top of page

Interests

Firewall

Trends in Firewall Configuration Errors

01

PDF

Combating the perils of port 80 at the firewall.

07

PDF

Firmato:ANovel Firewall Management Toolkit

03

PDF

The use and usability of direction-based
filtering in firewalls

05

PDF

A Quantitative Study of Firewall Configuration Errors

06

PDF

Publications

JOURANLS

Crumbling walls: A class of practical and efficient quorum systems.

2

URL
PDF

Optimal layouts on a chain ATM network.

6

PDF

Quorum systems in replicated databases: Science or fiction? (invited paper)

10

URL

Key management for encrypted broadcast.

14

URL
PDF

Why security standards sometimes fail.

18

URL
PDF

A quantitative study of firewall configuration errors.

22

URL
PDF

Lightweight key management for IEEE 802.11 wireless LANs with key refresh and host revocation.

26

URL
PDF

A geographic directed preferential Internet topology model.

30

URL
PDF

Trends in firewall configuration errors: Measuring the holes in Swiss cheese.

34

URL
PDF

A secure supply-chain RFID system that respects your privacy.

38

URL
PDF

Direction finding of rogue Wi-Fi access points using an off-the-shelf MIMO-OFDM receiver.

42

URL

A security analysis and revised security extension for the precision time protocol.

46

URL

A Taxonomy of Industrial Control Protocols and Networks in the Power Grid

51

The availability of crumbling wall quorum systems.

3

URL
PDF

Optimal availability quorum systems: Theory and practice.

7

URL
PDF

On location-restricted services

11

PDF

Probabilistic quorum systems.

15

URL
PDF

Combinatorial design of multi-ring networks with combined routing and flow control.

19

URL
PDF

The use and usability of direction-based filtering in firewalls.

23

URL
PDF

Install-time vaccination of Windows executables to defend against stack smashing attacks.

27

URL
PDF

Bounding the bias of tree-like sampling in IP topologies.

31

URL
PDF

The geometric efficient matching algorithm for firewalls.

35

URL
PDF

Accurate modeling of the Siemens S7 SCADA protocol for intrusion detection and digital forensics.

39

URL
PDF

Side-channel cryptographic attacks using pseudo-boolean optimization.

43

URL

Vehicle safe-mode, concept to practice: Limp-mode in the service of cyber security.

47

URL

​PESrank: An Explainable online password strength estimator | Accepted for publication in Journal of Computer Security

50

URL

Randomized approximation of bounded multicovering problems.

4

URL
PDF

The load, capacity and availability of quorum systems.

8

URL
PDF

The load and availability of Byzantine quorum systems.

12

URL
PDF

How to be an efficient snoop, or the probe complexity of quorum systems.

16

URL
PDF

Computing the unmeasured: An algebraic approach to Internet mapping.

20

URL
PDF

A note on the fragility of the "Michael" message integrity code.

24

URL
PDF

Offline firewall analysis.

28

URL
PDF

Finding a dense-core in Jellyfish graphs.

32

URL
PDF

WDA: A web farm distributed denial of service attack attenuator.

36

URL
PDF

Implementing public-key cryptography on passive RFID tags is practical.

40

URL
PDF

Automatic construction of statechart-based anomaly detection models for multi-threaded industrial control systems.

44

URL

Using the MSET device to counteract power-analysis attacks.

48

URL

The availability of quorum systems.

1

URL
PDF

Computational experience with approximation algorithms for the setcovering problem.

5

URL
PDF

Access control and signatures via quorum secret sharing.

9

URL
PDF

Key management for restricted multicast using broadcast encryption.

13

URL
PDF

Combating the perils of port 80 at the firewall.

17

URL
PDF

On the economics of multicasting.

21

URL
PDF

Firmato: A novel firewall management toolkit.

25

URL
PDF

A practical revocation scheme for broadcast encryption using smart cards.

29

URL
PDF

CRUST: Cryptographic remote untrusted storage without public keys.

