Security and Cryptography Publications
2024 │ 2023 │ 2022 │ 2021 │ 2020 │ 2019 │ 2018 │ 2017 │ 2016 │ 2015
2014 │ 2013 │ 2012 │ 2011 │ 2010 │ 2009 │ 2008 │ 2007 │ 2006 │ 2005 │ 2004
2024

Using Honeybuckets to Characterize Cloud Storage Scanning in the Wild, Katherine Izhikevich, Geoffrey M. Voelker, Stefan Savage, and Liz Izhikevich, Proceedings of the IEEE European Symposium on Security and Privacy, Vienna, Austria, July 2024.

Unfiltered: Measuring Cloud-based Email Filtering Bypasses, Sumanth Rao, Enze Liu, Grant Ho, Geoffrey M. Voelker, and Stefan Savage, Proceedings of the Web Conference (WWW), Singapore, May 2024.

The Double Edged Sword: Identifying Authentication Pages and their Fingerprinting Behavior, Asuman Senol, Alisha Ukani, Dylan Cutler, and Igor Bilogrevic, Proceedings of the Web Conference (WWW), Singapore, May 2024.

Practical Obfuscation of BLE Physical-Layer Fingerprints on Mobile Devices, Hadi Givehchian, Nishant Bhaskar, Alexender Redding, Han Zhao, Aaron Schulman, and Dinesh Bharadia, Proceedings of the IEEE Symposium on Security and Privacy, May 2024.

Architecting Trigger-Action Platforms for Security, Performance and Functionality, Deepak Siron Jegan, Michael Swift, and Earlence Fernandes, Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2024.

On Precisely Detecting Censorship Circumvention in Real-World Networks, Ryan Wails, George Arnold Sullivan, Micah Sherr, and Rob Jansen, Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2024.

Experimental Analyses of the Physical Surveillance Risks in Client-Side Content Scanning, Ashish Hooda, Andrey Labunets, Tadayoshi Kohno, and Earlence Fernandes, Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2024.

2023

Please Act Now: an Empirical Analysis of Enterprise-Wide Mandatory Password Updates, Ariana Mirian, Grant Ho, Stefan Savage, and Geoffrey M. Voelker, Proceedings of Annual Computer Security Applications Conference (ACSAC), Austin, TX, December 2023.

Fast Practical Lattice Reduction through Iterated Compression, Keegan Ryan and Nadia Heninger, Proceedings of Crypto 2023, Santa Barbara, CA, August 2023. (Best paper award).

When Messages are Keys: Is HMAC a Dual-PRF?, Matilda Backendal, Mihir Bellare, Felix Gunther, and Matteo Scarlata, Proceedings of Crypto 2023, Santa Barbara, CA, August 2023.

Reductions from Module Lattices to Free Module Lattices, and Application to Dequantizing Module-LLL, Gabrielle De Micheli, Daniele Micciancio, Alice Pellet-Mary, and Nam Tran, Proceedings of Crypto 2023, Santa Barbara, CA, August 2023.

Error Correction and Ciphertext Quantization in Lattice Cryptography, Daniele Micciancio and Mark Schultz, Proceedings of Crypto 2023, Santa Barbara, CA, August 2023.

Access Denied: Assessing Physical Risks to Internet Access Networks, Alexander Marder, Zesen Zhang, Ricky Mok, Ramakrishna Padmanabhan, Bradley Huffaker, Matthew Luckie, Alberto Dainotti, kc claffy, Alex C. Snoeren, and Aaron Schulman, Proceedings of the USENIX Security Symposium, Anaheim, CA, August 2023.

Improving Logging to Reduce Permission Over-Granting Mistakes, Bingyu Shen, Tianyi Shan, and Yuanyuan Zhou, Proceedings of the USENIX Security Symposium, Anaheim, CA, August 2023.

HECO: Fully Homomorphic Encryption Compiler, Alexander Viand, Patrick Jattke, Miro Haller, and Anwar Hithnawi, Proceedings of the USENIX Security Symposium, Anaheim, CA, August 2023.

MultiView: Finding Blind Spotsin Access-Deny Issues, Bingyu Shen, Tianyi Shan, and Yuanyuan Zhou, Proceedings of the USENIX Security Symposium, Anaheim, CA, August 2023.

Understanding the Viability of Gmail’s Origin Indicator for Identifying the Sender, Enze Liu, Lu Sun, Alex Bellon, Grant Ho, Stefan Savage, Geoffrey M. Voelker, and Imani N. S. Munyaka, Proceedings of the Sympsoium on Useable Privacy and Security, Anaheim, CA, August 2023.

In the Line of Fire: Risks of DPI-triggered Data Collection, Ariana Mirian, Alisha Ukani, Ian Foster, Gautam Akiwate, Taner Halicioglu, Cindy Moore, Alex C. Snoeren, Geoffrey M. Voelker, and Stefan Savage, Proceedings of Workshop on Cyber Security Experimentation and Test (CSET), Marina del Rey, CA, August 2023.

No Privacy Among Spies: Assessing the Functionality and Insecurity of Consumer Android Spyware Apps, Enze Liu, Sumanth Rao, Sam Havron, Grant Ho, Stefan Savage, Geoffrey M. Voelker, and Damon McCoy, Proceedings on Privacy Enhancing Technologies Symposium, Lausanne, Switzerland, July 2023.

Forward Pass: On the Security Implications of Email Forwarding Mechanism and Policy, Enze Liu, Gautam Akiwate, Mattijs Jonker, Ariana Mirian, Grant Ho, Geoffrey M. Voelker, and Stefan Savage, Proceedings of the IEEE European Symposium on Security and Privacy, Delft, The Netherlands, July 2023. (Best paper award).

WaVe: a Verifiably Secure WebAssembly Sandboxing Runtime, Evan Johnson, Evan Laufer, Zijie Zhao, Shravan Narayan, Stefan Savage, Deian Stefan, and Fraser Brown, Proceedings of the IEEE Symposium on Security and Privacy, May 2023. (Distinguished Paper Award).

Half&Half: Demystifying Intel’s Directional Branch Predictors for Fast, Secure Partitioned Execution, Hosein Yavarzadeh, Mohammadkazem Taram, Shravan Narayan, Deian Stefan, and Dean Tullsen, Proceedings of the IEEE Symposium on Security and Privacy, May 2023. (Distinguished Paper Award).

MEGA: Malleable Encryption Goes Awry, Matilda Backendal, Miro Haller, and Kenneth G. Paterson, Proceedings of the IEEE Symposium on Security and Privacy, May 2023. (Distinguished Paper Award).

The Hidden Number Problem with Small Unknown Multipliers: Cryptanalyzing MEGA in Six Queries and Other Applications, Keegan Ryan and Nadia Heninger, Proceedings of PKC 2023, May 2023. (Best Paper Award).

Hardening Signature Schemes via Derive-then-Derandomize: Stronger Security Proofs for EdDSA, Mihir Bellare, Hanna Davis, and Zijing Dai, Proceedings of PKC 2023, May 2023.

Ransomware Attack Associated With Disruptions at Adjacent Emergency Departments in the US, Christian Dameff, Jeffrey Tully, Theodore C. Chan, Edward M. Castillo, Stefan Savage, Patricia Maysent, Thomas M. Hemmen, Brian J. Clay, and Christopher A. Longhurst, JAMA Network Open 6(5):e2312270-e2312270, 2023.

Efficient FHEW Bootstrapping with Small Evaluation Keys, and Applications to Threshold Homomorphic Encryption, Yongwoo Lee, Daniele Micciancio, Andrey Kim, Rakyong Choi, Maxim Deryabin, Jieun Eom, and Donghoon Yoo, Proceedings of Eurocrypt 2023, Lyon, France, April 2023.

Flexible Password-Based Encryption: Securing Cloud Storage and Provably Resisting Partitioning-Oracle Attacks, Mihir Bellare and Laura Shea, The Cryptographers' Track at the RSA Conference 2023, San Francisco, April 2023.

Turn on, Tune in, Listen up: Maximizing Side-Channel Recovery in Time-to-Digital Converters, Colin Drewes, Olivia Weng, Keegan Ryan, Bill Hunter, Christopher McCarty, Ryan Kastner, and Dustin Richmond, Proceedings of the International Symposiuym on Field-Programable Gate Arrays, MOnterey, CA, February 2023.

TagAlong: Free, Wide-Area Data-Muling and Services, Alex Bellon, Alex Yen, and Pat Pannuto, Proceedings of International Workshop on Mobile Computing Systems and Applications (HotMobile), Newport Beach, CA, 2023.

Going Beyond the Limits of SFI: Flexible Hardware-Assisted In-Process Isolation with HFI, Shravan Naryan, Tal Garfinkel, Mohammadkazem Taram, Joey Rudek, Daniel Moghimi, Evan Johnson, Chris Fallin, Anjo Vahldiek-Oberwagner, Michael LeMay, Ravi Sahita, Dean Tullsen, and Deian Stefan, Proceedings of the 28th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), Vancouver, Canada, March 2023. (Distinguished Paper Award).

MSWasm: Soundly Enforcing Memory-Safe Execution of Unsafe Code, Alexandra E. Michael, Anitha Gollamudi, Jay Bosamiya, Evan Johnson, Aidan Denlinger, Craig Disselkoen, Conrad Watt, Bryan Parno, Marco Patrignani, Marco Vassena, and Deian Stefan, Proceedings of the ACM SIGPLAN Symposium on Principles of Programming Languages, Boston, MA, January 2023.

2022

Segue & ColorGuard: Optimizing SFI Performance and Scalability on Modern x86, Shravan Narayan, Tal Garfinkel, Evan Johnson, David Thien, Joey Rudek, Michael LeMay, Anjo Vahldiek-Oberwagner, Dean Tullsen, and Deian Stefan, Proceedings of the Workshop on Programming Languages and Analyusis for Security (PLAS), 2022.

The Challenges of Blockchain-based Naming Systems for Malware Defenders, Audrey Randall, Wes Hardaker, Aaron Schulman, Stefan Savage, and Geoffrey M. Voelker, Proceedings of the APWG Symposium on Electronic Crime Research (eCrime), November 2022. (Best Student Paper).

Retroactive Identification of Targeted DNS Infrastructure Hijacking, Gautam Akiwate, Raffaele Sommese, Mattijs Jonker, Zakir Durumeric, kc Claffy, Geoffrey M. Voelker, and Stefan Savage, Proceedings of the ACM Internet Measurement Conference (IMC), Nice, France, October 2022.

Where .ru? Assessing the Impact of Conflict on Russian Domain Infrastructure, Mattijs Jonker, Gautam Akiwate, Antonia Affinito, kc Claffy, Alessio Botta, Geoffrey M. Voelker, Rolan van Rijswijk-Deij, and Stefan Savage, Proceedings of the ACM Internet Measurement Conference (IMC), Nice, France, October 2022.

Measuring UID Smuggling in the Wild, Audrey Randall, Peter Snyder, Alisha Ukani, Alex C. Snoeren, Geoffrey M. Voelker, Stefan Savage, and Aaron Schulman, Proceedings of the ACM Internet Measurement Conference (IMC), Nice, France, October 2022.

Stop, DROP, and ROA: Effectiveness of Defenses through the lens of DROP, Leo Oliver, Gautam Akiwate, Matthew Luckie, Ben Du, and kc Claffy, Proceedings of the ACM Internet Measurement Conference (IMC), Nice, France, October 2022.

Mind Your MANRS: Measuring the MANRS Ecosystem, Ben Du, Cecilia Testart, Romain Fontugne, Gautam Akiwate, Alex C. Snoeren, and kc Claffy, Proceedings of the ACM Internet Measurement Conference (IMC), Nice, France, October 2022.

EVAX: Towards a Practical, Pro-active & Adaptive Architecture for High Performance & Security, Samira Ajorpaz, Daniel Moghimi, Jamison Collins, Nael Abu-Ghazaleh, Gilles Pokam, and Dean Tullsen, Proceedings of the Annual IEEE/ACM International Symposium on Microarchitecture (MICRO), Chicago, IL, October 2022.

Measuring Security Practices, Louis F. DeKoven, Audrey Randall, Ariana Mirian, Gautam Akiwate, Ansel Blume, Lawrence K. Saul, Aaron Schulman, Geoffrey M. Voelker, and Stefan Savage, Communications of the Association for Computing Machinery 65(9):93-102, September 2022.

Open to a fault: On the passive compromise of TLS keys via transient errors, George Arnold Sullivan, Jackson Sippe, Nadia Heninger, and Eric Wustrow, Proceedings of the USENIX Security Symposium, Boston, MA, August 2022.

Better than Advertised Security for Non-Interactive Threshold Signatures, Mihir Bellare, Elizabeth Crites, Chelsea Komlo, Mary Maller, Stefano Tessaro, and Chenzhi Zhu, Proceedings of Crypto 2022, Santa Barbara, CA, August 2022.

Blocked or Broken? Automatically Detecting When Privacy Interventions Break Websites, Michael Smith, Peter Snyder, Moritz Haller, Ben Livshits, Deian Stefan, and Hamed Haddadi, Proceedings on Privacy Enhancing Technologies Symposium, Sydney, Australia, July 2022.

Domain Name Lifetimes: Baseline and Threats, Antonia Affinito, Raffaele Sommese, Gautam Akiwate, Stefan Savage, KC Claffy, Geoffrey M. Voelker, Alessio Botta, and Mattijs Jonker, Proceedings of Network Traffic Measurement and Analysis Conference (TMA), June 2022.

Efficient Schemes for Committing Authenticated Encryption, Mihir Bellare and Viet Tung Hoang, Proceedings of Eurocrypt 2022, Trondheim, Norway, May 2022.

Evaluating Physical-Layer BLE Location Tracking Attacks on Mobile Devices, Hadi Givehchian, Nishant Bhaskar, Eliana Rodriguez Herrera, Héctor Rodrigo López Soto, Christian Dameff, Dinesh Bharadia, and Aaron Schulman, Proceedings of the IEEE Symposium on Security and Privacy, May 2022.

SoK: Practical Foundations for Software Spectre Defenses, Sunjay Cauligi, Craig Disselkoen, Daniel Moghimi, Gilles Barthe, and Deian Stefan, Proceedings of the IEEE Symposium on Security and Privacy, May 2022.

Quantifying Nations' Exposure to Traffic Observation and Selective Tampering, Alexander Gamero-Garrido, Esteban Carisimo, Shuai Hao, Bradley Huffaker, Alex C. Snoeren, and Alberto Dainottti, Proceedings of the Passive and Active Measurement Conference (PAM), Virtual, March 2022.

Isolation Without Taxation: Near Zero Cost Transitions for WebAssembly and SFI, Matthew Kolosick, Shravan Ravi Narayan, Evan Johnson, Conrad Watt, Michael LeMay, Deepak Garg, Ranjit Jhala, and Deian Stefan, Proceedings of the ACM SIGPLAN Symposium on Principles of Programming Languages, Philadelphia, PA, January 2022.

2021

Automatically Eliminating Speculative Leaks from CryptograpHic Code with Blade, Marco Vassena, Craig Disselkoen, Klaus v. Gleissenthall, Sunjay Cauligi, Rami Gokhan Kici, Ranjit Jhala, Dean Tullsen, and Deian Stefan, Proceedings of the ACM SIGPLAN Symposium on Principles of Programming Languages, Internet, January 2021. (Distinguished paper).

Chain Reductions for Multi-Signatures and the HBMS Scheme, Mihir Bellare and Wei Dai, Proceedings of Asiacrypt 2021, Virtual, December 2021.

Risky BIZness: Risks Derived from Registrar Name Management, Gautam Akiwate, Stefan Savage, Geoffrey M. Voelker, and kc Claffy, Proceedings of the ACM Internet Measurement Conference (IMC), Virtual, November 2021. (IRTF Applied Networking Research Prize).

Who’s Got Your Mail? Characterizing Mail Service Provider Usage, Enze Liu, Gautam Akiwate, Mattijs Jonker, Ariana Mirian, Stefan Savage, and Geoffrey M. Voelker, Proceedings of the ACM Internet Measurement Conference (IMC), Virtual, November 2021.

Home is Where the Hijacking is: Understanding DNS Interception by Residential Routers, Audrey Randall, Enze Liu, Ramakrishna Padmanabhan, Gautam Akiwate, Geoffrey M. Voelker, Stefan Savage, and Aaron Schulman, Proceedings of the ACM Internet Measurement Conference (IMC), Virtual, November 2021.

Solver-Aided Constant-Time Hardware Verification, Klaus von Gleissenthall, Rami Gökhan Kıcı, Deian Stefan, and Ranjit Jhala, Proceedings of the ACM Conference on Computer and Communications Security (CCS), Seoul, Korea, November 2021.

SugarCoat: Programmatically generating privacy-Preserving, Web-compatible resource replacements for content blocking, Michael Smith, Peter Snyder, Ben Livshits, and Deian Stefan, Proceedings of the ACM Conference on Computer and Communications Security (CCS), Seoul, Korea, November 2021.

On Bounded Distance Decoding with Predicate: Breaking the "Lattice Barrier" for the Hidden Number Problem, Martin R Albrecht and Nadia Heninger, Proceedings of Eurocrypt 2021, Zagreb, Croatia, October 2021.

On the Security of Homomorphic Encryption on Approximate Numbers, Baiyu Li and Daniele Micciancio, Proceedings of Eurocrypt 2021, Zagreb, Croatia, October 2021.

Hopper: Modeling and Detecting Lateral Movement, Grant Ho, Mayank Dhiman, Devdatta Akhawe, Vern Paxson, Stefan Savage, Geoffrey M. Voelker, and David Wagner, Proceedings of the USENIX Security Symposium, Vancouver, B.C., Canada, August 2021.

Driving 2FA Adoption at Scale: Optimizing Two-Factor Authentication Notification Design Patterns, Maximillian Golla, Grant Ho, Marika Lohmus, Monica Pulluri, and Elissa M. Redmiles, Proceedings of the USENIX Security Symposium, Vancouver, B.C., Canada, August 2021.

Swivel: Hardening WebAssembly against Spectre, Shravan Narayan, Craig Disselkoen, Daniel Moghimi, Sunjay Cauligi, Evan Johnson, Zhao Gang, Anjo Vahldiek-Oberwagner, Ravi Sahita, Hovav Shacham, Dean Tullsen, and Deian Stefan, Proceedings of the USENIX Security Symposium, Vancouver, B.C., Canada, August 2021.

