Publications can also be viewed by publication date.


Journal Publications : Conference Publications : Tech Reports
Workshops : Books : Columns


Journal Publications

Machigar Ongtang, Stephen McLaughlin, William Enck, and Patrick McDaniel, Semantically Rich Application-Centric Security in Android. Security and Communication Networks, John Wiley & Sons, Ltd, 5(6):658--673 2012. [Full Paper,Abstract]

Moyer, T., Butler, K., Schiffman, J., McDaniel, P., and Jaeger, T., Scalable Web Content Attestation. IEEE Transactions on Computers, 61(5):686-699, May 2012. [Abstract]

Traynor, Patrick, Amrutkar, Chaitrali, Rao, Vikhyath, Jaeger, Trent, McDaniel, Patrick, and La Porta, Thomas, From mobile phones to responsible devices. Journal of Security and Communication Networks (SCN), John Wiley & Sons, Ltd., 4(6):719--726, June 2011. [Full Paper,Abstract]

Schiffman, J., Moyer, T., Jaeger, T., and McDaniel, P., Network-Based Root of Trust for Installation. IEEE Security & Privacy Magazine, 9(1):40-48, Jan.-Feb. 2011. [Full Paper,Abstract]

Butler, K., McLaughlin, S., Moyer, T., and McDaniel, P., New Security Architectures Based on Emerging Disk Functionality. IEEE Security & Privacy Magazine, 8(5):34-41, Sept.-Oct. 2010. [Abstract]

Pirretti, Matthew, Traynor, Patrick, Mcdaniel, Patrick, and Waters, Brent, Secure attribute-based systems. Journal of Computer Security, IOS Press, 18(5):799--837. [Full Paper,Abstract]

Boniface Hicks, Sandra Rueda, Luke St.Clair, Trent Jaeger, and Patrick McDaniel, A Logical Specification and Analysis for SELinux MLS Policy. ACM Transactions on Information and System Security (TISSEC), July 2010. [Abstract]

Patrick Traynor, Kevin Butler, William Enck, Kevin Borders, and Patrick McDaniel, malnets: Large-Scale Malicious Networks via Compromised Wireless Access Points. Journal of Security and Communication Networks, 3(2):102--113, March 2010. [Abstract]

Butler, K., Farley, T.R., McDaniel, P., and Rexford, J.. A Survey of BGP Security Issues and Solutions, 98(1):100-122, Jan. 2010. [Full Paper,Abstract]

Butler, K.R.B., Ryu, S., Traynor, P., and McDaniel, P.D., Leveraging Identity-Based Cryptography for Node ID Assignment in Structured P2P Systems. IEEE Transactions on Parallel and Distributed Systems (TPDS), 20(12):1803-1815, Dec. 2009. [Full Paper,Abstract]

William Enck, Thomas Moyer, Patrick McDaniel, Subhabrata Sen, Panagiotis Sebos, Sylke Spoerel, Albert Greenberg, Yu-Wei Eric Sung, Sanjay Rao, and William Aiello, Configuration Management at Massive Scale: System Design and Experience. IEEE Journal on Selected Areas in Communications (JSAC) 2009. [Abstract]

Enck, W., Ongtang, M., and McDaniel, P., Understanding Android Security. IEEE Security & Privacy Magazine, 7(1):50-57, Jan.-Feb. 2009. [Full Paper,Abstract]

Patrick Traynor, William Enck, Patrick McDaniel and Thomas La Porta, Mitigating Attacks on Open Functionality in SMS-Capable Cellular Networks. IEEE/ACM Transactions on Networking (TON) 2008. [Full Paper,Abstract]

Patrick Traynor, Michael Chien, Scott Weaver, Boniface Hicks, and Patrick McDaniel, Non-Invasive Methods for Host Certification. ACM Transactions on Information and System Security (TISSEC) 2008. [Abstract]

Patrick Traynor, William Enck, Patrick McDaniel, and Thomas La Porta, Exploiting Open Functionality in SMS-Capable Cellular Networks. Journal of Computer Security, IOS Press 2007. [Full Paper,Abstract]

K.C.K. Lee, Josh Schiffman, B. Zheng, and W.C. Lee, Round-Eye: A System for Tracking Nearest Surrounders in Moving Object Environments. Journal of Systems and Software, Elsevier, 80:2063-2076 2007. [Abstract]

Wesam Lootah, William Enck, and Patrick McDaniel, TARP: Ticket-based Address Resolution Protocol. Computer Networks, Elsevier 2007. [Full Paper,Abstract]

Patrick Traynor, Raju Kumar, Heesook Choi, Sencun Zhu, Guohong Cao, and Thomas La Porta, Efficient Hybrid Security Mechanisms for Heterogeneous Sensor Networks. IEEE Transactions on Mobile Computing, 6(6):663-677, June 2007. [Full Paper,Abstract]

Heesok Choi, William Enck, Jaesheung Shin, Patrick McDaniel, and Thomas La Porta, ASR: Anonymous and Secure Reporting of Traffic Forwarding Activity in Mobile Ad Hoc Networks. Wireless Networks (WINET), ACM/Kluwer, May 2007. [Full Paper,Abstract]

Patrick McDaniel, B. Aiello, Kevin Butler, and J. Ioannidis, Origin Authentication in Interdomain Routing. Computer Networks, 50(16):2953-2980, November 2006. [Full Paper,Abstract]

Patrick McDaniel and Atul Prakash, Enforcing Provisioning and Authorization Policy in the Antigone System. Journal of Computer Security, 14(9):483-511, November 2006. [Full Paper,Abstract]

Patrick McDaniel and Atul Prakash, Methods and Limitations of Security Policy Reconciliation. ACM Transactions on Information and System Security (TISSEC), Association for Computing Machinery, 9(3):259-291, August 2006. [Full Paper,Abstract]

P. McDaniel and A. Prakash, Security Policy Enforcement in the Antigone System. Journal of Computer Security 2005. Accepted for publication. Draft. [Full Paper,Abstract]

Matthew Pirretti, Sencun Zhu, Vijaykrishnan Narayanan, Patrick McDaniel, Mahmut Kandemir, and and Richard Brooks, The Sleep Deprivation Attack in Sensor Networks: Analysis and Methods of Defense. International Journal of Distributed Sensor Networks, 2(3):267-287, June 2005. [Full Paper,Abstract]

S. Byers, L. Cranor, E. Cronin, D. Kormann, and P. McDaniel, Analysis of Security Vulnerabilities in the Movie Production and Distribution Process. Telecommunications Policy, 28(8):619-644, August 2004. [Full Paper,Abstract]

T. Jaeger, A. Edwards, and X. Zhang, Consistency Analysis of Authorization Hook Placement in the Linux Security Modules Framework. ACM Transactions on Information and System Security (TISSEC), 7(2):175-205, May 2004. [Full Paper,Abstract]

T. Jaeger, X. Zhang, and A. Edwards, Policy Management Using Access Control Spaces. ACM Transactions on Information and System Security (TISSEC), 6(3):327-364, August 2003. [Full Paper,Abstract]

T. Jaeger and J. Tidswell, Practical safety in flexible access control models. ACM Transactions on Information and System Security (TISSEC), 4(2):158-190 2001. [Full Paper,Abstract]

Moreno Falaschi, Patrick Hicks, and William Winsborough, Demand Transformation Analysis for Concurrent Constraint Programs. Journal of Logic Programming, 41(3):185-215, MAR 2000. [Abstract]

John Hannan and Patrick Hicks, Higher-Order Uncurrying. Journal of Higher Order and Symbolic Computation, 13(3):179--216 2000. [Abstract]

T. Jaeger, A. Prakash, J. Liedtke, and N. Islam, Flexible Control of Downloaded Executable Content. ACM Transactions on Information and System Security, 2(2):177-228, May 1999. [Full Paper,Abstract]

Trent Jaeger, Access Control in Configurable Systems. pages 289-316 1999.

