Angelos D. Keromytis - Curriculum Vitae

Positions Held

  • July 2014 - Present
    Program Manager
    Information Innovation Office (I2O), Defense Advanced Research Projects Agency (DARPA), Arlington, VA
  • July 2013 - July 2014
    Program Director
    Division of Computer and Network Systems (CNS), Directorate for Computer & Information Science & Engineering (CISE)
    National Science Foundation (NSF), Arlington, VA
  • January 2009 - January 2010
    Senior Research Engineer
    Symantec Research Labs Europe, Sophia Antipolis, France
  • January 2006 - Present
    Associate Professor
    Department of Computer Science, Columbia University, New York
  • July 2001 - December 2005
    Assistant Professor
    Department of Computer Science, Columbia University, New York
  • September 1996 - July 2001
    Research Assistant
    Computer and Information Science Department, University of Pennsylvania, Philadelphia, PA
  • January 1993 - October 1995
    Member of the Technical Staff
    FORTHnet S.A., Heraclion, Greece
  • September 1991 - January 1993
    Member of the Technical Staff
    Education Team, Computer Center of the University of Crete, Heraclion, Greece

Education

  • November 2001
    Ph.D. (Computer Science), University of Pennsylvania, USA
  • August 1997
    M.Sc. (Computer Science), University of Pennsylvania, USA
  • June 1996
    B.Sc. (Computer Science), University of Crete, Greece

Service and Teaching

Editorial Boards and Steering Committees

  • Associate Editor, Encyclopedia of Cryptography and Security (2nd Edition), Springer, 2010 - 2011.
  • Associate Editor, IET (formerly IEE) Proceedings Information Security, 2005 - 2010.
  • Steering Committee, ISOC Symposium on Network and Distributed System Security (SNDSS), 2006 - 2009.
  • Steering Committee, New Security Paradigms Workshop (NSPW), 2007 onward.
  • Associate Editor, ACM Transactions on Information and System Security (TISSEC), 2004 - 2010.
  • Steering Committee, USENIX Workshop on Hot Topics in Security (HotSec), 2006 - 2009.
  • Steering Committee, Computer Security Architecture Workshop (CSAW), 2007 - 2009.

Program Chair

  • Program co-Chair, 8th International ICST Conference on Security and Privacy in Communication Networks (SecureComm), 2012.
  • Program Chair, 16th International Conference on Financial Cryptography and Data Security (FC), 2012.
  • Program co-Chair, 17th ACM Computer and Communication Security (CCS), 2010.
  • Program co-Chair, 16th ACM Computer and Communication Security (CCS), 2009.
  • Program co-Chair, New Security Paradigms Workshop (NSPW), 2008.
  • Program co-Chair, New Security Paradigms Workshop (NSPW), 2007.
  • Chair, 27th International Conference on Distributed Computing Systems (ICDCS), Security Track, 2007.
  • Chair, 16th World Wide Web (WWW) Conference, Security, Privacy, Reliability and Ethics Track, 2007.
  • Chair, 15th USENIX Security Symposium, 2006.
  • Deputy Chair, 15th World Wide Web (WWW) Conference, Security, Privacy and Ethics Track, 2006.
  • Chair, 3rd Workshop on Rapid Malcode (WORM), 2005.
  • Program co-Chair, 3rd Applied Cryptography and Network Security (ACNS) Conference, 2005.
  • Program co-Chair, OpenSig Workshop, 2003.

Program Organization

  • General Chair, New Security Paradigms Workshop (NSPW), 2010.
  • General Vice Chair, New Security Paradigms Workshop (NSPW), 2009.
  • Co-chair, Invited Talks, 17th USENIX Security Symposium, 2008.
  • General co-chair, Applied Cryptography and Network Security (ACNS) Conference, 2008.
  • Co-chair, Invited Talks, 16th USENIX Security Symposium, 2007.
  • Organizing Committee, Columbia/IBM/Stevens Security & Privacy Day (bi-annual event).
    • Organizer, Columbia/IBM/Stevens Security & Privacy Day, December 2010.
    • Organizer, Columbia/IBM/Stevens Security & Privacy Day, June 2007.
  • Co-organizer, ARO/FSTC Workshop on Insider Attack and Cyber Security, 2007.
  • Publicity co-Chair, ACM Conference on Computer and Communications Security, 2006.
  • General co-Chair, OpenSig Workshop, 2003.