Jetset: Targeted Firmware Rehosting for Embedded Systems, Evan Johnson, Maxwell Bland, Yifei Zhu, Joshua Mason, Stephen Checkoway, Stefan Savage, and Kirill Levchenko, Proceedings of the USENIX Security Symposium, Vancouver, B.C., Canada, August 2021.

Can Systems Explain Permissions Better? Understanding Users' Misperceptions under Smartphone Runtime Permission Model, Bingyu Shen, Lili Wei, Chengcheng Xiang, Yudong Wu, Mingyao Shen, Yuanyuan Zhou, and Xinxin Jin, Proceedings of the USENIX Security Symposium, Vancouver, B.C., Canada, August 2021.

STORM: Refinement Types for Secure Web Applications, Nico Lehmann, Rose Kunkel, Jordan Brown, Jean Yang, Niki Vazou, Nadia Polikarpova, Deian Stefan, and Ranjit Jhala, Proceedings of the 15th USENIX Symposium on Operating System Design and Implementation (OSDI), Virtual, July 2021.

Scooter & Sidecar: A Domain-Specific Approach to Writing Secure Database Migrations, John Renner, Alex Sanchez-Stern, Fraser Brown, Sorin Lerner, and Deian Stefan, Proceedings of the ACM SIGPLAN Conference onProgramming Language Design and Implementation (PLDI), Virtual, June 2021.

CoResident Evil: Covert Communications in the Cloud with Lambdas, Anil Yelam, Ariana Mirian, Keerthana Ganesan, Shibani Subbareddy, and Stefan Savage, Proceedings of the Web Conference (WWW), Ljubljana, Solvenia, arp 2021.

High-Assurance Cryptography in the Spectre Era, Gilles Barthe, Sunjay Cauligi, Benjamin Gregoire, Adrien Koutsos, Kevin Liao, Tiago Oliveira, Swarn Priya, Tamara Rezk, and Peter Schwabe, Proceedings of the IEEE Symposium on Security and Privacy, San Francisco, CA, May 2021.

Diogenes: Lightweight Scalable RSA Modulus Generation with a Dishonest Majority, Megan Chen, Carmit Hazay, Yuval Ishai, Yuriy Kashnikov, Daniele Micciancio, Tarik Riviere, Abhi Shelat, Muthuramakrishnan Venkitasubramaniam, and Ruihan Wang, Proceedings of the IEEE Symposium on Security and Privacy, San Francisco, CA, May 2021.

Clairvoyance: Inferring Blocklist Use on the Internet, Vector Guo Li, Gautam Akiwate, Kirill Levchenko, Geoffrey M. Voelker, and Stefan Savage, Proceedings of the Passive and Active Measurement Conference (PAM), Brandenburg, Germany, March 2021.

Доверя́й, но проверя́й: SFI safety for native-compiled Wasm, Evan Johnson, David Thien, Yousef Alhessi, Shravan Narayan, Fraser Brown, Sorin Lerner, Tyler McMullen, Stefan Savage, and Deian Stefan, Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2021.

Automatically Eliminating Speculative Leaks from CryptograpHic Code with Blade, Marco Vassena, Craig Disselkoen, Klaus v. Gleissenthall, Sunjay Cauligi, Rami Gokhan Kici, Ranjit Jhala, Dean Tullsen, and Deian Stefan, Proceedings of the ACM SIGPLAN Symposium on Principles of Programming Languages, Internet, January 2021. (Distinguished paper).

2020

Simpler Statistically Sender Private Oblivious Transfer from Ideals of Cyclotomic Integers, Daniele Micciancio and Jessica Sorrell, Proceedings of Asiacrypt 2020, Virtual, December 2020.

Incremental Cryptography Revisited: RPFs, Nonces and Modular Design, Vivek Art, Mihir Bellare, and Louza Khati, Proceedings of Indocrypt, Bangalore, India, December 2020.

The Multi-Base Discrete Logarithm Problem: Tight Reductions and Non-Rewinding Proofs for Schnorr Identification and Signatures Incremental Cryptography Revisited: RPFs, Nonces and Modular Design, Mihir Bellare and Wei Dai, Proceedings of Indocrypt, Bangalore, India, December 2020.

Dual-Mode NIZKs: Possibility and Impossibility Results for Property Transfer, Vivek Art and Mihir Bellare, Proceedings of Indocrypt, Bangalore, India, December 2020.

The Road to Less Trusted Code: Lowering the Barrier to In-Process Sandboxing, Tal Garfinkel, Shravan Narayan, Craig Disselkoen, Hovav Shacham, and Deian Stefan, USENIX ;login: 45(5), December 2020.

Unresolved Issues: Prevalence, Persistence and Perils of Lame Nameservers, Gautam Akiwate, Raffaele Sommese, Mattijs Jonker, Ian Foster, Stefan Savage, Geoffrey M. Voelker, and kc Claffy, Proceedings of the ACM Internet Measurement Conference, Pittsburgh, Pennsylvania (via the Internet), October 2020.

Trufflehunter: Cache Sniffing Rare Domains at Large Public DNS Resolvers, Audrey Randall, Enze Liu, Gautam Akiwate, Ramakrishna Padmanabhan, Stefan Savage, Geoffrey M. Voelker, and Aaron Schulman, Proceedings of the ACM Internet Measurement Conference, Pittsburgh, Pennsylvania (via the Internet), October 2020. (IRTF Applied Networking Research Prize).

Comparing the Difficulty of Factorization and Discrete Logarithm: A 240-Digit Experiment, Fabrice Boudot, Pierrick Gaudry, Aurore Guillevic, Nadia Heninger, Emmanuel Thom´e, and Paul Zimmermann, Proceedings of Crypto 2020, Santa Barbara, CA, August 2020.

Liquid Information Flow Control, Nadia Polikarpova, Deian Stefan, Jean Yang, Shachar Itzhaky, Travis Hance, and Armando Solar-Lezama, Proceedings of International Conference on Functional Programming, August 2020. (Distinguished paper).

TPM-FAIL: TPM meets Timing and Lattice Attacks, Daniel Moghimi, Berk Sunar, Thomas Eisenbarth, and Nadia Heninger, Proceedings of the USENIX Security Symposium, August 2020.

CopyCat: Controlled Instruction-Level Attacks on Enclaves, Daniel Moghimi, Jo Van Bulck, Nadia Heninger, Frank Piessens, and Berk Sunar, Proceedings of the USENIX Security Symposium, August 2020.

Sys: a Static/Symbolic Tool for Finding Good Bugs in Good (Browser) Code, Fraser Brown, Deian Stefan, and Dawson Engler, Proceedings of the USENIX Security Symposium, August 2020.

Retrofitting Fine Grain Isolation in the Firefox Renderer, Shravan Narayan, Craig Disselkoen, Tal Garfinkel, Nathan Froyd, Eric Rahm, Sorin Lerner, Hovav Shacham, and Deian Stefan, Proceedings of the USENIX Security Symposium, August 2020. (Distinguished paper and first place at CSAW 2020.).

Exploring Connections Between Active Learning and Model Extraction, Varun Chandrasekaran, Kamalika Chaudhuri, Irene Giacomelli, Somesh Jha, and Songbai Yan, Proceedings of the USENIX Security Symposium, August 2020.

Reimagining Secret Sharing: Creating a Safer and More Versatile Primitive by Adding Authenticity, Correcting Errors, and Reducing Randomness Requirements, Mihir Bellare, Wei Dai, and Phillip Rogoway, Privacy Enhancing Technologies Symposium, Virtual, July 2020.

Towards a verified range analysis for JavaScript JITs, Fraser Brown, John Renner, Andres Nöetzli, Sorin Lerner, Hovav Shacham, and Deian Stefan, Proceedings of the ACM SIGPLAN Conference onProgramming Language Design and Implementation (PLDI), June 2020.

Constant-time foundations for the new Spectre era, Sunjay Cauligi, Craig Disselkoen, Klaus von Gleissenthall, Dean Tullsen, Deian Stefan, Tamara Rezk, and Gilles Barthe, Proceedings of the ACM SIGPLAN Conference onProgramming Language Design and Implementation (PLDI), June 2020. (Intel HSAA finalist.).

Understanding Memory and Thread Safety Practices and Issues in Real-World Rust Programs, Boqin Qin, Yilun Chen, Zeming Yu, Linhai Song, and Yiying Zhang, Proceedings of the ACM SIGPLAN Conference onProgramming Language Design and Implementation (PLDI), June 2020. (The first two authors contributed equally.).

Properties of constacyclic codes under the Schur product, Brett Hemenway Falk, Nadia Heninger, and Michael Rudow, Designs, Codes, and Cryptography 88(6), June 2020.

Improved Discrete Gaussian and Subgaussian Analysis for Lattice Cryptography, Nicholas Genise, Daniele Micciancio, Chris Peikert, and Michael Walter, Proceedings of PKC 2020, June 2020.

Pseudorandom Black Swans: Cache Attacks on CTRDRBG, Shaanan Cohney, Andrew Kwong, Shahar Paz, Daniel Genkin, Nadia Heninger, Eyal Ronen, and Yuval Yarom, Proceedings of the IEEE Symposium on Security and Privacy, May 2020.

Packet Chasing: Spying on Network Packets over a Cache Side-Channel, Mohammadkazem Taram, Ashish Venkat, and Dean M. Tullsen, Proceedings of ACM/IEEE Annual International Symposium on Computer Architecture, ISCA 2020, May 2020.

Separate Your Domains: NIST PQC KEMs, Oracle Cloning and Read-Only Indifferentiability, Mihir Bellare, Hannah Davis, and Felix Günther, Proceedings of Eurocrypt 2020, Virtual, May 2020.

Security Under Message-Derived Keys: Signcryption in iMessage, Mihir Bellare and Igors Stepanovs, Proceedings of Eurocrypt 2020, Virtual, May 2020.

Shredder: Learning Noise Distributions to Protect Inference Privacy, Fatemehsadat Mireshghallah, Mohammadkazem Taram, Prakash Ramrakhyani, Ali Jalali, Dean M. Tullsen, and Hadi Esmaeilzadeh, Proceedings of Architectural Support for Programming Languages and Operating Systems (ASPLOS) 2020, April 2020.

Dark Matter: Uncovering the DarkComet RAT Ecosystem, Brown Farinholt, Mohammad Rezaeirad, Damon McCoy, and Kirill Levchenko, Proceedings of The Web Conference (WWW), Taipei, Taiwan, April 2020.

2019

Imperfect forward secrecy: how Diffie-Hellman fails in practice, David Adrian, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry, Matthew Green, J. Alex Halderman, Nadia Heninger, Drew Springall, Emmanuel Thom´e, Luke Valenta, Benjamin VanderSloot, Eric Wustrow, Santiago Zanella B´eguelin, and Paul Zimmermann, Communications of the Association for Computing Machinery 62(1):106-114, May 2019.

The Local Forking Lemma and Its Application to Deterministic Encryption, Mihir Bellare, Wei Dai, and Lucy Li, Proceedings of ASIACRYPT 2019, December 2019.

Homomorphic Encryption for Finite Automata, Nicholas Genise, Craig Gentry, Shai Halevi, Baiyu Li, and Daniele Micciancio, Proceedings of ASIACRYPT 2019, 2019.

Hack for Hire, Ariana Mirian, Communications of the Association for Computing Machinery 62(12):32-37, December 2019.

Hardware-Backed Heist: Extracting ECDSA Keys from Qualcomm's TrustZone, Keegan Ryan, Proceedings of the ACM Conference on Computer and Communications Security (CCS), London, UK, November 2019.

Towards Continuous Access Control Validation and Forensics, Chengcheng Xiang, Yudong Wu, Bingyu Shen, Mingyao Shen, Haochen Huang, Tianyin Xu, Yuanyuan Zhou, Cindy Moore, Xinxin Jin, and Tianwei Sheng, Proceedings of the ACM Conference on Computer and Communications Security (CCS), London, UK, November 2019.

VeriSketch: Synthesizing Secure Hardware Designs with Timing-Sensitive Information Flow Properties, Armaiti Ardeshiricham, Yoshiki Takashima, Sicun Gao, and Ryan Kastner, Proceedings of the ACM Conference on Computer and Communications Security (CCS), London, UK, November 2019.

Network Hygiene, Incentives, and Regulation: Deployment of Source Address Validation in the Internet, Matthew J. Luckie, Robert Beverly, Ryan Koga, Ken Keys, Joshua A. Kroll, and kc claffy, Proceedings of the ACM Conference on Computer and Communications Security (CCS), London, UK, November 2019.

Hack for Hire: Investigating the Black Market of Retail Email Account Hacking Services, Ariana Mirian, ACM Queue: Tomorrow's Computing Today 17(4), October 2019.

Measuring Security Practices and How They Impact Security, Louis F. DeKoven, Audrey Randall, Ariana Mirian, Gautam Akiwate, Ansel Blume, Lawrence K. Saul, Aaron Schulman, Geoffrey M. Voelker, and Stefan Savage, Proceedings of the ACM Internet Measurement Conference, Amsterdam, Netherlands, October 2019.

Nonces Are Noticed: AEAD Revisited, Mihir Bellare, Ruth Ng, and Björn Tackmann, Proceedings of Crypto 2019, Santa Barbara, CA, August 2019.

Triton: A Software-Reconfigurable Federated Avionics Testbed, Sam Crow, Brown Farinholt, Brian Johannesmeyer, Karl Koscher, Stephen Checkoway, Stefan Savage, Aaron Schulman, Alex C. Snoeren, and Kirill Levchenko, Proceedings of Workshop on Cyber Security Experimentation and Test (CSET), Santa Clara, CA, August 2019.

Detecting and Characterizing Lateral Phishing at Scale, Grant Ho, Asaf Cidon, Lior Gavish, Marco Schweighauser, Vern Paxson, Stefan Savage, Geoffrey M. Voelker, and David Wagner, Proceedings of the USENIX Security Symposium, Santa Clara, CA, August 2019. (Distinguished paper).

Reading the Tea Leaves: A Comparative Analysis of Threat Intelligence, Vector Guo Li, Matthew Dunn, Paul Pearce, Damon McCoy, Geoffrey M. Voelker, Stefan Savage, and Kirill Levchenko, Proceedings of the USENIX Security Symposium, Santa Clara, CA, August 2019.

IODINE: Verifying Constant-Time Execution of Hardware, Klaus von Gleissenthall, Rami Gokhan Kici, Deian Stefan, and Ranjit Jhala, Proceedings of the USENIX Security Symposium, Santa Clara, CA, August 2019.

"Please Pay Inside": Evaluating Bluetooth-based Detection of Gas Pump Skimmers, Nishant Bhaskar, Maxwell Bland, Kirill Levchenko, and Aaron Schulman, Proceedings of the USENIX Security Symposium, Santa Clara, CA, August 2019.

FaCT: A DSL for timing-sensitive computation, Sunjay Cauligi, Gary Soeller, Brian Johannesmeyer, Fraser Brown, Riad S. Wahby, John Renner, Benjamin Gregoire, Gilles Barthe, Ranjit Jhala, and Deian Stefan, Proceedings of the ACM SIGPLAN Conference onProgramming Language Design and Implementation (PLDI), Phoenix, Arizona, US, June 2019.

Position Paper: Bringing Memory Safety to WebAssembly, Craig Disselkoen, John Renner, Conrad Watt, Tal Garfinkel, Amit Levy, and Deian Stefan, Proceedings of the Hardware and Architectural Support for Security and Privacy (HASP), June 2019.

Hack for Hire: Exploring the Emerging Market for Account Hijacking, Ariana Mirian, Joe DeBlasio, Stefan Savage, Geoffrey M. Voelker, and Kurt Thomas, Proceedings of the Web Conference (WWW), San Francisco, CA, May 2019.

Code That Never Ran: Modeling Attacks on Speculative Evaluation, Craig Disselkoen, Radha Jagadeesan, Alan Jeffrey, and James Riely, Proceedings of the IEEE Symposium on Security and Privacy, May 2019.

Context-Sensitive Decoding: On-Demand Microcode Customization for Security and Energy Management, Mohammadkazem Taram, Ashish Venkat, and Dean M. Tullsen, IEEE Micro 39(3):75-83, May 2019.

Symbolic Encryption with Pseudorandom Keys, Daniele Micciancio, Proceedings of Eurocrypt 2019, Darmstadt, Germany, May 2019.

Building an efficient lattice gadget toolkit: Subgaussian sampling and more, Nicholas Genise, Daniele Micciancio, and Yuriy Polyakov, Proceedings of Eurocrypt 2019, Darmstadt, Germany, May 2019.

Foundations for parallel information flow control runtime systems, Marco Vassena, Gary Soeller, Peter Amidon, Matthew Chan, John Renner, and Deian Stefan, Proceedings of the Conference on Principles of Security and Trust (POST), April 2019.

Context-Sensitive Fencing: Securing Speculative Execution via Microcode Customization, Mohammadkazem Taram, Ashish Venkat, and Dean M. Tullsen, Proceedings of the International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2019, April 2019.

Towards verified programming of embedded devices, Jean-Pierre Talpin, Jean-Joseph Marty, Shravan Narayan, Deian Stefan, and Rajesh Gupta, Proceedings of Design, Automation amp; Test in Europe Conference amp; Exhibition, March 2019.

Short Paper: The Proof is in the Pudding - Proofs of Work for Solving Discrete Logarithms, Marcella Hastings, Nadia Heninger, and Eric Wustrow, Proceedings of FC 2019, February 2019.

Biased Nonce Sense: Lattice Attacks Against Weak ECDSA Signatures in Cryptocurrencies, Joachim Breitner and Nadia Heninger, Proceedings of FC 2019, February 2019.

CT-Wasm: Type-Driven Secure Cryptography for the Web Ecosystem, Conrad Watt, John Renner, Natalie Popescu, Sunjay Cauligi, and Deian Stefan, Proceedings of the ACM SIGPLAN Symposium on Principles of Programming Languages, Cascais, Portugal, January 2019.

From Fine- to Coarse-grained Dynamic Information Flow Control and Back, Marco Vassena, Alejandro Russo, Deepak Garg, Vineet Rajani, and Deian Stefan, Proceedings of the ACM SIGPLAN Symposium on Principles of Programming Languages, Cascais, Portugal, January 2019. (Distinguished paper).

Pretend Synchrony: Synchronous Verification of Asynchronous Distributed Programs, Klaus von Gleissenthall, Rami Gokhan Kici, Alexander Bakst, Deian Stefan, and Ranjit Jhala, Proceedings of the ACM SIGPLAN Symposium on Principles of Programming Languages, Cascais, Portugal, January 2019.