33

URL
PDF

Accurate modeling of Modbus/TCP for intrusion detection in SCADA systems.

37

URL
PDF

Control variable classification, modeling and anomaly detection in Modbus/TCP SCADA networks.

41

URL

Field classification, modeling and anomaly detection in unknown CAN bus networks.

45

URL

Rank estimation with bounded error via exponential sampling.

49

URL

Refereed Conference Papers

Approximating bounded 0-1 integer linear programs.

01

Access control and signatures via quorum secret sharing.

05

The load and availability of Byzantine quorum systems.

09

Key management for encrypted broadcast.

13

On the economics of multicasting.

17

Architecting the Lumeta firewall analyzer.

21

A clustering approach for exploring the Internet structure.

25

PDF

A uniform framework for cryptanalysis of the Bluetooth E_0 cipher.

29

URL

Cryptanalysis of the Bluetooth E0 cipher using OBDD's.

33

URL

Bounding the bias of tree-like sampling in IP topologies.

37

No more 0-days (or code-based intrusion detection by Korset).

41

URL

Trends in firewall configuration errors: Measuring the holes in Swiss cheese.

45

Accurate modeling of Modbus/TCP for intrusion detection in SCADA systems.

49

Accurate modeling of the Siemens S7 SCADA protocol for intrusion detection and digital forensics.

53

Simple photonic emission attack with reduced data complexity.

57

URL

Modeling Modbus TCP using specification-based intrusion detection.

61

PDF

Testing the boundaries of the Parrot anti-spoofing defense system.

65

PDF

Cache-attacks on the ARM TrustZone implementations of AES-256 and AES-256-GCM via GPU-based analysis.

69

URL

Woodpecker, a software-only true random generator for the CAN bus.

73

PDF

Rogue7: Rogue engineering-station attacks on S7 Simatic PLCs.

77

URL

Spoofing attacks against vehicular FMCW radar.

81

URL

The load, capacity and availability of quorum systems.

02

How to be an efficient snoop, or the probe complexity of quorum systems.

06

Quorum-based secure multi-party computation.

10

PDF
URL

Towards making broadcast encryption practical.

14

Fang: A firewall analysis engine.

18

A practical revocation scheme for broadcast encryption using smart cards.

22

The geometric efficient matching algorithm for firewalls.

26

PDF

A geographic directed preferential Internet topology model.

30

URL

Dictionary attacks using keyboard acoustic emanations.

34

PDF
URL

CRUST: Cryptographic remote untrusted storage without public keys.

38

RFID-based electronic voting: What could possibly go wrong?

42

PDF

RFID jamming and attacks on Israeli e-voting.

46

PDF

Practical template-algebraic side channel attacks with extremely low data complexity.

50

PDF

Control variable classification, modeling and anomaly detection in Modbus/TCP SCADA networks.

54

A security analysis and revised security extension for the precision time protocol.

58

PDF

Parrot, a software-only anti-spoofing defense system for the CAN bus.

62

PDF

Stealthy deception attacks against SCADA systems.

66

PDF

Sliding-window correlation attacks against encryption devices with an unstable clock.

70

URL

Poly-logarithmic side channel rank estimation via exponential sampling.

74

Hardware fingerprinting for the ARINC 429 avionic bus.

78

URL

Trust dies in darkness: Shedding light on Samsung's TrustZone keymaster design.

82

URL

Crumbling walls: A class of practical and efficient quorum systems.

03

Evaluating quorum systems over the Internet.

07

PDF

Replication, consistency, and practicality: Are these mutually exclusive?

11

PDF

Firmato: A novel firewall management toolkit.

15

Long-lived broadcast encryption.

19

PDF
URL

An incremental super-linear preferential Internet topology model.

23

PDF

Cracking the Bluetooth PIN.

27

PDF
URL

Toward securing untrusted storage without public-key operations.

31

PDF

One-time signatures revisited: Practical fast signatures using fractal merkle tree traversal.

