Understanding the Efficacy of Security Training in Practice, , Proceedings of the IEEE Symposium on Security and Privacy, May 2025.
Give and Take: An End-To-End Investigation of Giveaway Scam Conversion Rates, , Proceedings of the ACM Internet Measurement Conference (IMC), Madrid, Spain, November 2024.
Using Honeybuckets to Characterize Cloud Storage Scanning in the Wild, , Proceedings of the IEEE European Symposium on Security and Privacy, Vienna, Austria, July 2024.
Unfiltered: Measuring Cloud-based Email Filtering Bypasses, , Proceedings of the Web Conference (WWW), Singapore, May 2024.
An Empirical Analysis of Enterprise-Wide Mandatory Password Updates, , Proceedings of Annual Computer Security Applications Conference (ACSAC), Austin, TX, December 2023.
Understanding the Viability of Gmail's Origin Indicator for Identifying the Sender, , Proceedings of the Symposium on Useable Privacy and Security, Anaheim, CA, August 2023.
In the Line of Fire: Risks of DPI-triggered Data Collection, , Proceedings of Workshop on Cyber Security Experimentation and Test (CSET), Marina del Rey, CA, August 2023.
No Privacy Among Spies: Assessing the Functionality and Insecurity of Consumer Android Spyware Apps, , Proceedings of the 23rd Privacy Enhancing Technologies Symposium, Lausanne, Switzerland, July 2023.
Forward Pass: On the Security Implications of Email Forwarding Mechanism and Policy, , Proceedings of the IEEE European Symposium on Security and Privacy, Delft, The Netherlands, July 2023, pages 373-391. (Best paper award).
WaVe: a Verifiably Secure WebAssembly Sandboxing Runtime, , Proceedings of the IEEE Symposium on Security and Privacy, May 2023. (Distinguished Paper Award).
Ransomware Attack Associated With Disruptions at Adjacent Emergency Departments in the US, , JAMA Network Open 6(5):e2312270-e2312270, May 2023.
The Challenges of Blockchain-based Naming Systems for Malware Defenders, , Proceedings of the APWG Symposium on Electronic Crime Research (eCrime), November 2022, pages 1-14. (Best Student Paper).
Retroactive Identification of Targeted DNS Infrastructure Hijacking, , Proceedings of the ACM Internet Measurement Conference (IMC), Nice, France, October 2022, pages 14-32.
Where .ru? Assessing the Impact of Conflict on Russian Domain Infrastructure, , Proceedings of the ACM Internet Measurement Conference (IMC), Nice, France, October 2022, pages 159-165.
Measuring UID Smuggling in the Wild, , Proceedings of the ACM Internet Measurement Conference (IMC), Nice, France, October 2022, pages 230-243.
Measuring Security Practices, , Communications of the Association for Computing Machinery 65(9):93-102, September 2022.
Domain Name Lifetimes: Baseline and Threats, , Proceedings of the 6th Network Traffic Measurement and Analysis Conference (TMA), June 2022, pages 10-18.
Risky BIZness: Risks Derived from Registrar Name Management, , Proceedings of the ACM Internet Measurement Conference (IMC), Virtual, November 2021, pages 673-686. (IRTF Applied Networking Research Prize).
Who's Got Your Mail? Characterizing Mail Service Provider Usage, , Proceedings of the ACM Internet Measurement Conference (IMC), Virtual, November 2021, pages 122-136.
Home is Where the Hijacking is: Understanding DNS Interception by Residential Routers, , Proceedings of the ACM Internet Measurement Conference (IMC), Virtual, November 2021, pages 390-397.
Characterization of Anycast Adoption in the DNS Authoritative Infrastructure, , Proceedings of the 5th Network Traffic Measurement and Analysis Conference (TMA), September 2021, pages 1-9. (Best Paper).
Hopper: Modeling and Detecting Lateral Movement, , Proceedings of the 30th USENIX Security Symposium, Vancouver, B.C., Canada, August 2021, pages 3093-3110.
Jetset: Targeted Firmware Rehosting for Embedded Systems, , Proceedings of the 30th USENIX Security Symposium, Vancouver, B.C., Canada, August 2021.