Interactive proofs for lattice problems, Daniele Micciancio, In Providing Sound Foundations for Cryptography: On the Work of Shafi Goldwasser and Silvio Micali. Oded Goldreich, editor. ACM, 2019.

2018

Where did I leave my keys?: lessons from the Juniper Dual EC incident, Stephen Checkoway, Jacob Maskiewicz, Christina Garman, Joshua Fried, Shaanan Cohney, Matthew Green, Nadia Heninger, Ralf-Philipp Weinmann, Eric Rescorla, and Hovav Shacham, Communications of the Association for Computing Machinery 61(11), May 2018.

The Fiat-Shamir Zoo: Relating the Security of Different Signature Variants, Matilda Backendal, Mihir Bellare, Jessica Sorrell, and Jiahao Sun, Proceedings of the Secure IT Systems - 23rd Nordic Conference, NordSec 2018, November 2018.

On the Hardness of Learning With Errors with Binary Secrets, Daniele Micciancio, Theory Comput. 14(1):1-17, November 2018.

An Empirical Analysis of the Commercial VPN Ecosystem, Mohammad Taha Khan, Joe DeBlasio, Chris Kanich, Geoffrey M. Voelker, Alex C. Snoeren, and Narseo Vallina-Rodriguez, Proceedings of the ACM Internet Measurement Conference, Boston, MA, October 2018.

Following Their Footsteps: Characterizing Account Automation Abuse and Defenses, Louis F. DeKoven, Trevor Pottinger, Stefan Savage, Geoffrey M. Voelker, and Nektarios Leontiadis, Proceedings of the ACM Internet Measurement Conference, Boston, MA, October 2018.

Lawful Device Access without Mass Surveillance Risk: A Technical Design Discussion, Stefan Savage, Proceedings of the ACM Conference on Computer and Communications Security (CCS), Toronto, Canada, October 2018.

Practical State Recovery Attacks against Legacy RNG Implementations, Shaanan N. Cohney, Matthew D. Green, and Nadia Heninger, Proceedings of the ACM Conference on Computer and Communications Security (CCS), Toronto, Canada, October 2018.

Towards Verified, Constant-time Floating Point Operations, Marc Andrysco, Andres Nöetzli, Fraser Brown, Ranjit Jhala, and Deian Stefan, Proceedings of the ACM Conference on Computer and Communications Security (CCS), Toronto, Canada, October 2018.

Browser history re:visited, Michael Smith, Craig Disselkoen, Shravan Narayan, Fraser Brown, and Deian Stefan, Proceedings of the USENIX Workshop On Offensive Technologies (WOOT), San Francisco, CA, August 2018.

Schrodinger's RAT: Profiling the Stakeholders in the Remote Access Trojan Ecosystem, Mohammad Rezaeirad, Brown Farinholt, Paul Pearce, Kirill Levchenko, and Damon McCoy, Proceedings of the USENIX Security Symposium, Baltimore, MD, August 2018.

Optimal Channel Security Against Fine-Grained State Compromise: The Safety of Messaging, Joseph Jaeger and Igor Stephanovs, Proceedings of Crypto 2018, Santa Barbara, CA, August 2018.

Asymptotically Efficient Lattice-Based Digital Signatures, Vadim Lyubashevsky and Daniele Micciancio, J. Cryptology 31(3):774-797, July 2018.

Ring packing and amortized FHEW bootstrapping, Daniele Miccianco and Jessica Sorrell, Proceedings of the International Colloquium on Automata, Languages and Programming (ICALP), Lisboa, Portugal, July 2018.

Symbolic security of garbled circuits, Baiyu Li and Daniele Micciancio, IEEE Computer Security Foundations Symposium, July 2018.

Characterizing overstretched NTRU attacks, Gabrielle De Micheli, Nadia Heninger, and Barak Shani, Journal of Mathematical Cryptology 2018:110-119, June 2018.

On the bit security of cryptographic primitives, Daniele Micciancio and Michael Walter, Proceedings of Eurocrypt 2018, Tel Aviv, May 2018.

Faster Gaussian sampling for trapdoor lattices with arbitrary modulus, Nicholas Genise and Daniele Micciancio, Proceedings of Eurocrypt 2018, Tel Aviv, May 2018.

Tracking Ransomware End-to-end, Danny Yuxing Huang, Maxwell Matthaios Aliapoulios, Vector Guo Li, Luca Invernizzi, Elie Bursztein, Kylie McRoberts, Jonathan Levin, Kirill Levchenko, Alex C. Snoeren, and Damon McCoy, Proceedings of the IEEE Symposium on Security and Privacy, San Francisco, CA, May 2018.

Robust Encryption, Michel Abdalla, Mihir Bellare, and Gregory Neven, Journal of Cryptology 31(2):307-350, April 2018.

In Search of CurveSwap: Measuring Elliptic Curve Implementations in the Wild, Luke Valenta, Nick Sullivan, Antonio Sanso, and Nadia Heninger, IEEE European Symposium on Security and Privacy, April 2018.

Public-Key Encryption Resistant to Parameter Subversion and Its Realization from Efficiently-Embeddable Groups, Benedikt Auerbach, Mihir Bellare, and Eike Kiltz, Proceedings of PKC 2018, March 2018.

Equational security proofs of oblivious transfer protocols, Baiyu Li and Daniele Micciancio, Proceedings of PKC 2018, March 2018.

Public-key encryption resistant to parameter subversion and its realization from efficiently-embeddable groups, Benedikt Auerbach, Mihir Bellare, and Eike Kiltz, Proceedings of PKC 2018, March 2018.

Estimating Profitability of Alternative Cryptocurrencies, Danny Yuxing Huang, Kirill Levchenko, and Alex C. Snoeren, Proceedings of the International Conference on Financial Cryptography and Data Security (FC), Nieuwpoort, Curacao, February 2018.

2017

Forward-security under continual leakage, Bellare Mihir, Adam O’Neill, and Igors Stepanovs, Proceedings of Cryptology and Network Security, November 2017.

Quantifying the Pressure of Legal Risks on Third-party Vulnerability Research, Alex Gamero-Garrido, Stefan Savage, Kirill Levchenko, and Alex C. Snoeren, Proceedings of the ACM Conference on Computer and Communications Security (CCS), Dallas, Texas, November 2017.

Better Than Advertised: Improved Security Guarantees for MD-Based Hash Functions, Mihir Bellare, Joseph Jaeger, and Julia Len, Proceedings of the ACM Conference on Computer and Communications Security (CCS), Dallas, Texas, November 2017.

Defending Against Key Exfiltration: Efficiency Improvements for BIG-Key Cryptography via Large-Alphabet Subkey Prediction, Mihir Bellare and Wei Dai, Proceedings of the ACM Conference on Computer and Communications Security (CCS), Dallas, Texas, November 2017.

Identity-Based Format-Preserving Encryption, Mihir Bellare and Viet Tung Hoang, Proceedings of the ACM Conference on Computer and Communications Security (CCS), Dallas, Texas, November 2017.

Tripwire: Inferring Internet Site Compromise, Joe DeBlasio, Stefan Savage, Geoffrey M. Voelker, and Alex C. Snoeren, Proceedings of the ACM Internet Measurement Conference, London, UK, November 2017.

Exploring the Dynamics of Search Advertiser Fraud, Joe DeBlasio, Saikat Guha, Geoffrey M. Voelker, and Alex C. Snoeren, Proceedings of the ACM Internet Measurement Conference, London, UK, November 2017.

FaCT: A Flexible, Constant-Time Programming Language, Sunjay Cauligi, Gary Soeller, Fraser Brown, Brian Johannesmeyer, Yunlu Huang, Ranjit Jhala, and Deian Stefan, Secure Development Conference (SecDev), September 2017.

Sliding right into disaster: Left-to-right sliding windows leak, Daniel J Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal, and Yuval Yarom, Proceedings of CHES 2017, Taipei Taiwan, September 2017.

Backpage and Bitcoin: Uncovering Human Traffickers, Rebecca S. Portnoff, Danny Yuxing Huang, Periwinkle Doerfler, Sadia Afroz, and Damon McCoy, Proceedings of the ACM SIGKDD Conference, Halifax, Nova Scotia, August 2017.

Ratcheted encryption and key exchange: The security of messaging, Mihir Bellare, Asha Camper Singh, Joseph Jaeger, Maya Nyayapati, and Igors Stepanovs, Proceedings of Crypto 2017, Santa Barbara, CA, August 2017.

Gaussian Sampling over the Integers: Efficient, Generic, Constant-Time, Daniele Micciancio and Michael Walter, Proceedings of Crypto 2017, Santa Barbara, CA, August 2017.

Prime+Abort: A Timer-Free High-Precision L3 Cache Attack using Intel TSX, Craig Disselkoen, David Kohlbrenner, Leo Porter, and Dean Tullsen, Proceedings of the USENIX Security Symposium, Vancouver, BC, Canada, August 2017.

On the Effectiveness of Mitigations against Floating-Point Timing Channels, David Kohlbrenner and Hovav Shacham, Proceedings of the USENIX Security Symposium, Vancouver, BC, Canada, August 2017.

Dead Store Elimination (Still) Considered Harmful, Zhaomo Yang, Brian Johannesmeyer, Anders Trier Olesen, Sorin Lerner, and Kirill Levchenko, Proceedings of the USENIX Security Symposium, Vancouver, BC, Canada, August 2017.

Malicious Browser Extensions at Scale: Bridging the Observability Gap between Web Site and Browser, Louis F. DeKoven, Stefan Savage, Goeffrey M. Voelker, and Nektarios Lentiadis, Proceedings of Workshop on Cyber Security Experimentation and Test (CSET), August 2017.

Post-quantum RSA, Daniel J Bernstein, Nadia Heninger, Paul Lou, and Luke Valenta, International Workshop on Post-Quantum Cryptography, June 2017.

Hails: Protecting data privacy in untrusted web applications, Daniel B. Giffin, Amit Levy, Deian Stefan, David Terei, David Mazi`eres, John C. Mitchell, and Alejandro Russo, Journal Computer Security 25(4-5):427-461, June 2017.

How They Did It: An Analysis of Emission Defeat Devices in Modern Automobiles, Mortiz Contag, Guo Li, Andre Pawlowski, Felix Domke, Stefan Savage, Kirill Levchenko, and Thorsten Holz, Proceedings of the IEEE Symposium on Security and Privacy, San Jose, CA, May 2017.

To Catch a Ratter: Monitoring the Behavior of Amateur DarkComet RAT Operators in the Wild, Brown Farinholt, Mohammad Rezaeirad, Paul Pearce, Hitesh Dharamdasani, Haikuo Yin, Stevens LeBlond, Damon McCoy, and Kirill Levchenko, Proceedings of the IEEE Symposium on Security and Privacy, San Jose, CA, May 2017.

Finding and Preventing Bugs in JavaScript Bindings, Fraser Brown, Shravan Narayan, Riad S. Wahby, Dawson Engler, Ranjit Jhala, and Deian Stefan, Proceedings of the IEEE Symposium on Security and Privacy, San Jose, CA, May 2017.

How Do System Administrators Resolve Access-Denied Issues in the Real World?, Tianyin Xu, Han Min Naing, Le Lu, and Yuanyuan Zhou, Proceedings of the 35th Annual CHI Conference on Human Factors in Computing Systems (CHI'17), Denver, CO, USA, May 2017.

A kilobit hidden SNFS discrete logarithm computation, Joshua Fried, Pierrick Gaudry, Nadia Heninger, and Emmanuel Thomé, Proceedings of Eurocrypt 2017, Vienna, May 2017.

Pinning Down Abuse on Google Maps, Danny Yuxing Huang, Doug Grundman, Kurt Thomas, Elie Bursztein, Abhishek Kumar, Kirill Levchenko, and Alex C. Snoeren, Proceedings of the International World Wide Web Conference (WWW), Perth, Australia, April 2017.

Automated Analysis of Cybercriminal Markets, Rebecca S Portnoff, Sadia Afroz, Greg Durrett, Jonathan K Kummerfeld, Taylor Berg-Kirkpatrick, Damon McCoy, Kirill Levchenko, and Vern Paxson, Proceedings of the International World Wide Web Conference (WWW), Perth, Australia, April 2017.

Measuring small subgroup attacks against Diffie-Hellman, Luke Valenta, David Adrian, Antonio Sanso, Shaanan Cohney, Joshua Fried, Marcella Hastings, J Alex Halderman, and Nadia Heninger, Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2017.

A Call to ARMs: Understanding the Costs and Benefits of JIT Spraying Mitigations, Wilson Lian, Hovav Shacham, and Stefan Savage, Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2017.

Flexible Dynamic Information Flow Control in the Presence of Exceptions, Deian Stefan, Alejandro Russo, David Mazières, and John C. Mitchell, Journal of Functional Programming 27, January 2017.

2016

NIZKs with an Untrusted CRS: Security in the Face of Parameter Subversion, Mihir Bellare, Georg Fuchsbauer, and Alessandra Scafuro, Proceedings of Asiacrypt 2016, Hanoi, Vietnam, December 2016.

From Identification to Signatures, Tightly: A Framework and Generic Transforms, Mihir Bellare, Bertram Poettering, and Douglas Stebila, Proceedings of Asiacrypt 2016, Hanoi, Vietnam, December 2016.

Simultaneous Secrecy and Reliability Amplification for a General Channel Model, Russell Impagliazzo, Ragesh Jaiswal, Valentine Kabanets, Bruce M. Kapron, Valerie King, and Stefano Tessaro, Proceedings of TCC 2016-B, Beijing, October 2016.

Compactness vs Collusion Resistance in Functional Encryption, Baiyu Li and Daniele Micciancio, Proceedings of TCC 2016-B, Beijing, October 2016.

Message-Recovery Attacks on Feistel-Based Format Preserving Encryption, Mihir Bellare, Viet Tung Hoang, and Stefano Tessaro, Proceedings of the ACM Conference on Computer and Communications Security (CCS), Vienna, October 2016.

Superhacks: Exploring and Preventing Vulnerabilities in Browser Binding Code, Fraser Brown, Proceedings of the Workshop on Programming Languages and Analysis for Security (PLAS), Vienna, October 2016.

A Systematic Analysis of the Juniper Dual EC Incident, Stephen Checkoway, Jake Maskiewicz, Christina Garman, Josh Fried, Shaanan Cohney, Matthew Green, Nadia Heninger, Ralf-Philipp Weinmann, Eric Rescorla, and Hovav Shacham, Proceedings of the ACM Conference on Computer and Communications Security (CCS), Vienna, October 2016. (Best paper award and IRTF Applied Networking Research Prize).

The Multi-User Security of Authenticated Encryption: AES-GCM in TLS 1.3, Mihir Bellare and Björn Tackmann, Proceedings of Crypto 2016, Santa Barbara, CA, August 2016.

Resisting Key Exfiltration: Big-Key Symmetric Encryption, Mihir Bellare, Daniel Kane, and Phillip Rogaway, Proceedings of Crypto 2016, Santa Barbara, CA, August 2016.

You’ve Got Vulnerability: Exploring Effective Vulnerability Notifications, Frank Li, Zakir Durumeric, Jakub Czyz, Damon McCoy, Stefan Savage, Michael Bailey, and Vern Paxson, Proceedings of the USENIX Security Symposium, Austin, TX, August 2016.

On the (In)effectiveness of Mosaicing and Blurring as Tools for Document Redaction, Steven Hill, Zhimin Zhou, Lawrence Saul, and Hovav Shacham, Privacy Enhancing Technologies Symposium, Darmstadt, Germany, July 2016.

Automobile Driver Fingerprinting, Miro Enev, Alex Takakuwa, Karl Koscher, and Tadayoshi Kohno, Privacy Enhancing Technologies Symposium, Darmstadt, Germany, July 2016.

Creating Cryptographic Challenges Using Multi-Party Computation: The LWE Challenge, Johannes Buchmann, Niklas Büscher, Florian Goepfert, Stefan Katzenbeisser, Juliane Krämer, Daniele Micciancio, Sander Siim, Christine van Vredendaal, and Michael Walter, The 3rd ACM ASIA Public-Key Cryptography Workshop (AsiaPKC 2016), Xi'an, China, May 2016.

New Negative Results on Differing-Inputs Obfuscation, Mihir Bellare, Igors Stepanovs, and Brent Waters, Proceedings of Eurocrypt 2016, Vienna, May 2016.

Nonce-Based Cryptography: Retaining Security when Randomness Fails, Mihir Bellare and Björn Tackmann, Proceedings of Eurocrypt 2016, Vienna, May 2016.

Honey Encryption beyond Message Recovery Security, Joseph Jaeger, Thomas Ristenpart, and Qiang Tang, Proceedings of Eurocrypt 2016, Vienna, May 2016.

Hash-Function based PRFs: AMAC and its Multi-User Security, Mihir Bellare, Daniel J. Bernstein, and Stefano Tessaro, Proceedings of Eurocrypt 2016, Vienna, May 2016.

Practical, Predictable Lattice Basis Reduction, Daniele Micciancio and Michael Walter, Proceedings of Eurocrypt 2016, Vienna, May 2016.

A Fistful of Bitcoins: Characterizing Payments Among Men with No Names, Sarah Meiklejohn, Marjori Pomarole, Grant Jordan, Kirill Levchenko, Damon McCoy, Geoffrey M. Voelker, and Stefan Savage, Communications of the Association for Computing Machinery 59(4):86-93, April 2016.

HIPStR---Heterogeneous-ISA Program State Relocation, Ashish Venkat, Sriskanda Shamasunder, Dean Tullsen, and Hovav Shacham, Proceedings of the 21th ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), Atlanta, GA, April 2016.

Quantifying Hardware Security Using Joint Information Flow Analysis, Ryan Kastner, Wei Hu, and Alric Althoff, Proceedings of the Conference on Design, Automation, and Test in Europe (DATE), Dresden, Germany, March 2016.

Stressing Out: Bitcoin "Stress Testing", Khaled Baqer, Danny Yuxing Huang, Nicholas Weaver, and Damon McCoy, BITCOIN '16: The Third Workshop on Bitcoin and Blockchain Research, Christ Church, Barbados, February 2016.

Protecting C++ Dynamic Dispatch Through VTable Interleaving, Dimitar Bounov, Rami Gokhan Kici, and Sorin Lerner, Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2016.

Contention in Cryptoland: Obfuscation, Leakage and UCE, Mihir Bellare, Igors Stepanovs, and Stefano Tessaro, Proceedings of TCC 2016-A, Tel Aviv, January 2016.