Nayeem Islam, Rangachari Anand, Trent Jaeger, and Josyula R. Rao, A flexible security system for using Internet content. IEEE Software, 14(5):52-59, September 1997. [Abstract]

Conference Publications

Robert J. Walls, Eric D. Kilmer, Nathaniel Lageman, and Patrick D. McDaniel, Measuring the Impact and Perception of Acceptable Advertisements. Proceedings of the ACM 2015 Internet Measurement Conference (IMC), October 2015. Tokyo, Japan. [Full Paper,Abstract]

Damien Octeau, Daniel Luchaup, Matthew Dering, Somesh Jha , and Patrick McDaniel, Composite Constant Propagation: Application to Android Inter-Component Communication Analysis. Proceedings of the 37th International Conference on Software Engineering (ICSE), May 2015. To appear, Florence, Italy. [Full Paper,Abstract]

Li Li, Alexandre Bartel, Tegawend ’e Bissyande, Jacques Klein, Yves Le Traon, Steven Arzt, Siegfried Rasthofer, Eric Bodden, Damien Octeau, and Patrick McDaniel, IccTA: Detecting Inter-Component Privacy Leaks in Android Apps. Proceedings of the 37th International Conference on Software Engineering (ICSE), May 2015. To appear, Florence, Italy. [Abstract]

Alessandro Oltramari, Lorrie Cranor, Robert J. Walls, and Patrick McDaniel, Building an Ontology of Cyber Security. Proc. Intl. Conference on Semantic Technologies for Intelligence, Defense, and Security (STIDS), November 2014. Fairfax, VA. [Abstract]

Hayawardh Vijayakumar, Xinyang Ge, Mathias Payer, and Trent Jaeger, JIGSAW : Protecting Resource Access by Inferring Programmer Expectations. Proceedings of the 23rd USENIX Security Symposium, August 2014. San Diego, CA. [Abstract]

Wenhui Hu, Damien Octeau, Patrick McDaniel, and Peng Liu, Duet: Library Integrity Verification for Android Applications. Proceedings of the 7th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), July 2014. Oxford, UK. [Abstract]

Hayawardh Vijayakumar, Xinyang Ge, and Trent Jaeger, Policy Models to Protect Resource Retrieval. Proceedings of the 19th ACM Symposium on Access Control Models and Technologies (SACMAT), June 2014. London, Ontario, Canada. [Abstract]

Stephen McLaughlin, Devin Pohly, Patrick McDaniel, and Saman Zonouz, A Trusted Safety Verifier for Process Controller Code. Proceedings of the 2014 Network and Distributed Systems Security Symposium (NDSS), February 2014. San Diego, CA. [Abstract]

David Schmidt and Trent Jaeger, Pitfalls in the automated strengthening of passwords. Proceedings of the 29th Annual Computer Security Applications Conference (ACSAC), December 2013. New Orleans, LA. [Abstract]

Stephen McLaughlin, Stateful Policy Enforcement for Control System Device Usage. Proceedings of the 29th Annual Computer Security Applications Conference (ACSAC), December 2013. New Orleans, LA. [Abstract]

Damien Octeau, Patrick McDaniel, Somesh Jha, Alexandre Bartel, Eric Bodden, Jacques Klein, and Yves Le Traon, Effective Inter-Component Communication Mapping in Android with Epicc: An Essential Step Towards Holistic Security Analysis. Proceedings of the 22nd USENIX Security Symposium, August 2013. Washington, DC. [Abstract]

Hayawardh Vijayakumar, Joshua Schiffman, and Trent Jaeger, Process Firewalls: Protecting Processes During Resource Access. Proceedings of the 8th ACM European Conference on Computer Systems (EUROSYS 2013), April 2013. Prague, Czech Republic. [Abstract]

Nirupama Talele, Jason Teutsch, Trent Jaeger, and Robert F. Erbacher, Using available security policies to automate placement of network intrusion detection. Proceedings of the 2013 International Symposium on Engineering Secure Software and Systems (ESSoS), February 2013. Paris, France. [Abstract]

Hayawardh Vijayakumar and Trent Jaeger, The Right Files at the Right Time. Proceedings of the 5th IEEE Symposium on Configuration Analytics and Automation (SAFECONFIG 2012), October 2012. Baltimore, MD. [Abstract]

Stephen McLaughlin, Brett Holbert, Saman Zonouz, and Robin Berthier, AMIDS: A Multi-Sensor Energy Theft Detection Framework for Advanced Metering Infrastructures. Third IEEE International Conference on Smart Grid Communications (SmartGridComm), November 2012. Tainan City, Taiwan. [Abstract]

Devin J. Pohly, Stephen McLaughlin, Patrick McDaniel, and Kevin Butler, Hi-Fi: Collecting High-Fidelity Whole-System Provenance. Proceedings of the 28th Annual Computer Security Applications Conference, December 2012. Orlando, Florida. [Abstract]

Divya Muthukumaran, Sandra Rueda, Nirupama Talele, Hayawardh Vijayakumar, Trent Jaeger, Jason Teutsch, and Nigel Edwards, Transforming Commodity Security Policies to Enforce Clark-Wilson Integrity. Proceedings of the 28th Annual Computer Security Applications Conference, December 2012. Orlando, Florida. [Abstract]

Divya Muthukumaran, Trent Jaeger, and Vinod Ganapathy, Leveraging "Choice" to Automate Authorization Hook Placement. 19th ACM Conference on Computer and Communications Security (CCS), October 2012. Raleigh, North Carolina. [Abstract]

Stephen McLaughlin and Patrick McDaniel, SABOT: Specification-based Payload Generation for Programmable Logic Controllers. 19th ACM Conference on Computer and Communications Security (CCS), October 2012. Raleigh, North Carolina. [Abstract]

Damien Octeau, Somesh Jha, and Patrick McDaniel, Retargeting Android Applications to Java Bytecode. Proceedings of the 20th International Symposium on the Foundations of Software Engineering, November 2012. Cary, North Carolina. [Abstract]

Hayawardh Vijayakumar, Joshua Schiffman, and Trent Jaeger, STING: Finding Name Resolution Vulnerabilities in Programs. Proceedings of the 21st USENIX Security Symposium, August 2012. Bellevue, Washington. [Abstract]

Patrick McDaniel and Stephen McLaughlin, Structured Security Testing in the Smartgrid. Proceedings of the 5th International Symposium on Communications, May 2012. Invited Paper, Rome, Italy. [Abstract]

Thomas Moyer, Trent Jaeger, and Patrick McDaniel, Scalable Integrity-Guaranteed AJAX. Proceedings of the 14th Asia-Pacific Web Conference (APWeb), pages 1-19, April 2012. Invited Paper, Kunming, China. [Abstract]

Hayawardh Vijayakumar, Guruprasad Jakka, Sandra Rueda, Joshua Schiffman, and Trent Jaeger, Integrity Walls: Finding Attack Surfaces from Mandatory Access Control Policies. Proceedings of the 7th ACM Symposium on Information, Computer, and Communications Security (AsiaCCS), May 2012. [Abstract]

Stephen McLaughlin, Patrick McDaniel, and William Aiello, Protecting Consumer Privacy from Electric Load Monitoring. The 18th ACM Conference on Computer and Communications Security (CCS), October 2011. [Abstract]

Hayawardh Vijayakumar, Joshua Schiffman, and Trent Jaeger, A Rose by Any Other Name or an Insane Root? Adventures in Name Resolution. Proceedings of The 7th European Conference on Computer Network Defense (EC2ND), September 2011. [Abstract]

William Enck, Damien Octeau, Patrick McDaniel, and Swarat Chaudhuri, A Study of Android Application Security. Proceedings of the 20th USENIX Security Symposium, August 2011. [Abstract]

Stephen McLaughlin, Dmitry Podkuiko, Sergei Miadzvezhanka, Adam Delozier, and Patrick McDaniel, Multi-vendor Penetration Testing in the Advanced Metering Infrastructure. Proceedings of the 26th Annual Computer Security Applications Conference, ACM, pages 107-116, December 2010. Austin, Texas. [Abstract]

Machigar Ongtang, Kevin R. B. Butler, and Patrick Drew McDaniel, Porscha: policy oriented secure content handling in Android. Proceedings of the 26th Annual Computer Security Applications Conference, ACM, pages 221-230, December 2010. Austin, Texas. [Full Paper,Abstract]

Kevin R. B. Butler, Stephen E. McLaughlin, and Patrick Drew McDaniel, Kells: a protection framework for portable data. Proceedings of the 26th Annual Computer Security Applications Conference, ACM, pages 231-240, December 2010. Austin, Texas. [Full Paper,Abstract]