Program Committees

  1. Program Committee, International Workshop on Security (IWSEC), 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014.
  2. Program Committee, ACM Conference on Computer and Communications Security (CCS), 2005, 2007, 2008, 2009, 2010, 2012, 2013, 2014.
  3. Program Committee, ISOC Symposium on Network and Distributed Systems Security (SNDSS), 2003, 2004, 2006, 2007, 2008, 2012.
  4. Program Committee, Applied Cryptography and Network Security (ACNS) Conference, 2005, 2006, 2010, 2011, 2012, 2013.
  5. Program Committee, Information Security Conference (ISC), 2005, 2007, 2009, 2011, 2012, 2014.
  6. Program Committee, Financial Cryptography (FC) Conference, 2002, 2010, 2011, 2012, 2013.
  7. Program Committee, European Workshop on Systems Security (EuroSec), 2009, 2010, 2011, 2012, 2013.
  8. Program Committee, USENIX Security Symposium, 2004, 2005, 2006, 2008.
  9. Program Committee, International Conference on Distributed Computing Systems (ICDCS), Security Track, 2005, 2006, 2007, 2008.
  10. Program Committee, Workshop on Rapid Malcode (WORM), 2004, 2005, 2006, 2007.
  11. Program Committee, World Wide Web Conference (WWW), 2005, 2006, 2007.
  12. Program Committee, USENIX Workshop on Hot Topics in Security (HotSec), 2006, 2007, 2010.
  13. Program Committee, Annual Computer Security Applications Conference (ACSAC), 2006, 2007, 2011.
  14. Program Committee, USENIX Technical Conference, Freely Distributable Software (Freenix) Track, 1998, 1999, 2003.
  15. Program Committee, International Conference on Mathematical Methods, Models and Architectures for Computer Network Security (MMM-ACNS), 2007, 2010, 2012.
  16. Program Committee, IEEE Security & Privacy Symposium, 2006, 2008.
  17. Program Committee, ACM SIGCOMM Workshop on Large Scale Attack Defense (LSAD), 2006, 2007.
  18. Program Committee, New Security Paradigms Workshop (NSPW), 2007, 2008.
  19. Program Committee, IEEE WETICE Workshop on Enterprise Security, 2002, 2003.
  20. Program Committee, USENIX Annual Technical Conference (ATC), 2008, 2011.
  21. Program Committee, 6th International Conference on Cryptology and Network Security (CANS), 2007, 2012.
  22. Program Committee, Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Dependable Computing and Communication Symposium (DCCS), 2010, 2013.
  23. Program Committee, 1st International Conference on Human Aspects of Information Security, Privacy and Trust (HAS), 2013.
  24. Program Committee, Workshop on Information Security Theory and Practice (WISTP), 2012.
  25. Program Committee, European Sumposium on Research in Computer Security (ESORICS), 2011.
  26. Program Committee, International Workshop on Mobile Security (WMS), 2010.
  27. Program Committee, Computer Forensics in Software Engineering Workshop, 2009.
  28. Program Committee, USENIX Workshop on Large-scale Exploits and Emergent Threats (LEET), 2008.
  29. Program Committee, 23rd International Information Security Conference (IFIP SEC), 2008.
  30. Program Committee, Joint iTrust and PST Conferences on Privacy, Trust Management and Security (IFIPTM), 2008.
  31. Program Committee, 1st Computer Security Architecture Workshop (CSAW), 2007.
  32. Program Committee, 8th IEEE Information Assurance Workshop (IAW), 2007.
  33. Program Committee, Anti-Phishing Working Group (APWG) eCrime Researchers Summit, 2007.
  34. Program Committee, 4th GI International Conference on Detection of Intrusions & Malware, and Vulnerability Assessment (DIMVA), 2007.
  35. Program Committee, 2nd ACM Symposium on InformAtion, Computer and Communications Security (AsiaCCS), 2007.
  36. Program Committee, 2nd Workshop on Advances in Trusted Computing (WATC), 2006.
  37. Program Committee, International Conference on Information and Communications Security (ICICS), 2006.
  38. Program Committee, 2nd Workshop on Secure Network Protocols (NPSec), 2006.
  39. Program Committee, 1st Workshop on Hot Topics in System Dependability (HotDep), 2005.
  40. Program Committee, 20th ACM Symposium on Applied Computing (SAC), Trust, Recommendations, Evidence and other Collaboration Know-how (TRECK) Track, 2005.
  41. Program Committee, 1st Workshop on Operating System and Architecture Support for the on demand IT Infrastructure (OASIS), 2004.
  42. Program Committee, Workshop on Information Security Applications (WISA), 2004.
  43. Program Committee, Workshop on Logical Foundations of an Adaptive Security Infrastructure (WOLFASI), 2004.
  44. Program Committee, 29th IEEE Conference on Local Computer Networks (LCN), 2004.
  45. Program Committee, 2nd International Conference on Trust Management, 2004.
  46. Program Committee, Asia BSD Conference, 2004.
  47. Program Committee, 2nd Annual New York Metro Area Networking Workshop (NYMAN), 2002.
  48. Program Committee, Cloud Computing Security Workshop (CCSW), 2009.
  49. Program Committee, Workshop on Grid and Cloud Security (WGC-Sec), 2011.
  50. Program Committee, Workshop on Cyber Security Experimentation and Test (CSET), 2011.
  51. Program Committee, OWASP AppSec EU, 2012.
  52. Program Committee, 1st International Workshop on Cyber Crime (IWCC), 2012.
  53. Program Committee, 8th China International Conference on Information Security and Cryptology (INSCRYPT), 2012.
  54. Program Committee, NDSS Workshop on Security of Emerging Networking Technologies (SENT), 2014.
  55. Program Committee, First ACM Workshop on Moving Target Defense (MTD), 2014.

