|
||||
|
SensorSift: Balancing Sensor Data Privacy and Utility in Automated Face Understanding, ,
Annual Computer Security Applications Conference, December 2012. Strengthening User Authentication through Opportunistic Cryptographic Identity Assertions, ,
Proceedings of the 19th ACM Conference on Computer and Communications Security, October 2012. User Interface Toolkit Mechanisms for Securing Interface Elements, ,
25th ACM Symposium on User Interface Software and Technology (UIST 2012), October 2012. Security Risks, Low-tech User Interfaces, and Implantable Medical Devices: A Case Study with Insulin Pump Infusion Systems, ,
USENIX Workshop on Health Security and Privacy (HealthSec), August 2012. Control-Alt-Hack: A Card Game for Computer Security Outreach, Education, and Fun, ,
University of Washington Computer Science and Engineering technical report UW-CSE-12-07-01, July 2012. User-Driven Access Control: Rethinking Permission Granting in Modern Operating Systems, ,
IEEE Symposium on Security and Privacy, May 2012. Detecting and Defending Against Third-Party Tracking on the Web, ,
Networked Systems Design and Implementation (NSDI), April 2012. |
||||
|
A Review of the Security of Insulin Pump Infusion Systems, ,
Journal of Diabetes Science and Technology 5(6), November 2011. Comprehensive Experimental Analyses of Automotive Attack Surfaces, ,
20th USENIX Security Symposium, August 2011. New Directions for Self-destructing Data, ,
University of Washington Computer Science and Engineering technical report UW-CSE-11-08-01, August 2011. Network Support for Privacy-Preserving Forensic Attribution, ,
Communications of the ACM 54(5):78-87, May 2011. Keypad: An Auditing File System for Theft-prone Devices, ,
European Conference on Computer Systems (EuroSys), April 2011. Science Fiction Prototyping and Security Education: Cultivating Contextual and Societal Thinking in Computer Security Education and Beyond, ,
ACM Technical Symposium on Computer Science Education (SIGCSE), March 2011. Sensor Tricorder: What does that sensor know about me?, ,
12th Workshop on Mobile Computing Systems and Application (HotMobile), March 2011. |
||||
|
Patients, Pacemakers, and Implantable Defibrillators: Human Values and Security for Wireless Implantable Medical Devices, ,
Proceedings of the 28th international conference on Human factors in computing systems, New York, NY, USA, 2010, pages 917-926. Boosting the Accuracy of Differentially Private Histograms Through Consistency, ,
VLDB, 2010. Retaining sandbox containment despite bugs in privileged
memory-safe code, ,
Proceedings of the 17th ACM conference on Computer and
communications security, October 2010. Survivable key compromise in software update systems, ,
Proceedings of the 17th ACM conference on Computer and
communications security, October 2010. Comet: An active distributed key-value store, ,
USENIX Symposium on Operating Systems Design and Implementation (OSDI), October 2010. The Limits of Automatic OS Fingerprint Generation, ,
Workshop on Artificial Intelligence and Security (AISec), October 2010. Seeing through Obscure Glass, ,
European Conference on Computer Vision (ECCV), September 2010. Parenting from the Pocket: Value Tensions and Technical Directions for Secure and Private Parent-Teen Mobile Safety, ,
Symposium On Usable Privacy and Security (SOUPS), July 2010. Experimental Security Analysis of a Modern Automobile, ,
IEEE Symposium on Security and Privacy, May 2010. Patients, Pacemakers, and Implantable Defibrillators: Human Values and Security for Wireless Implantable Medical Devices, ,
Proceedings of the ACM Conference on Human Factors in Computing Systems (CHI 2010), April 2010. Improving the Security and Privacy of Implantable Medical Devices, ,
New England Journal of Medicine 362(13):1164-1166, April 2010. Cryptography Engineering: Design Principles and Practical Applications, ,
Wiley Publishing, Inc., March 2010. |
||||
|
Are Patched Machines Really Fixed?, ,
IEEE Security and Privacy 7(5), 2009. Relationship privacy: output perturbation for queries with joins, ,
PODS, 2009. EPC RFID Tags in Security Applications: Passport Cards, Enhanced Drivers Licenses, and Beyond, ,
Proceedings of the 16th ACM Conference on Computer and Communications Security, November 2009. Clinically Significant Magnetic Interference of Implanted Cardiac Devices by Portable Headphones, ,