Patrick Traynor, Joshua Schiffman, Tom La Porta, Patrick McDaniel, and Abhrajit Ghosh, Constructing Secure Localization Systems with Adjustable Granularity. IEEE Global Communications Conference (GLOBECOM), December 2010. [Abstract]

William Enck, Peter Gilbert, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N. Sheth, TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. USENIX Symposium on Operating Systems Design and Implementation, OSDI, October 2010. [Abstract]

Joshua Schiffman, Xinwen Zhang, and Simon Gibbs, DAuth: Fine-grained Authorization Delegation for Distributed Web Application Consumers. IEEE International Symposium on Policies for Distributed Systems and Networks, July 2010. [Abstract]

Dave King, Susmit Jha, Divya Muthukumaran, Trent Jaeger, Somesh Jha, and Sanjit A. Seshia, Automating Security Mediation Placement. European Symposium on Programming, ESOP, June 2010. [Abstract]

Boniface Hicks, Sandra Rueda, Dave King, Thomas Moyer, Joshua Schiffman, Yogesh Sreenivasan , Patrick McDaniel, and Trent Jaeger, An Architecture for Enforcing End-to-End Access Control Over Web Applications. 15th ACM Symposium on Access Control Models and Technologies, June 2010. [Abstract]

Kevin Butler, Stephen McLaughlin, and Patrick McDaniel, Disk-Enabled Authenticated Encryption. 26th IEEE Symposium on Massive Storage Systems and Technologies, May 2010. [Abstract]

Joshua Schiffman, Thomas Moyer, Christopher Shal, Trent Jaeger, and Patrick McDaniel, Justifying Integrity Using a Virtual Machine Verifier. 25th Annual Computer Security Applications Conference (ACSAC), December 2009. [Abstract]

Thomas Moyer, Kevn Butler, Joshua Schiffman, Patrick McDaniel, and Trent Jaeger, Scalable Web Content Attestation. 25th Annual Computer Security Applications Conference (ACSAC), December 2009. [Abstract]

Machigar Ongtang, Stephen McLaughlin, William Enck, and Patrick McDaniel, Semantically Rich Application-Centric Security in Android. 25th Annual Computer Security Applications Conference (ACSAC), December 2009. [Abstract]

William Enck, Machigar Ongtang, and Patrick McDaniel, On Lightweight Mobile Phone Application Certification. 16th ACM Conference on Computer and Communications Security (CCS), November 2009. [Abstract]

Patrick Traynor, Michael Lin, Machigar Ongtang, Vikhyath Rao, Trent Jaeger, and Patrick McDaniel, On Cellular Botnets: Measuring the impact of Malicious Devices on Cellular Network Core. 16th ACM Conference on Computer and Communications Security (CCS), November 2009. [Abstract]

Sandra Rueda, Hayawardh Vijayakumar, and Trent Jaeger, Analysis of Virtual Machine System Policies. 14th ACM Symposium on Access Control Models (SACMAT), June 2009. [Abstract]

Dave King, Boniface Hicks, Michael Hicks, and Trent Jaeger, Implicit Flows: Can't Live With 'Em, Can't Live Without 'Em. 4th International Conference on Information and Systems Security (ICISS 2008), December 2008. [Abstract]

Albert Tannous, Jonathan Trostle, Mohamed Hassan, Stephen McLaughin, and Trent Jaeger, New Side Channel Attacks Targeting Passwords. Proceedings of the 24th Annual Computer Security Applications Conference (ACSAC), December 2008.

William Enck, Patrick McDaniel, and Trent Jaeger, PinUP: Pinning User Files to Known Applications. Proceedings of the 24th Annual Computer Security Applications Conference (ACSAC), December 2008.

William Enck, Kevin R. B. Butler, Thomas Richardson, Patrick McDaniel, and Adam Smith, Defending Against Attacks on Main Memory Persistence. Proceedings of the 24th Annual Computer Security Applications Conference (ACSAC), December 2008.

Kevin R. B. Butler, Stephen McLaughlin and Patrick D. McDaniel, Rootkit-Resistant Disks. Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS), October 2008. [Abstract]

Srivatsava Ranjit Ganta, Shiva Kasiviswanathan and Adam Smith, Composition Attacks and Auxiliary Information in Data Privacy. 14th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD'08), August 2008. [Abstract]

Dave King, Trent Jaeger, Somesh Jha and Sanjit A. Seshia, Effective Blame for Information-Flow Violations. 16th ACM SIGSOFT, International Symposium on Foundations of Software Engineering, November 2008. [Abstract]

Sandra Rueda, Dave King and Trent Jaeger, Verifying Compliance of Trusted Programs. 17th USENIX Security Symposium, July 2008. [Abstract]

Divya Muthukumaran, Anuj Sawani, Joshua Schiffman, Brian M. Jung and Trent Jaeger, Measuring Integrity on Mobile Phone Systems. 13th ACM Symposium on Access Control Models and Technologies (SACMAT), June 2008. [Abstract]

Patrick Traynor, Kevin Butler, William Enck, and Patrick McDaniel, Realizing Massive-Scale Conditional Access Systems Through Attribute-Based Cryptosystems. ISOC Network & Distributed System Security Symposium (NDSS), February 2008. [Full Paper,Abstract]

Boniface Hicks, Timothy Misiak, and Patrick McDaniel, Channels: Runtime System Infrastructure for Security-typed Languages. 23rd Annual Computer Security Applications Conference (ACSAC), December 2007. [Full Paper,Abstract]

Luke St.Clair, Joshua Schiffman, Trent Jaeger, and Patrick McDaniel, Establishing and Sustaining System Integrity via Root of Trust Installation. 23rd Annual Computer Security Applications Conference (ACSAC), December 2007. [Full Paper,Abstract]

K. Nissim, S. Raskhodnikova, and A. Smith, Smooth Sensitivity and Sampling in Private Data Analysis. The 39th ACM Symposium on Theory of Computing (STOC 2007), August 2007. [Full Paper,Abstract]

Patrick Traynor, Patrick McDaniel, and Thomas La Porta, On Attack Causality in Internet-Connected Cellular Networks. Proceedings of the USENIX Security Symposium (Sec'07), August 2007. [Full Paper,Abstract]

Lisa Johansen, Michael Rowell, Kevin Butler, and Patrick McDaniel, Email Communities of Interest. Fourth Conference on Email and Anti-Spam (CEAS 2007), August 2007. [Full Paper,Abstract]

Anusha Sriraman, Kevin Butler, Patrick McDaniel, and Padma Raghavan, Analysis of IPv4 Address Space Delegation Structure. 12th IEEE Symposium on Computers and Communications (ISCC), July 2007. [Full Paper,Abstract]

Boniface Hicks, Sandra Rueda, Trent Jaeger, and Patrick McDaniel, From Trusted to Secure: Building and Executing Applications that Enforce System Security. Proceedings of the USENIX Annual Technical Conference, June 2007. [Full Paper,Abstract]

William Enck, Patrick McDaniel, Shubho Sen, Panagiotis Sebos, Sylke Spoerel, Albert Greenberg, Sanjay Rao, and William Aiello, Configuration Management at Massive Scale: System Design and Experience. Proceedings of the USENIX Annual Technical Conference, June 2007. [Full Paper,Abstract]

Boniface Hicks, Sandra Rueda, Luke St. Clair, Trent Jaeger, and Patrick McDaniel, A Logical Specification and Analysis for SELinux MLS Policy. Proceedings of the ACM Symposium on Access Control Models and Technologies (SACMAT), June 2007. [Full Paper,Abstract]

Trent Jaeger, Reiner Sailer, and Yogesh Sreenivasan, Managing the Risk of Covert Information Flows in Virtual Machine Systems. ACM Symposium on Access Control Models and Technologies (SACMAT), June 2007. [Abstract]

Heesook Choi, Thomas F. La Porta, and Patrick McDaniel, Privacy Preserving Communication in MANETs. Proceedings of Fourth Annual IEEE Communications Society Conference on Sensor, Mesh, and Ad Hoc Communications and Networks, June 2007. [Full Paper,Abstract]

Sophie Qui, Patrick McDaniel, and Fabian Monrose, Toward Valley-Free Inter-domain Routing. Proceedings of 2007 IEEE International Conference on Communications (ICC 2007), June 2007. [Full Paper,Abstract]

