The advent of the World Wide Web had a huge impact on the world, because suddenly people had easy access to information that was previously unavailable or simply hard to find. Unfortunately this raises many new problems in the protection of information against unauthorized access and use. We take the privacy of our users seriously, and we have people working on nearly every aspect of information security, including networking, OS security, language design, cryptography, fraud detection and prevention, denial of service, privacy, and human aspects of security. Here are some of their publications.
Large-Scale Automatic Classification of Phishing Pages, Colin Whittaker, Brian Ryner, Marria Nazif, NDSS '10, 2010 (to appear).
Balancing Usability and Security in a Video CAPTCHA, Kurt Alfred Kluever, Richard Zanibbi, Proceedings of the 5th Symposium on Usable Privacy and Security (SOUPS '09), 2009.
Capacity of Steganographic Channels, Jeremiah Harmsen, William Pearlman, IEEE Transactions on Information Theory, vol. 55 (2009), pp. 1775-1792.
Composability and On-Line Deniability of Authentication, Yevgeniy Dodis, Jonathan Katz, Adam Smith, Shabsi Walfish, Proceedings of the 6th Theory of Cryptography Conference, TCC 2009, San Francisco, CA, USA, March 15-17, 2009, pp. 146-162.
Firefox (In)Security Update Dynamics Exposed, Stefan Frei, Thomas Duebendorfer, Bernhard Plattner, ACM Sigcomm Comput. Commun. Rev., vol. 39 Issue 1 (2009), pp. 16-22.
The Goals and Challenges of Click Fraud Penetration Testing Systems, Carmelo Kintana, David Turner, Jia-Yu Pan, Ahmed Metwally, Neil Daswani, Erika Chin, Andrew Bortz, 2009.
Why Silent Updates Boost Security, Thomas Duebendorfer, Stefan Frei, ETH Tech Report, vol. TIK 302 (2009), pp. 1-9.
(Under)mining Privacy in Social Networks, Monica Chew, Dirk Balfanz, Ben Laurie, W2SP 2008: Web 2.0 Security and Privacy 2008.
Access Control, Ben Laurie, 2008.
All Your iFrames Point to Us, Niels Provos, Panayiotis Mavrommatis, Moheeb Rajab, Fabian Monrose, 17th USENIX Security Symposium, 2008.
Choose the Red Pill and the Blue Pill, Ben Laurie, Abe Singer, New Security Paradigms Workshop 2008.
Competition and Fraud in Online Advertising Markets, Bob Mungamuru, Stephen A. Weis, Financial Cryptography, 2008.
Corrupted DNS Resolution Paths: The Rise of a Malicious Resolution Authority, David Dagon, Chris Lee, Wenke Lee, Niels Provos, Proc. 15th Network and Distributed System Security Symposium (NDSS), 2008.
Distributed divide-and-conquer techniques for effective DDoS attack defenses, Muthuprasanna Muthusrinivasan, Manimaran Govindarasu, IEEE International Conference on Distributed Computing Systems (ICDCS), 2008.
Efficient Constructions of Composable Commitments and Zero-Knowledge Proofs, Yevgeniy Dodis, Victor Shoup, Shabsi Walfish, Proceedings of Advances in Cryptology - CRYPTO 2008, 28th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 17-21, 2008, pp. 515-535.
Ghost Turns Zombie: Exploring the Life Cycle of Web-based Malware, Michalis Polychronakis, Panayiotis Mavrommatis, Niels Provos, Proceedings of the 1st USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET), 2008.
Insecure Context Switching: Innoculating regular expressions for survivability, Will Drewry, Tavis Ormandy, 2008.
Peeking Through the Cloud, Moheeb Abu Rajab, Fabian Monrose, Andreas Terzis, Niels Provos, 6th Conference on Applied Cryptography and Network Security, 2008.
Plan 9 Authentication in Linux, Ashwin Ganti, ACM SIGOPS OSR special issue on Research and Developments in the Linux Kernel, vol. 42, Issue 5 (July 2008) (2008).
Please Permit Me: Stateless Delegated Authorization in Mashups, Ragib Hasan, Marianne Winslett, Richard Conlan, Brian Slesinsky, Nandakumar Ramani, Proceedings of the Annual Computer (2008), pp. 173-182.
Securing Nonintrusive Web Encryption through Information Flow, Lantian Zheng, Andrew C. Myers, Proceedings of the 2008 workshop on programming languages and analysis for security.
Security aspects of the Authentication used in Quantum Cryptography, Jörgen Cederlöf, Jan-Åke Larsson, IEEE Transactions on Information Theory, vol. 54 (2008), pp. 1735-1741.
To Catch a Predator: A Natural Language Approach for Eliciting Protocol Interaction, Sam Small, Joshua Mason, Fabian Monrose, Niels Provos, Adam Stubblefield, 17th USENIX Security Symposium, 2008.
Understanding the Web browser threat, Stefan Frei, Thomas Duebendorfer, Gunter Ollmann, Martin May, DefCon 16 (2008).
Video CAPTCHAs: Usability vs. Security, Kurt Alfred Kluever, Richard Zanibbi, Proceedings of the IEEE Western New York Image Processing Workshop (WNYIP '08), 2008.
A Framework for Detection and Measurement of Phishing Attacks, Sujata Garera, Niels Provos, Monica Chew, Aviel D. Rubin, WORM'07, 2007.
