Angelos D. Keromytis - Curriculum Vitae

Positions Held

  • January 2006 - Present
    Associate Professor, Department of Computer Science, Columbia University, New York.
  • July 2001 - December 2005
    Assistant Professor, Department of Computer Science, Columbia University, New York.
  • September 1996 - July 2001
    Research Assistant, Computer and Information Science Department, University of Pennsylvania, Philadelphia.
  • January 1993 - October 1995
    Member of the Technical Staff, FORTHnet S.A., Heraclion, Greece.
  • September 1991 - January 1993
    Member of the Technical Staff, Education Team, Computer Center of the University of Crete, Heraclion, Greece.

Education

  • November 2001
    Ph.D. (Computer Science), University of Pennsylvania, USA.
  • August 1997
    M.Sc. (Computer Science), University of Pennsylvania, USA.
  • June 1996
    B.Sc. (Computer Science), University of Crete, Greece.

Service and Teaching

Editorial Boards and Steering Committees

  • Associate Editor, Encyclopedia of Cryptography and Security (2nd Edition), Springer, 2010.
  • Associate Editor, ACM Transactions on Information and System Security (TISSEC), 2004 onward.
  • Associate Editor, IET (formerly IEE) Proceedings Information Security, 2005 onward.
  • Steering Committee, ISOC Symposium on Network and Distributed System Security (SNDSS), 2006 onward.
  • Steering Committee, USENIX Workshop on Hot Topics in Security (HotSec), 2006 onward.
  • Steering Committee, New Security Paradigms Workshop (NSPW), 2007 onward.
  • Steering Committee, Computer Security Architecture Workshop (CSAW), 2007 onward.

Program Chair

  • Program co-Chair, 17th ACM Computer and Communication Security (CCS), 2010.
  • Program co-Chair, 16th ACM Computer and Communication Security (CCS), 2009.
  • Program co-Chair, New Security Paradigms Workshop (NSPW), 2008.
  • Program co-Chair, New Security Paradigms Workshop (NSPW), 2007.
  • Chair, 27th International Conference on Distributed Computing Systems (ICDCS), Security Track, 2007.
  • Chair, 16th World Wide Web (WWW) Conference, Security, Privacy, Reliability and Ethics Track, 2007.
  • Chair, 15th USENIX Security Symposium, 2006.
  • Deputy Chair, 15th World Wide Web (WWW) Conference, Security, Privacy and Ethics Track, 2006.
  • Chair, 3rd Workshop on Rapid Malcode (WORM), 2005.
  • Program co-Chair, 3rd Applied Cryptography and Network Security (ACNS) Conference, 2005.
  • Program co-Chair, OpenSig Workshop, 2003.

Program Organization

  • General co-chair, New Security Paradigms Workshop (NSPW), 2010.
  • General co-chair, New Security Paradigms Workshop (NSPW), 2009.
  • Co-chair, Invited Talks, 17th USENIX Security Symposium, 2008.
  • General co-chair, Applied Cryptography and Network Security (ACNS) Conference, 2008.
  • Co-chair, Invited Talks, 16th USENIX Security Symposium, 2007.
  • Organizing Committee, Columbia/IBM/Stevens Security & Privacy Day (bi-annual event).
    • Organizer, Columbia/IBM/Stevens Security & Privacy Day, June 2007.
  • Co-organizer, ARO/FSTC Workshop on Insider Attack and Cyber Security, 2007.
  • Publicity co-Chair, ACM Conference on Computer and Communications Security, 2006.
  • General co-Chair, OpenSig Workshop, 2003.

Program Committees

  • Program Committee, ACM Conference on Computer and Communications Security (CCS), 2005, 2007, 2008, 2009, 2010.
  • Program Committee, ISOC Symposium on Network and Distributed Systems Security (SNDSS), 2003, 2004, 2006, 2007, 2008.
  • Program Committee, USENIX Security Symposium, 2004, 2005, 2006, 2008.
  • Program Committee, International Conference on Distributed Computing Systems (ICDCS), Security Track, 2005, 2006, 2007, 2008.
  • Program Committee, Workshop on Rapid Malcode (WORM), 2004, 2005, 2006, 2007.
  • Program Committee, International Workshop on Security (IWSEC), 2006, 2007, 2008, 2009.
  • Program Committee, Information Security Conference (ISC), 2005, 2007, 2009.
  • Program Committee, Applied Cryptography and Network Security (ACNS) Conference, 2005, 2006, 2010.
  • Program Committee, World Wide Web Conference (WWW), 2005, 2006, 2007.
  • Program Committee, USENIX Technical Conference, Freely Distributable Software (Freenix) Track, 1998, 1999, 2003.
  • Program Committee, IEEE Security & Privacy Symposium, 2006, 2008.
  • Program Committee, Annual Computer Security Applications Conference (ACSAC), 2006, 2007.
  • Program Committee, USENIX Workshop on Hot Topics in Security (HotSec), 2006, 2007.
  • Program Committee, ACM SIGCOMM Workshop on Large Scale Attack Defense (LSAD), 2006, 2007.
  • Program Committee, New Security Paradigms Workshop (NSPW), 2007, 2008.
  • Program Committee, Financial Cryptography (FC) Conference, 2002, 2010.
  • Program Committee, European Workshop on Systems Security (EuroSec), 2009, 2010.
  • Program Committee, IEEE WETICE Workshop on Enterprise Security, 2002, 2003.
  • Program Committee, 40th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Dependable Computing and Communication Symposium (DCCS), 2010.
  • Program Committee, Computer Forensics in Software Engineering Workshop, 2009.
  • Program Committee, USENIX Annual Technical Conference, 2008.
  • Program Committee, USENIX Workshop on Large-scale Exploits and Emergent Threats (LEET), 2008.
  • Program Committee, 23rd International Information Security Conference (IFIP SEC), 2008.
  • Program Committee, Joint iTrust and PST Conferences on Privacy, Trust Management and Security (IFIPTM), 2008.
  • Program Committee, 1st Computer Security Architecture Workshop (CSAW), 2007.
  • Program Committee, 8th IEEE Information Assurance Workshop (IAW), 2007.
  • Program Committee, Anti-Phishing Working Group (APWG) eCrime Researchers Summit, 2007.
  • Program Committee, Workshop on Mathematical Methods, Models and Architectures for Computer Network Security (MMM-ACNS), 2007.
  • Program Committee, 4th GI International Conference on Detection of Intrusions & Malware, and Vulnerability Assessment (DIMVA), 2007.
  • Program Committee, 2nd ACM Symposium on InformAtion, Computer and Communications Security (AsiaCCS), 2007.
  • Program Committee, 6th International Conference on Cryptology and Network Security (CANS), 2007.
  • Program Committee, 2nd Workshop on Advances in Trusted Computing (WATC), 2006.
  • Program Committee, International Conference on Information and Communications Security (ICICS), 2006.
  • Program Committee, 2nd Workshop on Secure Network Protocols (NPSec), 2006.
  • Program Committee, 1st Workshop on Hot Topics in System Dependability (HotDep), 2005.
  • Program Committee, 20th ACM Symposium on Applied Computing (SAC), Trust, Recommendations, Evidence and other Collaboration Know-how (TRECK) Track, 2005.
  • Program Committee, 1st Workshop on Operating System and Architecture Support for the on demand IT Infrastructure (OASIS), 2004.
  • Program Committee, Workshop on Information Security Applications (WISA), 2004.
  • Program Committee, Workshop on Logical Foundations of an Adaptive Security Infrastructure (WOLFASI), 2004.
  • Program Committee, 29th IEEE Conference on Local Computer Networks (LCN), 2004.
  • Program Committee, 2nd International Conference on Trust Management, 2004.
  • Program Committee, Asia BSD Conference, 2004.
  • Program Committee, 2nd Annual New York Metro Area Networking Workshop (NYMAN), 2002.
  • Program Committee, Cloud Computing Security Workshop (CCSW), 2009.

Advisory Workshops

  • Lockheed Martin Future Security Threats Workshop, New York, NY, November 2009.
  • Air Force Office for Scientific Research (AFOSR) Invitational Workshop on Homogeneous Enclave Software vs Heterogeneous Enclave Software, Arlington, VA, October 2007.
  • NSF Future Internet Network Design Working Meeting, Arlington, VA, June 2007.
  • ARO/FSTC Workshop on Insider Attack and Cyber Security, Arlington, VA, June 2007.
  • NSF Invitational Workshop on Future Directions for the CyberTrust Program, Pittsburgh, PA, October 2006.
  • ARO/HSARPA Invitational Workshop on Malware Detection, Arlington, VA, August 2005.
  • Department of Defense Invitational Workshop on the Complex Behavior of Adaptive, Network-Centric Systems, College Park, MD, July 2005.
  • ARDA Next Generation Malware Invitational Workshop, Annapolis Junction, MD, March 2005.
  • Co-leader of session on "Securing software environments", joint NSF and Department of Treasury Invitational Workshop on Resilient Financial Information Systems, Washington, DC, March 2005.
  • DARPA Application Communities Invitational Workshop, Arlington, VA, October 2004.
  • DARPA APNets Invitational Workshop, Philadelphia, PA, December 2003.
  • NSF/NIST Invitational Workshop on Cybersecurity Workforce Needs Assessment and Educational Innovation, Arlington, VA, August 2003.
  • NSF Invitational Workshop on Large Scale Cyber-Security, Lansdowne, VA, March 2003.
  • IP Security Working Group Secretary, Internet Engineering Task Force (IETF), 2003 - 2008.
  • Session moderator, Workshop on Intelligence and Research, Florham Park, NJ, October 2001.
  • DARPA Composable High Assurance Trusted Systems #2 (CHATS2) Invitational Workshop, Napa, CA, November 2000.

Other Professional Activities

  • Member of the Scientific Advisory Board, Centre for Research and Technology, Hellas (CERTH), 2008 - 2011.
  • Senior Member of the ACM, 2008 onward.
  • Senior Member of the IEEE, 2009 onward.
  • Visiting Scientist, Institute for Infocomm Research (I2R), Singapore, February - May 2007.
  • Columbia Representative to the Institute for Information Infrastructure Protection (I3P), 2006 - 2008.
  • Technical Advisory Board, StackSafe Inc. (formerly Revive Systems Inc.), 2006 - 2009.
  • Technical Advisory Board, Radiuz Inc., 2006.
  • Reviewer (grant applications), Institute for Security Technology Studies (ISTS), Dartmouth College, 2006.
  • Reviewer, Singapore National Science and Technology Awards (NSTA), 2006.
  • Board of Directors, StackSafe Inc.(formerly Revive Systems Inc.), 2005 - 2009.
  • Founder, StackSafe Inc. (formerly Revive Systems Inc.), 2005 - 2009.
  • Expert witness in criminal and intellectual property litigation cases, 2005, 2006, 2007.
  • Science Fair Judge, Middle School for Democracy and Leadership, Brooklyn, NY, 2005, 2006.
  • Reviewer (grant applications), Swiss National Science Foundation, 2007.
  • Reviewer (grant applications), Netherlands Organisation for Scientific Research, 2005, 2006.
  • Reviewer (grant applications), US/Israel Binational Science Foundation, 2003, 2005.
  • NSF reviewer & panelist, 2002, 2003, 2006, 2008, 2009.
  • Internet Engineering Task Force (IETF) Security Area Advisor, 2001 - 2008.