Vinod Ganapathy, Dave King, Trent Jaeger, and Somesh Jha, Mining Security-Sensitive Operations in Legacy Code using Concept Analysis. Proceedings of the 29th International Conference on Software Engineering (ICSE '07), May 2007. [Full Paper,Abstract]

S. Ryu, K. Butler, P. Traynor, and P. McDaniel, Leveraging Identity-based Cryptography for Node ID Assignment in Structured P2P Systems. IEEE International Symposium on Security in Networks and Distributed Systems (SSNDS), May 2007. [Full Paper,Abstract]

Hosam Rowaihy, William Enck, Patrick McDaniel, and Thomas La Porta, Limiting Sybil Attacks in Structured Peer-to-Peer Networks. Proceedings of IEEE INFOCOM 2007 MiniSymposium, May 2007. [Full Paper,Abstract]

Boniface Hicks, Sandra Rueda, Trent Jaeger, and Patrick McDaniel, Integrating SELinux with Security-typed Languages. Third Annual Security Enhanced Linux Symposium, March 2007. [Full Paper,Abstract]

Adam Smith, Scrambling Adversarial Errors Using Few Random Bits. The ACM-SIAM Symposium on Discrete Algorithms (SODA 2007), January 2007. [Full Paper,Abstract]

Boniface Hicks, Kiyan Ahmadizadeh, and Patrick McDaniel, Understanding Practical Application Development in Security-typed Languages. 22st Annual Computer Security Applications Conference (ACSAC), December 2006. [Full Paper,Abstract]

Jonathon McCune, Stefan Berger, Ramon Caceres, Trent Jaeger, and Reiner Sailer, Shamon: A system for distributed mandatory access control. The Proceedings of the 2006 Annual Computer Security Applications Conference, December 2006. [Full Paper,Abstract]

Kevin Butler, William Enck, Jennifer Plasterr, Patrick Traynor, and Patrick McDaniel, Privacy-Preserving Web-Based Email. 2nd International Conference on Information Systems Security (ICISS 2006), December 2006. [Full Paper,Abstract]

Luke St. Clair, Lisa Johansen, William Enck, Matthew Pirretti, Patrick Traynor, Patrick McDaniel, and Trent Jaeger, Password Exhaustion: Predicting the End of Password Usefulness. 2nd International Conference on Information Systems Security (ICISS 2006), December 2006. Invited Paper. [Full Paper,Abstract]

Kevin Butler, Patrick McDaniel, and William Aiello, Optimizing BGP Security by Exploiting Path Stability. 13th ACM Conference on Computer and Communications Security (CCS'06), November 2006. [Full Paper,Abstract]

Matthew Pirretti, Patrick Traynor, Patrick McDaniel , and Brent Waters, Secure Attribute-Based Systems. 13th ACM Conference on Computer and Communications Security (CCS'06), November 2006. [Full Paper,Abstract]

Michael Ben-Or, Claude Crepeau, Daniel Gottesman, Avinatan Hassidim, and Adam Smith, Secure Multiparty Quantum Computation with (Only) a Strict Honest Majority. Foundations of Computer Science (FOCS 2006), October 2006. [Full Paper,Abstract]

Patrick Traynor, William Enck, Patrick McDaniel, and Thomas La Porta, Mitigating Open Functionality in SMS-Capable Cellular Networks. Proceedings of the ACM Twelfth Annual International Conference on Mobile Computing and Networking (MobiCom), September 2006. [Full Paper,Abstract]

Patrick Traynor, JaeShung Shin, Barat Madan, Shashi Phoha, and Thomas La Porta, Efficient Group Mobility for Heterogeneous Sensor Networks. Proceedings of the IEEE Vehicular Technology Conference (VTC Fall), September 2006. [Full Paper,Abstract]

Moni Naor, Gil Segev, and Adam Smith, Tight Bounds for Unconditional Authentication Protocols in the Manual Channel and Shared key Models. The 26th Annual International Cryptology Conference (CRYPTO'06), August 2006. [Full Paper,Abstract]

Yevgeniy Dodis, Jonathan Katz, Leonid Reyzin, and Adam Smith, Robust Fuzzy Extractors and Authenticated Key Agreement from Close Secrets. The 26th Annual International Cryptology Conference (CRYPTO'06), August 2006. [Full Paper]

Trent Jaeger, Kevin Butler, David King, Jonathan McCune, Ramon Caceres, Serge Hallyn, Joy Latten, Reiner Sailer, and Xiolan Zhang, Leveraging IPsec for Distributed Authorization. 2nd IEEE Communications Society/CreateNet International Conference on Security and Privacy in Communication Networks (SecureComm'06), August 2006. [Full Paper,Abstract]

Patrick Traynor, Michael Chien, Scott Weaver, Boniface Hicks, and Patrick McDaniel, Non-Invasive Methods for Host Certification. 2nd IEEE Communications Society/CreateNet International Conference on Security and Privacy in Communication Networks (SecureComm'06), August 2006. [Full Paper,Abstract]

Xiaolan Zhang, Larry Koved, Marco Pistoia, Sam Weber, Trent Jaeger, and Guillaume Marceau, The case for analysis preserving language transformations. Proceedings of the 2006 International Symposium on Software Testing and Analysis, pages 191-201, July 2006.

Patrick Traynor, Raju Kumar, Hussain Bin Saad, Guohong Cao, and Thomas La Porta, LIGER: Implementing Efficient Hybrid Security Mechanisms for Heterogeneous Sensor Networks. Proceedings of the 4th ACM International Conference on Mobile Systems, Applications and Services (MobiSys), June 2006. [Full Paper,Abstract]

Sophie Qiu, Patrick McDaniel, Fabian Monrose, and Avi Rubin, Characterizing Address Use Structure and Stabillity of Origin Advertisement in Interdomain Routing. 11th IEEE Symposium on Computers and Communications, pages 489-496, June 2006. [Full Paper,Abstract]

V. Ganapathy, T. Jaeger, and S. Jha, Retrofitting Legacy Code for Authorization Policy Enforcement. Proceedings of the 2006 IEEE Symposium on Security and Privacy, May 2006. [Full Paper,Abstract]

Patrick Traynor, Heesook Choi, Guohong Cao, Sencun Zhu, and Thomas La Porta, Establishing Pair-Wise Keys In Heterogeneous Sensor Networks. Proceedings of the 25th Annual IEEE Conference on Computer Communications (INFOCOM), April 2006. [Full Paper,Abstract]

Patrick Traynor, Guohong Cao, and Thomas La Porta, The Effects of Probabilistic Key Management on Secure Routing in Sensor Networks. Proceedings of the 2006 IEEE Wireless Communications and Networking Conference (WCNC), April 2006. [Full Paper,Abstract]

Cynthia Dwork, Frank McSherry, Kobbi Nissim, and Adam Smith, Calibrating Noise to Sensitivity in Private Data Analysis. Theory of Cryptography Conference (TCC '06), March 2006. [Full Paper,Abstract]

Patrick McDaniel, Shubho Sen, Oliver Spatscheck, Jacobus Van der Merwe Bill Aiello, and Charles Kalmanek, Enterprise Security: A Community of Interest Based Approach. Proceedings of Network and Distributed Systems Security 2006 (NDSS), February 2006. [Full Paper,Abstract]

U. Shankar, T. Jaeger, and R. Sailer, Toward Automated Information-Flow Integrity Verification for Security-Critical Applications. Proceedings of the 2006 ISOC Networked and Distributed Systems Security Symposium, February 2006. [Full Paper,Abstract]

Kevin Butler and Patrick McDaniel, Understanding Mutable Internet Pathogens, or How I Learned to Stop Worrying and Love Parasitic Behavior. Proceedings of 1st International Conference on Information Systems Security (ICISS), December 2005. Invited Paper. [Full Paper,Abstract]

R. Sailer, T. Jaeger, E. Valdez, R. Caceres, R. Perez , S. Berger, J. L. Griffin, and L. van Doorn, Building a MAC-based Security Architecture for the Xen Open-Source Hypervisor. Proceedings of the 21st Annual Computer Security Applications Conference, December 2005. [Full Paper,Abstract]

Wesam Lootah, William Enck, and Patrick McDaniel, TARP: Ticket-Based Address Resolution Protocol. 21st Annual Computer Security Applications Conference (ACSAC), December 2005. [Full Paper,Abstract]