Non-Malleable Encryption: Simpler, Shorter, Stronger, Sandro Coretti, Yevgeniy Dodis, Björn Tackmann, and Daniele Venturi, Proceedings of TCC 2016-A, Tel Aviv, January 2016.

Point-Function Obfuscation: A Framework and Generic Constructions, Mihir Bellare and Igors Stepanovs, Proceedings of TCC 2016-A, Tel Aviv, January 2016.

2015

Exploring Controller Area Networks, Ian Foster and Karl Koscher, USENIX ;login: 40(6), December 2015.

Robust Authenticated Encryption and the Limits of Symmetric Cryptography, Christian Badertscher, Christian Matt, Ueli Maurer, Phillip Rogaway, and Björn Tackmann, Proceedings of the 15th IMA International Conference on Cryptography and Coding, Oxford, December 2015.

(De-)Constructing TLS 1.3, Markulf Kohlweiss, Ueli Maurer, Cristina Onete, Björn Tackmann, and Daniele Venturi, Proceedings of Indocrypt 2015, Bangalore, India, December 2015.

Augmented Secure Channels and the Goal of the TLS 1.3 Record Layer, Christian Badertscher, Christian Matt, Ueli Maurer, Phillip Rogaway, and Björn Tackmann, Proceedings of the 9th International Conference on Provable Security (ProvSec), Kanazawa, Japan, November 2015.

Quantifying Timing-Based Information Flow in Cryptographic Hardware, Baolei Mao, Wei Hu, Alric Althoff, Janarbek Matai, Jason Oberg, Dejun Mu, Timothy Sherwood, and Ryan Kastner, Proceedings of the 2015 International Conference on Computer Aided Design (ICCAD), Austin, TX, November 2015.

Security by Any Other Name: On the Effectiveness of Provider Based Email Security, Ian Foster, Jon Larson, Max Masich, Alex C. Snoeren, Stefan Savage, and Kirill Levchenko, Proceedings of the ACM Conference on Computer and Communications Security (CCS), Denver, Colorado, October 2015.

Mass-surveillance without the State: Strongly Undetectable Algorithm-Substitution Attacks, Mihir Bellare, Joseph Jaeger, and Daniel Kane, Proceedings of the ACM Conference on Computer and Communications Security (CCS), Denver, Colorado, October 2015.

Affiliate Crookies: Characterizing Affiliate Marketing Abuse, Neha Chachra, Stefan Savage, and Geoffrey M. Voelker, Proceedings of the ACM Internet Measurement Conference, Tokyo, Japan, October 2015.

An End-to-End Measurement of Certificate Revocation in the Web's PKI, Yabing Liu, Will Tome, Liang Zhang, David Choffnes, Dave Levin, Bruce Maggs, Alan Mislove, Aaron Schulman, and Christo Wilson, Proceedings of the ACM Internet Measurement Conference, Tokyo, Japan, October 2015.

Fair Distributed Computation of Reactive Functions, Juan A. Garay, Björn Tackmann, and Vassilis Zikas, Proceedings of the 29th International Symposium on Distributed Computing (DISC), Tokyo, October 2015.

PowerSpy: Location Tracking using Mobile Device Power Analysis, Yan Michalevsky, Gabi Nakibly Aaron Schulman and Dan Boneh, Proceedings of the USENIX Security Symposium, Washington, D.C., August 2015.

Fast and Vulnerable: A Story of Telematic Failures, Ian Foster, Andrew Prudhomme, Karl Koscher, and Stefan Savage, Proceedings of the USENIX Workshop On Offensive Technologies (WOOT), Washington D.C., August 2015.

SURROGATES: Enabling Near-Real-Time Dynamic Analyses of Embedded Systems, Karl Koscher, Tadayoshi Kohno, and David Molnar, Proceedings of the USENIX Workshop On Offensive Technologies (WOOT), Washington D.C., August 2015.

How Fair is Your Protocol? A Utility-based Approach to Protocol Optimality, Juan A. Garay, Jonathan Katz, Björn Tackmann, and Vassilis Zikas, 34th Annual ACM Symposium on Principles of Distributed Computing (PODC 2015), Donostia-San Sebastián, Spain, July 2015.

Framing Dependencies Introduced by Underground Commoditization, Kurt Thomas, Danny Yuxing Huang, David Wang, Elie Bursztein, Chris Grier, Tom Holt, Christopher Kruegel, Damon McCoy, Stefan Savage, and Giovanni Vigna, Proceedings of the Workshop on the Economics of Information Security (WEIS), Delft, The Netherlands, June 2015.

On Subnormal Floating Point and Abnormal Timing, Marc Andrysco, David Kohlbrenner, Keaton Mowery, Ranjit Jhala, Sorin Lerner, and Hovav Shacham, Proceedings of the IEEE Symposium on Security and Privacy, San Jose, CA, May 2015.

Lattice Point Enumeration on Block Reduced Bases, Michael Walter, Proceedings of the 8th International Conference on Information-Theoretic Security (ICITS), Lugano, Switzerland, May 2015.

Query-Complexity Amplification for Random Oracles, Grégory Demay, Peter Gazi, Ueli Maurer, and Björn Tackmann, Proceedings of the 8th International Conference on Information-Theoretic Security (ICITS), Lugano, Switzerland, May 2015.

Analyis of a ``/0'' Stealth Scan from a Botnet, Alberto Dainotti, Alistair King, Kimberly Claffy, Ferdinando Papale, and Antonio Pescapè, IEEE/ACM Transactions on Networking 23(2), April 2015.

FHEW: Bootstrapping in less than a Second, Léo Ducas and Daniele Micciancio, Proceedings of Eurocrypt 2015, Sofia, Bulgaria, April 2015.

Resisting randomness subversion: Fast deterministic and hedged public-key encryption in the standard model, Mihir Bellare and Viet Tung Hoang, Proceedings of Eurocrypt 2015, Sofia, Bulgaria, April 2015.

How Secure is Deterministic Encryption?, Mihir Bellare, Rafael Dowsley, and Sriram Keelveedhi, Proceedings of PKC 2015, Gaithersburg, Maryland, March 2015.

Adaptive Witness Encryption and Asymmetric Password-Based Cryptography, Mihir Bellare and Viet Tung Hoang, Proceedings of PKC 2015, Gaithersburg, Maryland, March 2015.

Interactive Message-Locked Encryption and Secure Deduplication, Mihir Bellare and Sriram Keelveedhi, Proceedings of PKC 2015, Gaithersburg, Maryland, March 2015.

From Single-Bit to Multi-Bit Public-Key Encryption via Non-Malleable Codes, Sandro Coretti, Ueli Maurer, Björn Tackmann, and Daniele Venturi, Proceedings of TCC 2015, Warsaw, Poland, March 2015.

Too LeJIT to Quit: Extending JIT Spraying to ARM, Wilson Lian, Hovav Shacham, and Stefan Savage, Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2015.

Fast Lattice Point Enumeration with Minimal Overhead, Daniele Micciancio and Michael Walter, ACM-SIAM Symposium on Discrete Algorithms, San Diego, January 2015.

Subtleties in the Definition of IND-CCA: When and How Should Challenge Decryption Be Disallowed?, Mihir Bellare, Dennis Hofheinz, and Eike Kiltz, Journal of Cryptology 28(1):29-48, January 2015.

2014

Analysis of Country-wide Internet Outages Caused by Censorship, Alberto Dainotti, Claudio Squarcella, Emile Aben, kc claffy, Marco Chiesa, Michele Russo, and Antonio Pescapè, , December 2014.

Efficient Identity-Based Encryption over NTRU Lattices, Leo Ducas, Vadim Lyubashevsky, and Thomas Prest, Proceedings of Asiacrypt 2014, Kaohsiung, Taiwan, December 2014.

Poly-Many Hardcore Bits for Any One-Way Function and a Framework for Differing-Inputs Obfuscation, Mihir Bellare, Igors Stepanovs, and Stefano Tessaro, Proceedings of Asiacrypt 2014, Kaohsiung, Taiwan, December 2014.

Leveraging Gate-Level Properties to Identify Hardware Timing Channels, Jason Oberg, Sarah Meiklejohn, Timothy Sherwood, and Ryan Kastner, ACM Transactions on Design Automation of Electronic Systems (TODAES) 20(1), November 2014.

Characterizing Large-Scale Click Fraud in ZeroAccess, Paul Pearce, Vacha Dave, Chris Grier, Kirill Levchenko, Saikat Guha, Damon McCoy, Vern Paxson, Stefan Savage, and Geoffrey M. Voelker, Proceedings of the ACM Conference on Computer and Communications Security (CCS), Scottsdale, Arizona, November 2014.

On The Security of Mobile Cockpit Information Systems, Devin Lundberg, Brown Farinholt, Edward Sullivan, Ryan Mast, Stephen Checkoway, Stefan Savage, Alex C. Snoeren, and Kirill Levchenko, Proceedings of the ACM Conference on Computer and Communications Security (CCS), Scottsdale, Arizona, November 2014.

Deniable Liaisons, Abhinav Narain, Nick Feamster, and Alex C. Snoeren, Proceedings of the ACM Conference on Computer and Communications Security (CCS), Scottsdale, Arizona, November 2014.

Algebraic MACs and Keyed-Verification Anonymous Credentials, Melissa Chase, Sarah Meiklejohn, and Greg Zaverucha, Proceedings of the ACM Conference on Computer and Communications Security (CCS), Scottsdale, Arizona, November 2014.

RevCast: Fast, Private Certificate Revocation over FM Radio, Aaron Schulman, Dave Levin, and Neil Spring, Proceedings of the ACM Conference on Computer and Communications Security (CCS), Scottsdale, Arizona, November 2014.

Search + Seizure: The Effectiveness of Interventions on SEO Campaigns, David Wang, Matthew Der, Mohammad Karami, Lawrence Saul, Damon McCoy, Stefan Savage, and Geoffrey M. Voelker, Proceedings of the ACM Internet Measurement Conference, Vancouver, BC, Canada, November 2014.

Handcrafted Fraud and Extortion: Manual Account Hijacking in the Wild, Borbala Benko, Elie Bursztein, Daniel Margolis, Tadek Pietraszek, Andy Archer, Allan Aquino, Andreas Pitsillidis, and Stefan Savage, Proceedings of the ACM Internet Measurement Conference, Vancouver, BC, Canada, November 2014.

Analysis of SSL Certificate Reissues and Revocations in the Wake of Heartbleed, Liang Zhang, Dave Choffnes, Tudor Dumitras, Dave Levin, Alan Mislove, Aaron Schulman, and Christo Wilson, Proceedings of the ACM Internet Measurement Conference, Vancouver, BC, Canada, November 2014.

A Characterization of Chameleon Hash Functions and New, Efficient Designs, Mihir Bellare and Todor Ristov, Journal of Cryptology 27(4):799-823, October 2014.

Leveraging Gate-Level Properties to Identify Hardware Timing Channels, Jason Oberg, Sarah Meiklejohn, Timothy Sherwood, and Ryan Kastner, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems (TCAD) 33(9):1288-1301, September 2014.

Enhanced Lattice-Based Signatures on Reconfigurable Hardware, Thomas Pöppelmann, Léo Ducas, and Tim Güneysu, Proceedings of CHES 2014, Busan, Korea, September 2014.

On the Practical Exploitability of Dual-EC in TLS Implementations, Stephen Checkoway, Matthew Fredrikson, Ruben Niederhagen, Adam Everspaugh, Matthew Green, Tanja Lange, Thomas Ristenpart, Daniel J. Bernstein, Jake Maskiewicz, and Hovav Shacham, Proceedings of the USENIX Security Symposium, San Diego, CA, August 2014.

Hulk: Eliciting Malicious Behavior in Browser Extensions, Alexandros Kapravelos, Chris Grier, Neha Chachra, Chris Kruegel, Giovanni Vigna, and Vern Paxson, Proceedings of the USENIX Security Symposium, San Diego, CA, August 2014.

Security Analysis of a Full-Body Scanner, Keaton Mowery, Eric Wustrow, Tom Wypych, Corey Singleton, Chris Comfort, Eric Rescorla, Stephen Checkoway, J. Alex Halderman, and Hovav Shacham, Proceedings of the USENIX Security Symposium, San Diego, CA, August 2014.

Mouse Trap: Exploiting Firmware Updates in USB Peripherals, Jacob Maskiewicz, Benjamin Ellis, James Mouradian, and Hovav Shacham, Proceedings of Workshop On Offensive Technologies (WOOT), August 2014.

Knock It Off: Profiling the Online Storefronts of Counterfeit Merchandise, Matthew Der, Lawrence K. Saul, Stefan Savage, and Geoffrey M. Voelker, Proceedings of the ACM SIGKDD Conference, Washington D.C., August 2014.

Security of Symmetric Encryption against Mass Surveillance, Mihir Bellare, Kenneth G. Paterson, and Philip Rogaway, Proceedings of Crypto 2014, Santa Barbara, CA, August 2014.

Cryptography from Compression Functions: The UCE Bridge to the ROM, Mihir Bellare, Viet Tung Hoang, and Sriram Keelveedhi, Proceedings of Crypto 2014, Santa Barbara, CA, August 2014.

Improved Short Lattice Sigantures in the Standard Model, Leo Ducas and Daniele Micciancio, Proceedings of Crypto 2014, Santa Barbara, CA, August 2014.

Empirically Characterizing Domain Abuse and the Revenue Impact of Blacklisting, Neha Chachra, Damon McCoy, Stefan Savage, and Geoffrey M. Voelker, Proceedings of the Workshop on the Economics of Information Security (WEIS), State College, PA, June 2014.

Locally Dense Codes, Daniele Micciancio, 29th Annual IEEE Conference on Computational Complexity (CCC 2014), Vancouver, BC, Canada, June 2014.

Automating formal proofs for reactive systems, Daniel Ricketts, Valentin Robert, Dongseok Jang, Zachary Tatlock, and Sorin Lerner, Proceedings of the ACM SIGPLAN 2014 Conference on Programming Language Design and Implementation (PLDI), Edinburgh, United Kingdom, June 2014.

Key-Versatile Signatures and Applications: RKA, KDM, and Joint Enc/Sig, Mihir Bellare, Sarah Meiklejohn, and Susan Thomson, Proceedings of Eurocrypt 2014, Copenhagen, Denmark, May 2014.

Deja Q: Using Dual Systems to Revisit q-Type Assumptions, Melissa Chase and Sarah Meiklejohn, Proceedings of Eurocrypt 2014, Copenhagen, Denmark, May 2014.

A Gaussian Latent Variable Model for Large Margin Classification of Labeled and Unlabeled Data, Do-kyum Kim, Matthew Der, and Lawrence K. Saul, Proceedings of the 17th International Conference on Artificial Intelligence and Statistics (AISTATS), Reykjavik, Iceland, April 2014.

XXXtortion? Inferring Registration Intent in the .XXX TLD, Tristan Halvorson, Kirill Levchenko, Stefan Savage, and Geoffrey M. Voelker, Proceedings of the International World Wide Web Conference (WWW), Seoul, Korea, April 2014.

Policy-Based Signatures, Mihir Bellare and Georg Fuchsbauer, Proceedings of PKC 2014, Buenos Aires, Argentina, March 2014.

Sapper: A Language for Hardware-Level Security Policy Enforcement, Xun Li, Vineeth Kashyap, Jason Oberg, Mohit Tiwari, Vasanth Rajarathinam, Ryan Kastner, Timothy Sherwood, Ben Hardekopf, and Frederic T. Chong, Proceedings of the 18th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), Salt Lake City, UT, March 2014.

Botcoin: Monetizing Stolen Cycles, Danny Yuxing Huang, Hitesh Dharmdasani, Sarah Meiklejohn, Vacha Dave, Kirill Levchenko, Alex C. Snoeren, Stefan Savage, Nicholas Weaver, Chris Grier, and Damon McCoy, Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2014.

DSpin: Detecting Automatically Spun Content on the Web, Qing Zhang, David Wang, and Geoffrey M. Voelker, Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2014.

SafeDispatch: Security C++ Virtual Calls, Dongseok Jang, Zachary Tatlock, and Sorin Lerner, Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2014.

Rethinking Verifiably Encrypted Signatures: A Gap in Functionality and Potential Solutions, Theresa Calderon, Sarah Meiklejohn, Hovav Shacham, and Brent Waters, The Cryptographers' Track at the RSA Conference 2014, San Francisco, February 2014.

2013

A Deterministic Single Exponential Time Algorithm for Most Lattice Problems based on Voronoi Cell Computations, Russell Impagliazzo, Ragesh Jaiswal, Valentine Kabanets, and Avi Wigderson, SIAM Journal on Computing 42(3):1364-91, 2013.

A Fistful of Bitcoins: Characterizing Payments Among Men with No Names, Sarah Meiklejohn, Marjori Pomarole, Grant Jordan, Kirill Levchenko, Damon McCoy, Geoffrey M. Voelker, and Stefan Savage, USENIX ;login: 38(6), December 2013.

ViceROI: Catching Click-Spam in Search Ad Networks, Vacha Dave, Saikat Guha, and Yin Zhang, Proceedings of the ACM Conference on Computer and Communications Security (CCS), Berlin, Germany, November 2013.

A Fistful of Bitcoins: Characterizing Payments Among Men with No Names, Sarah Meiklejohn, Marjori Pomarole, Grant Jordan, Kirill Levchenko, Damon McCoy, Geoffrey M. Voelker, and Stefan Savage, Proceedings of the ACM Internet Measurement Conference, Barcelona, Spain, October 2013.

Encryption for Deduplicated Storage with DupLESS, Sriram Keelveedhi, Mihir Bellare, and Thomas Ristenpart, Proceedings of the USENIX Security Symposium, Washington D.C., August 2013.

Take This Personally: Pollution Attacks on Personalized Services, Xinyu Xing, Wei Ming, Dan Doozan, Alex C. Snoeren, Nick Feamster, and Wenke Lee, Proceedings of the USENIX Security Symposium, Washington D.C., August 2013.

D(N,o)SSec: Measuring the Practical Impact of DNSSEC Deployment, Wilson Lian, Eric Rescorla, Hovav Shacham, and Stefan Savage, Proceedings of the USENIX Security Symposium, Washington D.C., August 2013.

Practical Comprehensive Bounds on Surreptitious Communication over DNS, Vern Paxson, Mihai Christodorescu, Mobin Javed, Josyula Rao, Reiner Sailer, Doug Shales, Mark Stoecklin, Kurt Thomas, Wietse Venema, and Nicholas Weaver, Proceedings of the USENIX Security Symposium, Washington D.C., August 2013.