Ph.D. Thesis Committee Service

  • Michalis Polychronakis, "Generic Code Injection Attack Detection using Code Emulation", Computer Science Department, University of Crete, October 2009.
  • Spyros Antonatos, "Defending against Known and Unknown Attacks using a Network of Affined Honeypots", Computer Science Department, University of Crete, October 2009.
  • Van-Hau Pham, "Honeypot Traces Forensics by Means of Attack Event Identification", Computer Science Group, Communications and Electronics Department, Ecole Nationale Superieure des Telecommunications, September 2009.
  • Gabriela F. Ciocarlie, "Towards Self-Adaptive Anomaly Detection Sensors", Department of Computer Science, Columbia University, September 2009.
  • Vanessa Frias-Martinez, "Behavior-Based Admission and Access Control for Network Security", Department of Computer Science, Columbia University, September 2008.
  • Wei-Jen Li, "SPARSE: A Hybrid System for Malcode-Bearing Document Detection", Department of Computer Science, Columbia University, June 2008.
  • Raj Kumar Rajendran, "The Method for Strong Detection for Distributed Routing", Electrical Engineering Department, Columbia University, March 2008.
  • Constantin Serban, "Advances in Decentralized and Stateful Access Control", Computer Science Department, Rutgers University, December 2007.
  • Ricardo A. Baratto, "THINC: A Virtual and Remote Display Architecture for Desktop Computing", Computer Science Department, Columbia University, October 2007.
  • Zhenkai Liang, "Techniques in Automated Cyber-Attack Response and Recovery", Computer Science Department, Stony Brook University, November 2006.
  • Ke Wang, "Network Payload-based Anomaly Detection and Content-based Alert Correlation", Computer Science Department, Columbia University, August 2006.
  • Seoung-Bum Lee, "Adaptive Quality of Service for Wireless Ad hoc Networks", Electrical Engineering Department, Columbia University, June 2006.
  • Shlomo Hershkop, "Behavior-based Email Analysis with Application to Spam Detection", Computer Science Department, Columbia University, August 2005.
  • Gaurav S. Kc, "Defending Software Against Process-subversion Attacks", Computer Science Department, Columbia University, April 2005.
  • Gong Su, "MOVE: A New Virtualization Approach to Mobile Communication", Computer Science Department, Columbia University, May 2004.
  • Jonathan M. Lennox, "Services for Internet Telephony", Computer Science Department, Columbia University, December 2003.
  • Michael E. Kounavis, "Programming Network Architectures", Electrical Engineering Department, Columbia University, June 2003.
  • Wenyu Jiang, "QoS Measurement and Management for Internet Real-time Multimedia Services", Computer Science Department, Columbia University, April 2003.

Post-doctoral Students

  • Hyung Chan Kim (October 2007 - October 2008)
  • Stelios Sidiroglou (October 2008 - December 2008)

Current Ph.D. Students

  • Vasilis Pappas (September 2009)
  • Vasileios Kemerlis (September 2008 - present)
  • Carlos-René Pérez (January 2008 - present)
  • Kangkook Jee (January 2008 - present)
  • Binh Vo (co-advised with Steve Bellovin) (January 2008 - present)
  • Brian Bowen (co-advised with Sal Stolfo and Steve Bellovin) (September 2007 - present)
  • Sambuddho Chakravarty (January 2007 - present)
  • Angelika Zavou (September 2006 - present)
  • Mansoor Alicherry (September 2006 - present)
  • Matthew Burnside (September 2002 - present)

Graduated Ph.D. Students

  • Debra Cook (January 2002 - June 2006)
    • Thesis title: "Elastic Block Ciphers"
    • Post-graduation: Member of the Technical Staff, Bell Labs
    • Currently: Research Staff Member, Telcordia Research
  • Angelos Stavrou (January 2003 - August 2007)
  • Michael E. Locasto (September 2002 - December 2007)
    • Thesis title: "Integrity Postures for Software Self-Defense" (awarded with distinction)
    • Post-graduation: ISTS Research Fellow, Dartmouth College
    • Currently: Research Assistant Professor, Department of Computer Science, George Mason University (GMU)
  • Stelios Sidiroglou (June 2003 - May 2008)

Service at Columbia

  • Computer Science Department Faculty Recruiting committee, 2008.
  • Columbia committee on Research Conflict of Interest Policy, 2007 - 2008.
  • Co-organizer, Computer Science Faculty Retreat, Fall 2007.
  • M.Sc. Admissions committee, 2007 - 2008
  • Advisor for the School of Engineering Computer Science Majors, Freshmen & Sophomores, 2004 - 2005
  • Chair, Facilities committee, Computer Science Department, 2003 - 2005
  • Computer Science Department Undergraduate Admissions Representative, 2003 - 2008
  • Advisor for the School of Engineering Computer Science Majors, Seniors, 2003 - 2004, 2006 - 2007
  • Computer Science Department Space Allocation Policy committee, 2002 - 2008
  • Computer Science Department Events Representative, 2002 - 2008
  • Advisor for the School of Engineering Computer Science Majors, Juniors, 2002 - 2003, 2005 - 2006
  • Computer Science Department Facilities committee, 2001 - 2008
  • Computer Science Department CRF Director Hiring committee, 2003
  • Advisor for the School of Engineering Computer Science Majors, Sophomores, 2001 - 2002
  • Computer Science Department Faculty Recruiting committee, 2001 - 2002
  • Executive Vice Provost committee on Columbia's response to the 9/11 events, Fall 2001

Teaching

(Scores indicate mean course quality rating from student survey; survey not conducted for summer sessions)
  • Instructor, COMS E6183-1 - Advanced Topics in Network Security, Columbia University
    • Fall 2006: 17 on-campus students (4.58/5)
  • Instructor, COMS W6998.1 - Advanced Topics in Network Security, Columbia University
    • Fall 2004: 17 on-campus students (4.62/5)
    • Spring 2003: 18 on-campus students (N/A)
  • Instructor, COMS W4180 - Network Security, Columbia University
    • Summer 2006: 7 CVN students (N/A)
    • Spring 2006: 63 on-campus and 9 CVN students (4.14/5)
    • Summer 2005: 4 CVN students (N/A)
    • Spring 2005: 41 on-campus and 5 CVN students (4.25/5)
    • Summer 2004: 6 CVN students (N/A)
    • Fall 2003: 45 on-campus and 12 CVN students (3.74/5)
    • Summer 2003: 5 CVN students (N/A)
    • Fall 2002: 43 on-campus and 9 CVN students (3.21/5)
    • Fall 2001: 23 on-campus students (3.6/5)
  • Instructor, COMS W4118 - Operating Systems, Columbia University
    • Summer 2007: 8 CVN students (N/A)
    • Fall 2006: 59 on-campus and 7 CVN students (3.73/5)
    • Summer 2006: 15 CVN students (N/A)
    • Fall 2005: 52 on-campus and 9 CVN students (3.86/5)
    • Spring 2004: 32 on-campus and 4 CVN students (3.39/5)
    • Spring 2002: 37 on-campus students (3.13/5)
  • Instructor, COMS W3157 - Advanced Programming, Columbia University
    • Fall 2007: 30 on-campus students (4.16/5)
  • Instructor, CIS700/002 - Building Secure Systems, University of Pennsylvania, Spring 1998

Support for Research and Teaching (Gifts and Grants)

  • PI, "Tracking Sensitive Information Flows in Modern Enterprises", Intel, $82,286 (08/2009 - 07/2010)
  • PI, "Supplement for International Research Collaborations", NSF Trustworthy Computing, $41,769 (09/2009 - 08/2011)
  • PI, "NSF Support for the 2009 New Security Paradigms Workshop Financial Aid", NSF Trustworthy Computing, $10,000 (09/2009 - 08/2010)
  • PI, "Measuring the Health of Internet Routing: A Longitudinal Study", Google (research gift), $60,000 (07/2009)
  • PI, "CSR: Small: An Information Accountability Architecture for Distributed Enterprise Systems", NSF Trustworthy Computing, CNS-09-14312, $450,000 (07/2009 - 06/2012)
  • co-PI (with Jason Nieh), "TC: Small: Exploiting Software Elasticity for Automatic Software Self-Healing", NSF Trustworthy Computing, CNS-09-14845, $450,000 (07/2009 - 06/2012)
  • co-PI (with Steve Bellovin and Sal Stolfo), "Pro-actively Removing the Botnet Threat", Office of Naval Research (ONR), $294,625 (04/2009 - 09/2010)
  • co-PI (with Simha Sethumadhavan and Sal Stolfo), "SCOPS: Secure Cyber Operations and Parallelization Studies Cluster", Air Force Office for Scientific Research (AFOSR), $650,000 (04/15/2009 - 04/14/2010)
  • PI (co-PIs: Sal Stolfo), "Program Whitelisting, Vulnerability Analytics and Risk Assessment", Symantec (research gift), $65,000 (12/2008)
  • co-PI (with Sal Stolfo), "Automated Creation of Network and Content Traffic For the National Cyber Range", DARPA/STO, $85,000 (01/01/2009 - 06/30/2011; part of a larger project)
  • co-PI (with Steve Bellovin, Tal Malkin, and Sal Stolfo), "Secure Encrypted Search", IARPA, $648,787 (09/2008 - 02/2010)
  • PI, "Tracking Sensitive Information Flows in Modern Enterprises", Intel (research gift), $64,000 (05/2008)
  • PI, "Privacy and Search: Having it Both Ways in Web Services", Google (research gift), $50,000 (03/2008)
  • PI (co-PI: Sal Stolfo), "Continuation: Safe Browsing Through Web-based Application Communities", Google (research gift), $50,000 (03/2008)
  • co-PI (with Steve Bellovin, Vishal Misra, Henning Schulzrinne, Dan Rubenstein, Nick Maxemchuck), "Zero Outage Dynamic Intrinsically Assurable Communities (ZODIAC)", DARPA/STO, $835,357 (11/2007 - 05/2009; part of a larger project with Telcordia, Sparta, GMU, and the University of Pennsylvania)
  • PI, "Travel Supplement under the US/Japan Critical Infrastructure Protection Cooperation Program", NSF CyberTrust, $38,640 (09/2007 - 08/2009)
  • PI, "PacketSpread: Practical Network Capabilities", NSF CyberTrust, CNS-07-14277, $280,000 (09/2007 - 08/2010)
  • PI, "Integrated Enterprise Security Management", NSF CyberTrust, CNS-07-14647, $286,486 (08/2007 - 07/2009)
  • PI, "Safe Browsing Through Web-based Application Communities", NY State/Polytechnic CAT, $25,000 (06/2007 - 06/2009)
  • PI, "MURI: Foundational and Systems Support for Quantitative Trust Management", Office of Naval Research (ONR), $750,000 (05/2007 - 04/2012; part of a larger project with the University of Pennsylvania and Georgia Institute of Technology)
  • PI (co-PIs: Jason Nieh, Sal Stolfo), "MURI: Autonomic Recovery of Enterprise-Wide Systems After Attack or Failure with Forward Correction", Air Force Office of Scientific Research (AFOSR), $1,368,000 (05/2007 - 04/2012; part of a larger project with GMU and Penn State University)
  • co-PI (with Sal Stolfo), "Human Behavior, Insider Threat, and Awareness", DHS/I3P, $616,442 (04/2007 - 03/2009)
  • PI (co-PI: Sal Stolfo), "Safe Browsing Through Web-based Application Communities", Google (research gift), $50,000 (01/2007)
  • PI (co-PI: Sal Stolfo), "Supplement to Behavior-based Access Control and Communication in MANETs grant", DARPA/IPTO and NRO, $96,627 (09/2006 - 07/2007)
  • PI, "Secure Overlay Services", NY State/Polytechnic CAT, $10,000 (09/2006 - 06/2007)
  • PI (co-PIs: Gail Kaiser, Sal Stolfo), "Enabling Collaborative Self-healing Software Systems", NSF CyberTrust, CNS-06-27473, $800,000 (09/2006 - 08/2010)
  • PI (co-PI: Sal Stolfo), "Behavior-based Access Control and Communication in MANETs", DARPA/IPTO, $100,000 (07/2006 - 06/2007)
  • co-PI (with Steve Bellovin and Sal Stolfo), "Large-Scale System Defense", DTO, $535,555 (07/2006 - 12/2007)
  • PI, "Active Decoys for Spyware", NY State/Polytechnic CAT, $25,000 (06/2006 - 12/2007)
  • PI, "Retrofitting A Flow-oriented Paradigm in Commodity Operating Systems for High-Performance Computing", NSF CPA, CCF-05-41093, $378,091 (01/2006 - 12/2008)
  • co-PI (with Jason Nieh, Gail Kaiser), "Broadening Participation in Research", NSF BPC, $133,565 (09/2005 - 08/2006)
  • PI, "Secure Overlay Services", NY State/Polytechnic CAT, $12,500 (09/2005 - 06/2006)
  • co-PI (with Dan Rubenstein, Vishal Misra), "Secure Overlay Services", Intel Corp. (research gift), $75,000 (08/2005)
  • PI, "Snakeyes", New York State Center for Advanced Technology, $14,999 (07/2005 - 06/2006)
  • PI, "Self-protecting Software", Columbia Science and Technology Ventures (research gift), $65,000 (06/2005 - 09/2005)
  • co-PI (with Gail Kaiser), "Trustworthy Computing Curriculum Development", Microsoft Research (research gift), $50,000 (12/2004 - 12/2005)
  • co-PI (with Jason Nieh, Gail Kaiser), "Secure Remote Computing Services", NSF ITR, CNS-04-26623, $1,200,000 (09/2004 - 08/2009)
  • PI, "Secure Overlay Services", NY State/Polytechnic CAT, $12,500 (09/2004 - 06/2005)
  • co-PI (with Dan Rubenstein, Vishal Misra), "Secure Overlay Services", Intel Corp. (research gift), $90,000 (06/2004)
  • co-PI (with Dan Rubenstein, Vishal Misra), "Secure Overlay Services", Intel Corp. (research gift), $120,000 (08/2003)
  • PI (co-PIs: Dan Rubenstein, Vishal Misra), "Secure Overlay Services", Cisco Corp. (research gift), $76,000 (07/2003)
  • co-PI (with Sal Stolfo, Tal Malkin, Vishal Misra), "Distributed Intrusion Detection Feasibility Study", Department of Defense, $300,000 (03/2003 - 03/2004)
  • PI, "STRONGMAN", DARPA/ATO, $23,782 (09/2002 - 08/2003; part of a larger project with the University of Pennsylvania)
  • PI, "POSSE", DARPA/ATO, $16,341 (09/2002 - 08/2003; part of a larger project with the University of Pennsylvania)
  • PI, "GRIDLOCK", NSF Trusted Computing, CCR-TC-02-08972, $207,000 (07/2002 - 06/2005; part of a larger project with the University of Pennsylvania and Yale University)
  • PI (co-PIs: Dan Rubenstein, Vishal Misra), "Secure Overlay Services", Cisco Corp. (research gift), $70,000 (07/2002)
  • PI (co-PIs: Dan Rubenstein, Vishal Misra), "Secure Overlay Services", DARPA/ATO, $695,000 (06/2002 - 05/2004)
  • PI, "Code Security Analysis Kit (CoSAK)", DARPA/ATO, $37,000 (07/2001 - 06/2003; part of a larger project with Drexel University)
  • Total:
  • Total as PI:

Select Invited Talks

  • "Voice over IP: Risks, Threats and Vulnerabilities", keynote talk, 5th International Conference on Information Systems Security (ICISS), Kolkata, India, December 2009.
  • "Voice over IP: Risks, Threats and Vulnerabilities", Cyber Infrastructure Protection (CIP) Conference, New York, June 2009.
  • "Voice over IP: Risks, Threats and Vulnerabilities", keynote talk, Applied Cryptography and Network Security (ACNS) Conference, Paris, France, June 2009.
  • "Automatic Software Self-Healing: Present and Future", keynote talk, European Workshop on Systems Security (EuroSec), Nuremberg, Germany, March 2009.
  • "VAMPIRE Project Overview", Symantec Research Labs, Culver City, CA, March 2009.
  • "Survey of IMS/VoIP Security Work", Agence Nationale de Reserche (ANR), Paris, France, February 2009.
  • "Simulating a Global Passive Adversary for Attacking Tor-like Anonymity Systems", National Institute for Advanced Industrial Science and Technology (AIST), Japan, November 2008.
  • "Denial of Service Attacks and Resilient Overlay Networks", ENISA-FORTH Summer School on Network & Information Security, Heraklion, Greece, September 2008.
  • "The Evolution of Computer Security: Attacks and Defenses", Onassis Foundation Lectures in Science, Heraklion, Greece, July 2008.
  • "von Neumann and the Current Computer Security Landscape", Onassis Foundation Lectures in Science, Heraklion, Greece, July 2008.
  • "Simulating a Global Passive Adversary for Attacking Tor-like Anonymity Systems", Institute of Computer Science/FORTH, Heraklion, Greece, July 2008.
  • "Self-healing Software Systems", Computer Science Department, Athens University of Economics and Business (AUEB), Athens, Greece, May 2008.
  • "Race to the bottom: Malicious Hardware", 1st FORWARD Invitational Workshop for Identifying Emerging Threats in Information and Communication Technology Infrastructures, Goteborg, Sweden, April 2008.
  • "SSARES: Secure Searchable Automated Remote Email Storage - A Usable, Secure Email System on a Remote Untrusted Server", NYC BSD Users Group (NYCBUG), New York, January 2008.
  • "Using Instruction Set Randomization, and its Limitations", AFOSR Invitational Workshop on Homogeneous Enclave Software vs. Heterogeneous Enclave Software, October 2007.
  • "Characterizing Self-healing Software Systems", 4th International Conference on Mathematical Methods, Models and Architectures for Computer Networks Security (MMM-ACNS), St. Petersburg, Russia, September 2007.
  • "Data Sanitization: Improving the Forensic Utility of Anomaly Detection Systems", Institute of Computer Science (ICS), Foundation of Research and Technology Hellas (FORTH), July 2007.
  • "Application Communities: A Collaborative Approach To Software Security", IBM Research, July 2007.
  • "The Role of Indirection and Diffusion in DDoS Defense", NSF Future Internet Network Design Working Meeting, June 2007.
  • "Self-Healing Software", National Institute of Advanced Industrial Science and Technology (AIST), Japan, April 2007.

Publications

(Student co-authors are underlined.)

Patents

  • "Methods and systems for repairing applications"
    Angelos D. Keromytis, Michael E. Locasto, and Stylianos Sidiroglou. U.S. Patent Number 7,490,268. Issued on February 10th 2009.
  • "System and method for microbilling using a trust management system"
    Matt Blaze, John Ioannidis, and Angelos D. Keromytis. U.S. Patent Number 6,789,068. Issued on September 7th 2004.
  • "Secure and reliable bootstrap architecture"
    William A. Arbaugh, David J. Farber, Angelos D. Keromytis, and Jonathan M. Smith. U.S. Patent Number 6,185,678. Issued on February 6th 2001.