V. Ganapathy, T. Jaeger, and S. Jha, Automatic placement of authorization hooks in the Linux security modules framework. Proceedings of the 12th ACM Conference on Computer and Communications Security, November 2005. [Full Paper,Abstract]

William Enck, Patrick Traynor, Patrick McDaniel, and Thomas La Porta, Exploiting Open Functionality in SMS-Capable Cellular Networks. Proceedings of the 12th ACM Conference on Computer and Communications Security (CCS), November 2005. [Full Paper,Abstract]

Matthew Pirretti, Sencun Zhu, Vijaykrishnan Narayanan, Patrick McDaniel, Mahmut Kandemir, and and Richard Brooks, The Sleep Deprivation Attack in Sensor Networks: Analysis and Methods of Defense. Proceedings of the Innovations and Commercial Applications of Distributed Sensor Networks Symposium, October 2005. (best paper). [Full Paper,Abstract]

Luis Kruger, Somesh Jha, and Patrick McDaniel, Privacy Preserving Clustering. 10th European Symposium on Research in Computer Security (ESORICS '05), September 2005. Milan, Italy. [Full Paper,Abstract]

Heesook Choi, William Enck, Jaesheung Shin, Patrick McDaniel, and Thomas F. La Porta, Secure Reporting of Traffic Forwarding Activity in Mobile Ad Hoc Networks. MobiQuitous 2005, July 2005. San Diego, CA. [Full Paper,Abstract]

Yevgeniy Dodis and Adam Smith, Correcting Errors Without Leaking Partial Information. ACM Symposium on Theory of Computing (STOC), May 2005. Baltimore, MD. [Full Paper,Abstract]

Claude CrŽpeau, Daniel Gottesman, and Adam Smith, Approximate Quantum Error Correcting Codes and Verifiable Secret Sharing. Eurocrypt 2005, May 2005. Aarhus, Denmark. [Full Paper,Abstract]

Xavier Boyen, Yevgeniy Dodis, Jonathan Katz, Rafail Ostrovsky, and Adam Smith, Secure Remote Authentication Using Biometric Data. Eurocrypt 2005, May 2005. Aarhus, Denmark. [Full Paper,Abstract]

Shuchi Chawla, Cynthia Dwork, Frank McSherry, Adam Smith, and Hoeteck Wee, Towards Privacy in Public Databases. Theory of Cryptography (TCC) 2005, February 2005. Cambridge, MA. [Full Paper,Abstract]

Yevgeniy Dodis and Adam Smith, Entropic Security and the Encryption of High Entropy Messages. Theory of Cryptography (TCC) 2005, February 2005. Cambridge, MA. [Full Paper,Abstract]

S. Byers, L. Cranor, E. Cronin, D. Kormann, and P. McDaniel, Exposing Digital Content Piracy: Approaches, Issues and Experiences. Thirty-Eighth Conference on Signals, Systems, and Computers, Nov 2004. Monterey, CA. Invited paper.

R. Sailer, T. Jaeger, X. Zhang, and L. van Doorn, Attestation-based policy enforcement for remote access. ACM Conference on Computer and Communications Security, pages 308-317 2004. [Full Paper,Abstract]

R. Sailer, X. Zhang, T. Jaeger, and L. van Doorn, Design and Implementation of a TCG-based Integrity Measurement Architecture. USENIX Security Symposium, pages 223-238 2004. [Full Paper,Abstract]

T. Jaeger, R. Sailer, and X. Zhang, Resolving Constraint Conflicts. Proceedings of the 2004 ACM Symposium on Access Control Models and Technologies, June 2004. [Full Paper,Abstract]

W. Aiello, J. Ioannidis, and P. McDaniel, Origin Authentication in Interdomain Routing. Proceedings of 10th ACM Conference on Computer and Communications Security, ACM, pages 165-178, October 2003. Washington, DC. [Full Paper,Abstract]

E. Cronin, S. Jamin, T. Malkin, and P. McDaniel, On the Performance, Feasibility, and Use of Forward Secure Signatures. Proceedings of 10th ACM Conference on Computer and Communications Security, ACM, pages 131-144, October 2003. Washington, DC. [Full Paper,Abstract]

T. Jaeger, R. Sailer, and X. Zhang, Analyzing Integrity Protection in the SElinux Example Policy. Proceedings of the 12th USENIX Security Symposium, pages 59-74, August 2003. [Full Paper,Abstract]

Geoff Goodell, William Aiello, Tim Griffin, John Ioannidis, Patrick McDaniel, and Avi Rubin, Working Around BGP: An Incremental Approach to Improving Security and Accuracy of Interdomain Routing. Proceedings of Network and Distributed Systems Security 2003 (NDSS), Internet Society, pages 75-85, February 2003. San Diego, CA. [Full Paper,Abstract]

A. Edwards, X. Zhang, and T. Jaeger, Runtime Verification of Authorization Hook Placement for the Linux Security Modules Framework. Proceedings of the 9th ACM Conference on Computer and Communications Security, pages 225-234, October 2002. Washington, DC. [Full Paper,Abstract]

X. Zhang, A. Edwards, and T. Jaeger, Using CQUAL for Static Analysis of Authorization Hook Placement. Proceedings of the 11th USENIX Security Symposium, pages 33-48, August 2002. [Full Paper,Abstract]

Patrick McDaniel and Atul Prakash, Methods and Limitations of Security Policy Reconciliation. 2002 IEEE Symposium on Security and Privacy, IEEE Computer Society Press, pages 73-87, MAY 2002. Oakland, CA. [Full Paper,Abstract]

Patrick McDaniel, Atul Prakash, Jim Irrer, Sharad Mittal, and Thai-Chuin Thuang, Flexibly Constructing Secure Groups in Antigone 2.0. Proceedings of DARPA Information Survivability Conference and Exposition II, IEEE Computer Society Press, pages 55-67, June 2001. Los Angeles, CA. [Full Paper,Abstract]

Trent Jaeger, Managing access control complexity using metrics. Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies (SACMAT-01), pages 131-152, May 2001. [Full Paper,Abstract]

Hugh Harney, Andrea Colegrove, and Patrick McDaniel, Principles of Policy in Secure Groups. Proceedings of Network and Distributed Systems Security 2001 (NDSS), Internet Society, February 2001. San Diego, CA. [Full Paper,Abstract]

Mohit Aron, Jochen Liedtke, Kevin Elphinstone , Yoonho Park, Trent Jaeger, and Luke Deller, The SawMill Framework for Virtual Memory Diversity. Proceedings of the 2001 Australian Computer Systems Architecture Conference, pages 3-10 2001.

Jonathon Tidswell and Trent Jaeger, An access control model for simplifying constraint expression. Proceedings of the ACM Conference on Computer and Communications Security (CCS), pages 154-163 2000. [Full Paper]

Patrick McDaniel and Sugih Jamin, Windowed Certificate Revocation. Proceedings of IEEE INFOCOM 2000, IEEE, pages 1406-1414, March 2000. Tel Aviv, Israel. [Full Paper,Abstract]

Patrick McDaniel and Avi Rubin, A Response to `Can We Eliminate Certificate Revocation Lists?'. Proceedings of Financial Cryptography 2000, International Financial Cryptography Association (IFCA), pages 245-258, February 2000. Anguilla, British West Indies. [Full Paper,Abstract]

Andrwe Adamson, C.J. Antonelli, Kevin Coffman, Patrick McDaniel, and Jim Rees, Secure Distributed Virtual Conferencing. Proceedings of Communications and Multimedia Security (CMS '99), pages 176-190, September 1999. Katholieke Universiteit, Leuven, Belgium. [Full Paper,Abstract]

Patrick McDaniel, Atul Prakash, and Peter Honeyman, Antigone: A Flexible Framework for Secure Group Communication. Proceedings of the 8th USENIX Security Symposium, pages 99-114, August 1999. Washington, DC. [Full Paper,Abstract]

Tech Reports

Stephen McLaughlin and Patrick McDaniel, SABOT: Specification-based Payload Generation for Programmable Logic Controllers. Technical Report NAS-TR-0162-2012, Network and Security Research Center, July 2012. [Full Paper,Abstract]