An Empirical Study into the Security Exposure to Hosts of Hostile Virtualized Environments, Tavis Ormandy, CanSecWest 2007.
Byzantine Attacks on Anonymity Systems, Nikita Borisov, George Danezis, Parisa Tabriz, Digital Privacy: Theory, Technologies, and Practices, 2007.
Cyberassault on Estonia, Marc Donner, IEEE Security and Privacy, vol. 5, no. 4 (2007), pp. 4.
Defining Strong Privacy for RFID, Ari Juels, Stephen A. Weis, Proc. 5th International Conf. on Pervasive Computing and Communications Workshops, 2007, pp. 342-347.
Delegating Responsibility in Digital Systems: Horton's, Mark S. Miller, Jed Donnelley, Alan H. Karp, 2nd USENIX Workshop on Hot Topics in Security, 2007, pp. 5.
Denial of Service or Denial of Security? How Attacks can Compromize Anonymity, Nikita Borisov, George Danezis, Prateek Mittal, Parisa Tabriz, Conference on Computer and Communications Security, 2007.
Dynamic Pharming Attacks and Locked Same-Origin Policies for Web Browsers, Chris Karlof, Umesh Shankar, J. D. Tygar, David Wagner, Conference on Computer and Communications Security, 2007.
Flayer: Exposing Application Internals, Will Drewry, Tavis Ormandy, First USENIX Workshop on Offensive Technologies (WOOT '07), 2007.
Foundations of Security: What Every Programmer Needs to Know, Neil Daswani, Christoph Kern, Anita Kesavan, 2007.
Memsherlock: An Automated Debugger for Unknown Memory Corruption Vulnerabilities, Emre C. Sezer, Peng Ning, ChongKyung Kil, Jun Xu, Conference on Computer and Communication Security, 2007.
Provable Data Possession at Untrusted Stores, Giuseppe Ateniese, Randal Burns, Reza Curtmola, Joseph Herring, Lea Kissner, Zachary Peterson, Dawn Song, Conference on Computer and Communications Security, 2007.
Selective Disclosure, Ben Laurie, 2007.
The Ghost In The Browser: Analysis of Web-based Malware, Niels Provos, Dean McNamee, Panayiotis Mavrommatis, Ke Wang, Nagendra Modadugu, First Workshop on Hot Topics in Understanding Botnets (HotBots '07), 2007.
Tradeoffs in Retrofitting Security: An Experience Report, Mark S. Miller, Dynamic Languages Symposium, 2007.
Virtual Honeypots: From Botnet Tracking to Intrusion Detection, Niels Provos, Thorsten Holz, 2007.
A Method for Making Password-Based Key Exchange Resilient to Server Compromise, Craig Gentry, Philip MacKenzie, Zulfikar Ramzan, Advances in Cryptology - CRYPTO 2006, pp. 142-159.
Cookies Along Trust-Boundaries (CAT): Accurate and Deployable Flood Protection, Martin Casado, Aditya Akella, Pei Cao, Niels Provos, Scott Shenker, In Proceedings of Steps To Reduce Unwated Traffic From The Internet, 2006.
Flow-Cookies: Using Bandwidth Amplification to Defend Against DDoS Flooding Attacks, Martin Casado, Pei Cao, Aditya Akella, Niels Provos, Proceedings of the IEEE Workshop on QoS, 2006.
Language Modeling and Encryption on Packet Switched Networks, Kevin S. McCurley, Advances in Cryptology: Proc. Eurocrypt 2006, pp. 359-372.
Limits to Anti Phishing, Jeff Nelson, David Jeske, Proceedings of the W3c Security and Usability Workshop, 2006, pp. 5.
Packet vaccine: black-box exploit detection and signature generation, XiaoFeng Wang, Zhuowei Li, Jun Xu, Michael K. Reiter, Chongkyung Kil, Jong Youl Choi, Proc. 13th ACM Conference on Computer and Communications Security, 2006, pp. 37-46.
Privacy-Enhancing Technologies, Stephen A. Weis, IEEE Security and Privacy, vol. 4 (2006), pp. 59.
Resource Fairness and Composability of Cryptographic Protocols, Juan Garay, Philip MacKenzie, Manoj Prabhakaran, Ke Yang, Theory of Cryptography: Third Theory of Cryptography Conference, TCC 2006, pp. 404-428.
Search Worms, Niels Provos, Joe McClain, Ke Wang, WORM '06: Proceedings of the 4th ACM workshop on Recurring malcode, 2006, pp. 1-8.
A Virtual Honeypot Framework, Niels Provos, USENIX Security Symposium, 2004, pp. 1-14.
Improving Host Security with System Call Policies, Niels Provos, 12th USENIX Security Symposium, 2003.
Preventing Privilege Escalation, Niels Provos, Markus Friedl, Peter Honeyman, 12th USENIX Security Symposium, 2003.
Defending Against Statistical Steganalysis, Niels Provos, 10th USENIX Security Symposium, 2001.
Encrypting Virtual Memory, Niels Provos, 9th USENIX Security Symposium (2000).
A Future-Adaptable Password Scheme, Niels Provos, David Mazières, USENIX Annual Technical Conference, FREENIX Track, 1999.
Cryptography in OpenBSD: An Overview, Theo de Raadt, Niklas Hallqvist, Artur Grabowski, Angelos D. Keromytis, Niels Provos, USENIX Annual Technical Conference, FREENIX Track, 1999.