Journal Publications

  1. "On the Infeasibility of Modeling Polymorphic Shellcode: Re-thinking the Role of Learning in Intrusion Detection Systems"
    Yingbo Song, Michael E. Locasto, Angelos Stavrou, Angelos D. Keromytis, and Salvatore J. Stolfo. To appear in the Machine Learning Journal (MLJ).
  2. "A Market-based Bandwidth Charging Framework"
    David Michael Turner, Vassilis Prevelakis, and Angelos D. Keromytis. To appear in the ACM Transactions on Internet Technology (ToIT).
  3. "On The General Applicability of Instruction-Set Randomization"
    Stephen W. Boyd, Gaurav S. Kc, Michael E. Locasto, Angelos D. Keromytis, and Vassilis Prevelakis. To appear in IEEE Transactions on Dependable and Secure Computing (TDSC).
  4. "Designing Host and Network Sensors to Mitigate the Insider Threat"
    Brian M. Bowen, Malek Ben Salem, Shlomo Hershkop, Angelos D. Keromytis, and Salvatore J. Stolfo. To appear in the IEEE Security & Privacy Magazine.
  5. "Elastic Block Ciphers: Method, Security and Instantiations"
    Debra L. Cook, Moti Yung, and Angelos D. Keromytis. In Springer International Journal of Information Security (IJIS), vol 8, no. 3, pp 211 - 231, June 2009.
  6. "On the Deployment of Dynamic Taint Analysis for Application Communities"
    Hyung Chan Kim and Angelos D. Keromytis. In IEICE Transactions, vol. E92-D, no. 3, pp. 548 - 551, March 2009.
  7. "Dynamic Trust Management"
    Matt Blaze, Sampath Kannan, Insup Lee, Oleg Sokolsky, Jonathan M. Smith, Angelos D. Keromytis, and Wenke Lee. In IEEE Computer Magazine, vol. 42, no. 2, pp. 44 - 52, February 2009.
  8. "Randomized Instruction Sets and Runtime Environments: Past Research and Future Directions"
    Angelos D. Keromytis. In IEEE Security & Privacy Magazine, vol. 7, no. 1, pp. 18 - 25, January/February 2009.
  9. "Anonymity in Wireless Broadcast Networks"
    Matt Blaze, John Ioannidis, Angelos D. Keromytis, Tal Malkin, and Avi Rubin. In International Journal of Network Security (IJNS), vol. 8, no. 1, pp. 37 - 51, January 2009.
  10. "Decentralized Access Control in Networked File Systems"
    Stefan Miltchev, Jonathan M. Smith, Vassilis Prevelakis, Angelos D. Keromytis, and Sotiris Ioannidis. In ACM Computing Surveys, vol. 40, no. 3, pp. 10:1 - 10:30, August 2008.
  11. "Robust Reactions to Potential Day-Zero Worms through Cooperation and Validation"
    Kostas G. Anagnostakis, Michael Greenwald, Sotiris Ioannidis, and Angelos D. Keromytis. In Springer International Journal of Information Security (IJIS), ISC 2006 Special Issue, vol.6, no. 6, pp. 361 - 378, October 2007. (Extended version of the ISC 2006 paper.)
  12. "Requirements for Scalable Access Control and Security Management Architectures"
    Angelos D. Keromytis and Jonathan M. Smith. In ACM Transactions on Internet Technology (ToIT), vol. 7, no. 2, pp. 1 - 22, May 2007.
  13. "Virtual Private Services: Coordinated Policy Enforcement for Distributed Applications"
    Sotiris Ioannidis, Steven M. Bellovin, John Ioannidis, Angelos D. Keromytis, Kostas G. Anagnostakis, and Jonathan M. Smith. In International Journal of Network Security (IJNS), vol. 4, no. 1, pp. 69 - 80, January 2007.
  14. "Countering DDoS Attacks with Multi-path Overlay Networks"
    Angelos Stavrou and Angelos D. Keromytis. In Information Assurance Technology Analysis Center (IATAC) Information Assurance Newsletter (IAnewsletter), vol. 9, no. 3, pp. 26 - 30, Winter 2006. (Invited paper, based on the CCS 2005 paper.)
  15. "Conversion Functions for Symmetric Key Ciphers"
    Debra L. Cook and Angelos D. Keromytis. In Journal of Information Assurance and Security (JIAS), vol. 1, no. 2, pp. 119 - 128, June 2006. (Extended version of the IAS 2005 paper.)
  16. "Execution Transactions for Defending Against Software Failures: Use and Evaluation"
    Stelios Sidiroglou and Angelos D. Keromytis. In Springer International Journal of Information Security (IJIS), vol. 5, no. 2, pp. 77 - 91, April 2006. (Extended version of the ISC 2005 paper.)
  17. "Worm Propagation Strategies in an IPv6 Internet"
    Steven M. Bellovin, Bill Cheswick, and Angelos D. Keromytis. In USENIX ;login, vol. 31, no. 1, pp. 70 - 76, February 2006.
  18. "Cryptography As An Operating System Service: A Case Study"
    Angelos D. Keromytis, Theo de Raadt, Jason Wright, and Matthew Burnside. In ACM Transactions on Computer Systems (ToCS), vol. 24, no. 1, pp. 1 - 38, February 2006. (Extended version of USENIX Technical 2003 paper.)
  19. "Countering Network Worms Through Automatic Patch Generation"
    Stelios Sidiroglou and Angelos D. Keromytis. In IEEE Security & Privacy, vol. 3, no. 6, pp. 41 - 49, November/December 2005.
  20. "WebSOS: An Overlay-based System For Protecting Web Servers From Denial of Service Attacks"
    Angelos Stavrou, Debra L. Cook, William G. Morein, Angelos D. Keromytis, Vishal Misra, and Dan Rubenstein. In Elsevier Journal of Computer Networks, special issue on Web and Network Security, vol. 48, no. 5, pp. 781 - 807, August 2005. (Extended version of the CCS 2003 paper.)
  21. "Hardware Support For Self-Healing Software Services"
    Stelios Sidiroglou, Michael E. Locasto, and Angelos D. Keromytis. In ACM SIGARCH Computer Architecture News, Special Issue on Workshop on Architectural Support for Security and Anti-Virus (WASSA), vol. 33, no. 1, pp. 42 - 47, March 2005. Also appeared in the Proceedings of the Workshop on Architectural Support for Security and Anti-Virus (WASSA), held in conjunction with the 11th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS-XI), pp. 37 - 43. October 2004, Boston, MA.
  22. "The Case For Crypto Protocol Awareness Inside The OS Kernel"
    Matthew Burnside and Angelos D. Keromytis. In ACM SIGARCH Computer Architecture News, Special Issue on Workshop on Architectural Support for Security and Anti-Virus (WASSA), vol. 33, no. 1, pp. 58 - 64, March 2005. Also appeared in the Proceedings of the Workshop on Architectural Support for Security and Anti-Virus (WASSA), held in conjunction with the 11th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS-XI), pp. 54 - 60. October 2004, Boston, MA.
  23. "Patch-on-Demand Saves Even More Time?"
    Angelos D. Keromytis. In IEEE Computer, vol. 37, no. 8, pp. 94 - 96, August 2004.
  24. "Just Fast Keying: Key Agreement In A Hostile Internet"
    William Aiello, Steven M. Bellovin, Matt Blaze, Ran Canetti, John Ioannidis, Angelos D. Keromytis, and Omer Reingold. In ACM Transactions on Information and System Security (TISSEC), vol. 7, no. 2, pp. 1 - 32, May 2004. (Extended version of the CCS 2002 paper.)
  25. "SOS: An Architecture for Mitigating DDoS Attacks"
    Angelos D. Keromytis, Vishal Misra, and Dan Rubenstein. In IEEE Journal on Selected Areas in Communications (JSAC), special issue on Recent Advances in Service Overlay Networks, vol. 22, no. 1, pp. 176 - 188, January 2004. (Extended version of the SIGCOMM 2002 paper.)
  26. "A Secure PLAN"
    Michael Hicks, Angelos D. Keromytis, and Jonathan M. Smith. In IEEE Transactions on Systems, Man, and Cybernetics (T-SMC) Part C: Applications and Reviews, Special issue on technologies promoting computational intelligence, openness and programmability in networks and Internet services: Part I, vol. 33, no. 3, pp. 413 - 426, August 2003. (Extended version of the DANCE 2002 paper.)
  27. "Drop-in Security for Distributed and Portable Computing Elements"
    Vassilis Prevelakis and Angelos D. Keromytis. In MCB Press Emerald Journal of Internet Research: Electronic Networking, Applications and Policy, vol. 13, no. 2, pp. 107 - 115, 2003. (Extended version of the INC 2002 paper.)
  28. "Trust Management for IPsec"
    Matt Blaze, John Ioannidis, and Angelos D. Keromytis. In ACM Transactions on Information and System Security (TISSEC), vol. 5, no. 2, pp. 1 - 24, May 2002. (Extended version of the NDSS 2001 paper.)
  29. "The Price of Safety in an Active Network"
    D. Scott Alexander, Paul B. Menage, Angelos D. Keromytis, William A. Arbaugh, Kostas G. Anagnostakis, and Jonathan M. Smith. In Journal of Communications and Networks (JCN), special issue on programmable switches and routers, vol. 3, no. 1, pp. 4 - 18, March 2001. Older versions are available as University of Pennsylvania Technical Report MS-CIS-99-04 and University of Pennsylvania Technical Report MS-CIS-98-02.
  30. "Secure Quality of Service Handling (SQoSH)"
    D. Scott Alexander, William A. Arbaugh, Angelos D. Keromytis, Steve Muir, and Jonathan M. Smith. In IEEE Communications Magazine, vol. 38, no. 4, pp. 106 - 112, April 2000. An older version is available as University of Pennsylvania Technical Report MS-CIS-99-05.
  31. "Safety and Security of Programmable Network Infrastructures"
    D. Scott Alexander, William A. Arbaugh, Angelos D. Keromytis, and Jonathan M. Smith. In IEEE Communications Magazine, issue on Programmable Networks, vol. 36, no. 10, pp. 84 - 92, October 1998.
  32. "A Secure Active Network Environment Architecture"
    D. Scott Alexander, William A. Arbaugh, Angelos D. Keromytis, and Jonathan M. Smith. In IEEE Network Magazine, special issue on Active and Controllable Networks, vol. 12, no. 3, pp. 37 - 45, May/June 1998.
  33. "The SwitchWare Active Network Architecture"
    D. Scott Alexander, William A. Arbaugh, Michael Hicks, Pankaj Kakkar, Angelos D. Keromytis, Jonathan T. Moore, Carl A. Gunter, Scott M. Nettles, and Jonathan M. Smith. In IEEE Network Magazine, special issue on Active and Programmable Networks, vol. 12, no. 3, pp. 29 - 36, May/June 1998.