Trent Jaeger, Divya Muthukumaran, Sandra Rueda, Joshua Schiffman, Hayawardh Vijayakumar, and Swarat Chaudhuri, Designing for Attack Surfaces: Keep Your Friends Close, but Your Enemies Closer. Technical Report NAS-TR-0148-2011, Network and Security Research Center. [Abstract]

Stephen McLaughlin and Patrick McDaniel, Protecting Consumer Privacy from Electric Load Monitoring. Technical Report NAS-TR-0147-2011, Network and Security Research Center. [Abstract]

Joshua Schiffman and Trent Jaeger, Outlasting Attestation with Integrity Verified Channels. Technical Report NAS-TR-0146-2011, Network and Security Research Center. [Abstract]

William Enck, Damien Octeau, Patrick McDaniel, and Swarat Chaudhuri, A Study of Android Application Security. Technical Report NAS-TR-0144-2011, Network and Security Research Center, January 2011. Updated 9 May 2011. [Abstract]

Damien Octeau, William Enck, and Patrick McDaniel, The ded Decompiler. Technical Report NAS-TR-0140-2010, Network and Security Research Center, September 2010. Updated 10 May 2011. [Abstract]

Sandra Rueda, Hayawardh Vijayakumar, Divya Muthukumaran, Joshua Schiffman, Trent Jaeger, and Swarat Chauduri, Managing Attack Risks in Virtual Machine Systems. Technical Report NAS-TR-0137-2010, Network and Security Research Center. [Abstract]

William Enck and Patrick McDaniel, Federated Information Flow Control for Mobile Phones. Technical Report NAS-TR-0136-2010, Network and Security Research Center. [Abstract]

Joshua Schiffman, Trent Jaeger, and Patrick McDaniel, Network-based Root of Trust for Installation. Technical Report NAS-TR-0135-2010, Network and Security Research Center. [Abstract]

Kevin R. B. Butler, Stephen E. McLaughlin, and Patrick D. McDaniel, Kells: A Protection Framework for Portable Data. Technical Report NAS-TR-0134-2010, Network and Security Research Center. [Abstract]

Stephen McLaughlin, Dmitry Podkuiko, Adam Delozier, Sergei Miadzvezhanka, and Patrick McDaniel, Multi-vendor Penetration Testing in the Advanced Metering Infrastructure. Technical Report NAS-TR-0133-2010, Network and Security Research Center. [Abstract]

Machigar Ongtang, Kevin Butler, and Patrick McDaniel, Porscha: Policy Oriented Secure Content Handling in Android . Technical Report NAS-TR-0132-2010, Network and Security Research Center. [Abstract]

Trent Jaeger and Patrick D. McDaniel, System-Wide Information Flow Enforcement. Technical Report NAS-TR-0131-2010, Network and Security Research Center. [Abstract]

Joshua Schiffman, Thomas Moyer, Hayawardh Vijayakumar, Trent Jaeger, and Patrick McDaniel, Seeding Clouds with Trust Anchors. Technical Report NAS-TR-0127-2010, Network and Security Research Center. [Abstract]

Joshua Schiffman, Xinwen Zhang, and Simon Gibbs, DAuth: Fine-grained Authorization Delegation for Distributed Web Application Consumers. Technical Report NAS-TR-0126-2010, Network and Security Research Center. [Abstract]

Trent Jaeger, Sandra Rueda, Hayawardh Vijayakumar, Divya Muthukumaran, Joshua Schiffman, and Swarat Chaudhuri, Hierarchical Policy Compliance for Virtual Machine Systems. Technical Report NAS-TR-0125-2010, Network and Security Research Center. [Abstract]

Hayawardh Vijayakumar, Guruprasad Jakka, Sandra Rueda, Joshua Schiffman, and Trent Jaeger, Integrity Walls: Finding Attack Surfaces from Mandatory Access Control Policies. Technical Report NAS-TR-0124-2010, Network and Security Research Center. [Abstract]

Dave King, Susmit Jha, Divya Muthukumaran, Trent Jaeger, Somesh Jha, and Sanjit Seshia, Automating Security Mediation Placement. Technical Report NAS-TR-0123-2010, Network and Security Research Center. [Abstract]

William Enck, Peter Gilbert, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N. Sheth, TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. Technical Report NAS-TR-0120-2010, Network and Security Research Center, February 2010. Updated 14 July 2010. [Abstract]

Joshua Schiffman, Thomas Moyer, Christopher Shal, Trent Jaeger, and Patrick McDaniel, Justifying Integrity Using a Virtual Machine Verifier. Technical Report NAS-TR-0119-2009, Network and Security Research Center. [Abstract]

Joshua Schiffman and Trent Jaeger, Cloud Integrity Enforcement via Integrity-Verified Channels. Technical Report NAS-TR-0117-2009, Network and Security Research Center. [Abstract]

Stephen McLaughlin, Dmitry Podkuiko, and Patrick McDaniel, Energy Theft in the Advanced Metering Infrastructure. Technical Report NAS-TR-0115-2009, Network and Security Research Center. [Abstract]

Kevin Butler, Stephen McLaughlin, Thomas Moyer, Joshua Schiffman, Patrick McDaniel, and Trent Jaeger, Firma: Disk-Based Foundations for Trusted Operating Systems. Technical Report NAS-TR-0114-2009, Network and Security Research Center. [Abstract]

William Enck, Machigar Ongtang, and Patrick McDaniel, On Lightweight Mobile Phone App Certification. Technical Report NAS-TR-0113-2009, Network and Security Research Center. [Abstract]

Patrick Traynor, Michael Lin, Machigar Ongtang, Vikhyath Rao, Thomas La Porta, Patrick McDaniel, and Trent Jaeger, On Cellular Botnets: Measuring the Impact of Malicious Devices on the Network Core. Technical Report NAS-TR-0110-2009, Network and Security Research Center, March 2009. Updated 6 March 2009. [Abstract]

Hosam Rowaihy, Matthew P. Johnson, Diego Pizzocaro, Amotz Bar-Noy, Lance Kaplan, Thomas La Porta, and Alun Preece, Exact and Fuzzy Sensor-Task Assignment. Technical Report NAS-TR-0106-2009, Network and Security Research Center. [Abstract]

Dave King, Divya Muthukumaran, and Trent Jaeger, Retrofitting Authorization in Legacy Programs. Technical Report NAS-TR-0105-2009, Network and Security Research Center. [Abstract]

Boniface Hicks, Sandra Rueda, Yogesh Sreenivasan, Guruprasad Jakka, Dave King, Trent Jaeger, and Patrick McDaniel, An Architecture for Enforcing End-to-End Security Over Web Ap- owards Comprehensive System Integrity Verification through Monitoring. Technical Report NAS-TR-0104-2009, Network and Security Research Center. [Abstract]

Joshua Schiffman, Thomas Moyer, Christopher Shal, Trent Jaeger, and Patrick McDaniel, No Node Is an Island: Shamon Integrity Monitoring Approach. Technical Report NAS-TR-0103-2009, Network and Security Research Center, February 2009. [Abstract]

Dave King, Susmit Jha, Trent Jaeger, Somesh Jha, and Sanjit A. Seshia, Towards Automated Security Mediation Placement. Technical Report NAS-TR-0100-2008, Network and Security Research Center, November 2008. [Abstract]

William Enck, Machigar Ongtang, and Patrick McDaniel, Mitigating Android Software Misuse Before It Happens. Technical Report NAS-TR-0094-2008, Network and Security Research Center, September 2008. Updated November 2008. [Abstract]

Divya Muthukumaran, Mohamed Hassan, Vikhyath Rao, and Trent Jaeger, Protecting Telephony Services in Mobile Phones. Technical Report NAS-TR-0096-2008, Network and Security Research Center, September 2008. [Abstract]

Thomas Moyer, Kevin Butler, Joshua Schiffman, Patrick McDaniel, and Trent Jaeger, Scalable Asynchronous Web Content Attestation. Technical Report NAS-TR-0096-2008, Network and Security Research Center, September 2008. [Abstract]

William Enck, Machigar Ongtang, and PatrickMcDaniel, Automated Cellphone Application Certification inAndroid (or) Mitigating Phone Software Misuse Before It Happens. Technical Report NAS-TR-0094-2008, Network and Security Research Center, September 2008.