Instantiating Random Oracles via UCEs, Mihir Bellare, Viet Tung Hoang, and Sriram Keelveedhi, Proceedings of Crypto 2013, Santa Barbara, CA, August 2013.

Hardness of SIS and LWE with Small Parameters, Daniele Micciancio and Chris Peikert, Proceedings of Crypto 2013, Santa Barbara, CA, August 2013.

ProtectMyPrivacy: Detecting and Mitigating Privacy Leaks on iOS Devices Using Crowsourcing, Yuvraj Agarwal and Malcom Hall, Proceedings of the ACM Conference on Mobile Systems, Appliations and Services (MobiSys), Taipei, Taiwan, June 2013.

Sapper: A Language for Provable Hardware Policy Enforcement, Xun Li, Vineeth Kashyap, Jason Oberg, Mohit Tiwari, Vasanth Rajarathinam, Ryan Kastner, Timothy Sherwood, Ben Hardekopf, and Frederic T. Chong, Proceedings of the Workshop on Programming Languages and Analysis for Security (PLAS), Seattle, WA, June 2013.

A Variational Approximation for Topic Modeling of Hierarchical Corpora, Do-kyum Kim, Geoffrey M. Voelker, and Lawrence K. Saul, Proceedings of the International Conference on Machine Learning, Atlanta, GA, June 2013.

Message-Locked Encryption and Secure Deduplication, Mihir Bellare, Sriram Keelveedhi, and Thomas Ristenpart, Proceedings of Eurocrypt 2013, Athens, Greece, May 2013.

Efficient Garbling from a Fixed-Key Blockcipher, Mihir Bellare, Viet Tung Hoang, Sriram Keelveedhi, and Phillip Rogaway, Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, May 2013.

Welcome to the Entropics: Boot-Time Entropy in Embedded Devices, Keaton Mowery, Michael Wei, David Kohlbrenner, Hovav Shacham, and Steven Swanson, Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, May 2013.

Iago Attacks: Why The System Call API Is a Bad Untrusted RPC Interface, Stephen Checkoway and Hovav Shacham, Proceedings of the 17th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), Houston, TX, March 2013.

A Practical Testing Framework for Isolating Hardware Timing Channels, Jason Oberg, Sarah Meiklejohn, Timothy Sherwood, and Ryan Kastner, Proceedings of the Conference on Design, Automation, and Test in Europe (DATE), Grenoble, France, March 2013.

The Day After Patch Tuesday: Effects Observable in IP Darkspace Traffic, Tanja Zseby, Alistair King, Nevil Borwnlee, and kc claffy, Proceedings of the Passive and Active Measurement Workshop, Hong Kong, China, March 2013.

A Coordinated View of the Temporal Evolution of Large-scale Internet Events, Alistair King, Bradley Huffaker, Alberto Dainotti, and kc claffy, Proceedings of the Passive and Active Measurement Workshop, Hong Kong, China, March 2013.

Succinct Malleable NIZKs and an Application to Compact Shuffles, Melissa Chase, Markulf Kohlweiss, Anna Lysyanskaya, and Sarah Meiklejohn, Proceedings of TCC 2013, Tokyo, Japan, March 2013.

Verifiable Elections That Scale for Free, Melissa Chase, Markulf Kohlweiss, Anna Lysyanskaya, and Sarah Meiklejohn, Proceedings of PKC 2013, Nara, Japan, February 2013.

The k-BDH Assumption Family: Bilinear Map Cryptography from Progressively Weaker Assumptions, Karyn Benson, Hovav Shacham, and Brent Waters, The Cryptographers' Track at the RSA Conference 2013, San Francisco, February 2013.

Juice: A Longitudinal Study of an SEO Campaign, David Wang, Stefan Savage, and Geoffrey M. Voelker, Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2013.

Risk-Limiting Audits and the Margin of Victory in Nonplurality Elections, Anand Sarwate, Stephen Checkoway, and Hovav Shacham, Statistics, Politics, and Policy 3(3):29-64, January 2013.

Algorithms for the Densest Sub-Lattice Problem, Daniel Dadush and Daniele Micciancio, ACM-SIAM Symposium on Discrete Algorithms, New Orleans, January 2013.

An equational approach to secure multi-party computation, Daniele Micciancio and Stefano Tessaro, ITCS 2013: Innovations in Theoretical Computer Science, Berkeley, January 2013.

Eliminating Timing Information Flows in a Mix-trusted System-on-Chip, Jason Oberg, Timothy Sherwood, and Ryan Kastner, IEEE Design and Test of Computers, 2013.

Compact Proofs of Retrievability, Hovav Shacham and Brent Waters, Journal of Cryptology, 2013.

Sequential Aggregate Signatures and Multisignatures without Random Oracles, Steve Lu, Rafail Ostrovsky, Amit Sahai, Hovav Shacham, and Brent Waters, Journal of Cryptology 26(2):340-73, April 2013.

2012

Adaptively Secure Garbling with Applications to One-Time Programs and Secure Outsourcing, Mihir Bellare, Viet Tung Hoang, and Phillip Rogaway, Proceedings of Asiacrypt 2012, Beijing, China, December 2012.

RKA Security beyond the Linear Barrier: IBE, Encryption and Signatures, Mihir Bellare, Kenneth G. Paterson, and Susan Thomson, Proceedings of Asiacrypt 2012, Beijing, China, December 2012.

Simultaneous Information Flow Security and Circuit Redundancy in Boolean Gates, Wei Hu, Jason Oberg, Dejun Mu, and Ryan Kastner, Proceedings of the 2012 International Conference on Computer Aided Design (ICCAD), San Jose, CA, November 2012.

Taster's Choice: A Comparative Analysis of Spam Feeds, Andreas Pitsillidis, Chris Kanich, Geoffrey M. Voelker, Kirill Levchenko, and Stefan Savage, Proceedings of the ACM Internet Measurement Conference, Boston, MA, November 2012.

Analyis of a '/0' Stealth Scan from a Botnet, Alberto Dainotti, Alistair King, kc claffy, Ferdinando Papale, and Antonio Pescapé, Proceedings of the ACM Internet Measurement Conference, Boston, MA, November 2012.

Achieving Oblivious Transfer Capacity of Generalized Erasure Channel in the Malicious Model, Nico Döttling, Rafael Dowsley, Jörn Müller-Quade, and Anderson C. A. Nascimento, IEEE Transactions on Information Theory 58(10):6672-80, October 2012.

On-Line Ciphers and the Hash-CBC Constructions, Mihir Bellare, Alexandra Boldyreva, Lars Knudsen, and Chanathip Namprempre, Journal of Cryptology 25(4):640-79, October 2012.

Are AES x86 Cache Timing Attacks Still Feasible? (short paper), Keaton Mowery, Sriram Keelveedhi, and Hovav Shacham, Proceedings of the Cloud Computing Security Workshop (CCSW), October 2012.

Torchestra: Reducing Interactive Traffic Delays over Tor, Deepika Gopal and Nadia Heninger, Proceedings of the Workshop on Privacy in the Electronic Society (WPES), Raleigh, NC, October 2012.

Priceless: The Role of Payments in Abuse-advertised Goods, Damon McCoy, Hitesch Dharmdasani, Christian Kreibich, Geoffrey M. Voelker, and Stefan Savage, Proceedings of the ACM Conference on Computer and Communications Security (CCS), Raleigh, NC, October 2012.

Manufacturing Compromise: The Emergence of Exploit-as-a-Service, Chris Grier, Lucas Ballard, Juan Caballero, Neha Chachra, Christian J. Dietrich, Kirill Levchenko, Panayiotis Mavrommatis, Damon McCoy, Antonio Nappa, Andreas Pitsillidis, Niels Provos, Zubair Rafique, Moheeb Abu Rajab, Christian Rossow, Kurt Thomas, Vern Paxson, Stefan Savage, and Geoffrey M. Voelker, Proceedings of the ACM Conference on Computer and Communications Security (CCS), Raleigh, NC, October 2012.

Foundations of Garbled Circuits, Mihir Bellare, Viet Tung Hoang, and Philip Rogaway, Proceedings of the ACM Conference on Computer and Communications Security (CCS), Raleigh, NC, October 2012.

Inapproximability of the Shortest Vector Problem: Toward a Deterministic Reduction, Daniele Micciancio, Theory of Computing 8(22):487-512, October 2012.

Multi-Instance Security and its Application to Password-Based Cryptography, Mihir Bellare, Thomas Ristenpart, and Stefano Tessaro, Proceedings of Crypto 2012, Santa Barbara, CA, August 2012.

Semantic Security for the Wiretap Channel, Mihir Bellare, Stefano Tessaro and Alexander Vardy, Proceedings of Crypto 2012, Santa Barbara, CA, August 2012.

PharmaLeaks: Understanding the Business of Online Pharmaceutical Affiliate Programs, Damon McCoy, Andreas Pitsillidis, Grant Jordan, Nicholas Weaver, Christian Kreibich, Brian Krebs, Geoffrey M. Voelker, Stefan Savage, and Kirill Levchenko, Proceedings of the USENIX Security Symposium, Bellevue, WA, August 2012.

Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices, Nadia Heninger, Zaikr Durumeric, Eric Wustrow, and J. Alex Halderman, Proceedings of the USENIX Security Symposium, Bellevue, WA, August 2012. (Award paper).

Optimally Robust Private Information Retrieval, Casey Devet, Ian Goldberg, and Nadia Heninger, Proceedings of the USENIX Security Symposium, Bellevue, WA, August 2012.

Establishing Browser Security Guarantees through Formal Shim Verification, Dongseok Jang, Zachary Tatlock, and Sorin Lerner, Proceedings of the USENIX Security Symposium, Bellevue, WA, August 2012.

Operator-Assisted Tabulation of Optical Scan Ballots, Kai Wang, Eric Kim, Nicholas Carlini, Ivan Motyashov, Daniel Nguyen, and David Wagner, Proceedings of EVT/WOTE 2012, Seattle, WA, August 2012.

When Good Services Go Wild: Reassembling Web Services for Unintended Purposes, Feng Lu, Jiaqi Zhang, and Stefan Savage, Proceedings of the USENIX Workshop on Hot Topics in Security, Bellevue, WA, August 2012.

Approximate Common Divisors via Lattices, Henry Cohn and Nadia Heninger, ANTS-X: The 10th Algorithmic Number Theory Symposium, San Diego, CA, July 2012.

CSolve: Verifying C With Liquid Types, Patrick Rondon, Alexander Bakst, Ming Kawaguchi, and Ranjit Jhala, Proceedings of the 24th Conference on Computer-Aided Verification (CAV), Berkeley, CA, July 2012.

On the Complexity of Generating Gate Level Information Flow Tracking Logic, Wei Hu, Jason Oberg, Ali Irturk, Mohit Tiwari, Timothy Sherwood, Dejun Mu, and Ryan Kastner, IEEE Transactions on Information Forensics and Security (TIFS) 7(3):1067-80, June 2012.

Measuring the Cost of Cybercrime, Ross Anderson, Chris Barton, Rainer Boehme, Richard Clayton, Michel J.G. van Eeten, Michael Levi, Tyler Moore, and Stefan Savage, Proceedings of the Workshop on the Economics of Information Security (WEIS), Berlin, Germany, June 2012.

Economic Analysis of Cybercrime in Crowdsourced Labor Markets, Vaibhav Garg, Chris Kanich, and L. Jean Camp, Proceedings of the Workshop on the Economics of Information Security (WEIS), Berlin, Germany, June 2012.

Software Abstractions for Trusted Sensors, He Liu, Stefan Saroiu, Alex Wolman, and Humanshu Raj, Proceedings of the ACM Conference on Mobile Systems, Appliations and Services (MobiSys), Low Wood Bay, Lake District, UK, June 2012.

Pixel Perfect: Fingerprinting Canvas in HTML5, Keaton Mowery and Hovav Shacham, Proceedings of Web 2.0 Security and Privacy 2012 (W2SP), San Franciso, May 2012.

On the (Im)possibility of Obfuscating Programs, Boaz Barak, Oded Goldreich, Russell Impagliazzo, Steven Rudich, Amit Sahai, Salil Vadhan, and Ke Yang, Journal of ACM 59(2), April 2012.

Standard Security Does Not Imply Security Against Selective-Opening, Mihir Bellare, Rafael Dowsley, Brent Waters, and Scott Yilek, Proceedings of Eurocrypt 2012, Cambridge, England, April 2012.

Identity-Based (Lossy) Trapdoor Functions and Applications, Mihir Bellare, Eike Kiltz, Chris Peikert, and Brent Waters, Proceedings of Eurocrypt 2012, Cambridge, England, April 2012.

Malleable Proof Systems and Applications, Melissa Chase, Markulf Kohlweiss, Anna Lysyanskaya, and Sarah Meiklejohn, Proceedings of Eurocrypt 2012, Cambridge, England, April 2012.

Efficient and Optimally Secure Key-Length Extension for Block Ciphers via Randomized Cascading, Peter Gazi and Stefano Tessaro, Proceedings of Eurocrypt 2012, Cambridge, England, April 2012.

Trapdoors for Lattices: Simpler, Tighter, Faster, Smaller, Daniele Micciancio and Chris Peikert, Proceedings of Eurocrypt 2012, Cambridge, England, April 2012.

Return-Oriented Programming: Systems, Languages and Applications, Ryan Roemer, Erik Buchanan, Hovav Shacham, and Stefan Savage, ACM Transactions on Information and System Security 15(1), March 2012.

Providing Safe, User Space Access to Fast, Solid State Disks, Adrian Caulfield, Todor Mollov, Louis Eisner, Arup De, Joel Coburn, and Steven Swanson, Proceedings of the 17th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), London, March 2012.

The BIZ Top-Level Domain: Ten Years Later, Tristan Halvorson, Janos Szurdi, Gregor Maier, Mark Felegyhazi, Christian Kreibich, Nicholas Weaver, Kirill Levchenko, and Vern Paxson, Proceedings of the Passive and Active Measurement Workshop, Vienna, Austria, March 2012.

Oblivious Transfer Based on the McEliece Assumptions, Rafael Dowsley, Jeroen van de Graaf, Jörn Müller-Quade, and Anderson C. A. Nascimento, IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences E95-A(2):567-575, February 2012.

Extracting benefit from harm: using malware pollution to analyze the impac of political and geophysical events on the Internet, Alberto Dainotti, Roman Amman, Emil Aben, and kc claffy, ACM SIGCOMM Computer Communication Review 42(1), January 2012.

2011

In Planning Digital Defenses, the Biggest Obstacle is Human Ingenuity, Stefan Savage, New York Times, Dec 6 2011.

Cryptography Secure Against Related-Key Attack, Mihir Bellare, David Cash, and Rachel Miller, Proceedings of Asiacrypt 2011, Seoul, Korea, December 2011.

Practical Containment for Measuring Modern Malware Systems, Christian Kreibich, Nicholas Weaver, Chris Kanich, Wedong Cui, and Vern Paxson, Proceedings of the ACM Internet Measurement Conference, Berlin, CA, November 2011.

An Analysis of Underground Forums, Marti Motoyama, Damon McCoy, Stefan Savage, and Geoffrey M. Voelker, Proceedings of the ACM Internet Measurement Conference, Berlin, CA, November 2011.

Analysis of Country-wide Internet Outages Caused by Censorship, Alberto Dainotti, Claudio Squarcella, Emile Aben, kc claffy, Marco Chiesa, Michele Russo, and Antonio Pescapé, Proceedings of the ACM Internet Measurement Conference, Berlin, CA, November 2011.

Do You Know Where Your Cloud Files Are?, Karyn Benson, Rafael Dowsley, and Hovav Shacham, Proceedings of the Cloud Computing Security Workshop (CCSW), October 2011.

Eliminating Fine Grained Timers in Xen, Bhanu C. Vattikonda, Sambit Das, and Hovav Shacham, Proceedings of the Cloud Computing Security Workshop (CCSW), October 2011.

Judging a site by its content: learning the textual, structural, and visual features of malicious Web pages, Sushma Nagesh Bannur, Lawrence K. Saul, and Stefan Savage, Proceedings of the ACM Workshop on Artificial Intelligence and Security (AISEC), Chicago, IL, October 2011.

Topic Modeling of Freelance Job Postings to Monitor Web Service Abuse, Do-kyum Kim, Marti Motoyama, Geoffrey M. Voelker, and Lawrence K. Saul, Proceedings of the ACM Workshop on Artificial Intelligence and Security (AISEC), Chicago, IL, October 2011.

Cloak and Dagger: Dynamics of Web Search Cloaking, David Wang, Stefan Savage, and Geoffrey M. Voelker, Proceedings of the ACM Conference on Computer and Communications Security (CCS), Chicago, IL, October 2011.

Ciphers that Encipher their Own Keys, Mihir Bellare, David Cash, and Sriram Keelveedhi, Proceedings of the ACM Conference on Computer and Communications Security (CCS), Chicago, IL, October 2011.

Theoretical Fundamentals of Gate Level Information Flow Tracking, Wei Hu, Jason Oberg, Ali Irturk, Mohit Tiwari, Timothy Sherwood, Dejun Mu, and Ryan Kastner, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems (TCAD) 30(8):1128-40, August 2011.

Achieving Oblivious Transfer Capacity of Generalized Erasure Channel in the Malicious Model, Adriana C. B. Pinto, Rafael Dowsley, Kirill Morozov, and Anderson C. A. Nascimento, IEEE Transactions on Information Theory 57(8):5566-71, August 2011.

The Geometry of Lattice Cryptography, Daniele Micciancio, Foundations of Security Analysis and Design VI -- FOSAD Tutorial Lectures, August 2011.

Authenticated and Misuse-Resistant Encryption of Key-Dependent Data, Mihir Bellare and Sriram Keelveedhi, Proceedings of Crypto 2011, Santa Barbara, CA, August 2011.

Pseudorandom Knapsacks and the Sample Complexity of LWE Search-to-Decision Reductions, Daniele Micciancio and Petros Mol, Proceedings of Crypto 2011, Santa Barbara, CA, August 2011.

Interview with Stefan Savage: On the Spam Payment Trail, Rik Farrow and Stefan Savage, USENIX ;login: 36(4):7-20, August 2011.

Putting Out a HIT: Crowdsourcing Malware Installs, Chris Kanich, Stephen Checkoway, and Keaton Mowery, Proceedings of the USENIX Workshop On Offensive Technologies (WOOT), San Francisco, CA, August 2011.