Peer-Reviewed Conference Proceedings

  1. "BARTER: Behavior Profile Exchange for Behavior-Based Admission and Access Control in MANETs"
    Vanessa Frias-Martinez, Salvatore J. Stolfo, and Angelos D. Keromytis. To appear in the Proceedings of the 5th International Conference on Information Systems Security (ICISS). December 2009, Kolkata, India. (Acceptance rate: 19.8%)
  2. "A Survey of Voice Over IP Security Research"
    Angelos D. Keromytis. To appear in the Proceedings of the 5th International Conference on Information Systems Security (ICISS), pp. 1 - 17. December 2009, Kolkata, India. (Invited paper)
  3. "A Network Access Control Mechanism Based on Behavior Profiles"
    Vanessa Frias-Martinez, Joseph Sherrick, Salvatore J. Stolfo, and Angelos D. Keromytis. To appear in the Proceedings of the 25th Annual Computer Security Applications Conference (ACSAC). December 2009, Honolulu, HI.
  4. "Gone Rogue: An Analysis of Rogue Security Software Campaigns"
    Marco Cova, Corrado Leita, Olivier Thonnard, Angelos D. Keromytis, and Marc Dacier. To appear in the Proceedings of the 5th European Conference on Computer Network Defense (EC2ND). November 2009, Milan, Italy. (Invited paper)
  5. "Baiting Inside Attackers Using Decoy Documents"
    Brian M. Bowen, Shlomo Hershkop, Angelos D. Keromytis, and Salvatore J. Stolfo. In Proceedings of the 5th International ICST Conference on Security and Privacy in Communication Networks (SecureComm). September 2009, Athens, Greece. (Acceptance rate: 25.3%)
  6. "Deny-by-Default Distributed Security Policy Enforcement in Mobile Ad Hoc Networks (Short Paper)"
    Mansoor Alicherry, Angelos D. Keromytis, and Angelos Stavrou. In Proceedings of the 5th International ICST Conference on Security and Privacy in Communication Networks (SecureComm). September 2009, Athens, Greece. (Acceptance rate: 34.7%)
  7. "Adding Trust to P2P Distribution of Paid Content"
    Alex Sherman, Angelos Stavrou, Jason Nieh, Angelos D. Keromytis, and Clifford Stein. In Proceedings of the 12th Information Security Conference (ISC), pp. 459 - 474. September 2009, Pisa, Italy. (Acceptance rate: 27.6%)
  8. "A2M: Access-Assured Mobile Desktop Computing"
    Angelos Stavrou, Ricardo A. Baratto, Angelos D. Keromytis, and Jason Nieh. In Proceedings of the 12th Information Security Conference (ISC), pp. 186 - 201. September 2009, Pisa, Italy. (Acceptance rate: 27.6%)
  9. "F3ildCrypt: End-to-End Protection of Sensitive Information in Web Services"
    Matthew Burnside and Angelos D. Keromytis. In Proceedings of the 12th Information Security Conference (ISC), pp. 491 - 506. September 2009, Pisa, Italy. (Acceptance rate: 27.6%)
  10. "DoubleCheck: Multi-path Verification Against Man-in-the-Middle Attacks"
    Mansoor Alicherry and Angelos D. Keromytis. In Proceedings of the IEEE Symposium on Computers and Communications (ISCC), pp. 557 - 563. July 2009, Sousse, Tunisia. (Acceptance rate: 36%)
  11. "Voice over IP: Risks, Threats and Vulnerabilities"
    Angelos D. Keromytis. In Proceedings (electronic) of the Cyber Infrastructure Protection (CIP) Conference. June 2009, New York, NY. (Invited paper)
  12. "Capturing Information Flow with Concatenated Dynamic Taint Analysis"
    Hyung Chan Kim, Angelos D. Keromytis, Michael Covington, and Ravi Sahita. In Proceedings of the 4th International Conference on Availability, Reliability and Security (ARES), pp. 355 - 362. March 2009, Fukuoka, Japan. (Acceptance rate: 25%)
  13. "ASSURE: Automatic Software Self-healing Using REscue points"
    Stelios Sidiroglou, Oren Laadan, Nico Viennot, Carlos-René Pérez, Angelos D. Keromytis, and Jason Nieh. In Proceedings of the 14th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), pp. 37 - 48. March 2009, Washington, DC. (Acceptance Rate: 25.6%)
  14. "Spectrogram: A Mixture-of-Markov-Chains Model for Anomaly Detection in Web Traffic"
    Yingbo Song, Angelos D. Keromytis, and Salvatore J. Stolfo. In Proceedings of the 16th Internet Society (ISOC) Symposium on Network and Distributed Systems Security (SNDSS), pp. 121 - 135. February 2009, San Diego, CA. (Acceptance Rate: 11.7%)
  15. "Constructing Variable-Length PRPs and SPRPs from Fixed-Length PRPs"
    Debra L. Cook, Moti Yung, and Angelos D. Keromytis. In Proceedings of the 4th International Conference on Information Security and Cryptology (Inscrypt), pp. 157 - 180. December 2008, Beijing, China. (Acceptance rate: 17.5%)
  16. "Behavior-Profile Clustering for False Alert Reduction in Anomaly Detection Sensors"
    Vanessa Frias-Martinez, Salvatore J. Stolfo, and Angelos D. Keromytis. In Proceedings of the 24th Annual Computer Security Applications Conference (ACSAC), pp. 367 - 376. December 2008, Anaheim, CA. (Acceptance rate: 24.2%)
  17. "Authentication on Untrusted Remote Hosts with Public-key Sudo"
    Matthew Burnside, Mack Lu, and Angelos D. Keromytis. In Proceedings of the 22nd USENIX Large Installation Systems Administration (LISA) Conference, pp. 103 - 107. November 2008, San Diego, CA.
  18. "Behavior-Based Network Access Control: A Proof-of-Concept"
    Vanessa Frias-Martinez, Salvatore J. Stolfo, and Angelos D. Keromytis. In Proceedings of the 11th Information Security Conference (ISC), pp. 175 - 190. Taipei, Taiwan, September 2008. (Acceptance rate: 23.9%)
  19. "Path-based Access Control for Enterprise Networks"
    Matthew Burnside and Angelos D. Keromytis. In Proceedings of the 11th Information Security Conference (ISC), pp. 191 - 203. Taipei, Taiwan, September 2008. (Acceptance rate: 23.9%)
  20. "Methods for Linear and Differential Cryptanalysis of Elastic Block Ciphers"
    Debra L. Cook, Moti Yung, and Angelos D. Keromytis. In Proceedings of the 13th Australasian Conference on Information Security and Privacy (ACISP), pp. 187 - 202. July 2008, Wollongong, Australia.(Acceptance rate: 29.7%)
  21. "Pushback for Overlay Networks: Protecting against Malicious Insiders"
    Angelos Stavrou, Michael E. Locasto, and Angelos D. Keromytis. In Proceedings of the 6th International Conference on Applied Cryptography and Network Security (ACNS), pp 39 - 54. June 2008, New York, NY. (Acceptance rate: 22.9%)
  22. "Casting out Demons: Sanitizing Training Data for Anomaly Sensors"
    Gabriela F. Cretu, Angelos Stavrou, Michael E. Locasto, Salvatore J. Stolfo, and Angelos D. Keromytis. In Proceedings of the IEEE Symposium on Security & Privacy, pp. 81 - 95. May 2008, Oakland, CA. (Acceptance Rate: 11.2%)
  23. "Taming the Devil: Techniques for Evaluating Anonymized Network Data"
    Scott E. Coull, Charles V. Wright, Angelos D. Keromytis, Fabian Monrose, and Michael K. Reiter. In Proceedings of the 15th Internet Society (ISOC) Symposium on Network and Distributed Systems Security (SNDSS), pp. 125 - 135. February 2008, San Diego, CA. (Acceptance Rate: 17.8%)
  24. "SSARES: Secure Searchable Automated Remote Email Storage"
    Adam J. Aviv, Michael E. Locasto, Shaya Potter, and Angelos D. Keromytis. In Proceedings of the 23rd Annual Computer Security Applications Conference (ACSAC), pp. 129 - 138. December 2007, Miami Beach, FL. (Acceptance rate: 22%)
  25. "On the Infeasibility of Modeling Polymorphic Shellcode"
    Yingbo Song, Michael E. Locasto, Angelos Stavrou, Angelos D. Keromytis, and Salvatore J. Stolfo. In Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS), pp. 541 - 551. October/November 2007, Alexandria, VA. (Acceptance rate: 18.1%)
  26. "Defending Against Next Generation Attacks Through Network/Endpoint Collaboration and Interaction"
    Spiros Antonatos, Michael E. Locasto, Stelios Sidiroglou, Angelos D. Keromytis, and Evangelos Markatos. In Proceedings of the 3rd European Conference on Computer Network Defense (EC2ND). October 2007, Heraclion, Greece. (Invited paper)
  27. "Elastic Block Ciphers in Practice: Constructions and Modes of Encryption"
    Debra L. Cook, Moti Yung, and Angelos D. Keromytis. In Proceedings of the 3rd European Conference on Computer Network Defense (EC2ND). October 2007, Heraclion, Greece.
  28. "The Security of Elastic Block Ciphers Against Key-Recovery Attacks"
    Debra L. Cook, Moti Yung, and Angelos D. Keromytis. In Proceedings of the 10th Information Security Conference (ISC), pp. 89 - 103. Valparaiso, Chile, October 2007. (Acceptance rate: 25%)
  29. "Characterizing Self-healing Software Systems"
    Angelos D. Keromytis. In Proceedings of the 4th International Conference on Mathematical Methods, Models and Architectures for Computer Networks Security (MMM-ACNS), pp. 22 - 33. September 2007, St. Petersburg, Russia. (Invited paper)
  30. "A Study of Malcode-Bearing Documents"
    Wei-Jen Li, Salvatore J. Stolfo, Angelos Stavrou, Elli Androulaki, and Angelos D. Keromytis. In Proceedings of the 4th GI International Conference on Detection of Intrusions & Malware, and Vulnerability Assessment (DIMVA), pp. 231 - 250. July 2007, Lucerne, Switzerland. (Acceptance rate: 21%)
  31. "From STEM to SEAD: Speculative Execution for Automated Defense"
    Michael E. Locasto, Angelos Stavrou, Gabriela F. Cretu, and Angelos D. Keromytis. In Proceedings of the USENIX Annual Technical Conference, pp. 219 - 232. June 2007, Santa Clara, CA. (Acceptance rate: 18.75%)
  32. "Using Rescue Points to Navigate Software Recovery (Short Paper)"
    Stelios Sidiroglou, Oren Laadan, Angelos D. Keromytis, and Jason Nieh. In Proceedings of the IEEE Symposium on Security & Privacy, pp. 273 - 278. May 2007, Oakland, CA. (Acceptance rate: 8.3%)
  33. "Mediated Overlay Services (MOSES): Network Security as a Composable Service"
    Stelios Sidiroglou, Angelos Stavrou, and Angelos D. Keromytis. In Proceedings of the IEEE Sarnoff Symposium. May 2007, Princeton, NJ. (Invited paper)
  34. "Elastic Block Ciphers: The Basic Design"
    Debra L. Cook, Moti Yung, and Angelos D. Keromytis. In Proceedings of the 2nd ACM Symposium on InformAtion, Computer and Communications Security (ASIACCS), pp. 350 - 355. March 2007, Singapore.
  35. "Robust Reactions to Potential Day-Zero Worms through Cooperation and Validation"
    Kostas G. Anagnostakis, Michael B. Greenwald, Sotiris Ioannidis, and Angelos D. Keromytis. In Proceedings of the 9th Information Security Conference (ISC), pp. 427 - 442. August/September 2006, Samos, Greece. (Acceptance rate: 20.2%)
  36. "Low Latency Anonymity with Mix Rings"
    Matthew Burnside and Angelos D. Keromytis. In Proceedings of the 9th Information Security Conference (ISC), pp. 32 - 45. August/September 2006, Samos, Greece. (Acceptance rate: 20.2%)
  37. "W3Bcrypt: Encryption as a Stylesheet"
    Angelos Stavrou, Michael E. Locasto, and Angelos D. Keromytis. In Proceedings of the 4th International Conference on Applied Cryptography and Network Security (ACNS), pp. 349 - 364. June 2006, Singapore.
  38. "Software Self-Healing Using Collaborative Application Communities"
    Michael E. Locasto, Stelios Sidiroglou, and Angelos D. Keromytis. In Proceedings of the 13th Internet Society (ISOC) Symposium on Network and Distributed Systems Security (SNDSS), pp. 95 - 106. February 2006, San Diego, CA. (Acceptance Rate: 13.6%)
  39. "Remotely Keyed Cryptographics: Secure Remote Display Access Using (Mostly) Untrusted Hardware"
    Debra L. Cook, Ricardo A. Baratto, and Angelos D. Keromytis. In Proceedings of the 7th International Conference on Information and Communications Security (ICICS), pp. 363 - 375. December 2005, Beijing, China. (Acceptance rate: 17.4%)
  40. "e-NeXSh: Achieving an Effectively Non-Executable Stack and Heap via System-Call Policing"
    Gaurav S. Kc and Angelos D. Keromytis. In Proceedings of the 21st Annual Computer Security Applications Conference (ACSAC), pp. 259 - 273. December 2005, Tucson, AZ. (Acceptance rate: 19.6%)
  41. "Action Amplification: A New Approach To Scalable Administration"
    Kostas G. Anagnostakis and Angelos D. Keromytis. In Proceedings of the 13th IEEE International Conference on Networks (ICON), vol. 2, pp. 862 - 867. November 2005, Kuala Lumpur, Malaysia.
  42. "A Repeater Encryption Unit for IPv4 and IPv6"
    Norimitsu Nagashima and Angelos D. Keromytis. In Proceedings of the 13th IEEE International Conference on Networks (ICON), vol. 1, pp. 335 - 340. November 2005, Kuala Lumpur, Malaysia.
  43. "Countering DoS Attacks With Stateless Multipath Overlays"
    Angelos Stavrou and Angelos D. Keromytis. In Proceedings of the 12th ACM Conference on Computer and Communications Security (CCS), pp. 249 - 259. November 2005, Alexandria, VA. (Acceptance rate: 15.2%)
  44. "A Dynamic Mechanism for Recovering from Buffer Overflow Attacks"
    Stelios Sidiroglou, Giannis Giovanidis, and Angelos D. Keromytis. In Proceedings of the 8th Information Security Conference (ISC), pp. 1 - 15. September 2005, Singapore. (Acceptance rate: 14%)