CoResident Evil: Covert Communications in the Cloud with Lambdas, , Proceedings of the Web Conference (WWW), Ljubljana, Solvenia, April 2021.
Clairvoyance: Inferring Blocklist Use on the Internet, , Proceedings of the 22nd Passive and Active Measurement Conference (PAM), Brandenburg, Germany, March 2021, pages 57-75.
Доверя́й, но проверя́й: SFI safety for native-compiled Wasm, , Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2021.
Unresolved Issues: Prevalence, Persistence and Perils of Lame Nameservers, , Proceedings of the ACM Internet Measurement Conference (IMC), Pittsburgh, Pennsylvania (via the Internet), October 2020, pages 281-294.
Trufflehunter: Cache Sniffing Rare Domains at Large Public DNS Resolvers, , Proceedings of the ACM Internet Measurement Conference (IMC), Pittsburgh, Pennsylvania (via the Internet), October 2020, pages 50-64. (IRTF Applied Networking Research Prize).
Measuring Security Practices and How They Impact Security, , Proceedings of the ACM Internet Measurement Conference (IMC), Amsterdam, The Netherlands, October 2019, pages 36-49.
Triton: A Software-Reconfigurable Federated Avionics Testbed, , Proceedings of Workshop on Cyber Security Experimentation and Test (CSET), Santa Clara, CA, August 2019.
Detecting and Characterizing Lateral Phishing at Scale, , Proceedings of the 28th USENIX Security Symposium, Santa Clara, CA, August 2019, pages 1273-1290. (Distinguished paper).
Reading the Tea Leaves: A Comparative Analysis of Threat Intelligence, , Proceedings of the 28th USENIX Security Symposium, Santa Clara, CA, August 2019, pages 851-867.
Web Feature Deprecation: A Case Study for Chrome, , Proceedings of the 41st ACM/IEEE International Conference on Software Engineering: Software Engineering in Practice, ICSE (SEIP) 2019, Montréal, QC, Canada, May 2019, pages 302-311.
Hack for Hire: Exploring the Emerging Market for Account Hijacking, , Proceedings of the Web Conference (WWW), San Francisco, CA, May 2019, pages 1279-1289.
Following Their Footsteps: Characterizing Account Automation Abuse and Defenses, , Proceedings of the ACM Internet Measurement Conference (IMC), Boston, MA, October 2018, pages 43-55.
Lawful Device Access without Mass Surveillance Risk: A Technical Design Discussion, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Toronto, Canada, October 2018.
Quantifying the Pressure of Legal Risks on Third-party Vulnerability Research, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Dallas, Texas, November 2017.
Tripwire: Inferring Internet Site Compromise, , Proceedings of the ACM Internet Measurement Conference (IMC), London, UK, November 2017, pages 341-354.
Malicious Browser Extensions at Scale: Bridging the Observability Gap between Web Site and Browser, , Proceedings of Workshop on Cyber Security Experimentation and Test (CSET), August 2017.
How They Did It: An Analysis of Emission Defeat Devices in Modern Automobiles, , Proceedings of the IEEE Symposium on Security and Privacy, San Jose, CA, May 2017.
A Call to ARMs: Understanding the Costs and Benefits of JIT Spraying Mitigations, , Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2017.
You've Got Vulnerability: Exploring Effective Vulnerability Notifications, , Proceedings of the 25th USENIX Security Symposium, Austin, TX, August 2016.
A Fistful of Bitcoins: Characterizing Payments Among Men with No Names, , Communications of the Association for Computing Machinery 59(4):86-93, April 2016.
Scheduling Techniques for Hybrid Circuit/Packet Networks, , Proceedings of ACM CoNEXT, Heidelberg, Germany, December 2015.
Security by Any Other Name: On the Effectiveness of Provider Based Email Security, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Denver, Colorado, October 2015.
From .academy to .zone: An Analysis of the New TLD Land Rush, , Proceedings of the ACM Internet Measurement Conference (IMC), Tokyo, Japan, October 2015.
Who is .com? Learning to Parse WHOIS Records, , Proceedings of the ACM Internet Measurement Conference (IMC), Tokyo, Japan, October 2015.
Affiliate Crookies: Characterizing Affiliate Marketing Abuse, , Proceedings of the ACM Internet Measurement Conference (IMC), Tokyo, Japan, October 2015.