Heat of the Moment: Characterizing the Efficacy of Thermal Camera-Based Attacks, Keaton Mowery, Sarah Meiklejohn, and Stefan Savage, Proceedings of the USENIX Workshop On Offensive Technologies (WOOT), San Francisco, CA, August 2011.

No Plan Survives Contact: Experience with Cybercrime Measurement, Chris Kanich, Neha Chachra, Damon McCoy, Chris Grier, David Wang, Marti Motoyama, Kirill Levchenko, Stefan Savage, and Geoffrey M. Voelker, Proceedings of Workshop on Cyber Security Experimentation and Test (CSET), August 2011.

ExperimenTor: A Testbed for Safe Realistic Tor Experimentation, Kevin Bauer, Micah Sherr, Damon McCoy, and Dirk Grunwald, Proceedings of Workshop on Cyber Security Experimentation and Test (CSET), August 2011.

Show Me the Money: Characterizing Spam-advertised Revenue, Chris Kanich, Nicholas Weaver, Damon McCoy, Tristan Halvorson, Christian Kreibich, Kirill Levchenko, Vern Paxson, Geoffrey M. Voelker, and Stefan Savage, Proceedings of the USENIX Security Symposium, San Francisco, CA, August 2011.

Dirty Jobs: The Role of Freelance Labor in Web Service Abuse, Marti Motoyama, Damon McCoy, Kirill Levchenko, Stefan Savage, and Geoffrey M. Voelker, Proceedings of the USENIX Security Symposium, San Francisco, CA, August 2011.

Comprehensive Experimental Analyses of Automotive Attack Surfaces, Stephen Checkoway, Damon McCoy, Danny Anderson, Brian Kantor, Hovav Shacham, Stefan Savage, Karl Koscher, Alexei Czeskis, Franziska Roesner, and Tadayoshi Kohno, Proceedings of the USENIX Security Symposium, San Francisco, CA, August 2011.

The Phantom Tollbooth: Privacy-preserving Electronic Toll Collection in the Presence of Driver Collusion, Sarah Meiklejohn, Keaton Mowery, Stephen Checkoway, and Hovav Shacham, Proceedings of the USENIX Security Symposium, San Francisco, CA, August 2011.

DefenestraTor: Throwing out Windows in Tor, Mashael AlSabah, Kevin Bauer, Ian Goldberg, Dirk Grunwald, Damon McCoy, Stefan Savage, and Geoffrey M. Voelker, Privacy Enhancing Technologies Symposium, Waterloo, Canada, July 2011.

3-D Extensions for Trustworthy Systems (invited paper), Ted Huffmire, Timothy Levin, Cynthia Irvine, Ryan Kastner, and Timothy Sherwood, Proceedings of the International Conference on Engineering of Reconfigurable Systems and Algorithms (ERSA), Las Vegas, Nevada, July 2011.

Enforcing Information Flow Guarantees in Reconfigurable Systems with Mix-Trusted IP (invited paper), Ryan Kastner, Jason Oberg, Wei Hu, and Ali Irturk, Proceedings of the International Conference on Engineering of Reconfigurable Systems and Algorithms (ERSA), Las Vegas, Nevada, July 2011.

The Equivalence of the Random Oracle Model and the Ideal Cipher Model, Revisited, Thomas Holenstein, Robin Künzler, and Stefano Tessaro, 43rd Annual ACM Symposium on Theory of Computing, San Jose, CA, June 2011.

An Improved Encoding Technique for Gate Level Information Flow Tracking, Wei Hu, Jason Oberg, Ali Irturk, Mohit Tiwari, Timothy Sherwood, Dejun Mu, and Ryan Kastner, Proceedings of the 20th International Workshop on Logic and Synthesis (IWLS), San Diego, CA, June 2011.

Information Flow Isolation in I2C and USB, Jason Oberg, Wei Hu, Ali Irturk, Mohit Tiwari, Timothy Sherwood, and Ryan Kastner, Proceedings of the 48th Design Automation Conference (DAC), San Diego, June 2011.

Crafting a Usable Microkernel, Processor, and I/O System with Strict and Provable Information Flow Security, Mohit Tiwari, Jason Oberg, Xun Li, Jonathan K. Valamehr, Timothy Levin, Ben Hardekopf, Ryan Kastner, Frederic T. Chong, and Timothy Sherwood, Proceedings of the 38th International Symposium of Computer Architecture (ISCA), San Jose, CA, June 2011.

Privacy-preserving Network Forensics, Mikhail Afanasyev, Tadayoshi Kohno, Justin Ma, Nick Murphy, Stefan Savage, Alex C. Snoeren, and Geoffrey M. Voelker, Communications of the Association for Computing Machinery 54(5), May 2011.

Extracting Device Fingerprints from Flash Memory by Exploiting Physical Variations, Pravin Prabhu, Ameen Akel, Laura Grupp, Wing-Key Yu, G. Edward Suh, Edwin Kan, and Steven Swanson, Proceedings of the 4th International Conference on Trust and Trustworthy Computing (TRUST), Pittsburg, Pennsylvania, June 2011.

Analyzing the Cross-domain Policies of Flash Applications, Dongseok Jang, Aishwarya Venkataraman, G. Michael Sawka, and Hovav Shacham, Proceedings of Web 2.0 Security and Privacy 2011 (W2SP), San Franciso, May 2011.

Fingerprinting Information in JavaScript Implementations, Keaton Mowery, Dillon Bogenreif, Scott Yilek, and Hovav Shacham, Proceedings of Web 2.0 Security and Privacy 2011 (W2SP), San Franciso, May 2011.

Click Trajectories: End-to-End Analysis of the Spam Value Chain, Kirill Levchenko, Andreas Pitsillidis, Neha Chachra, Brandon Enright, Márk Félegyházi, Chris Grier, Tristan Halvorson, Chris Kanich, Christian Kreibich, He Liu, Damon McCoy, Nicholas Weaver, Vern Paxson, Geoffrey M. Voelker, and Stefan Savage, Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, May 2011, pages 431-446. (Award paper).

Efficient Authentication from Hard Learning Problems, Eike Kiltz, Krzysztof Pietrzak, David Cash, Abhishek Jain, and Daniele Venturi, Proceedings of Eurocrypt 2011, Tallinn, Estonia, May 2011.

Careful with Composition: Limitations of the Indifferentiability Framework, Thomas Ristenpart, Hovav Shacham, and Thomas Shrimpton, Proceedings of Eurocrypt 2011, Tallinn, Estonia, May 2011.

On the Effects of Registrar-level Intervention, He Liu, Kirill Levchenko, Mark Felegyhazi, Christian Kreibich, Gregor Maier, Geoffrey M. Voelker, and Stefan Savage, Proceedings of the USENIX Workshop on Large-scale Exploits and Emergent Threats (LEET), Boston, MA, March 2011.

Got Traffic? An Evaluation of Click Traffic Providers, Qing Zhang, Thomas Ristenpart, Stefan Savage, and Geoffrey M. Voelker, Proceedings of the WICOM/AIRWeb Workshop on Web Quality (WebQuality), Hyderabad, India, Mar 2011.

Security Amplification for the Cascade of Arbitrarily Weak PRPs: Tight Bounds via the Interactive Hardcore Lemma, Stefano Tessaro, Proceedings of TCC 2011, Providence, Rhode Island, March 2011.

Identity-Based Encryption Secure Against Selective Opening Attack, Mihir Bellare, Brent Waters, and Scott Yilek, Proceedings of TCC 2011, Providence, Rhode Island, March 2011.

Proximax: Fighting Censorship with an Adaptive System for Distribution of Open Proxies, Kirill Levchenko, Jose Andre Morales, and Damon McCoy, Proceedings of the International Conference on Financial Cryptography and Data Security, St Lucia, February 2011.

Learning to Detect Malicious URLs, Justin Ma, Lawrence K Saul, Stefan Savage, and Geoffrey M Voelker, ACM Transactions on Intelligent Systems and Technology (TIST) 2(3), April 2011.

Universally Composable and Statistically Secure Verifiable Secret Sharing Scheme Based on Pre-Distributed Data, Rafael Dowsley, Jöorn Müller-Quade, Akira Otsuka, Goichiro Hanaoka, Hideki Imai, and Anderson C. A. Nascimento, IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences E94-A(2):725-34, February 2011.

Reliably Erasing Data From Flash-based Solid State Drives, Michael Wei, Laura M. Grupp, Frederick E. Spada, and Steven Swanson, Proceedings of the 9th USENIX Conference on File and Storage Technologies, San Jose, CA, February 2011.

2010

Hardware Assistance for Trustworthy Systems through 3-D Integration, Jonathan Valamehr, Mohit Tiwari, Timothy Sherwood, Ryan Kastner, Ted Huffmire, Cynthia Irvine, and Timothy Levin, Proceedings of ACSAC 2010, Austin, TX, December 2010.

Practical Defenses for Evil Twin Attacks in 802.11, Harold Gonzales, Kevin Bauer, Janne Lindqvist, and Damon McCoy, Proceedings of IEEE GlobeCom 2010, Miami, FL, December 2010.

Toward Improving Path Selection in Tor, Fallon T. Chen and Joseph Pasquale, Proceedings of IEEE GlobeCom 2010, Miami, FL, December 2010.

Random Oracles with(out) Programmability, Marc Fischlin, Anja Lehmann, Thomas Ristenpart, Thomas Shrimpton, Martijn Stam, and Stefano Tessaro, Proceedings of Asiacrypt 2010, Singapore, December 2010.

Limitations on Transformations from Composite-Order to Prime-Order Groups: The Case of Round-Optimal Blind Signatures, Sarah Meiklejohn, Hovav Shacham, and David Mandell Freeman, Proceedings of Asiacrypt 2010, Singapore, December 2010.

An Empirical Study of Privacy-Violating Information Flows in JavaScript Web Applications, Dongseok Jang, Ranjit Jhala, Sorin Lerner, and Hovav Shacham, Proceedings of the ACM Conference on Computer and Communications Security (CCS), Chicago, October 2010.

Return-Oriented Programming without Returns, Stephen Checkoway, Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, Hovav Shacham, and Marcel Winandy, Proceedings of the ACM Conference on Computer and Communications Security (CCS), Chicago, October 2010.

Hardware Trust Implications of 3-D Integration, Ted Huffmire, Timothy Levin, Michael Bilzor, Cynthia Irvine, Jonathan Valamehr, Mohit Tiwari, Timothy Sherwood, and Ryan Kastner, Proceedings of the 5th Workshop on Embedded Systems Security (WESS), Scottsdale, AZ, October 2010.

Pseudorandom Functions and Permutations Provably Secure Against Related-Key Attacks, Mihir Bellare and David Cash, Proceedings of Crypto 2010, Santa Barbara, CA, August 2010.

ZKPDL: A Language-based System for Efficient Zero-Knowledge Proofs and Electronic Cash, Sarah Meiklejohn, C. Chris Erway, Alptekin Kupcu, Theodora Hinkle, and Anna Lysyanskaya, Proceedings of the USENIX Security Symposium, Washington, D.C., August 2010.

Re: CAPTCHAs -- Understanding CAPTCHA Solving from an Economic Context, Marti Motoyama, Kirill Levchenko, Chris Kanich, Damon McCoy, Geoffrey M. Voelker, and Stefan Savage, Proceedings of the USENIX Security Symposium, Washington, D.C., August 2010.

Efficient User-Guided Ballot Image Verification, Arel Cordero, Theron Ji, Alan Tsai, Keaton Mowery, and David Wagner, Proceedings of EVT/WOTE 2010, Washington, D.C., August 2010.

Single-Ballot Risk-Limiting Audits Using Convex Optimization, Stephen Checkoway, Anand Sarwate, and Hovav Shacham, Proceedings of EVT/WOTE 2010, Washington, D.C., August 2010.

OpenScan: A Fully Transparent Optical Scan Voting System, Kai Wang, Eric Rescorla, Hovav Shacham, and Serge Belongie, Proceedings of EVT/WOTE 2010, Washington, D.C., August 2010.

Don't Take LaTeX Files from Strangers, Stephen Checkoway, Hovav Shacham, and Eric Rescorla, USENIX ;login: 35(4), August 2010.

Beyond Heuristics: Learning to Classify Vulnerabilities and Predict Exploits, Mehran Bozorgi, Lawrence K. Saul, Stefan Savage, and Geoffrey M. Voelker, Proceedings of the ACM SIGKDD Conference, Washington D.C., July 2010.

A Deterministic Single Exponential Time Algorithm for Most Lattice Problems based on Voronoi Cell Computations, Daniele Micciancio and Panagiotis Voulgaris, 42nd Annual ACM Symposium on Theory of Computing, Cambridge, MA, June 2010.

Theoretical Analysis of Gate Level Information Flow Tracking, Jason Oberg, Wei Hu, Ali Irturk, Mohit Tiwari, Timothy Sherwood, and Ryan Kastner, Proceedings of the 47th Design Automation Conference (DAC), Anaheim, CA, June 2010.

Security Primitives for Reconfigurable Hardware Based Systems, Ted Huffmire, Brett Brotherton, Gang Wang, Timothy Sherwood, Ryan Kastner, Timothy Levin, Thuy D. Nguyen, and Cynthia Irvine, ACM Transactions on Reconfigurable Technology and Systems (TRETS) 3(2), May 2010.

Experimental Security Analysis of a Modern Automobile, Karl Koscher, Alexei Czeskis, Franziska Roesner, Shwetak Patel, Tadayoshi Kohno, Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, and Stefan Savage, Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, May 2010.

Exploiting Feature Covariance in High-Dimensional Online Learning, Justin Ma, Alex Kulesza, Mark Dredze, Koby Crammer, Lawrence K. Saul, and Fernando Pereira, Proceedings of the International Conference on Artificial Intelligence and Statistics (AISTATS), Sardinia, Italy, May 2010.

Computational Soundness, Co-Induction, and Encryption Cycles, Daniele Micciancio, Proceedings of Eurocrypt 2010, Nice, France, May 2010.

Cryptographic Agility and Its Relation to Circular Encryption, Tolga Acar, Mira Belenkiy, Mihir Bellare, and David Cash, Proceedings of Eurocrypt 2010, Nice, France, May 2010.

Bonsai Trees, or How to Delegate a Lattice Basis, David Cash, Dennis Hofheinz, Eike Kiltz, and Chris Peikert, Proceedings of Eurocrypt 2010, Nice, France, May 2010.

Chosen-Ciphertext Security from Slightly Lossy Trapdoor Functions, Petros Mol and Scott Yilek, Proceedings of PKC 2010, Paris, May 2010.

Are Text-Only Data Formats Safe? Or, Use This LaTeX Class File to Pwn Your Computer, Stephen Checkoway, Hovav Shacham, and Eric Rescorla, Proceedings of the USENIX Workshop on Large-scale Exploits and Emergent Threats (LEET), San Jose, CA, April 2010.

Carousel: Scalable Logging for Intrusion Prevention Systems, Terry Lam, Michael Mitzenmacher, and George Varghese, Proceedings of the 7th ACM/USENIX Symposium on Networked Systems Design and Implementation (NSDI), San Jose, CA, April 2010.

The RSA Group is Pseudo-Free, Daniele Micciancio, Journal of Cryptology 23(2):169-86, April 2010.

Neon: System Support for Derived Data Management, Qing Zhang, John McCullough, Justin Ma, Navil Schear, Michael Vrable, Amin Vahdat, Alex C. Snoeren, and Geoffrey M. Voelker, Proceedings of the ACM International Conference on Virtual Execution Environments (VEE), Pittsburgh, PA, March 2010.

Resettable Public-Key Encryption: How to Encrypt on a Virtual Machine, Scott Yilek, The Cryptographers' Track at the RSA Conference 2010, San Francisco, March 2010.

Leaping Multiple Headers in a Single Bound: Wire Speed Parsing using the Kangaroo System, Christos Kozanitis, John Huber, Sushil Singh, and George Varghese, Proceedings of the IEEE Infocom Conference, San Diego, CA, March 2010.

Botnet Judo: Fighting Spam with Itself, Andreas Pitsillidis, Kirill Levchenko, Christian Kreibich, Chris Kanich, Geoffrey M. Voelker, Vern Paxson, Nicholas Weaver, and Stefan Savage, Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2010.

When Good Randomness Goes Bad: Virtual Machine Reset Vulnerabilities and Hedging Deployed Cryptography, Thomas Ristenpart and Scott Yilek, Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2010.

Faster Exponential Time Algorithms for the Shortest Vector Problem, Daniele Micciancio and Panagiotis Voulgaris, ACM-SIAM Symposium on Discrete Algorithms, Austin, TX, January 2010.

Robust Encryption, Michel Abdalla, Mihir Bellare, and Gregory Neven, Proceedings of TCC 2010, Zurich, March 2010, pages 480-97.

Uniform Direct Product Theorems: Simplified, Optimized, and Derandomized, Russell Impagliazzo, Ragesh Jaiswal, Valentine Kabanets, and Avi Wigderson, SIAM Journal on Computing 39(4):1637-65, January 2010.

2009

Hedged Public-Key Encryption: How to Protect Against Bad Randomness, Mihir Bellare, Zvika Brakerski, Moni Naor, Thomas Ristenpart, Gil Segev, Hovav Shacham, and Scott Yilek, Proceedings of Asiacrypt 2009, Tokyo, December 2009.

Foundations of Non-Malleable Hash and One-Way Functions, Alexandra Boldyreva, David Cash, Marc Fischlin, and Bogdan Warinschi, Proceedings of Asiacrypt 2009, Tokyo, December 2009.

Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds, Thomas Ristenpart, Eran Tromer, Hovav Shacham, and Stefan Savage, Proceedings of the ACM Conference on Computer and Communications Security (CCS), Chicago, IL, November 2009.

When Private Keys are Public: Results from the 2008 Debian OpenSSL Debacle, Scott Yilek, Eric Rescorla, Hovav Shacham, Brandon Enright, and Stefan Savage, Proceedings of the ACM Internet Measurement Conference, Chicago, November 2009.

Spamalytics: An Empirical Analysis of Spam Marketing Conversion, Chris Kanich, Christian Kreibich, Kirill Levchenko, Brandon Enright, Geoffrey M. Voelker, Vern Paxson, and Stefan Savage, Communications of the Association for Computing Machinery 52(9):99-107, September 2009.

Reconstructing RSA Private Keys from Random Key Bits, Nadia Heninger and Hovav Shacham, Proceedings of Crypto 2009, Santa Barbara, CA, August 2009.