Heart Rhythm Journal 6(10), October 2009. A Spotlight on Security and Privacy Risks with Future Household Robots: Attacks and Lessons, ,
11th International Conference on Ubiquitous Computing (Ubicomp), October 2009. Vanish: Increasing Data Privacy with Self-Destructing Data, ,
18th USENIX Security Symposium, August 2009. Enlisting ISPs to Improve Online Privacy: IP Address Mixing by Default, ,
Privacy Enhancing Technologies Symposium, August 2009. Neurosecurity: Security and privacy for neural devices, ,
Neurosurgical Focus 27, July 2009. Provable Security Support for the Skein Hash Family, ,
Associated Documentation to the NIST Cryptographic Hash Algorithm Competition, April 2009. A Comprehensive Study of Frequency, Interference, and Training of Multiple Graphical Passwords, ,
Proceedings of the ACM Conference on Human Factors in Computing Systems (CHI 2009), April 2009. The International Criminal Tribunal for Rwanda Information Heritage Project (aka Voices of the Rwanda Tribunal): Integrity Verification Architecture, ,
University of Washington Computer Science and Engineering technical report 09-01-02, March 2009. |
||||
|
Access Control over Uncertain Data, ,
VLDB, 2008. A look in the mirror: attacks on package managers, ,
Proceedings of the 15th ACM conference on Computer and
communications security, October 2008. Privacy Oracle: A System for Finding Application Leaks with Black Box Differential Testing, ,
Proceedings of the 15th ACM Conference on Computer and Communications Security, October 2008. RFIDs and Secret Handshakes: Defending Against Ghost-and-Leech Attacks and Unauthorized Reads with Context-Aware Communications, ,
Proceedings of the 15th ACM Conference on Computer and Communications Security, October 2008. Electromagnetic Interference (EMI) of Implanted Cardiac Devices by MP3 Player Headphones, ,
Circulation 118(18 Supplement), October 2008. The Skein Hash Function Family, ,
Submission to the NIST Cryptographic Hash Algorithm Competition, October 2008. Challenges and Directions for Monitoring P2P File Sharing Networks -- or -- Why My Printer Received a DMCA Takedown Notice, ,
3rd USENIX Workshop on Hot Topics in Security (HotSec '08), July 2008. Defeating Encrypted and Deniable File Systems: TrueCrypt v5.1a and the Case of the Tattling OS and Applications, ,
3rd USENIX Workshop on Hot Topics in Security (HotSec '08), July 2008. Absence Makes the Heart Grow Fonder: New Directions for Implantable Medical Device Security, ,
3rd USENIX Workshop on Hot Topics in Security (HotSec '08), July 2008. Shining Light in Dark Places: Understanding the Tor Network, ,
Privacy Enhancing Technologies Symposium, July 2008. Privacy-Preserving Location Tracking of Lost or Stolen Devices: Cryptographic Techniques and Replacing Trusted Third Parties with DHTs, ,
17th USENIX Security Symposium, July 2008. Searchable Encryption Revisited: Consistency Properties, Relation to Anonymous IBE, and Extensions, ,
Journal of Cryptology 21(3):350-391, July 2008. Improving Wireless Privacy with an Identifier-Free Link Layer Protocol, ,
International Conference on Mobile Systems, Application, and Services (MobiSys), June 2008. Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses, ,
IEEE Symposium on Security and Privacy, May 2008. Detecting In-Flight Page Changes with Web Tripwires, ,
USENIX Symposium on Networked Systems Design amp; Implementation, April 2008. Security and Privacy for Implantable Medical Devices, ,
IEEE Pervasive Computing 7(1), January 2008. |
||||
|
The Boundary Between Privacy and Utility in Data Publishing, ,
VLDB, 2007. Stork: package management for distributed VM environments, ,
Proceedings of the 21st conference on Large Installation
System Administration Conference, 2007. Physical Access Control for Captured RFID Data, ,
IEEE Pervasive Computing 6(4), October 2007. Low-Resource Routing Attacks Against Tor, ,
Workshop on Privacy in the Electronic Society, October 2007. Protecting Security and Privacy, ,
MIT Technology Review, September 2007. Expressing Privacy Policies Using Authorization Views, ,
Workshop on UbiComp Privacy: Technologies, Users, Policy, September 2007. Devices That Tell On You: Privacy Trends in Consumer Ubiquitous Computing, ,