Fast and Vulnerable: A Story of Telematic Failures, , Proceedings of the USENIX Workshop On Offensive Technologies (WOOT), Washington D.C., August 2015.
Framing Dependencies Introduced by Underground Commoditization, , Proceedings of the Workshop on the Economics of Information Security (WEIS), Delft, The Netherlands, June 2015.
Too LeJIT to Quit: Extending JIT Spraying to ARM, , Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2015.
On The Security of Mobile Cockpit Information Systems, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Scottsdale, Arizona, November 2014.
Characterizing Large-Scale Click Fraud in ZeroAccess, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Scottsdale, Arizona, November 2014.
Search + Seizure: The Effectiveness of Interventions on SEO Campaigns, , Proceedings of the ACM Internet Measurement Conference (IMC), Vancouver, BC, Canada, November 2014, pages 359-372.
Handcrafted Fraud and Extortion: Manual Account Hijacking in the Wild, , Proceedings of the ACM Internet Measurement Conference (IMC), Vancouver, BC, Canada, November 2014.
Knock It Off: Profiling the Online Storefronts of Counterfeit Merchandise, , Proceedings of the ACM SIGKDD Conference, New York, NY, August 2014.
Empirically Characterizing Domain Abuse and the Revenue Impact of Blacklisting, , Proceedings of the Workshop on the Economics of Information Security (WEIS), State College, PA, June 2014, pages 4:1:1-4:1:13.
XXXtortion? Inferring Registration Intent in the .XXX TLD, , Proceedings of the International World Wide Web Conference (WWW)`, Seoul, Korea, April 2014, pages 901-912.
Botcoin: Monetizing Stolen Cycles, , Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2014.
A Fistful of Bitcoins: Characterizing Payments Among Men with No Names, , USENIX ;login: 38(6):10-14, December 2013.
A Comparison of Syslog and IS-IS for Monitoring Link State, , Proceedings of the ACM Internet Measurement Conference (IMC), Barcelona, Spain, October 2013.
A Fistful of Bitcoins: Characterizing Payments Among Men with No Names, , Proceedings of the ACM Internet Measurement Conference (IMC), Barcelona, Spain, October 2013, pages 127-140.
Measuring the Practical Impact of DNSSEC Deployment, , Proceedings of the 22nd USENIX Security Symposium, Washington D.C., August 2013.
Juice: A Longitudinal Study of an SEO Campaign, , Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2013, pages 7:4:1-7:4:17.
Taster's Choice: A Comparative Analysis of Spam Feeds, , Proceedings of the ACM Internet Measurement Conference (IMC), Boston, MA, November 2012, pages 427-440.
Priceless: The Role of Payments in Abuse-advertised Goods, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Raleigh, NC, October 2012, pages 845-856.
Manufacturing Compromise: The Emergence of Exploit-as-a-Service, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Raleigh, NC, October 2012, pages 821-832.
Be Conservative: Enhancing Failure Diagnosis with Proactive Logging, , Proceedings of the 10th ACM/USENIX Symposium on Operating Systems Design and Implementation (OSDI), Hollywood, CA, USA, October 2012.
PharmaLeaks: Understanding the Business of Online Pharmaceutical Affiliate Programs, , Proceedings of the 21st USENIX Security Symposium, Bellevue, WA, August 2012.
When Good Services Go Wild: Reassembling Web Services for Unintended Purposes, , Proceedings of the USENIX Workshop on Hot Topics in Security, Bellevue, WA, August 2012.
scc: Cluster Storage Provisioning Informed by Application Characteristics and SLAs, , USENIX ;login: 37(3), June 2012.
Measuring the Cost of Cybercrime, , Proceedings of the Workshop on the Economics of Information Security (WEIS), Berlin, Germany, June 2012.
Return-Oriented Programming: Systems, Languages and Applications, , ACM Transactions on Information and System Security 15(1), March 2012.
Improving Software Diagnosability via Log Enhancement, , ACM Transactions on Computer Systems 30(1), February 2012.