  45. "gore: Routing-Assisted Defense Against DDoS Attacks"
    Stephen T. Chou, Angelos Stavrou, John Ioannidis, and Angelos D. Keromytis. In Proceedings of the 8th Information Security Conference (ISC), pp. 179 - 193. September 2005, Singapore. (Acceptance rate: 14%)
  46. "FLIPS: Hybrid Adaptive Intrusion Prevention"
    Michael E. Locasto, Ke Wang, Angelos D. Keromytis, and Salvatore J. Stolfo. In Proceedings of the 8th International Symposium on Recent Advances in Intrusion Detection (RAID), pp. 82 - 101. September 2005, Seattle, WA. (Acceptance rate: 20.4%)
  47. "Detecting Targeted Attacks Using Shadow Honeypots"
    Kostas G. Anagnostakis, Stelios Sidiroglou, Periklis Akritidis, Konstantinos Xinidis, Evangelos Markatos, and Angelos D. Keromytis. In Proceedings of the 14th USENIX Security Symposium, pp. 129 - 144. August 2005, Baltimore, MD. (Acceptance rate: 14%)
  48. "The Bandwidth Exchange Architecture"
    David Michael Turner, Vassilis Prevelakis, and Angelos D. Keromytis. In Proceedings of the 10th IEEE Symposium on Computers and Communications (ISCC), pp. 939 - 944. June 2005, Cartagena, Spain.
  49. "An Email Worm Vaccine Architecture"
    Stelios Sidiroglou, John Ioannidis, Angelos D. Keromytis, and Salvatore J. Stolfo. In Proceedings of the 1st Information Security Practice and Experience Conference (ISPEC), pp. 97 - 108. April 2005, Singapore.
  50. "Building a Reactive Immune System for Software Services"
    Stelios Sidiroglou, Michael E. Locasto, Stephen W. Boyd, and Angelos D. Keromytis. In Proceedings of the USENIX Annual Technical Conference, pp. 149 - 161. April 2005, Anaheim, CA. (Acceptance rate: 20.3%)
  51. "Conversion and Proxy Functions for Symmetric Key Ciphers"
    Debra L. Cook and Angelos D. Keromytis. In Proceedings of the IEEE International Conference on Information Technology: Coding and Computing (ITCC), Information and Security (IAS) Track, pp. 662 - 667. April 2005, Las Vegas, NV.
  52. "The Effect of DNS Delays on Worm Propagation in an IPv6 Internet"
    Abhinav Kamra, Hanhua Feng, Vishal Misra, and Angelos D. Keromytis. In Proceedings of IEEE INFOCOM, vol. 4, pp. 2405 - 2414. March 2005, Miami, FL. (Acceptance rate: 17%)
  53. "MOVE: An End-to-End Solution To Network Denial of Service"
    Angelos Stavrou, Angelos D. Keromytis, Jason Nieh, Vishal Misra, and Dan Rubenstein. In Proceedings of the 12th Internet Society (ISOC) Symposium on Network and Distributed Systems Security (SNDSS), pp. 81 - 96. February 2005, San Diego, CA. (Acceptance rate: 12.9%)
  54. "CryptoGraphics: Secret Key Cryptography Using Graphics Cards"
    Debra L. Cook, John Ioannidis, Angelos D. Keromytis, and Jake Luck. In Proceedings of the RSA Conference, Cryptographer's Track (CT-RSA), pp. 334 - 350. February 2005, San Francisco, CA.
  55. "The Dual Receiver Cryptogram and Its Applications"
    Ted Diament, Homin K. Lee, Angelos D. Keromytis, and Moti Yung. In Proceedings of the 11th ACM Conference on Computer and Communications Security (CCS), pp. 330 - 343. October 2004, Washington, DC. (Acceptance rate: 13.9%)
  56. "Hydan: Hiding Information in Program Binaries"
    Rakan El-Khalil and Angelos D. Keromytis. In Proceedings of the 6th International Conference on Information and Communications Security (ICICS), pp. 187 - 199. October 2004, Malaga, Spain. (Acceptance rate: 16.9%)
  57. "Recursive Sandboxes: Extending Systrace To Empower Applications"
    Aleksey Kurchuk and Angelos D. Keromytis. In Proceedings of the 19th IFIP International Information Security Conference (SEC), pp. 473 - 487. August 2004, Toulouse, France. (Acceptance rate: 22%)
  58. "SQLrand: Preventing SQL Injection Attacks"
    Stephen W. Boyd and Angelos D. Keromytis. In Proceedings of the 2nd International Conference on Applied Cryptography and Network Security (ACNS), pp. 292 - 302. June 2004, Yellow Mountain, China. (Acceptance rate: 12.1%)
  59. "CamouflageFS: Increasing the Effective Key Length in Cryptographic Filesystems on the Cheap"
    Michael E. Locasto and Angelos D. Keromytis. In Proceedings of the 2nd International Conference on Applied Cryptography and Network Security (ACNS), pp. 1 - 15. June 2004, Yellow Mountain, China. (Acceptance rate: 12.1%)
  60. "A Pay-per-Use DoS Protection Mechanism For The Web"
    Angelos Stavrou, John Ioannidis, Angelos D. Keromytis, Vishal Misra, and Dan Rubenstein. In Proceedings of the 2nd International Conference on Applied Cryptography and Network Security (ACNS), pp. 120 - 134. June 2004, Yellow Mountain, China. (Acceptance rate: 12.1%)
  61. "Dealing with System Monocultures"
    Angelos D. Keromytis and Vassilis Prevelakis. In Proceedings (electronic) of the NATO Information Systems Technology (IST) Panel Symposium on Adaptive Defense in Unclassified Networks. April 2004, Toulouse, France.
  62. "Managing Access Control in Large Scale Heterogeneous Networks"
    Angelos D. Keromytis, Kostas G. Anagnostakis, Sotiris Ioannidis, Michael Greenwald, and Jonathan M. Smith. In Proceedings (electronic) of the NATO NC3A Symposium on Interoperable Networks for Secure Communications (INSC). November 2003, The Hague, Netherlands.
  63. "Countering Code-Injection Attacks With Instruction-Set Randomization"
    Gaurav S. Kc, Angelos D. Keromytis, and Vassilis Prevelakis. In Proceedings of the 10th ACM International Conference on Computer and Communications Security (CCS), pp. 272 - 280. October 2003, Washington, DC. (Acceptance rate: 13.8%)
  64. "Using Graphic Turing Tests to Counter Automated DDoS Attacks Against Web Servers"
    William G. Morein, Angelos Stavrou, Debra L. Cook, Angelos D. Keromytis, Vishal Misra, and Dan Rubenstein. In Proceedings of the 10th ACM International Conference on Computer and Communications Security (CCS), pp. 8 - 19. October 2003, Washington, DC. (Acceptance rate: 13.8%)
  65. "EasyVPN: IPsec Remote Access Made Easy"
    Mark C. Benvenuto and Angelos D. Keromytis. In Proceedings of the 17th USENIX Large Installation Systems Administration (LISA) Conference, pp. 87 - 93. October 2003, San Diego, CA. (Acceptance rate: 25%)
  66. "A Cooperative Immunization System for an Untrusting Internet"
    Kostas G. Anagnostakis, Michael B. Greenwald, Sotiris Ioannidis, Angelos D. Keromytis, and Dekai Li. In Proceedings of the 11th IEEE International Conference on Networks (ICON), pp. 403 - 408. September/October 2003, Sydney, Australia.
  67. "Accelerating Application-Level Security Protocols"
    Matthew Burnside and Angelos D. Keromytis. In Proceedings of the 11th IEEE International Conference on Networks (ICON), pp. 313 - 318. September/October 2003, Sydney, Australia.
  68. "WebSOS: Protecting Web Servers From DDoS Attacks"
    Debra L. Cook, William G. Morein, Angelos D. Keromytis, Vishal Misra, and Dan Rubenstein. In Proceedings of the 11th IEEE International Conference on Networks (ICON), pp. 455 - 460. September/October 2003, Sydney, Australia.
  69. "TAPI: Transactions for Accessing Public Infrastructure"
    Matt Blaze, John Ioannidis, Sotiris Ioannidis, Angelos D. Keromytis, Pekka Nikander, and Vassilis Prevelakis. In Proceedings of the 8th IFIP Personal Wireless Communications (PWC) Conference, pp. 90 - 100. September 2003, Venice, Italy.
  70. "Tagging Data In The Network Stack: mbuf_tags"
    Angelos D. Keromytis. In Proceedings of the USENIX BSD Conference (BSDCon), pp. 125 - 131. September 2003, San Mateo, CA.
  71. "The Design of the OpenBSD Cryptographic Framework"
    Angelos D. Keromytis, Jason L. Wright, and Theo de Raadt. In Proceedings of the USENIX Annual Technical Conference, pp. 181 - 196. June 2003, San Antonio, TX. (Acceptance rate: 23%)
  72. "Secure and Flexible Global File Sharing"
    Stefan Miltchev, Vassilis Prevelakis, Sotiris Ioannidis, John Ioannidis, Angelos D. Keromytis, and Jonathan M. Smith. In Proceedings of the USENIX Annual Technical Conference, Freenix Track, pp. 165 - 178. June 2003, San Antonio, TX.
  73. "Experience with the KeyNote Trust Management System: Applications and Future Directions"
    Matt Blaze, John Ioannidis, and Angelos D. Keromytis. In Proceedings of the 1st International Conference on Trust Management, pp. 284 - 300. May 2003, Heraclion, Greece.
  74. "The STRONGMAN Architecture"
    Angelos D. Keromytis, Sotiris Ioannidis, Michael B. Greenwald, and Jonathan M. Smith. In Proceedings of the 3rd DARPA Information Survivability Conference and Exposition (DISCEX III), volume 1, pp. 178 - 188. April 2003, Washington, DC.
  75. "Efficient, DoS-Resistant, Secure Key Exchange for Internet Protocols"
    William Aiello, Steven M. Bellovin, Matt Blaze, Ran Canetti, John Ioannidis, Angelos D. Keromytis, and Omer Reingold. In Proceedings of the 9th ACM International Conference on Computer and Communications Security (CCS), pp. 48 - 58. November 2002, Washington, DC. (Acceptance rate: 17.6%)
  76. "Secure Overlay Services"
    Angelos D. Keromytis, Vishal Misra, and Dan Rubenstein. In Proceedings of the ACM SIGCOMM Conference, pp. 61 - 72. August 2002, Pittsburgh, PA. Also available through the ACM Computer Communications Review (SIGCOMM Proceedings), vol. 32, no. 4, October 2002. (Acceptance rate: 8.3%)
  77. "Using Overlays to Improve Network Security"
    Angelos D. Keromytis, Vishal Misra, and Dan Rubenstein. In Proceedings of the ITCom Conference, special track on Scalability and Traffic Control in IP Networks, pp. 245 - 254. July/August 2002, Boston, MA. (Invited paper)
  78. "Designing an Embedded Firewall/VPN Gatweway"
    Vassilis Prevelakis and Angelos D. Keromytis. In Proceedings of the International Network Conference (INC), pp. 313 - 322. July 2002, Plymouth, England. (Best Paper Award)
  79. "A Study of the Relative Costs of Network Security Protocols"
    Stefan Miltchev, Sotiris Ioannidis, and Angelos D. Keromytis. In Proceedings of the USENIX Annual Technical Conference, Freenix Track, pp. 41 - 48. June 2002, Monterey, CA.
  80. "A Secure Plan (Extended Version)"
    Michael W. Hicks, Angelos D. Keromytis, and Jonathan M. Smith. In Proceedings of the DARPA Active Networks Conference and Exposition (DANCE), pp. 224 - 237. May 2002, San Francisco, CA. (Extended version of the paper IWAN 1999 paper.)
  81. "Fileteller: Paying and Getting Paid for File Storage"
    John Ioannidis, Sotiris Ioannidis, Angelos D. Keromytis, and Vassilis Prevelakis. In Proceedings of the 6th Financial Cryptography (FC) Conference, pp. 282 - 299. March 2002, Bermuda. (Acceptance rate: 25.6%)
  82. "Offline Micropayments without Trusted Hardware"
    Matt Blaze, John Ioannidis, and Angelos D. Keromytis. In Proceedings of the 5th Financial Cryptography (FC) Conference, pp. 21 - 40. February 2001, Cayman Islands.
  83. "Trust Management for IPsec"
    Matt Blaze, John Ioannidis, and Angelos D. Keromytis. In Proceedings of the 8th Internet Society (ISOC) Symposium on Network and Distributed Systems Security (SNDSS) , pp. 139 - 151. February 2001, San Diego, CA. (Acceptance rate: 24%)
  84. "Implementing a Distributed Firewall"
    Sotiris Ioannidis, Angelos D. Keromytis, Steven M. Bellovin, and Jonathan M. Smith. In Proceedings of the 7th ACM International Conference on Computer and Communications Security (CCS), pp. 190 - 199. November 2000, Athens, Greece. (Acceptance rate: 21.4%)
  85. "Implementing Internet Key Exchange (IKE)"
    Niklas Hallqvist and Angelos D. Keromytis. In Proceedings of the USENIX Annual Technical Conference, Freenix Track, pp. 201 - 214. June 2000, San Diego, CA.
  86. "Transparent Network Security Policy Enforcement"
    Angelos D. Keromytis and Jason Wright. In Proceedings of the USENIX Annual Technical Conference, Freenix Track, pp. 215 - 226. June 2000, San Diego, CA.
  87. "Cryptography in OpenBSD: An Overview"
    Theo de Raadt, Niklas Hallqvist, Artur Grabowski, Angelos D. Keromytis, and Niels Provos. In Proceedings of the USENIX Annual Technical Conference, Freenix Track, pp. 93 - 101. June 1999, Monterey, CA.
  88. "DHCP++: Applying an efficient implementation method for fail-stop cryptographic protocols"
    William A. Arbaugh, Angelos D. Keromytis, and Jonathan M. Smith. In Proceedings of the IEEE Global Internet (GlobeCom), pp. 59 - 65. November 1998, Sydney, Australia.
  89. "Automated Recovery in a Secure Bootstrap Process"
    William A. Arbaugh, Angelos D. Keromytis, David J. Farber, and Jonathan M. Smith. In Proceedings of the 5th Internet Society (ISOC) Symposium on Network and Distributed System Security (SNDSS), pp. 155 - 167. March 1998, San Diego, CA. An older version is available as University of Pennsylvania Technical Report MS-CIS-97-13.
  90. "Implementing IPsec"
    Angelos D. Keromytis, John Ioannidis, and Jonathan M. Smith. In Proceedings of the IEEE Global Internet (GlobeCom), pp. 1948 - 1952. November 1997, Phoenix, AZ.