Randomizable Proofs and Delegatable Anonymous Credentials, Mira Belenkiy, Jan Camenisch, Melissa Chase, Markulf Kohlweiss, Anna Lysyanskaya, and Hovav Shacham, Proceedings of Crypto 2009, Santa Barbara, CA, August 2009.

On Bounded Distance Decoding, Unique Shortest Vectors, and the Minimum Distance Problem, Vadim Lyubashevsky and Daniele Micciancio, Proceedings of Crypto 2009, Santa Barbara, CA, August 2009.

Format-Preserving Encryption, Mihir Bellare, Thomas Ristenpart, Phillip Rogaway, and Till Stegers, Proceedings of Selected Areas in Cryptography (SAC) 2009, Calgary, Canada, August 2009.

Can DREs Provide Long-Lasting Security? The Case of Return-Oriented Programming and the AVC Advantage, Stephen Checkoway, Ariel J. Feldman, Brian Kantor, J. Alex Halderman, Edward W. Felten, and Hovav Shacham, Proceedings of EVT/WOTE 2009, Montreal, Canada, August 2009.

Enlisting ISPs to Improve Online Privacy: IP Address Mixing by Default, Barath Raghavan, Tadayoshi Kohno, Alex C. Snoeren, and David Wetherall, Privacy Enhancing Technologies Symposium, Seattle, Washington, August 2009.

Secure and Policy-Compliant Source Routing, Barath Raghavan, Patrick Verkaik, and Alex C. Snoeren, IEEE/ACM Transactions on Networking 17(4), August 2009.

Identifying Suspicious URLs: An Application of Large-Scale Online Learning, Justin Ma, Lawrence K. Saul, Stefan Savage, and Geoffrey M. Voelker, Proceedings of the 26th Annual International Conference on Machine Learning (ICML 2009), Montreal, Quebec, June 2009.

Beyond Blacklists: Learning to Detect Malicious Web Sites from Suspicious URLs, Justin Ma, Lawrence K. Saul, Stefan Savage, and Geoffrey M. Voelker, Proceedings of the ACM SIGKDD Conference, Paris, France, June 2009.

Possibility and Impossibility Results for Encryption and Commitment Secure under Selective Opening, Mihir Bellare, Dennis Hofheinz, and Scott Yilek, Proceedings of Eurocrypt 2009, Cologne, April 2009.

Simulation without the Artificial Abort: Simplified Proof and Improved Concrete Security for Waters' IBE Scheme, Mihir Bellare and Thomas Ristenpart, Proceedings of Eurocrypt 2009, Cologne, April 2009.

Salvaging Merkle-Damgard for Practical Applications, Yevgeniy Dodis, Thomas Ristenpart, and Thomas Shrimpton, Proceedings of Eurocrypt 2009, Cologne, April 2009.

Defending Mobile Phones from Proximity Malware, Gjergji Zyba, Geoffrey M. Voelker, Michael Lilijenstam, András Méhes, and Per Johansson, Proceedings of the IEEE Infocom Conference, Rio de Janeiro, Brazil, April 2009.

Spamcraft: An Inside Look at Spam Campaign Orchestration, Christian Kreibich, Chris Kanich, Kirill Levchenko, Brandon Enright, Geoffrey M. Voelker, Vern Paxson, and Stefan Savage, Proceedings of the USENIX Workshop on Large-scale Exploits and Emergent Threats (LEET), Boston, MA, April 2009.

Key Insulation and Intrusion Resilience over a Public Channel, Mihir Bellare, Shanshan Duan, and Adriana Palacio, The Cryptographers' Track at the RSA Conference 2009, San Francisco, April 2009, pages 84-99.

Security Amplification for Interactive Cryptographic Primitives, Yevgeniy Dodis, Russell Impagliazzo, Ragesh Jaiswal, and Valentine Kabanets, Proceedings of TCC 2009, San Francisco, March 2009, pages 128-45.

Lattice-Based Cryptography, Daniele Micciancio and Oded Regev, In Post Quantum Cryptography. Bernstein, Daniel J. and Buchmann, Johannes and Dahmen, Erik, editor. Springer-Verlag, 2009.

Detecting Malicious Packet Losses, Alper Mizrak, Stefan Savage, and Keith Marzullo, IEEE Transactions on Parallel and Distributed Systems 20(2), February 2009.

Security Proofs for Identity-Based Identification and Signature Schemes, Mihir Bellare, Chanathip Namprempre, and Gregory Neven, Journal of Cryptology 22(1):1-61, January 2009.

Chernoff-Type Direct Product Theorems, Russell Impagliazzo, Ragesh Jaiswal, and Valentine Kabanets, Journal of Cryptology 22(1):75-92, January 2009.

2008

Hash Functions from Sigma Protocols and Improvements to VSH, Mihir Bellare and Todor Ristov, Proceedings of Asiacrypt 2008, Melbourne, Australia, December 2008.

Compact Proofs of Retrievability, Hovav Shacham and Brent Waters, Proceedings of Asiacrypt 2008, Melbourne, Australia, December 2008, pages 90-107.

When Good Instructions Go Bad: Generalizing Return-Oriented Programming to RISC, Erik Buchanan, Ryan Roemer, Hovav Shacham, and Stefan Savage, Proceedings of the ACM Conference on Computer and Communications Security (CCS), Alexandria, VA, October 2008, pages 27-38.

Spamalytics: an Empirical Analysis of Spam Marketing Conversion, Chris Kanich, Christian Kreibich, Kirill Levchenko, Brandon Enright, Vern Paxson, Geoffrey M. Voelker, and Stefan Savage, Proceedings of the ACM Conference on Computer and Communications Security (CCS), Alexandria, VA, October 2008, pages 3-14.

Reconsidering Physical Key Secrecy: Teleduplication via Optical Decoding, Benjamin Laxton, Kai Wang, and Stefan Savage, Proceedings of the ACM Conference on Computer and Communications Security (CCS), Alexandria, VA, October 2008, pages 469-77.

Deterministic Encryption: Definitional Equivalences and Constructions without Random Oracles, Mihir Bellare, Marc Fischlin, Adam O'Neill, and Thomas Ristenpart, Proceedings of Crypto 2008, Santa Barbara, CA, August 2008, pages 360-78.

From Identification to Signatures Via the Fiat-Shamir Transform: Necessary and Sufficient Conditions for Security and Forward-Security, Michel Abdalla, Jee Hea An, Mihir Bellare, and Chanathip Namprempre, IEEE Transactions on Information Theory 54(8):3631-46, August 2008.

Optimal Communication Complexity of Generic Multicast Key Distribution, Daniele Micciancio and Saurabh Panjwani, IEEE/ACM Transactions on Networking 16(4):803-13, August 2008.

Privacy-preserving Location Tracking of Lost or Stolen Devices: Cryptographic Techniques and Replacing Trusted Third Parties with DHTs, Thomas Ristenpart, Gabriel Maganis, Arvind Krishnamurthy, and Tadayoshi Kohno, Proceedings of the USENIX Security Symposium, San Jose, CA, July 2008.

AutoISES: Automatically Inferring Security Specifications and Detecting Violations, Lin Tan, Xiaolan Zhang, Xiao Ma, Weiwei Xiong, and Yuanyuan Zhou, Proceedings of the USENIX Security Symposium, San Jose, CA, July 2008.

Storm: When Researchers Collide, Brandon Enright, Geoff Voelker, Stefan Savage, Chris Kanich, and Kirill Levchenko, USENIX ;login: 33(4), August 2008.

You Go to Elections with the Voting System You Have: Stop-Gap Mitigations for Deployed Voting Systems, J. Alex Halderman, Eric Rescorla, Hovav Shacham, and David Wagner, Proceedings of EVT 2008, San Jose, CA, July 2008.

An Indistinguishability-Based Characterization of Anonymous Channels, Alejandro Hevia and Daniele Micciancio, Privacy Enhancing Technologies Symposium, Leuven, Belgium, July 2008, pages 24-43.

Efficient Bounded Distance Decoders for Barnes-Wall lattices, Daniele Micciancio and Antonio Nicolosi, 2008 IEEE International Symposium on Information Theory, Toronto, Ontario, Canada, July 2008.

Uniform Direct Product Theorems: Simplified, Optimized, and Derandomized, Russell Impagliazzo, Ragesh Jaiswal, Valentine Kabanets, and Avi Wigderson, 40th Annual ACM Symposium on Theory of Computing, Victoria, B.C., Canada, May 2008, pages 579-588.

On the Spam Campaign Trail, Christian Kreibich, Chris Kanich, Kirill Levchenko, Brandon Enright, Geoffrey M. Voelker, Vern Paxson, and Stefan Savage, Proceedings of the USENIX Workshop on Large-scale Exploits and Emergent Threats (LEET), San Franciso, CA, April 2008.

The Heisenbot Uncertainty Problem: Challenges in Separating Bots from Chaff, Chris Kanich, Kirill Levchenko, Brandon Enright, Geoffrey M. Voelker, and Stefan Savage, Proceedings of the USENIX Workshop on Large-scale Exploits and Emergent Threats (LEET), San Franciso, CA, April 2008.

Detecting Compromised Routers via Packet Forwarding Behavior, Alper Mizrak, Stefan Savage, and Keith Marzullo, IEEE Network 22(2), March 2008.

Recovering NTRU Secret Key From Inversion Oracles, Petros Mol and Moti Yung, Proceedings of PKC 2008, Barcelona, Spain, March 2008.

Lattice-Based Identification Schemes Secure under Active Attacks, Vadim Lyubashevsky, Proceedings of PKC 2008, Barcelona, Spain, March 2008. (Best paper).

Asymptotically Efficient Lattice-Based Digital Signatures, Vadim Lyubashevsky and Daniele Micciancio, Proceedings of TCC 2008, New York, March 2008, pages 37-54.

The Round-Complexity of Black-Box Zero-Knowledge: A Combinatorial Characterization, Daniele Micciancio and Scott Yilek, Proceedings of TCC 2008, New York, March 2008, pages 535-52.

SWIFFT: A Modest Proposal for FFT Hashing, Vadim Lyubashevsky, Daniele Micciancio, Chris Peikert, and Alon Rosen, Proceedings of FSE 2008, Lausanne, Switzerland, February 2008, pages 54-72.

Efficient Reductions among Lattice Problems, Daniele Micciancio, ACM-SIAM Symposium on Discrete Algorithms, San Francisco, CA, January 2008.

2007

Generalized Compact Knapsaks, Cyclic Lattices, and Efficient One-Way Functions, Daniele Micciancio, Computational Complexity 16(4):365-411, December 2007.

How to Build a Hash Function from any Collision-Resistant Function, Thomas Ristenpart and Thomas Shrimpton, Proceedings of Asiacrypt 2007, Kuching, Sarawak, Malaysia, December 2007, pages 147-63.

Multi-Recipient Encryption Schemes: How to Save on Bandwidth and Computation Without Sacrificing Security, Mihir Bellare, Alexandra Boldyreva, Kaoru Kurosawa, and Jessica Staddon, IEEE Transactions on Information Theory 53(11):3927-43, November 2007.

Can You Infect Me Now? Malware Propagation in Mobile Phone Networks, Chris Fleizach, Michael Lilijenstam, Per Johansson, Geoffrey M. Voelker, and András Méhes, Proceedings of the ACM Workshop on Recurring Malcode (WORM), Washington D.C., November 2007.

Robust Computational Secret Sharing and a Unified Account of Classical Secret-Sharing Goals, Mihir Bellare and Phillip Rogaway, Proceedings of the ACM Conference on Computer and Communications Security (CCS), Alexandria, VA, October 2007, pages 172-84.

An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants, Jason Franklin, Vern Paxson, Adrian Perrig, and Stefan Savage, Proceedings of the ACM Conference on Computer and Communications Security (CCS), Alexandria, VA, October 2007.

The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86), Hovav Shacham, Proceedings of the ACM Conference on Computer and Communications Security (CCS), Alexandria, VA, October 2007, pages 552-61.

Slicing Spam with Occam's Razor, Chris Fleizach, Geoffrey M. Voelker, and Stefan Savage, Proceedings of Conference on Email and Anti-Spam (CEAS), Mountain View, CA, August 2007.

Spamscatter: Characterizing Internet Scam Hosting Infrastructure, David S. Anderson, Chris Fleizach, Stefan Savage, and Geoffrey M. Voelker, Proceedings of the USENIX Security Symposium, Boston, MA, August 2007.

Proximity Breeds Danger: Emerging Threats in Metro-area Wireless Networks, Periklis Akritidis, Chin Wee Yung, Vinh The Lam, Stelios Sidiroglou, and Kostas G. Anagnostakis, Proceedings of the USENIX Security Symposium, Boston, MA, August 2007.

Chernoff-Type Direct Product Theorems, Russell Impagliazzo, Ragesh Jaiswal, and Valentine Kabanets, Proceedings of Crypto 2007, Santa Barbara, CA, August 2007, pages 500-516.

Deterministic and Efficiently Searchable Encryption, Mihir Bellare, Alexandra Boldyreva, and Adam O'Neill, Proceedings of Crypto 2007, Santa Barbara, CA, August 2007, pages 535-52.

Source Code Review of the Hart InterCivic Voting System, Srinivas Inguva, Eric Rescorla, Hovav Shacham, and Dan Wallach, Part of California Secretary of State Debra Bowen’s “Top-to-Bottom” Review of the voting machines used in California, August 2007.

Hash Functions in the Dedicated-Key Setting: Design Choices and MPP Transforms, Mihir Bellare and Thomas Ristenpart, Proceedings of the International Colloquium on Automata, Languages and Programming (ICALP), Wroclaw, Poland, July 2007, pages 399-410.

Unrestricted Aggregate Signatures, Mihir Bellare, Chanathip Namprempre, and Gregory Neven, Proceedings of the International Colloquium on Automata, Languages and Programming (ICALP), Wroclaw, Poland, July 2007, pages 411-22.

How to Design Computer Security Experiments, Sean Peisert and Matt Bishop, World Conference on Information Security Education (WISE), June 2007.

Cryptographic Functions from Worst-Case Complexity Assumptions, Daniele Micciancio, Proceedings of the LLL+25 conference in honor of the 25th birthday of LLL, Caen, France, June 2007.

Worst-Case to Average-Case Reductions Based on Gaussian Measures, Daniele Micciancio and Oded Regev, SIAM Journal on Computing 37(1):267-302, May 2007.

The Power of Proofs-of-Possession: Securing Multiparty Signatures against Rogue-Key Attacks, Thomas Ristenpart and Scott Yilek, Proceedings of Eurocrypt 2007, Barcelona, Spain, May 2007, pages 228-45.

Two-Tier Signatures, Strongly Unforgeable Signatures, and Fiat-Shamir without Random Oracles, Mihir Bellare and Sarah Shoup, Proceedings of PKC 2007, Beijing, China, April 2007, pages 201-16.

Efficient Ring Signatures without Random Oracles, Hovav Shacham and Brent Waters, Proceedings of PKC 2007, Beijing, China, April 2007, pages 166-80.

Toward Models for Forensic Analysis, Sean Peisert, Matt Bishop, Sidney Karin, and Keith Marzullo, Proceedings of the International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE), Seattle, WA, April 2007.

Analysis of the SPV Secure Routing Protocol: Weaknesses and Lessons, Barath Raghavan, Saraubh Panjwani, and Anton Mityagin, ACM SIGCOMM Computer Communication Review 37(2), April 2007.

Analysis of Computer Intrusions using Sequences of Function Calls, Sean Peisert, Matt Bishop, Sidney Karin, and Keith Marzullo, IEEE Transactions on Dependable and Secure Computing 4(2):137-150, April 2007.

How to Enrich the Message Space of a Cipher, Thomas Ristenpart and Phillip Rogaway, Proceedings of FSE 2007, Luxembourg, March 2007, pages 101-18.

Tackling Adaptive Corruptions in Multicast Encryption Protocols, Saurabh Panjwani, Proceedings of TCC 2007, Amsterdam, The Netherlands, February 2007, pages 21-40. (Best student paper).

Identity-Based Multi-signatures from RSA, Mihir Bellare and Gregory Neven, The Cryptographers' Track at the RSA Conference 2007, San Francisco, February 2007, pages 145-62.

Sweeper: A Lightweight End-to-End System for Defending Against Fast Worms, Joseph Tucek, James Newsome, Shan Lu, Chengdu Huang, Spiros Xanthos, David Brumley, Yuanyuan Zhou, and Dawn Song, Proceedings of the 2nd European Conference in Computer Systems (EuroSys), Lisbon, Portugal, March 2007.

On Scalable Attack Detection in the Network, Ramana Rao Kompella, Sumeet Singh, and George Varghese, IEEE/ACM Transactions on Networking 15(1), February 2007.

2006

LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks, Feng Qin, Cheng Wang, Zhenmin Li, Ho-Seop Kim, Yuanyuan Zhou, and Youfeng Wu, Proceedings of the Annual IEEE/ACM International Symposium on Microarchitecture (MICRO), Orlando, FL, December 2006, pages 135-148.

Back to the Future: A Framework for Automatic Malware Removal, Francis Hsu, Hao Chen, Thomas Ristenpart, Jason Li, and Zhendong Su, Proceedings of ACSAC 2006, December 2006.

Multi-Property-Preserving Hash Domain Extension and the EMD Transform, Mihir Bellare and Thomas Ristenpart, Proceedings of Asiacrypt 2006, Shanghai, China, December 2006, pages 299-314.

Glavlit: Preventing Exfiltration at Wire Speed, Nabil Schear, Carmelo Kintana, Qing Zhang, and Amin Vahdat, Proceedings of the 5th ACM Workshop on Hot Topics in Networks (HotNets-V), Irvine, CA, November 2006.

Asgard: Software Guards for System Address Spaces, Martin Abadi, Mihiai Budiu, Ulfar Erlingsson, George Necula, and Michael Vrable, Proceedings of the 7th ACM/USENIX Symposium on Operating System Design and Implementation (OSDI), Seattle, WA, November 2006.

Unexpected Means of Identifying Protocols, Justin Ma, Kirill Levchenko, Cristian Kriebich, Stefan Savage, and Geoffrey M. Voelker, Proceedings of the ACM Internet Measurement Conference, Rio de Janeiro, Brazil, October 2006.

Finding Diversity in Remote Code Injection Exploits, Justin Ma, John Dunagan, Helen J. Wang, Stefan Savage, and Geoffrey M. Voelker, Proceedings of the ACM Internet Measurement Conference, Rio de Janeiro, Brazil, October 2006.