BlueSky: A Cloud-Backed File System for the Enterprise, , Proceedings of the 10th USENIX Conference on File and Storage Technologies (FAST), San Jose, CA, February 2012, pages 19:1-19:14.
scc: Cluster Storage Provisioning Informed by Application Characteristics and SLAs, , Proceedings of the 10th USENIX Conference on File and Storage Technologies (FAST), San Jose, CA, February 2012.
In Planning Digital Defenses, the Biggest Obstacle is Human Ingenuity, , New York Times, Dec 6 2011.
An Analysis of Underground Forums, , Proceedings of the ACM Internet Measurement Conference (IMC), Berlin, Germany, November 2011, pages 71-80.
Judging a site by its content: learning the textual, structural, and visual features of malicious Web pages, , Proceedings of the ACM Workshop on Artificial Intelligence and Security (AISEC), Chicago, IL, October 2011.
Cloak and Dagger: Dynamics of Web Search Cloaking, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Chicago, IL, October 2011, pages 477-490.
On the Empirical Performance of Self-calibrating WiFi Location Systems, , Proceedings of IEEE Conference on Local Computer Networks (LCN), Bonn, Germany, October 2011.
Interview with Stefan Savage: On the Spam Payment Trail, , USENIX ;login: 36(4):7-20, August 2011.
Heat of the Moment: Characterizing the Efficacy of Thermal Camera-Based Attacks, , Proceedings of the USENIX Workshop On Offensive Technologies (WOOT), San Francisco, CA, August 2011.
No Plan Survives Contact: Experience with Cybercrime Measurement, , Proceedings of Workshop on Cyber Security Experimentation and Test (CSET), August 2011, pages 2:1-2:8.
Show Me the Money: Characterizing Spam-advertised Revenue, , Proceedings of the 20th USENIX Security Symposium, San Francisco, CA, August 2011, pages 219-234.
Dirty Jobs: The Role of Freelance Labor in Web Service Abuse, , Proceedings of the 20th USENIX Security Symposium, San Francisco, CA, August 2011, pages 203-218.
Comprehensive Experimental Analyses of Automotive Attack Surfaces, , Proceedings of the 20th USENIX Security Symposium, San Francisco, CA, August 2011.
DefenestraTor: Throwing out Windows in Tor, , Privacy Enhancing Technologies Symposium, Waterloo, Canada, July 2011, pages 134-154.
Privacy-preserving Network Forensics, , Communications of the Association for Computing Machinery 54(5):78-87, May 2011.
Click Trajectories: End-to-End Analysis of the Spam Value Chain, , Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, May 2011, pages 431-446. (Award paper).
Learning to Detect Malicious URLs, , ACM Transactions on Intelligent Systems and Technology (TIST) 2(3):30:1-30:24, April 2011.
On the Effects of Registrar-level Intervention, , Proceedings of the USENIX Workshop on Large-scale Exploits and Emergent Threats (LEET), Boston, MA, March 2011, pages 1-8.
Got Traffic? An Evaluation of Click Traffic Providers, , Proceedings of the WICOM/AIRWeb Workshop on Web Quality (WebQuality), Hyderabad, India, March 2011, pages 19-26.
Improving Software Diagnosability via Log Enhancement, , Proceedings of Architectural Support for Programming Languages and Operating Systems (ASPLOS), Newport Beach, CA, March 2011.
How to Tell an Airport from a Home: Techniques and Applications, , Proceedings of the 9th ACM Workshop on Hot Topics in Networks (HotNets-IX), Monterey, CA, October 2010, pages 13:1-13:6.
Difference Engine: Harnessing Memory Redundancy in Virtual Machines, , Communications of the Association for Computing Machinery 53(10):85-93, October 2010.
California Fault Lines: Understanding the Causes and Impact of Network Failures, , Proceedings of the ACM SIGCOMM Conference, New Delhi, India, August 2010.
Re: CAPTCHAs -- Understanding CAPTCHA-Solving from an Economic Context, , Proceedings of the 19th USENIX Security Symposium, Washington, D.C., August 2010, pages 435-452.
Beyond Heuristics: Learning to Classify Vulnerabilities and Predict Exploits, , Proceedings of the ACM SIGKDD Conference, Washington D.C., July 2010, pages 105-114.
