Service.
Proceedings of the 1st USENIX Workshop on Hot Topics in Security, 2006

Dark application communities.
Proceedings of the New Security Paradigms Workshop 2006, 2006

Software Self-Healing Using Collaborative Application Communities.
Proceedings of the Network and Distributed System Security Symposium, 2006

Low Latency Anonymity with Mix Rings.
Proceedings of the Information Security, 9th International Conference, 2006

Robust Reactions to Potential Day-Zero Worms Through Cooperation and Validation.
Proceedings of the Information Security, 9th International Conference, 2006

W3Bcrypt: Encryption as a Stylesheet.
Proceedings of the Applied Cryptography and Network Security, 4th International Conference, 2006

CryptoGraphics - Exploiting Graphics Cards for Security
Advances in Information Security 20, Springer, ISBN: 978-0-387-29015-7, 2006

2005
Hardware support for self-healing software services.
SIGARCH Computer Architecture News, 2005

The case for crypto protocol awareness inside the OS kernel.
SIGARCH Computer Architecture News, 2005

Countering Network Worms Through Automatic Patch Generation.
IEEE Security & Privacy, 2005

The Bandwidth Exchange Architecture
CoRR, 2005

WebSOS: an overlay-based system for protecting web servers from denial of service attacks.
Computer Networks, 2005

Detecting Targeted Attacks Using Shadow Honeypots.
Proceedings of the 14th USENIX Security Symposium, Baltimore, MD, USA, July 31, 2005

Building a Reactive Immune System for Software Services.
Proceedings of the 2005 USENIX Annual Technical Conference, 2005

FLIPS: Hybrid Adaptive Intrusion Prevention.
Proceedings of the Recent Advances in Intrusion Detection, 8th International Symposium, 2005

Speculative virtual verification: policy-constrained speculative execution.
Proceedings of the New Security Paradigms Workshop 2005, 2005

MOVE: An End-to-End Solution to Network Denial of Service.
Proceedings of the Network and Distributed System Security Symposium, 2005

Conversion and Proxy Functions for Symmetric Key Ciphers.
Proceedings of the International Symposium on Information Technology: Coding and Computing (ITCC 2005), 2005

A Dynamic Mechanism for Recovering from Buffer Overflow Attacks.
Proceedings of the Information Security, 8th International Conference, 2005

gore: Routing-Assisted Defense Against DDoS Attacks.
Proceedings of the Information Security, 8th International Conference, 2005

An Email Worm Vaccine Architecture.
Proceedings of the Information Security Practice and Experience, 2005

The Bandwidth Exchange Architecture.
Proceedings of the 10th IEEE Symposium on Computers and Communications (ISCC 2005), 2005

The effect of DNS delays on worm propagation in an IPv6 Internet.
Proceedings of the INFOCOM 2005. 24th Annual Joint Conference of the IEEE Computer and Communications Societies, 2005

Remotely Keyed Cryptographics Secure Remote Display Access Using (Mostly) Untrusted Hardware.
Proceedings of the Information and Communications Security, 7th International Conference, 2005

CryptoGraphics: Secret Key Cryptography Using Graphics Cards.
Proceedings of the Topics in Cryptology, 2005

Countering DoS attacks with stateless multipath overlays.
Proceedings of the 12th ACM Conference on Computer and Communications Security, 2005

e-NeXSh: Achieving an Effectively Non-Executable Stack and Heap via System-Call Policing.
Proceedings of the 21st Annual Computer Security Applications Conference (ACSAC 2005), 2005

Highlights from the 2005 New Security Paradigms Workshop.
Proceedings of the 21st Annual Computer Security Applications Conference (ACSAC 2005), 2005

2004
Distributed Trust.
Proceedings of the Practical Handbook of Internet Computing., 2004

Just fast keying: Key agreement in a hostile internet.
ACM Trans. Inf. Syst. Secur., 2004

SOS: an architecture for mitigating DDoS attacks.
IEEE Journal on Selected Areas in Communications, 2004

Elastic AES.
IACR Cryptology ePrint Archive, 2004

Elastic Block Ciphers.
IACR Cryptology ePrint Archive, 2004

"Patch on Demand" Saves Even More Time?
IEEE Computer, 2004

Recursive Sandboxes: Extending Systrace To Empower Applications.
Proceedings of the Security and Protection in Information Processing Systems, 2004

Hydan: Hiding Information in Program Binaries.
Proceedings of the Information and Communications Security, 6th International Conference, 2004

The dual receiver cryptosystem and its applications.
Proceedings of the 11th ACM Conference on Computer and Communications Security, 2004

A Pay-per-Use DoS Protection Mechanism for the Web.
Proceedings of the Applied Cryptography and Network Security, 2004

CamouflageFS: Increasing the Effective Key Length in Cryptographic Filesystems on the Cheap.
Proceedings of the Applied Cryptography and Network Security, 2004

SQLrand: Preventing SQL Injection Attacks.
Proceedings of the Applied Cryptography and Network Security, 2004