Stateful Public-Key Cryptosystems: How to Encrypt with One 160-bit Exponentiation, Mihir Bellare, Tadayoshi Kohno, and Victor Shoup, Proceedings of the ACM Conference on Computer and Communications Security (CCS), Alexandria, VA, October 2006, pages 380-9.

Multisignatures in the Plain Public-Key Model and a General Forking Lemma, Mihir Bellare and Gregory Neven, Proceedings of the ACM Conference on Computer and Communications Security (CCS), Alexandria, VA, October 2006, pages 390-9.

Puppetnets: Misusing Web Browsers as a Distributed Attack Infrastructure, Periklis Akritidis, Chin Wee Yung, Vinh The Lam, Stelios Sidiroglou, and Kostas G. Anagnostakis, Proceedings of the ACM Conference on Computer and Communications Security (CCS), Alexandria, VA, October 2006.

Forward Secure Signatures with Untrusted Update, Xavier Boyen, Hovav Shacham, Emily Shen, and Brent Waters, Proceedings of the ACM Conference on Computer and Communications Security (CCS), Alexandria, VA, October 2006, pages 191-200.

Approximately List-Decoding Direct Product Codes and Uniform Hardness Amplification, Russell Impagliazzo, Ragesh Jaiswal, and Valentine Kabanets, 47th Symposium on Foundations of Computer Science (FOCS 2006), Princeton, NJ, October 2006, pages 187-196.

Detecting Evasion Attacks at High Speeds without Reassembly, George Varghese, Andy Fingerhut, and Flavio Bonomi, Proceedings of the ACM SIGCOMM Conference, Pisa, Italy, September 2006.

Beyond Bloom Filters: From Approximate Membership Checks to Approximate State Machines, Flavio Bonomi, Michael Mitzenmacher, Rina Panigrahy, Sushil Singh, and George Varghese, Proceedings of the ACM SIGCOMM Conference, Pisa, Italy, September 2006.

PRIMED: Community-of-Interest-Based DDoS Mitigation, Patrick Verkaik, Oliver Spatscheck, Jacobus van der Merwe, and Alex C. Snoeren, Proceedings of the ACM SIGCOMM Workshop on Large Scale Attack Defense, Pisa, Italy, September 2006, pages 147-154.

Provably Secure FFT Hashing, Vadim Lyubashevsky, Daniele Micciancio, Chris Peikert, and Alon Rosen, NIST Second Cryptographic Hash Workshop, August 2006.

New Proofs for NMAC and HMAC: Security without Collision-Resistance, Mihir Bellare, Proceedings of Crypto 2006, Santa Barbara, CA, August 2006, pages 602-19.

On Bounded Distance Decoding for General Lattices, Yi-Kai Liu, Vadim Lyubashevsky, and Daniele Micciancio, International Workshop on Randomization and Computation -- RANDOM 2006, Barcelona, Spain, August 2006, pages 450-61.

Fatih: Detecting and Isolating Malicious Routers via Traffic Validation, Alper Mizrak, Yu-Chung Cheng, Keith Marzullo, and Stefan Savage, IEEE Transactions on Dependable and Secure Computing 3(3), July 2006.

Hard Instances of the Constrained Discrete Logarithm Problem, Ilya Mironov, Anton Mityagin, and Kobbi Nissim, ANTS-VII: The 7th International Symposium on Algorithmic Number Theory, Berlin, Germany, July 2006, pages 582-98.

Designing Voting Machines for Verification, Naveen Sastry, Tadayoshi Kohno, and David Wagner, Proceedings of the USENIX Security Symposium, Vancouver, B.C., Canada, July 2006, pages 321-36.

Generalized Compact Knapsacks Are Collision Resistant, Vadim Lyubashevsky and Daniele Micciancio, Proceedings of the International Colloquium on Automata, Languages and Programming (ICALP), Venice, Italy, July 2006, pages 144-55 (volume 2).

Corrupting One vs. Corrupting Many: The Case of Broadcast and Multicast Encryption, Daniele Micciancio and Saurabh Panjwani, Proceedings of the International Colloquium on Automata, Languages and Programming (ICALP), Venice, Italy, July 2006, pages 70-82 (volume 2).

Inferring Internet Denial-of-Service Activity, David Moore, Colleen Shannon, Doug Brown, Geoffrey M. Voelker, and Stefan Savage, ACM Transactions on Computer Systems 24(2):115-139, May 2006.

Code-Based Game-Playing Proofs and the Security of Triple Encryption, Mihir Bellare and Phillip Rogaway, Proceedings of Eurocrypt 2006, St. Petersburg, Russia, May 2006, pages 409-26.

Herding Hash Functions and the Nostradamus Attack, John Kelsey and Tadayoshi Kohno, Proceedings of Eurocrypt 2006, St. Petersburg, Russia, May 2006, pages 183-200.

Sequential Aggregate Signatures and Multisignatures without Random Oracles, Steve Lu, Rafail Ostrovsky, Amit Sahai, Hovav Shacham, and Brent Waters, Proceedings of Eurocrypt 2006, St. Petersburg, Russia, May 2006, pages 465-85.

Tamper-Evident, History-Independent, Subliminal-Free Data Structures on PROM storage, or, How to Store Ballots on a Voting Machine (extended abstract), David Molnar, Tadayoshi Kohno, Naveen Sastry, and David Wagner, Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, May 2006, pages 365-70.

Security Analysis of KEA Authenticated Key Exchange Protocol, Kristin Lauter and Anton Mityagin, Proceedings of PKC 2006, New York, April 2006, pages 378-94.

Logics for Reasoning about Cryptographic Constructions, Russell Impagliazzo and Bruce M. Kapron, Journal of Computer and System Sciences 72(2):286-320, March 2006.

Concurrent Zero Knowledge Without Complexity Assumptions, Daniele Micciancio, Shien Jin Ong, Amit Sahai, and Salil P. Vadhan, Proceedings of TCC 2006, New York, March 2006, pages 1-20.

Wireless Security and Internetworking, Minho Shin, Justin Ma, Arunesh Mishra, and William A. Arbaugh, Proceedings of the IEEE 94(2), February 2006.

Key Regression: Enabling Efficient Key Distribution for Secure Distributed Storage, Kevin Fu, Seny Kamara, and Tadayoshi Kohno, The 13th Annual Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2006.

2005

Opportunistic Measurement: Extracting Insight from Spurious Traffic, Martin Casado, Tal Garfinkel, Weidong Cui, Vern Paxson, and Stefan Savage, Proceedings of the 4th ACM Workshop on Hot Topics in Networks (HotNets-IV), College Park, MD, November 2005.

Self-stopping Worms, Justin Ma, Geoffrey M. Voelker, and Stefan Savage, Proceedings of the ACM Workshop on Rapid Malcode (WORM), Washington D.C., November 2005, pages 12-21.

Misbehaving TCP Receivers Can Cause Internet-Wide Congestion Collapse, Rob Sherwood, Bobby Bhattacharjee, and Ryan Braud, Proceedings of the ACM Conference on Computer and Communications Security (CCS), Alexandria, VA, October 2005.

Rx: Treating Bugs as Allergies---a Safe Method to Survive Software Failure, Feng Qin, Joe Tucek, Jagadeesan Sundaresan, and Yuanyuan Zhou, Proceedings of the 20th ACM Symposium on Operating System Principles (SOSP), Brighton, UK, October 2005. (Award paper).

Scalability, Fidelity and Containment in the Potemkin Virtual Honeyfarm, Michael Vrable, Justin Ma, Jay Chen, David Moore, Erik VandeKieft, Alex C. Snoeren, Geoffrey M. Voelker, and Stefan Savage, Proceedings of the 20th ACM Symposium on Operating System Principles (SOSP), Brighton, UK, October 2005, pages 148-162.

Principles-Driven Forensic Analysis, Sean Peisert, Matt Bishop, Sidney Karin, and Keith Marzullo, Proceedings of the New Security Paradigms Workshop (NSPW), Lake Arrowhead, CA, September 2005.

Searchable Encryption Revisited: Consistency Properties, Relation to Anonymous IBE, and Extensions, Michel Abdalla, Mihir Bellare, Dario Catalano, Eike Kiltz, Tadayoshi Kohno, Tanja Lange, John Malone-Lee, Gregory Neven, Pascal Paillier, and Haixia Shi, Proceedings of Crypto 2005, Santa Barbara, CA, August 2005, pages 205-22.

Improved Security Analyses for CBC MACs, Mihir Bellare, Krzysztof Pietrzak, and Phillip Rogaway, Proceedings of Crypto 2005, Santa Barbara, CA, August 2005, pages 527-45.

Simultaneous Broadcast Revisited, Alejandro Hevia and Daniele Micciancio, 24th Annual ACM Symposium on Principles of Distributed Computing (PODC 2005), Las Vegas, NV, July 2005, pages 324-33.

Empirical Study of Tolerating Denial-of-Service Attacks with a Proxy Network, Ju Wang, Xin Liu, and Andrew Chien, Proceedings of the USENIX Security Symposium, Baltimore, MD, August 2005.

Treating Bugs as Allergies: A Safe Method for Surviving Software Failures, Feng Qin, Joseph Tucek, and Yuanyuan Zhou, Proceedings of the 10th USENIX Workshop on Hot Topics in Operating Systems (HotOS-X), Santa Fe, NM, June 2005.

Append-Only Signatures, Eike Kiltz, Anton Mityagin, Saurabh Panjwani, and Barath Raghavan, Proceedings of the International Colloquium on Automata, Languages and Programming (ICALP), Lisboa, Portugal, July 2005.

Fatih: Detecting and Isolating Malicious Routers, Alper Mizrak, Yu-Chung Cheng, Keith Marzullo, and Stefan Savage, Proceedings of the IEEE Conference on Dependable Systems and Networks (DSN), Yokohama, Japan, June 2005, pages 538-547. (Award paper).

The Complexity of the Covering Radius Problem on Lattices and Codes, Venkatesan Guruswami, Daniele Micciancio, and Oded Regev, Computational Complexity 14(2):90-121, June 2005.

Remote Physical Device Fingerprinting, Tadayoshi Kohno, Andre Brodio, and kc claffy, Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, May 2005. (Award paper).

Mix-Network with Stronger Security, Jan Camenisch and Anton Mityagin, Privacy Enhancing Technologies Symposium, Cavtat, Croatia, May 2005, pages 128-46.

The RSA Group is Pseudo-Free, Daniele Micciancio, Proceedings of Eurocrypt 2005, Aarhus, Denmark, May 2005, pages 387-403.

Remote Physical Device Fingerprinting, Tadayoshi Kohno, Andre Brodio, and kc claffy, IEEE Transactions on Dependable and Secure Computing 2(2):93-108, April 2005.

Surviving Internet Catastrophes, Flavio Junqueira, Ranjita Bhagwan, Alejandro Hevia, Keith Marzullo, and Geoffrey M. Voelker, Proceedings of the USENIX Annual Technical Conference, Anaheim, CA, April 2005.

SafeMem: Exploiting ECC-Memory for Detecting Memory Leaks and Memory Corruption During Production Runs, Feng Qin, Shan Lu, and Yuanyuan Zhou, Proceedings of IEEE International Symposium on High-Performance Computer Architecture, San Francisco, CA, February 2005.

End-to-End Security in the Presence of Intelligent Data Adapting Proxies: the Case of Authenticating Transcoded Streaming Media, Craig Gentry, Alejandro Hevia, Ravi Jain, Toshiro Kawahara, and Zulfikar Ramzan, IEEE Journal on Selected Areas in Communication 23(2):464-73, February 2005.

Adaptive Security of Symbolic Encryption, Daniele Micciancio and Saurabh Panjwani, Proceedings of TCC 2005, Cambridge, MA, February 2005, pages 169-87.

Foundations of Group Signatures: The Case of Dynamic Groups, Mihir Bellare, Haixia Shi, and Chong Zhang, The Cryptographers' Track at the RSA Conference 2005, San Francisco, February 2005, pages 136-53.

2004

Automated Worm Fingerprinting, Sumeet Singh, Cristian Estan, George Varghese, and Stefan Savage, Proceedings of the 6th ACM/USENIX Symposium on Operating System Design and Implementation (OSDI), San Francisco, CA, December 2004, pages 45-60.

Towards Plaintext-Aware Public-Key Encryption without Random Oracles, Mihir Bellare and Adriana Palacio, Proceedings of Asiacrypt 2004, Jeju Island, Korea, December 2004, pages 48-62.

Client Side Caching for TLS, Hovav Shacham, Dan Boneh, and Eric Rescorla, ACM Transactions on Information and System Security 7(4):553-75, November 2004.

Attacking and Repairing the WinZip Encryption Scheme, Tadayoshi Kohno, Proceedings of the ACM Conference on Computer and Communications Security (CCS), Washington, D.C., October 2004, pages 72-81.

Group Signatures with Verifier-Local Revocation, Dan Boneh and Hovav Shacham, Proceedings of the ACM Conference on Computer and Communications Security (CCS), Washington, D.C., October 2004, pages 168-77.

On the Effectiveness of Address-Space Randomization, Hovav Shacham, Matthew Page, Ben Pfaff, Eu-Jin Goh, Nagendra Modadugu, and Dan Boneh, Proceedings of the ACM Conference on Computer and Communications Security (CCS), Washington, D.C., October 2004, pages 298-307.

On the Difficulty of Scalably Detecting Network Attacks, Kirill Levchenko, Ramamohan Paturi, and George Varghese, Proceedings of the ACM Conference on Computer and Communications Security (CCS), Washington, D.C., October 2004.

The Top Speed of Flash Worms, Stuart Staniford, David Moore, Vern Paxson, and Nick Weaver, Proceedings of the ACM Workshop on Rapid Malcode (WORM), Washington, D.C., October 2004.

Worst-Case to Average-Case Reductions Based on Gaussian Measures, Daniele Micciancio and Oded Regev, 45th Symposium on Foundations of Computer Science (FOCS 2004), Rome, Italy, October 2004, pages 372-81.

On Scalable Attack Detection in the Network, Ramana Rao Kompella, Sumeet Singh, and George Varghese, Proceedings of the USENIX/ACM Internet Measurement Conference, Taormina, Sicily, Italy, October 2004.

Short Signatures from the Weil Pairing, Dan Boneh, Ben Lynn, and Hovav Shacham, Journal of Cryptology 17(4):297-319, September 2004.

A System for Authenticated Policy-Compliant Routing, Barath Raghavan and Alex C. Snoeren, Proceedings of the ACM SIGCOMM Conference, Portland, OR, September 2004, pages 167-178.

The Inapproximability of Lattice and Coding Problems with Preprocessing, Uriel Feige and Daniele Micciancio, Journal of Computer and System Sciences 69(1):45-67, August 2004.

The Knowledge-of-Exponent Assumptions and 3-Round Zero-Knowledge Protocols, Mihir Bellare and Adriana Palacio, Proceedings of Crypto 2004, Santa Barbara, CA, August 2004, pages 273-89.

Short Group Signatures, Dan Boneh, Xavier Boyen, and Hovav Shacham, Proceedings of Crypto 2004, Santa Barbara, CA, August 2004, pages 41-55.

UCLog: A Unified, Correlated Logging Architecture for Intrusion Detection, Zhenmin Li, Jed Taylor, Elizabeth Partridge, Yuanyuan Zhou, William Yurcik, Cristina Abad, James J. Barlow, and Jeff Rosendale, International Conference on Telecommunication Systems - Modeling and Analysis (ICTSM), July 2004.

The Spread of the Witty Worm, Colleen Shannon and David Moore, IEEE Security and Privacy 2(4), July 2004.

Fault-Tolerant Forwarding in the Face of Malicious Routers, Alper Mizrak, Keith Marzullo, and Stefan Savage, Proceedings of the International Workshop on the Future Directions in Distributed Computing (FuDiCo), Bertinoro, Italy, June 2004.

The Complexity of the Covering Radius Problem on Lattices and Codes, Venkatesan Guruswami, Daniele Micciancio, and Oded Regev, 19th Annual IEEE Conference on Computational Complexity (CCC 2004), Amherst, MA, June 2004, pages 161-73.

Analysis of an Electronic Voting System, Tadayoshi Kohno, Adam Stubblefield, Aviel D. Rubin, and Dan S. Wallach, Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, May 2004, pages 27-42.

Optimal Communication Complexity of Generic Multicast Key Distribution, Daniele Micciancio and Saurabh Panjwani, Proceedings of Eurocrypt 2004, Interlaken, Switzerland, May 2004, pages 153-70.

Hash Function Balance and Its Impact on Birthday Attacks, Mihir Bellare and Tadayoshi Kohno, Proceedings of Eurocrypt 2004, Interlaken, Switzerland, May 2004, pages 401-18.

Security Proofs for Identity-Based Identification and Signature Schemes, Mihir Bellare, Chanathip Namprempre, and Gregory Neven, Proceedings of Eurocrypt 2004, Interlaken, Switzerland, May 2004, pages 268-86.

An Uninstantiable Random-Oracle-Model Scheme for a Hybrid-Encryption Problem, Mihir Bellare, Alexandra Boldyreva, and Adriana Palacio, Proceedings of Eurocrypt 2004, Interlaken, Switzerland, May 2004, pages 171-88.

Sequential Aggregate Signatures from Trapdoor Permutations, Anna Lysyanskaya, Silvio Micali, Leonid Reyzin, and Hovav Shacham, Proceedings of Eurocrypt 2004, Interlaken, Switzerland, May 2004, pages 74-90.

The Spread of the Witty Worm, Colleen Shannon and David Moore, CAIDA Report, March 2004.

Soundness of Formal Encryption in the Presence of Active Adversaries, Daniele Micciancio and Bogdan Warinschi, Proceedings of TCC 2004, Cambridge, MA, February 2004, pages 133-51.

New Security Proofs for the 3GPP Confidentiality and Integrity Algorithms, Tetsu Iwata and Tadayoshi Kohno, Proceedings of FSE 2004, Delhi, India, February 2004, pages 427-45.

CWC: A High-Performance Conventional Authenticated Encryption Mode, Tadayoshi Kohno, John Viega, and Doug Whiting, Proceedings of FSE 2004, Delhi, India, February 2004, pages 408-26.

The EAX Mode of Operation, Mihir Bellare, Phillip Rogaway, and David Wagner, Proceedings of FSE 2004, Delhi, India, February 2004, pages 389-407.

Almost Perfect Lattices, the Covering Radius Problem, and Applications to Ajtai's Connection Factor, Daniele Micciancio, SIAM Journal on Computing 34(1):118-69, 2004.