Measuring Online Service Availability Using Twitter, , Proceedings of ACM Workshop on Online Social Networks (WOSN), Boston, MA, June 2010, pages 13:1-13:9.
SleepServer: A Software-Only Approach for Reducing the Energy Consumption of PCs within Enterprise Environments, , Proceedings of the USENIX Annual Technical Conference, Boston, MA, June 2010.
Experimental Security Analysis of a Modern Automobile, , Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, May 2010.
Neon: System Support for Derived Data Management, , Proceedings of the ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, Pittsburgh, PA, March 2010, pages 63-74.
Botnet Judo: Fighting Spam with Itself, , Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2010.
Cumulus: Filesystem Backup to the Cloud, , ACM Transaction on Storage 5(4):1-28, December 2009.
Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Chicago, IL, November 2009. (Test of Time Award).
When Private Keys are Public: Results from the 2008 Debian OpenSSL Debacle, , Proceedings of the ACM Internet Measurement Conference (IMC), Chicago, IL, November 2009.
Spamalytics: An Empirical Analysis of Spam Marketing Conversion, , Communications of the Association for Computing Machinery 52(9):99-107, September 2009.
Cumulus: Filesystem Backup to the Cloud, , USENIX ;login: 34(4):7-13, August 2009.
Identifying Suspicious URLs: An Application of Large-Scale Online Learning, , Proceedings of the International Conference on Machine Learning, Montreal, Canada, June 2009, pages 681-688.
Beyond Blacklists: Learning to Detect Malicious Web Sites from Suspicious URLs, , Proceedings of the ACM SIGKDD Conference, Paris, France, June 2009, pages 1245-1254.
Spamcraft: An Inside Look at Spam Campaign Orchestration, , Proceedings of the USENIX Workshop on Large-scale Exploits and Emergent Threats (LEET), Boston, MA, April 2009, pages 4:1-4:9.
Difference Engine, , USENIX ;login: 34(2):24-31, April 2009.
Detecting Malicious Packet Losses, , IEEE Transactions on Parallel and Distributed Systems 20(2), February 2009.
Cumulus: Filesystem Backup to the Cloud, , Proceedings of the 7th USENIX Conference on File and Storage Technologies (FAST), San Francisco, CA, February 2009, pages 225-238.
Difference Engine: Harnessing Memory Redundancy in Virtual Machines, , Proceedings of the 8th ACM/USENIX Symposium on Operating Systems Design and Implementation (OSDI), San Diego, CA, USA, December 2008, pages 309-322. (Award paper).
Spamalytics: an Empirical Analysis of Spam Marketing Conversion, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Alexandria, VA, October 2008, pages 3-14.
Reconsidering Physical Key Secrecy: Teleduplication via Optical Decoding, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Alexandria, VA, October 2008.
When Good Instructions Go Bad: Generalizing Return-oriented Programming to the SPARC, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Alexandria, VA, October 2008.
XL: An Efficient Network Routing Algorithm, , Proceedings of the ACM SIGCOMM Conference, Seattle, WA, August 2008.
Storm: When Researchers Collide, , USENIX ;login: 33(4):6-13, August 2008.
On the Spam Campaign Trail, , Proceedings of the USENIX Workshop on Large-scale Exploits and Emergent Threats (LEET), San Franciso, CA, April 2008.
The Heisenbot Uncertainty Problem: Challenges in Separating Bots from Chaff, , Proceedings of the USENIX Workshop on Large-scale Exploits and Emergent Threats (LEET), San Franciso, CA, April 2008.
Detecting Compromised Routers via Packet Forwarding Behavior, , IEEE Network 22(2), March 2008.
An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Alexandria, VA, October 2007.
Slicing Spam with Occam's Razor, , Proceedings of Conference on Email and Anti-Spam (CEAS), Mountain View, CA, August 2007.
Automating Cross-Layer Diagnosis of Enterprise Wireless Networks, , Proceedings of the ACM SIGCOMM Conference, Kyoto, Japan, August 2007.
Spamscatter: Characterizing Internet Scam Hosting Infrastructure, , Proceedings of the 16th USENIX Security Symposium, Boston, MA, August 2007.
Maximizing Data Locality in Distributed Systems, , Journal of Computer and System Sciences 72(8), December 2006.