Books/Book Chapters

  1. "Network Bandwidth Denial of Service (DoS)"
    Angelos D. Keromytis. Encyclopedia of Cryptography and Security, 2nd Edition. Springer, 2010.
  2. Proceedings of the 2008 New Security Paradigms Workshop (NSPW)
    Angelos D. Keromytis (Editor), Anil Somayaji (Editor), and M. Hossain Heydari (Editor).
  3. Proceedings of the 6th International Conference on Applied Cryptography and Network Security (ACNS)
    Steven M. Bellovin (Editor), Rosario Gennaro (Editor), Angelos D. Keromytis (Editor), and Moti Yung (Editor). Lecture Notes in Computer Science (LNCS). Springer, 2008.
  4. "Insider Attack and Cyber Security: Beyond the Hacker"
    Salvatore J. Stolfo (Editor), Steven M. Bellovin (Editor), Angelos D. Keromytis (Editor), Sara Sinclair (Editor), and Sean W. Smith (Editor). Advances in Information Security Series, ISBN 978-0387773216. Springer, 2008.
  5. Proceedings of the 2007 New Security Paradigms Workshop (NSPW)
    Kostantin Beznosov (Editor), Angelos D. Keromytis (Editor), and M. Hossain Heydari (Editor).
  6. "The Case for Self-Healing Software"
    Angelos D. Keromytis. In Aspects of Network and Information Security: Proceedings NATO Advanced Studies Institute (ASI) on Network Security and Intrusion Detection, held in Nork, Yerevan, Armenia, October 2006, E. Haroutunian, E. Kranakis, and E. Shahbazian (editors). IOS Press, 2007. (By invitation, as part of the NATO ASI on Network Security, October 2005.)
  7. "Designing Firewalls: A Survey"
    Angelos D. Keromytis and Vassilis Prevelakis. In Network Security: Current Status and Future Directions, Christos Douligeris and Dimitrios N. Serpanos (editors), pp. 33 - 49. Wiley - IEEE Press, April 2007.
  8. "Composite Hybrid Techniques for Defending against Targeted Attacks"
    Stelios Sidiroglou and Angelos D. Keromytis. In Malware Detection, vol. 27 of Advances in Information Security Series, Mihai Christodorescu, Somesh Jha, Douglas Maughan, Dawn Song, and Cliff Wang (editors). Springer, October 2006. (By invitation, as part of the ARO/DHS 2005 Workshop on Malware Detection.)
  9. "Trusted computing platforms and secure Operating Systems"
    Angelos D. Keromytis. In Phishing and Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft, Markus Jakobsson and Steven Myers (editors), pp. 387 - 405. Wiley, 2006.
  10. "CryptoGraphics: Exploiting Graphics Cards for Security"
    Debra Cook and Angelos D. Keromytis. Advances in Information Security Series, ISBN 0-387-29015-X. Springer, 2006.
  11. Proceedings of the 3rd Workshop on Rapid Malcode (WORM)
    Angelos D. Keromytis (Editor). ACM Press, 2005.
  12. Proceedings of the 3rd International Conference on Applied Cryptography and Network Security (ACNS)
    John Ioannidis, Angelos D. Keromytis (Editor), and Moti Yung (Editor). Lecture Notes in Computer Science (LNCS) 3531. Springer, 2005.
  13. "Distributed Trust"
    John Ioannidis and Angelos D. Keromytis. In Practical Handbook of Internet Computing, Munindar Singh (editor), pp. 47/1 - 47/16. CRC Press, 2004.
  14. "Experiences Enhancing Open Source Security in the POSSE Project"
    Jonathan M. Smith, Michael B. Greenwald, Sotiris Ioannidis, Angelos D. Keromytis, Ben Laurie, Douglas Maughan, Dale Rahn, and Jason L. Wright. In Free/Open Source Software Development, Stefan Koch (editor), pp. 242 - 257. Idea Group Publishing, 2004. Also re-published in Global Information Technologies: Concepts, Methodologies, Tools, and Applications, Felix B. Tan (editor), pp. 1587 - 1598. Idea Group Publishing, 2007.
  15. "STRONGMAN: A Scalable Solution to Trust Management in Networks"
    Angelos D. Keromytis. Ph.D. Thesis, University of Pennsylvania, November 2001.
  16. "The Role of Trust Management in Distributed Systems Security"
    Matt Blaze, Joan Feigenbaum, John Ioannidis, and Angelos D. Keromytis. In Secure Internet Programming: Issues in Distributed and Mobile Object Systems, Jan Vitek and Christian Jensen (editors), pp. 185 - 210. Springer-Verlag Lecture Notes in Computer Science State-of-the-Art series, 1999.
  17. "Security in Active Networks"
    D. Scott Alexander, William A. Arbaugh, Angelos D. Keromytis, and Jonathan M. Smith. In Secure Internet Programming: Issues in Distributed and Mobile Object Systems, Jan Vitek and Christian Jensen (editors), pp. 433 - 451. Springer-Verlag Lecture Notes in Computer Science State-of-the-Art series, 1999.

Workshops

  1. "Evaluating a Collaborative Defense Architecture for MANETs"
    Mansoor Alicherry, Angelos Stavrou, and Angelos D. Keromytis. To appear in Proceedings of the IEEE Workshop on Collaborative Security Technologies (CoSec).December 2009, Bangalore, India. (Acceptance rate: 17.2%)
  2. "Identifying Proxy Nodes in a Tor Anonymization Circuit"
    Sambuddho Chakravarty, Angelos Stavrou, and Angelos D. Keromytis. In Proceedings of the 2nd Workshop on Security and Privacy in Telecommunications and Information Systems (SePTIS), pp. 633 - 639. December 2008, Bali, Indonesia. (Acceptance rate: 37.5%)
  3. "Online Network Forensics for Automatic Repair Validation"
    Michael E. Locasto, Matthew Burnside, and Angelos D. Keromytis. In Proceedings of the 3rd International Workshop on Security (IWSEC), pp. 136 - 151. November 2008, Kagawa, Japan. (Acceptance rate: 19.1%)
  4. "Return Value Predictability for Self-Healing"
    Michael E. Locasto, Angelos Stavrou, Gabriela F. Cretu, Angelos D. Keromytis, and Salvatore J. Stolfo. In Proceedings of the 3rd International Workshop on Security (IWSEC), pp. 152 - 166. November 2008, Kagawa, Japan. (Acceptance rate: 19.1%)
  5. "Asynchronous Policy Evaluation and Enforcement"
    Matthew Burnside and Angelos D. Keromytis. In Proceedings of the 2nd Computer Security Architecture Workshop (CSAW), pp. 45 - 50. October 2008, Fairfax, VA.
  6. "Race to the bottom: Malicious Hardware"
    Angelos D. Keromytis, Simha Sethumadhavan, and Ken Shepard. In Proceedings of the 1st FORWARD Invitational Workshop for Identifying Emerging Threats in Information and Communication Technology Infrastructures. April 2008, Goteborg, Sweden. (Invited paper)
  7. "Arachne: Integrated Enterprise Security Management"
    Matthew Burnside and Angelos D. Keromytis. In Proceedings of the 8th Annual IEEE SMC Information Assurance Workshop (IAW), pp. 214 - 220. June 2007, West Point, NY.
  8. "Poster Paper: Band-aid Patching"
    Stelios Sidiroglou, Sotiris Ioannidis, and Angelos D. Keromytis. In Proceedings of the 3rd Workshop on Hot Topics in System Dependability (HotDep), pp. 102 - 106. June 2007, Edinburgh, UK.
  9. "Data Sanitization: Improving the Forensic Utility of Anomaly Detection Systems"
    Gabriela F. Cretu, Angelos Stavrou, Salvatore J. Stolfo, and Angelos D. Keromytis. In Proceedings of the 3rd Workshop on Hot Topics in System Dependability (HotDep), pp. 64 - 70. June 2007, Edinburgh, UK.
  10. "Bridging the Network Reservation Gap Using Overlays"
    Angelos Stavrou, David Michael Turner, Angelos D. Keromytis, and Vassilis Prevelakis. In Proceedings of the 1st Workshop on Information Assurance for Middleware Communications (IAMCOM), pp. 1 - 6. January 2007, Bangalore, India.
  11. "Next Generation Attacks on the Internet"
    Evangelos Markatos and Angelos D. Keromytis. In Proceedings (electronic) of the EU-US Summit Series on Cyber Trust: Workshop on System Dependability & Security, pp. 67 - 73. November 2006, Dublin, Ireland. (Invited paper)
  12. "Dark Application Communities"
    Michael E. Locasto, Angelos Stavrou, and Angelos D. Keromytis. In Proceedings of the New Security Paradigms Workshop (NSPW), pp. 11 - 18. September 2006, Schloss Dagstuhl, Germany.
  13. "Privacy as an Operating System Service"
    Sotiris Ioannidis, Stelios Sidiroglou, and Angelos D. Keromytis. In Proceedings (electronic) of the 1st Workshop on Hot Topics in Security (HotSec). July 2006, Vancouver, Canada.
  14. "PalProtect: A Collaborative Security Approach to Comment Spam"
    Benny Wong, Michael E. Locasto, and Angelos D. Keromytis. In Proceedings of the 7th Annual IEEE SMC Information Assurance Workshop (IAW), pp. 170 - 175. June 2006, West Point, NY.
  15. "Adding a Flow-Oriented Paradigm to Commodity Operating Systems"
    Christian Soviani, Stephen A. Edwards, and Angelos D. Keromytis. In Proceedings of the Workshop on Interaction between Operating System and Computer Architecture (IOSCA), held in conjunction with the IEEE International Symposium on Workload Characterization, pp. 1 - 6. October 2005, Austin, TX.
  16. "Speculative Virtual Verification: Policy-Constrained Speculative Execution"
    Michael E. Locasto, Stelios Sidiroglou, and Angelos D. Keromytis. In Proceedings of the New Security Paradigms Workshop (NSPW), pp. 119 - 124. September 2005, Lake Arrowhead, CA.
  17. "Application Communities: Using Monoculture for Dependability"
    Michael E. Locasto, Stelios Sidiroglou, and Angelos D. Keromytis. In Proceedings of the 1st Workshop on Hot Topics in System Dependability (HotDep), held in conjunction with the International Conference on Dependable Systems and Networks (DSN), pp. 288 - 292. June 2005, Yokohama, Japan.
  18. "Towards Collaborative Security and P2P Intrusion Detection"
    Michael E. Locasto, Janak Parekh, Angelos D. Keromytis, and Salvatore J. Stolfo. In Proceedings of the 6th Annual IEEE SMC Information Assurance Workshop (IAW), pp. 333 - 339. June 2005, West Point, NY.
  19. "FlowPuter: A Cluster Architecture Unifying Switch, Server and Storage Processing"
    Alfred V. Aho, Angelos D. Keromytis, Vishal Misra, Jason Nieh, Kenneth A. Ross, and Yechiam Yemini. In Proceedings of the 1st International Workshop on Data Processing and Storage Networking: towards Grid Computing (DPSN), pp. 2/1 - 2/7. May 2004, Athens, Greece.
  20. "One Class Support Vector Machines for Detecting Anomalous Windows Registry Accesses"
    Katherine Heller, Krysta Svore, Angelos D. Keromytis, and Salvatore J. Stolfo. In Proceedings of the ICDM Workshop on Data Mining for Computer Security, held in conjunction with the 3rd International IEEE Conference on Data Mining, pp. 2 - 9. November 2003, Melbourn, FL.
  21. "A Holistic Approach to Service Survivability"
    Angelos D. Keromytis, Janak Parekh, Philip N. Gross, Gail Kaiser, Vishal Misra, Jason Nieh, Dan Rubenstein, and Salvatore J. Stolfo. In Proceedings of the 1st ACM Workshop on Survivable and Self-Regenerative Systems (SSRS), held in conjunction with the 10th ACM International Conference on Computer and Communications Security (CCS), pp. 11 - 22. October 2003, Fairfax, VA.
  22. "High-Speed I/O: The Operating System As A Signalling Mechanism"
    Matthew Burnside and Angelos D. Keromytis. In Proceedings of the ACM SIGCOMM Workshop on Network-I/O Convergence: Experience, Lessons, Implications (NICELI), held in conjunction with the ACM SIGCOMM Conference, pp. 220 - 227. August 2003, Karlsruhe, Germany.
  23. "A Network Worm Vaccine Architecture"
    Stelios Sidiroglou and Angelos D. Keromytis. In Proceedings of the 12th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE), Workshop on Enterprise Security, pp. 220 - 225. June 2003, Linz, Austria.
  24. "Design and Implementation of Virtual Private Services"
    Sotiris Ioannidis, Steven M. Bellovin, John Ioannidis, Angelos D. Keromytis, and Jonathan M. Smith. In Proceedings of the 12th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE), Workshop on Enterprise Security, Special Session on Trust Management in Collaborative Global Computing, pp. 269 - 274. June 2003, Linz, Austria.
  25. "WebDAVA: An Administrator-Free Approach To Web File-Sharing"
    Alexander Levine, Vassilis Prevelakis, John Ioannidis, Sotiris Ioannidis, and Angelos D. Keromytis. In Proceedings of the 12th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE), Workshop on Distributed and Mobile Collaboration, pp. 59 - 64. June 2003, Linz, Austria.
  26. "Protocols for Anonymity in Wireless Networks"
    Matt Blaze, John Ioannidis, Angelos D. Keromytis, Tal Malkin, and Avi Rubin. In Proceedings of the 11th International Workshop on Security Protocols. April 2003, Cambridge, England.
  27. "xPF: Packet Filtering for Low-Cost Network Monitoring"
    Sotiris Ioannidis, Kostas G. Anagnostakis, John Ioannidis, and Angelos D. Keromytis. In Proceedings of the Workshop on High Performance Switching and Routing (HPSR), pp. 121 - 126. May 2002, Kobe, Japan.
  28. "Toward Understanding the Limits of DDoS Defenses"
    Matt Blaze, John Ioannidis, and Angelos D. Keromytis. In Proceedings of the 10th International Workshop on Security Protocols, Springer-Verlag Lecture Notes in Computer Science, vol. 2467. April 2002, Cambridge, England.
  29. "Toward A Unified View of Intrusion Detection and Security Policy"
    Matt Blaze, Angelos D. Keromytis, and Salvatore J. Stolfo. In Proceedings of the 10th International Workshop on Security Protocols, Springer-Verlag Lecture Notes in Computer Science, vol. 2467. April 2002, Cambridge, England.
  30. "Efficient, DoS-resistant, Secure Key Exchange for Internet Protocols"
    William Aiello, Steven M. Bellovin, Matt Blaze, Ran Canetti, John Ioannidis, Angelos D. Keromytis, and Omer Reingold. In Proceedings of the 9th International Workshop on Security Protocols, Springer-Verlag Lecture Notes in Computer Science, vol. 2133, pp. 40 - 48. April 2001, Cambridge, England.
  31. "Scalable Resource Control in Active Networks"
    Kostas G. Anagnostakis, Michael W. Hicks, Sotiris Ioannidis, Angelos D. Keromytis, and Jonathan M. Smith. In Proceedings of the 2nd International Workshop for Active Networks (IWAN), pp. 343 - 357. October 2000, Tokyo, Japan.
  32. "A Secure Plan"
    Michael W. Hicks and Angelos D. Keromytis. In Proceedings of the 1st International Workshop for Active Networks (IWAN), pp. 307 - 314. June - July 1999, Berlin, Germany. An extended version is available as University of Pennsylvania Technical Report MS-CIS-99-14, and was also published in the Proceedings of the DARPA Active Networks Conference and Exposition (DANCE), May 2002.
  33. "Trust Management and Network Layer Security Protocols"
    Matt Blaze, John Ioannidis, and Angelos D. Keromytis. In Proceedings of the 7th International Workshop on Security Protocols, Springer-Verlag Lecture Notes in Computer Science, vol. 1796, pp. 103 - 108. April 1999, Cambridge, England.
  34. "The SwitchWare Active Network Implementation"
    D. Scott Alexander, Michael W. Hicks, Pankaj Kakkar, Angelos D. Keromytis, Marianne Shaw, Jonathan T. Moore, Carl A. Gunter, Trevor Jim, Scott M. Nettles, and Jonathan M. Smith. In Proceedings of the ACM SIGPLAN Workshop on ML, held in conjunction with the International Conference on Functional Programming (ICFP), pp. 67 - 76. September 1998, Baltimore, MD.
  35. "KeyNote: Trust Management for Public-Key Infrastructures"
    Matt Blaze, Joan Feigenbaum, and Angelos D. Keromytis. In Proceedings of the 6th International Workshop on Security Protocols, Springer-Verlag Lecture Notes in Computer Science, vol. 1550, pp. 59 - 63. April 1998, Cambridge, England. Also available as AT&T Technical Report 98.11.1.