Dave King, Boniface Hicks, Michael Hicks, and Trent Jaeger, Implicit Flows: Can't Live With `Em, Can't Live Without `Em. Technical Report NAS-TR-0093-2008, Network and Security Research Center, July 2008. [Abstract]

Boniface Hicks, David King, Patrick McDaniel, and Michael Hicks, Trusted Declassification: Policy Infrastructure for a Security-Typed Language. Technical Report NAS-TR-0092-2008, Network and Security Research Center, July 2008. [Abstract]

Boniface Hicks, Sandra Rueda, Luke St.Clair, Trent Jaeger, and PatrickMcDaniel, A Logical Specification and Analysis for SELinux MLS Policy. Technical Report NAS-TR-0091-2008, Network and Security Research Center, July 2008. [Abstract]

Dave King, Susmit Jha, Trent Jaeger, Somesh Jha, and and Sanjit A. Seshia, On Automatic Placement of Declassifiers for Information-Flow Security. Technical Report NAS-TR-0083-2007, Network and Security Research Center, November 2007. Updated January 2008. In submission. [Abstract]

Kevin Butler, Stephen McLaughlin, and Patrick McDaniel, Non-Volatile Memory and Disks: Avenues for Policy Architectures. Technical Report NAS-TR-0074-2007, Network and Security Research Center, June 2007. [Abstract]

William Enck, Sandra Rueda, Joshua Schiffman, Yogesh Sreenivasan, Luke St. Clair, Trent Jaeger, and Patrick McDaniel, Protecting Users From "Themselves". Technical Report NAS-TR-0073-2007, Network and Security Research Center, June 2007. [Abstract]

Dhananjay Bapat, Kevin Butler, and Patrick McDaniel, Towards Automated Privilege Separation. Technical Report NAS-TR-0071-2007, Network and Security Research Center, May 2007. [Abstract]

Dave King, Trent Jaeger, Somesh Jha, and Sanjit A. Seshia, Effective Blame for Information-Flow Violations. Technical Report NAS-TR-0069-2007, Network and Security Research Center, May 2007. Updated March 2008. [Abstract]

Luke St.Clair, Josh Schiffman, Trent Jaeger, and Patrick McDaniel, Establishing and Sustaining System Integrity via Root of Trust Installation. Technical Report NAS-TR-0067-2007, Network and Security Research Center, April 2007. [Abstract]

William Enck, Patrick McDaniel, and Trent Jaeger, PinUP: Protecting User Files by Reducing Application Access. Technical Report NAS-TR-0063-2007, Network and Security Research Center, February 2007. Updated January 2008. [Abstract]

Patrick Traynor, William Enck, Patrick McDaniel, and Thomas La Porta, Exploiting Open Functionality in SMS-Capable Cellular Networks. Technical Report NAS-TR-0007-2007, Network and Security Research Center, February 2007.

Lisa Johansen, Kevin Butler, William Enck, Patrick Traynor, and Patrick McDaniel, Grains of SANs: Building Storage Area Networks from Memory Spots. Technical Report NAS-TR-0060-2007, Network and Security Research Center, January 2007. [Abstract]

Patrick Traynor, Vikhyath Rao, Trent Jaeger, Patrick McDaniel, and Thomas La Porta, From Mobile Phones to Responsible Devices. Technical Report NAS-TR-0059-2007, Network and Security Research Center, January 2007. [Abstract]

Trent Jaeger, Reiner Sailer, and Yogesh Sreenivasan, Managing the Risk of Covert Information Flows in Virtual Machine Systems. Technical Report RC24154, IBM, January 2007. [Full Paper,Abstract]

Boniface Hicks, Sandra Rueda, Trent Jaeger, and Patrick McDaniel, From Trusted to Secure: Building and Executing Applications that Enforce System Security. Technical Report NAS-TR-0061-2007, Network and Security Research Center, January 2007.

Luke St. Clair, Josh Schiffman, Trent Jaeger, and Patrick McDaniel, Sum of the Parts: Composing Trust from Validation Primitives. Technical Report NAS-TR-0056-2006, Network and Security Research Center, November 2006. [Abstract]

Patrick Traynor, William Enck, Patrick McDaniel, and Thomas La Porta, Mitigating Attacks on Open Functionality in SMS-Capable Cellular Networks. Technical Report NAS-TR-0051-2006, Network and Security Research Center, October 2006.

Boniface Hicks, Sandra Rueda, Trent Jaeger, and Patrick McDaniel, Breaking Down the Walls of Mutual Distrust: Security-typed Email Using Labeled IPsec. Technical Report NAS-TR-0049-2006, Network and Security Research Center, September 2006.

Patrick Traynor, Raju Kumar, Heesook Choi, Guohong Cao, Sencun Zhu, and Thomas La Porta, Efficient Hybrid Security Mechanisms for Heterogeneous Sensor Networks. Technical Report NAS-TR-0044-2006, Network and Security Research Center, August 2006.

Patrick McDaniel, Understanding Equivalence in High-Level and Information Flow Policy. Technical Report NAS-TR-0042-2006, Network and Security Research Center, July 2006.

Lisa Johansen, Kevin Butler, Mike Rowell, and Patrick McDaniel, Email Communities of Interest. Technical Report NAS-TR-0040-2006, Network and Security Research Center, May 2006.

Boniface Hicks, Kiyan Ahmadizadeh, and Patrick McDaniel, From Languages to Systems: Understanding Practical Application Development in Security-typed Languages. Technical Report NAS-TR-0035-2006, Network and Security Research Center, April 2006.

Heesook Choi, William Enck, Jaesheung Shin, Patrick McDaniel, and Tom LaPorta, ASR: Anonymous and Secure Reporting of Traffic Forwarding Activity in Mobile Ad Hoc Networks. Technical Report NAS-TR-0034-2006, Network and Security Research Center, March 2006.

J. McCune, S. Berger, R. Caceres, T. Jaeger, and R. Sailer, DeuTeRiuM: A system for distributed mandatory access control. Technical Report RC23865, IBM T.J. Watson Research Center, February 2006. Submitted for publication.

William Enck, Kevin Butler, Thomas Richardson, and Patrick McDaniel, Securing Non-Volatile Main Memory. Technical Report NAS-TR-0029-2006, Network and Security Research Center, February 2006.

S. Qiu, P. McDaniel, F. Monrose, and A. Rubin, Characterizing Address Use Structure and Stabillity of Origin Advertisement in Interdomain Routing. Technical Report NAS-TR-0018-2005, Network and Security Research Center, July 2005.

T. Jaeger, S. Hallyn, and J. Latten, Leveraging IPsec for Mandatory Access Control of Linux Network Communications. Technical Report RC23642, IBM T.J. Watson Research Center, April 2005. Presented at 21st Annual Computer Security Applications Conference; Tucson, Arizona; December 2005.

Boniface Hicks, Patrick McDaniel, and Ali Hurson, Information flow control in database security: A case study for secure programming with JIF. Technical Report NAS-TR-0011-2005, Network and Security Center, April 2005. [Full Paper,Abstract]

Boniface Hicks, Dave King, and Patrick McDaniel, Declassification with Cryptographic Functions in a Security-Typed Language. Technical Report NAS-TR-0004-2005, Network and Security Center, January 2005. (updated May 2005). [Abstract]

W. Aiello, K. Butler, and P. McDaniel, Path Authentication in Interdomain Routing. Technical Report TR NAS-TR-0002-2004, Network and Security Center, Department of Computer Science and Engineering, Penn State University, November 2004. [Full Paper,Abstract]

Kevin Butler, Toni Farley, Patrick McDaniel, and Jennifer Rexford, A Survey of BGP Security Issues and Solutions. Technical Report TR TD-5UGJ33, Network and Security Center, AT&T Labs - Research, Florham Park, NJ, February 2004. (updated June 2004).