Unexpected Means of Identifying Protocols, , Proceedings of the ACM Internet Measurement Conference (IMC), Rio de Janeiro, Brazil, October 2006.
Finding Diversity in Remote Code Injection Exploits, , Proceedings of the ACM Internet Measurement Conference (IMC), Rio de Janeiro, Brazil, October 2006.
Jigsaw: Solving the Puzzle of Enterprise 802.11 Analysis, , Proceedings of the ACM SIGCOMM Conference, Pisa, Italy, September 2006, pages 39-50.
Fatih: Detecting and Isolating Malicious Routers via Traffic Validation, , IEEE Transactions on Dependable and Secure Computing 3(3), July 2006.
Inferring Internet Denial-of-Service Activity, , ACM Transactions on Computer Systems 24(2):115-139, May 2006.
Opportunistic Measurement: Extracting Insight from Spurious Traffic, , Proceedings of the 4th ACM Workshop on Hot Topics in Networks (HotNets-IV), College Park, MD, November 2005.
Self-stopping Worms, , Proceedings of the ACM Workshop on Rapid Malcode (WORM), Washington D.C., November 2005, pages 12-21.
Scalability, Fidelity and Containment in the Potemkin Virtual Honeyfarm, , Proceedings of the 20th ACM Symposium on Operating Systems Principles (SOSP), Brighton, UK, October 2005, pages 148-162.
Fatih: Detecting and Isolating Malicious Routers, , Proceedings of the IEEE Conference on Dependable Systems and Networks (DSN), Yokohama, Japan, June 2005, pages 538-547. (Award paper).
SyncScan: Practical Fast Handoff for 802.11 Infrastructure Networks, , Proceedings of the IEEE Infocom Conference, Miami, FL, March 2005.
Automated Worm Fingerprinting, , Proceedings of the 6th ACM/USENIX Symposium on Operating Systems Design and Implementation (OSDI), San Francisco, CA, USA, December 2004, pages 45-60.
Fault-Tolerant Forwarding in the Face of Malicious Routers, , Proceedings of the International Workshop on the Future Directions in Distributed Computing (FuDiCo), Bertinoro, Italy, June 2004.
Monkey See, Monkey Do: A Tool for TCP Tracing and Replaying, , Proceedings of the USENIX Annual Technical Conference, Boston, MA, June 2004, pages 87-98.
TotalRecall: System Support for Automated Availability Management, , Proceedings of the 1st ACM/USENIX Symposium on Networked Systems Design and Implementation (NSDI), San Francisco, CA, March 2004, pages 337-350.
In Search of Path Diversity in ISP Networks, , Proceedings of the USENIX/ACM Internet Measurement Conference (IMC), Miami, FL, October 2003, pages 313-318.
Automatically Inferring Patterns of Resource Consumption in Network Traffic, , Proceedings of the ACM SIGCOMM Conference, Karlsruhe, Germany, August 2003, pages 137-148.
802.11 Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions, , Proceedings of the 12th USENIX Security Symposium, Washington, D.C., August 2003, pages 15-28.
Inside the Slammer Worm, , IEEE Security and Privacy 1(4):33-39, July 2003.
Structured Superpeers: Leveraging Heterogeneity to Provide Constant-Time Lookup, , Proceedings of the 4th IEEE Workshop on Internet Applications, San Jose, CA, June 2003, pages 104-111.
The Phoenix Recovery System: Rebuilding from the Ashes of an Internet Catastrophe, , Proceedings of the 9th USENIX Workshop on Hot Topics in Operating Systems (HotOS-IX), Lihue, HI, May 2003, pages 73-78.
Internet Quarantine: Requirements for Containing Self-Propagating Code, , Proceedings of the IEEE Infocom Conference, San Francisco, CA, April 2003, pages 1901-1910.
Understanding Availability, , Proceedings of the International Workshop on Peer To Peer Systems (IPTPS), Berkeley, CA, February 2003, pages 256-267.
The Spread of the Sapphire/Slammer Worm, , CAIDA Report, January 2003.
Measuring Packet Reordering, , Proceedings of the ACM/USENIX Internet Measurement Workshop (IMW), Marseille, France, November 2002, pages 97-105.