35

PDF
URL

Finding a dense-core in Jellyfish graphs.

39

Algebraic power analysis in the presence of errors.

43

PDF

Algebraic side-channel analysis beyond the Hamming weight leakage model.

47

PDF
URL

Range extension attacks on contactless smart cards.

51

PDF

A statechart-based anomaly detection model for multi-threaded SCADA systems.

55

PDF

Secure containers in Android: the Samsung KNOX case study.

59

PDF
URL

A bounded-space near-optimal key enumeration algorithm for multi-subkey side-channel attacks.

63

URL

Vehicle safe-mode: Limp-mode in the service of cyber security.

67

PDF

Navigating the Samsung TrustZone with applications to cache-attacks on AES-256 in the Keymaster trustlet.

71

URL

PRank: Fast analytical rank estimation via Pareto distributions.

75

URL

An explainable online password strength estimator.

79

PDF
URL

Classification of Encrypted IoT Traffic Despite Padding and Shaping

83

Optimal layouts on a chain ATM network.

04

Optimal average-case layouts on chain networks.

08

How to prove where you are: Tracking the location of customer equipment.

12

The performance of routing and control protocols on virtual rings.

16

Computing the unmeasured: An algebraic approach to Internet mapping.

20

Install-time vaccination of Windows executables to defend against stack smashing attacks.

24

Picking virtual pockets using relay attacks on contactless smartcard systems.

28

URL

How to build a low-cost, extended-range RFID skimmer.

32

PDF
URL

Remote algorithmic complexity attacks against randomized hash tables.

36

PDF
URL

Korset: Automated, zero false-alarm intrusion detection for Linux.

40

URL

Toward practical public key anti-counterfeiting for low-cost EPC tags.

44

URL

Analyzing unique-bid auction sites for fun and profit.

48

PDF
URL

A new framework for constraint-based probabilistic template side channel attacks.

52

PDF

Field classification, modeling and anomaly detection in unknown CAN bus networks.

56

Automatic construction of statechart-based anomaly detection models for multi-threaded SCADA via spectral analysis.

60

PDF
URL

Photonic side channel attacks against RSA.

64

PDF

A new burst-DFA model for SCADA anomaly detection.

68

URL

Temporal phase shifts in SCADA networks.

72

URL

Vehicle safe-mode: An after-market proof-of-concept.

76

Characterizing GPU overclocking faults.

80

URL

Book Chapter

Packet filtering and stateful firewalls.

01

PDF

Profiling communications in industrial IP networks: Model complexity and anomaly detection.

02

URL

Theses

Quorum Systems for Distributed Control Protocols

01

PDF
URL

Approximating bounded 0-1 integer linear programs

02

Invited Presentations

How not to configure your firewall: A field guide to common firewall misconfigurations.
misconfigurations.

01

How not to configure your firewall: A field guide to common firewall misconfigurations

02

PDF
URL

A quantitative study of firewall configuration errors.

03

Patents

Method and apparatus for converting a routing table into a collection of disjoint zones.

11

Method for providing long-lived broadcast encryption.

07

Anti-spoofing defense system for a CAN bus.

14

A method and apparatus for network mapping using end-to-end delay measurements.

10

Cryptographic method and apparatus for restricting access to transmitted programming content using hash functions and program identifiers.

06

Method and apparatus for automatic risk assessment of a firewall configuration.

13

Method and apparatus for analyzing one or more firewalls.

09

Cryptographic method for restricting access to transmitted programming content using f-redundant establishment key combinations.

05

Reordering a firewall rulebase according to usage statistics.

12

A method and apparatus for managing a firewall.

08

A combinatorial design method and apparatus for multi-ring networks with combined routing and flow control.

04

Other

Cryptanalysis of KeeLoq code-hopping using a single FPGA.

01

URL

Perfect privacy for webmail with secret sharing.

01

PDF

Security applications for hardware performance counters: Software attestation and random generation.

01

PDF

Hackers do not stop at red lights.

01

URL
bottom of page