Workshops

Patrick McDaniel, Trent Jaeger, Thomas F. La Porta, Nicolas Papernot , Robert J. Walls, Alexander Kott, Lisa Marvel, Ananthram Swami, Prasant Mohapatra, Srikanth V. Krishnamurthy, and Iulian Neamtiu, Security and Science of Agility. First ACM Workshop on Moving Target Defense (MTD 2014), November 2014. Scottsdale, AZ. [Abstract]

Xinyang Ge, Hayawardh Vijayakumar, and Trent Jaeger, Sprobes: Enforcing Kernel Code Integrity on the TrustZone Architecture. Proceedings of the 2014 Mobile Security Technologies Workshop (MoST), May 2014. San Jose, CA. [Abstract]

Joshua Schiffman, Yuqiong Sun, Hayawardh Vijayakumar, and Trent Jaeger, Cloud Verifier: Verifiable Auditing Service for IaaS Clouds. Proceedings of the IEEE 2013 First International Workshop on Cloud Security Auditing, June 2013. [Abstract]

Stephen McLaughlin, On Dynamic Malware Payloads Aimed at Programmable Logic Controllers. Proceedings of the 6th USENIX Workshop on Hot Topics in Security (HotSec), August 2011. [Abstract]

Stephen McLaughlin, Dmitry Podkuiko, Adam Delozier, Sergei Miadzvezhanka, and Patrick McDaniel, Embedded Firmware Diversity for Smart Electric Meters. Proceedings of the 5th USENIX Workshop on Hot Topics in Security (HotSec 10), August 2010. [Abstract]

Patrick McDaniel, Kevin Butler, Stephen McLaughlin , Radu Sion, Erez Zadok, and Marianne Winslett, Towards a Secure and Efficient System for End-to-End Provenance. 2nd USENIX Workshop on the Theory and Practice of Provenance, February 2010. [Full Paper,Abstract]

Stephen McLaughlin, Dmitry Podkuiko, and Patrick McDaniel, Energy Theft in the Advanced Metering Infrastructure. Proceedings of the 4th International Workshop on Critical Infrastructure Security (CRITIS '09), September 2009. [Abstract]

Kevin Butler, William Enck, Harri Hursti, Stephen McLaughlin, Patrick Traynor, and Patrick McDaniel, Systemic Issues in the Hart InterCivic and Premier Voting Systems: Reflections Following Project EVEREST. Proceedings of the USENIX/ACCURATE Electronic Voting Technology (EVT) Workshop, July 2008. [Abstract]

William Enck, Sandra Rueda, Yogesh Sreenivasan, Joshua Schiffman, Luke St. Clair, Trent Jaeger, and Patrick McDaniel, Protecting Users from "Themselves". Proceedings of the 1st ACM Computer Security Architectures Workshop, November 2007. [Full Paper,Abstract]

Kevin Butler, Stephen McLaughlin, and Patrick McDaniel, Non-Volatile Memory and Disks: Avenues for Policy Architectures. First Computer Security Architecture Workshop (CSAW 2007), November 2007. [Full Paper,Abstract]

S. Raskhodnikova, D. Ron, R. Rubinfeld, and A. Smith, Sublinear Algorithms for Approximating String Compressibility. The 11th International Workshop on Randomization and Computation (RANDOM 2007), August 2007. [Full Paper,Abstract]

Boniface Hicks, Dave King, and Patrick McDaniel, Jifclipse: Development Tools for Security-Typed Applications. Proceedings of the 2nd ACM SIGPLAN Workshop on Programming Languages and Analysis for Security (PLAS '07), ACM Press, June 14 2007. Editor: Michael Hicks. [Full Paper,Abstract]

Shiva Chaitanya, Kevin Butler, Anand Sivasubramaniam , Patrick McDaniel, and Murali Vilayannur, Design, implementation and evaluation of security in iSCSI-based network storage systems. The 2nd International Workshop on Storage Security and Survivability (StorageSS 2006), October 2006. [Full Paper,Abstract]

Trent Jaeger, Patrick McDaniel, Luke St.Clair, Ramon Caceres, and Reiner Sailer, Shame on Trust in Distributed Systems. Proceedings of the First Workshop on Hot Topics in Security (HotSec '06), July 2006. [Full Paper,Abstract]

Kevin Butler and Patrick McDaniel, Testing Large Scale BGP Security in Replayable Network Environments. DETER Community Workshop on Cyber Security Experimentation and Test, June 2006. [Full Paper,Abstract]

Kevin Butler, Patrick McDaniel, and Sophie Qui, BGPRV: Retrieving and Processing BGP Data with Efficiency and Convenience. DETER Community Workshop on Cyber Security Experimentation and Test, June 2006. [Full Paper,Abstract]

Boniface Hicks, Dave King, Patrick McDaniel, and Michael Hicks, Trusted Declassification: High-level policy for a security-typed language. Proceedings of the 1st ACM SIGPLAN Workshop on Programming Languages and Analysis for Security (PLAS '06), ACM Press, June 2006. [Full Paper,Abstract]

Ali Al-Lawati, Dongwon Lee, and Patrick McDaniel, Blocking in Private Information Matching. Proceedings of Second International ACM SIGMOD Workshop on Information Quality in Information Systems, July 2005. Baltimore, MD. [Full Paper,Abstract]

J. Linwood Griffin, T. Jaeger, R. Perez , R. Sailer, L. van Doorn, and R. Caceres, Analysis of Communities Of Interest in Data Networks. Passive and Active Measurement Workshop 2005, March 2005. Boston, MA. [Full Paper,Abstract]

Michael Hicks, Stephen Tse, Boniface Hicks, and Steve Zdancewic, Dynamic updating of information-flow policies. Proceedings of the Foundations of Computer Security Workshop (FCS '05), March 2005. [Full Paper,Abstract]

H.B. Wang, S. Jha, P. McDaniel, and M. Livny, Security Policy Reconciliation in Distributed Computing Environments. Proceedings of 5th International Workshop on Policies for Distributed Systems and Networks (Policy 2004), IEEE, June 2004. [Full Paper,Abstract]

Simon Byers, Lorrie Faith Cranor, Dave Kormann, and Patrick McDaniel, Searching for Privacy: Design and Implementation of a P3P-Enabled Search Engine. Proceedings of 2004 Workshop on Privacy Enhancing Technologies (PETS), May 2004. Toronto, Canada. [Full Paper,Abstract]

Simon Byers, Lorrie Cranor, Eric Cronin, Dave Kormann, and Patrick McDaniel, Analysis of Security Vulnerabilities in the Movie Production and Distribution Process. Proceedings of 2003 ACM Workshop on Digital Rights Management, ACM, October 2003. Washington, DC. [Full Paper,Abstract]

T. Jaeger, J. Tidswell, A. Gefflautand Y. Park, K. Elphinstone, and J.Liedtke, Synchronous IPC over transparent monitors. ACM SIGOPS European Workshop, pages 189-194 2000.

Alain Gefflaut, Trent Jaeger, Yoonho Park and Jochen Liedtke, Kevin Elphinstone, Volkmar Uhlig , Jonathon Tidswell, Luke Deller, and Lars Reuther, The SawMill multiserver approach. Proceedings of the ACM SIGOPS European Workshop, pages 109-114 2000. [Full Paper]

Jonathan F. Tidswell and Trent Jaeger, Integrated Constraints and Inheritance in DTAC. Proceedings of the 5th ACM Workshop on Role-Based Access Control (RBAC-00), pages 93-102, July 2000. [Abstract]

Trent Jaeger, On the Increasing Importance of Constraints. Proceedings of the Fourth ACM Wokshop on Role-Based Access Control, pages 33-42, October 1999.

Trent Jaeger, Tony Michailidis, and Roy Rada, Access Control in a Virtual University. Proceedings of the Workshops on Enabling Technologies: Infrastructures for Collaborative Enterprises, pages 135-140 1999.

Jochen Liedtke, Volkmar Uhlig, Kevin Elphinstone , Trent Jaeger, and Yoonho Park, How To Schedule Unlimited Memory Pinning of Untrusted Processes Or Provisional Ideas about Service-Neutrality. Proceedings of the Workshop on Hot Topics in Operating Systems, pages 153-158 1999. [Abstract]

T. Jaeger, K. Elphinstone, J. Liedtkeand V. Panteleenko, and Y. Park, Flexible Access Control using IPC Redirection. Workshop on Hot Topics in Operating Systems 1999. [Abstract]

Books

Patrick Traynor, Patrick McDaniel and Thomas La Porta, Security for Telecommunications Networks. Springer, Advances in Information Security, 40, 2008. [Book]

Trent Jaeger, Operating System Security. Morgan and Claypool, Synthesis Lectures on Information Security, Privacy and Trust, 2008. [Book]

Columns

Patrick McDaniel and William Enck, Not So Great Expectations: Why Application Markets Haven't Failed Security. IEEE Security & Privacy Magazine, 8(5):76--78, September/October 2010. (Secure Systems issue column).