Automated Measurement of High-Volume Traffic Clusters, , Proceedings of the ACM/USENIX Internet Measurement Workshop (IMW), Marseille, France, November 2002, pages 77-78.
Replication Strategies for Highly Available Peer-to-Peer Storage, , Proceedings of the International Workshop on the Future Directions in Distributed Computing (FuDiCo), Bertinoro, Italy, June 2002.
Robust Congestion Signaling, , Proceedings of the 9th International Conference on Network Protocols (ICNP), Riverside, CA, November 2001, pages 332-341.
Inferring Internet Denial of Service Activity, , Proceedings of the 10th USENIX Security Symposium, Washington, D.C., August 2001, pages 9-22. (Best paper and Test of Time Awards).
Network Support for IP Traceback, , IEEE/ACM Transactions on Networking 9(3):226-237, June 2001.
Alpine: A User-Level Infrastructure for Network Protocol Development, , Proceedings of the 3rd USENIX Symposium on Internet Technologies and Systems (USITS), San Francisco, CA, March 2001, pages 171-183.
Practical Network Support for IP Traceback, , Proceedings of the ACM SIGCOMM Conference, Stockholm, Sweden, August 2000, pages 295-306.
Modeling TCP Latency, , Proceedings of IEEE Infocom Conference, Tel-Aviv, Israel, March 2000, pages 1742-1751.
Understanding the Performance of TCP Pacing, , Proceedings of IEEE Infocom Conference, Tel-Aviv, Israel, March 2000, pages 1157-1165.
TCP Congestion Control with a Misbehaving Receiver, , ACM SIGCOMM Computer Communication Review 29(5):71-78, October 1999.
Sting: a TCP-based Network Measurement Tool, , Proceedings of the 2nd USENIX Symposium on Internet Technologies and Systems (USITS), Boulder, CO, October 1999, pages 71-79. (Best student paper).
The End-to-end Effects of Internet Path Selection, , Proceedings of the ACM SIGCOMM Conference, Cambridge, MA, September 1999, pages 289-299.
The Case for Informed Transport Protocols, , Proceedings of the 7th IEEE Workshop on Hot Topics in Operating Systems (HotOS-VII), Rio Rico, AZ, March 1999, pages 58-63.
Detour: a Case for Informed Internet Routing and Transport, , IEEE Micro 19(1):50-59, January 1999.
Eraser: A Dynamic Race Detector for Multi-Threaded Programs, , ACM Transactions on Computer Systems 15(4):391-411, November 1997.
Eraser: A Dynamic Race Detector for Multi-Threaded Programs, , Proceedings of the 16th ACM Symposium on Operating Systems Principles (SOSP), Saint-Malo, France, October 1997, pages 27-37. (Award paper).
Language Support for Extensible Operating Systems, , Proceedings of the 1st Workshop on Compiler Support for System Software, Tucson, AZ, February 1996, pages 127-133.
Writing an Operating System with Modula-3, , Proceedings of the 1st Workshop on Compiler Support for System Software, Tucson, AZ, February 1996, pages 134-140.
AFRAID -- A Frequently Redundany Array of Independent Disks, , Proceedings of the USENIX Annual Technical Conference, San Diego, CA, January 1996, pages 27-39. (Best student paper).
Extensibility, Safety and Performance in the SPIN Operating System, , Proceedings of the 15th ACM Symposium on Operating Systems Principles (SOSP), Copper Mountain, CO, December 1995, pages 267-284.
Protection is a Software Issue, , Proceedings of the 5th Workshop on Hot Topics in Operating Systems, Orcas Island, WA, May 1995, pages 62-65.
Processor Capacity Reserves: Operating System Support for Multimedia Applications, , Proceedings of the IEEE Interational Conference on Multimedia Computing and Systems (ICMCS), Boston, MA, May 1994, pages 90-99.
Processor Capacity Reserves: An Abstraction for Managing Processor Usage, , Proceedings of the 4th Workshop on Workstation Operating Systems, Napa, CA, October 1993, pages 129-134.
Real-time Mach Timers: Exporting Time to the User, , Proceedings of the 3rd USENIX Mach Symposium, Sante Fe, NM, April 1993, pages 221-232.