16th USENIX Security Symposium, August 2007. Software Review and Security Analysis of the Diebold Voting Machine Software, ,
Report commissioned by the Florida Department of State, July 2007. Can Ferris Bueller Still Have His Day Off? Protecting Privacy in the Wireless Era, ,
11th Workshop on Hot Topics in Operating Systems, May 2007. |
||||
|
Stateful public-key cryptosystems: How to encrypt with one 160-bit exponentiation, ,
Proceedings of the 13th ACM Conference on Computer and Communications Security, November 2006. Safe Manual Memory Management in Cyclone, ,
Science of Computer Programming, Special Issue: Five perspectives on modern memory management -- Systems, hardware and theory 62(2), October 2006. Designing voting machines for verification, ,
15th USENIX Security Symposium, August 2006. Quantified Types in Imperative Languages, ,
ACM Transactions on Programming Languages and Systems 28(3), May 2006. Herding hash functions and the Nostradamus attack, ,
Advances in Cryptology -- EUROCRYPT, May 2006. Tamper-evident, history-independent, subliminal-free data structures on PROM storage -or- how to store ballots on a voting machine (extended abstract), ,
IEEE Symposium on Security and Privacy, May 2006. Key regression: Enabling efficient key distribution for secure distributed storage, ,
ISOC Network and Distributed System Security Symposium, February 2006. SSH transport layer encryption modes, ,
IETF RFC 4344, January 2006. |
||||
|
Proper: privileged operations in a virtualised system environment, ,
Proceedings of the annual conference on USENIX Annual
Technical Conference, 2005. Preventing Format-String Attacks via Automatic and Efficient Dynamic Checking, ,
ACM Conference on Computer and Communications Security, November 2005. Searchable Encryption Revisited: Consistency Properties, Relation to Anonymous IBE, and Extensions, ,
Advances in Cryptology -- CRYPTO, August 2005, pages 205-222. Remote physical device fingerprinting, ,
IEEE Symposium on Security and Privacy, May 2005, pages 211-225. Remote physical device fingerprinting, ,
IEEE Transactions on Dependable and Secure Computing 2(2):93-108, April 2005. Cyclone: a Type-safe Dialect of C, ,
C/C++ Users Journal 23(1), January 2005. |
||||
|
Experience With Safe Manual Memory-Management in Cyclone, ,
International Symposium on Memory Management, October 2004. Attacking and repairing the WinZip encryption scheme, ,
Proceedings of the 11th ACM Conference on Computer and Communications Security, October 2004, pages 72-81. Analysis of an electronic voting system, ,
IEEE Symposium on Security and Privacy, May 2004. Hash function balance and its impact on birthday attacks, ,
Advances in Cryptology -- EUROCRYPT, May 2004, pages 401-418. Breaking and provably repairing the SSH authenticated encryption scheme: A case study of the Encode-then-Encrypt-and-MAC paradigm, ,
ACM Transactions on Information and System Security 7(2):206-241, May 2004. New security proofs for the 3GPP confidentiality and integrity algorithms, ,
Fast Software Encryption, February 2004, pages 427-445. CWC: A high-performance conventional authenticated encryption mode, ,
Fast Software Encryption, February 2004, pages 408-426. |
||||
|
A theoretical treatment of related-key attacks: RKA-PRPs, RKA-PRFs, and applications, ,
Advances in Cryptology -- EUROCRYPT, May 2003, pages 491-506. Analysis of RMAC, ,
Fast Software Encryption, February 2003, pages 182-191. Helix: Fast encryption and authentication in a single cryptographic primitive, ,
Fast Software Encryption, February 2003, pages 330-346. Type-Safe Multithreading in Cyclone, ,
ACM Workshop on Types in Language Design and Implementation, January 2003. |
||||
|
Authenticated Encryption in SSH: Provably Fixing the SSH Binary Packet Protocol, ,
Proceedings of the 9th ACM Conference on Computer and Communications Security, November 2002. Token-Based Scanning for Source Code Security Problems, ,
ACM Transactions on Information and System Security 5(3):238-261, August 2002. Region-Based Memory Management in Cyclone, ,
ACM Conference on Programming Language Design and Implementation, June 2002. Cyclone: A Safe Dialect of C, ,
USENIX Annual Technical Conference, Monterey, CA, June 2002. Existential Types for Imperative Languages, ,
11th European Symposium on Programming, April 2002. |
||||