Additional Publications

  1. "SSARES: Secure Searchable Automated Remote Email Storage"
    Adam J. Aviv, Michael E. Locasto, Shaya Potter, and Angelos D. Keromytis. In the Columbia Computer Science Student Research Symposium, Fall 2006.
  2. "IP Security Policy Requirements"
    Matt Blaze, Angelos D. Keromytis, Michael Richardson, and Luis Sanchez. Request For Comments (RFC) 3586, August 2003.
  3. "On the Use of Stream Control Transmission Protocol (SCTP) with IPsec"
    Steven M. Bellovin, John Ioannidis, Angelos D. Keromytis, and Randal R. Stewart. Request For Comments (RFC) 3554, June 2003.
  4. "The Use of HMAC-RIPEMD-160-96 within ESP and AH"
    Angelos D. Keromytis and Niels Provos. Request For Comments (RFC) 2857, June 2000.
  5. "DSA and RSA Key and Signature Encoding for the KeyNote Trust Management System"
    Matt Blaze, John Ioannidis, and Angelos D. Keromytis. Request For Comments (RFC) 2792, March 2000.
  6. "The KeyNote Trust-Management System, Version 2"
    Matt Blaze, Joan Feigenbaum, John Ioannidis, and Angelos D. Keromytis. Request For Comments (RFC) 2704, September 1999.

Technical Reports/Works in Progress

  1. "Transport Layer Security (TLS) Authorization Using KeyNote"
    Angelos D. Keromytis. Internet Draft draft-keromytis-tls-authz-keynote-03, October 2009.
  2. "A Platform for Injecting Indistinguishable Network Decoys"
    Brian M. Bowen, Vasileios P. Kemerlis, Pratap Prabhu, Angelos D. Keromytis, and Salvatore J. Stolfo. Columbia University Computer Science Department Technical Report CUCS-014-09, March 2009.
  3. "X.509 Key and Signature Encoding for the KeyNote Trust Management System"
    Angelos D. Keromytis. Internet Draft draft-keromytis-keynote-x509-02, March 2009.
  4. "LinkWidth: A Method to Measure Link Capacity and Available Bandwidth using Single-End Probes"
    Sambuddho Chakravarty, Angelos Stavrou, and Angelos D. Keromytis. Columbia University Computer Science Department Technical Report CUCS-002-08, January 2008.
  5. "Can P2P Replace Direct Download for Content Distribution?"
    Alex Sherman, Angelos Stavrou, Jason Nieh, Cliff Stein, and Angelos D. Keromytis. Columbia University Computer Science Department Technical Report CUCS-020-07, March 2007.
  6. "A Model for Automatically Repairing Execution Integrity"
    Michael E. Locasto, Gabriela F. Cretu, Angelos Stavrou, and Angelos D. Keromytis. Columbia University Computer Science Department Technical Report CUCS-005-07, January 2007.
  7. "Speculative Execution as an Operating System Service"
    Michael E. Locasto and Angelos D. Keromytis. Columbia University Computer Science Department Technical Report CUCS-024-06, May 2006.
  8. "Quantifying Application Behavior Space for Detection and Self-Healing"
    Michael E. Locasto, Angelos Stavrou, Gabriela F. Cretu, Angelos D. Keromytis, and Salvatore J. Stolfo. Columbia University Computer Science Department Technical Report CUCS-017-06, April 2006.
  9. "Bloodhound: Searching Out Malicious Input in Network Flows for Automatic Repair Validation"
    Michael E. Locasto, Matthew Burnside, and Angelos D. Keromytis. Columbia University Computer Science Department Technical Report CUCS-016-06, April 2006.
  10. "Binary-level Function Profiling for Intrusion Detection and Smart Error Virtualization"
    Michael E. Locasto and Angelos D. Keromytis. Columbia University Computer Science Department Technical Report CUCS-002-06, January 2006.
  11. "A General Analysis of the Security of Elastic Block Ciphers"
    Debra Cook, Moti Yung, and Angelos D. Keromytis. Columbia University Computer Science Department Technical Report CUCS-038-05, September 2005.
  12. "The Pseudorandomness of Elastic Block Ciphers"
    Debra Cook, Moti Yung, and Angelos D. Keromytis. Columbia University Computer Science Department Technical Report CUCS-037-05, September 2005.
  13. "PachyRand: SQL Randomization for the PostgreSQL JDBC Driver"
    Michael E. Locasto and Angelos D. Keromytis. Columbia University Computer Science Department Technical Report CUCS-033-05, August 2005.
  14. "Elastic Block Ciphers: The Feistel Cipher Case"
    Debra L. Cook, Moti Yung, and Angelos D. Keromytis. Columbia University Computer Science Department Technical Report CUCS-021-04, May 2004.
  15. "Collaborative Distributed Intrusion Detection"
    Michael E. Locasto, Janak J. Parekh, Salvatore J. Stolfo, Angelos D. Keromytis, Tal Malkin, and Vishal Misra. Columbia University Computer Science Department Technical Report CUCS-012-04, March 2004.
  16. "Elastic Block Ciphers"
    Debra L. Cook, Moti Yung, and Angelos D. Keromytis. Columbia University Computer Science Department Technical Report CUCS-010-04, February 2004.
  17. "Just Fast Keying (JFK)"
    William Aiello, Steven M. Bellovin, Matt Blaze, Ran Canetti, John Ioannidis, Angelos D. Keromytis, and Omer Reingold. IETF IPsec Working Group, April 2002,.
  18. "CASPER: Compiler-Assisted Securing of Programs at Runtime
    Gaurav S. Kc, Stephen A. Edwards, Gail E. Kaiser, and Angelos D. Keromytis. Columbia University Computer Science Department Technical Report CUCS-025-02, 2002.
  19. "The 'suggested ID' extension for IKE"
    Angelos D. Keromytis and William Sommerfeld. IETF IPsec Working Group, November 2001.
  20. "SPKI: ShrinkWrap"
    Angelos D. Keromytis and William A. Simpson. IETF SPKI Working Group, September 1997.
  21. "Active Network Encapsulation Protocol (ANEP)"
    D. Scott Alexander, Bob Braden, Carl A. Gunter, Alden W. Jackson, Angelos D. Keromytis, Gary J. Minden, and David Wetherall. Active Networks Group, DARPA Active Networks Project, August 1997.
  22. "Creating Efficient Fail-Stop Cryptographic Protocols"
    Angelos D. Keromytis and Jonathan M. Smith. University of Pennsylvania Technical Report MS-CIS-96-32, December 1996.