2003
IP Security Policy (IPSP) Requirements.
RFC, August, 2003

On the Use of Stream Control Transmission Protocol (SCTP) with IPsec.
RFC, July, 2003

A secure PLAN.
IEEE Trans. Systems, Man, and Cybernetics, Part C, 2003

Drop-in security for distributed and portable computing elements.
Internet Research, 2003

A Network Worm Vaccine Architecture.
Proceedings of the 12th IEEE International Workshops on Enabling Technologies (WETICE 2003), 2003

WebDAVA: An Administrator-Free Approach To Web File-Sharing.
Proceedings of the 12th IEEE International Workshops on Enabling Technologies (WETICE 2003), 2003

Design and Implementation of Virtual Private Services.
Proceedings of the 12th IEEE International Workshops on Enabling Technologies (WETICE 2003), 2003

Secure and Flexible Global File Sharing.
Proceedings of the FREENIX Track: 2003 USENIX Annual Technical Conference, 2003

The Design of the {OpenBSD} Cryptographic Framework.
Proceedings of the General Track: 2003 USENIX Annual Technical Conference, 2003

WAR: Wireless Anonymous Routing.
Proceedings of the Security Protocols, 2003

EasyVPN: IPsec Remote Access Made Easy.
Proceedings of the 17th Conference on Systems Administration (LISA 2003), 2003

Experience with the KeyNote Trust Management System: Applications and Future Directions.
Proceedings of the Trust Management, First International Conference, 2003

TAPI: Transactions for Accessing Public Infrastructure.
Proceedings of the Personal Wireless Communications, IFIP-TC6 8th International Conference, 2003

WebSOS: protecting web servers from DDoS attacks.
Proceedings of the 11th IEEE International Conference on Networks, 2003

Accelerating application-level security protocols.
Proceedings of the 11th IEEE International Conference on Networks, 2003

A cooperative immunization system for an untrusting Internet.
Proceedings of the 11th IEEE International Conference on Networks, 2003

The STRONGMAN Architecture.
Proceedings of the 3rd DARPA Information Survivability Conference and Exposition (DISCEX-III 2003), 2003

Using graphic turing tests to counter automated DDoS attacks against web servers.
Proceedings of the 10th ACM Conference on Computer and Communications Security, 2003

Countering code-injection attacks with instruction-set randomization.
Proceedings of the 10th ACM Conference on Computer and Communications Security, 2003

Tagging Data in the Network Stack: mbuf_tags.
Proceedings of BSDCon 2003, San Mateo, California, USA, September 8-12, 2003, 2003

2002
Trust management for IPsec.
ACM Trans. Inf. Syst. Secur., 2002

A Study of the Relative Costs of Network Security Protocols.
Proceedings of the FREENIX Track: 2002 USENIX Annual Technical Conference, 2002

SOS: secure overlay services.
Proceedings of the ACM SIGCOMM 2002 Conference on Applications, 2002

Fileteller: Paying and Getting Paid for File Storage.
Proceedings of the Financial Cryptography, 6th International Conference, 2002

A Secure PLAN.
Proceedings of the 2002 DARPA Active Networks Conference and Exposition (DANCE 2002), 2002

2001
The price of safety in an active network.
Journal of Communications and Networks, 2001

Efficient, DoS-Resistant, Secure Key Exchange for Internet Protocols.
Proceedings of the Security Protocols, 2001

Trust Management for IPsec.
Proceedings of the Network and Distributed System Security Symposium, 2001

Offline Micropayments without Trusted Hardware.
Proceedings of the Financial Cryptography, 2001

2000
The Use of HMAC-RIPEMD-160-96 within ESP and AH.
RFC, June, 2000

DSA and RSA Key and Signature Encoding for the KeyNote Trust Management System.
RFC, March, 2000

Transparent Network Security Policy Enforcement.
Proceedings of the Freenix Track: 2000 USENIX Annual Technical Conference, 2000

Implementing Internet Key Exchange (IKE).
Proceedings of the Freenix Track: 2000 USENIX Annual Technical Conference, 2000

Scalable Resource Control in Active Networks.
Proceedings of the Active Networks, Second International Working Conference, 2000

Implementing a distributed firewall.
Proceedings of the CCS 2000, 2000

Network security and IPsec (tutorial).
Proceedings of the CCS 2000, 2000

1999
The KeyNote Trust-Management System Version 2.
RFC, September, 1999

Cryptography in OpenBSD: An Overview.
Proceedings of the FREENIX Track: 1999 USENIX Annual Technical Conference, 1999

Trust Management and Network Layer Security Protocols.
Proceedings of the Security Protocols, 1999

A Secure Plan.
Proceedings of the Active Networks, First International Working Conference, 1999

The Role of Trust Management in Distributed Systems Security.
Proceedings of the Secure Internet Programming, 1999

Security in Active Networks.
Proceedings of the Secure Internet Programming, 1999

1998
KeyNote: Trust Management for Public-Key Infrastructures (Position Paper).
Proceedings of the Security Protocols, 1998

Automated Recovery in a Secure Bootstrap Process.
Proceedings of the Network and Distributed System Security Symposium, 1998


  Loading...