Advisory Workshops

  • ODNI/NSA Invitational Workshop on Computational Cybersecurity in Compromised Environments (C3E), West Point, NY, January 2013.
  • DARPA ISAT Summer Meeting, Arlington, VA, August 2013.
  • NITRD/SCORE Invitational Workshop on Designing-in Security: Current Practices and Research Needs, Arlington, VA, July 2013.
  • MITRE/NSA Invitational Annual Secure and Resilient Cyber Architectures Workshop, McLean, VA, June 2013.
  • ONR Workshop on Automated Software Complexity Reduction for Retaining Software Execution Efficiency and Increasing Security, McLean, VA, June 2013.
  • ARO Cloud Security Workshop, Fairfax, VA, March 2013.
  • ODNI/NSA Invitational Workshop on Computational Cybersecurity in Compromised Environments (C3E), West Point, NY, September 2012.
  • Cyber Security Research Institute (CSRI) Invitational Workshop, Arlington, VA, April 2012.
  • ODNI/NSA Invitational Workshop on Computational Cybersecurity in Compromised Environments (C3E), Keystone, CO, September 2011.
  • ONR Workshop on Host Computer Security, Chicago, IL, October 2010.
  • Intel Workshop on Trust Evidence and End-to-end Trust in Heterogeneous Environments, Santa Clara, CA, May 2010.
  • Intelligence Community Technical Exchange on Moving Target, Washington, DC, April 2010.
  • Lockheed Martin Future Security Threats Workshop, New York, NY, November 2009.
  • Air Force Office for Scientific Research (AFOSR) Invitational Workshop on Homogeneous Enclave Software vs Heterogeneous Enclave Software, Arlington, VA, October 2007.
  • NSF Future Internet Network Design Working Meeting, Arlington, VA, June 2007.
  • ARO/FSTC Workshop on Insider Attack and Cyber Security, Arlington, VA, June 2007.
  • NSF Invitational Workshop on Future Directions for the CyberTrust Program, Pittsburgh, PA, October 2006.
  • ARO/HSARPA Invitational Workshop on Malware Detection, Arlington, VA, August 2005.
  • Department of Defense Invitational Workshop on the Complex Behavior of Adaptive, Network-Centric Systems, College Park, MD, July 2005.
  • ARDA Next Generation Malware Invitational Workshop, Annapolis Junction, MD, March 2005.
  • Co-leader of session on "Securing software environments", joint NSF and Department of Treasury Invitational Workshop on Resilient Financial Information Systems, Washington, DC, March 2005.
  • DARPA Application Communities Invitational Workshop, Arlington, VA, October 2004.
  • DARPA APNets Invitational Workshop, Philadelphia, PA, December 2003.
  • NSF/NIST Invitational Workshop on Cybersecurity Workforce Needs Assessment and Educational Innovation, Arlington, VA, August 2003.
  • NSF Invitational Workshop on Large Scale Cyber-Security, Lansdowne, VA, March 2003.
  • IP Security Working Group Secretary, Internet Engineering Task Force (IETF), 2003 - 2008.
  • Session moderator, Workshop on Intelligence and Research, Florham Park, NJ, October 2001.
  • DARPA Composable High Assurance Trusted Systems #2 (CHATS2) Invitational Workshop, Napa, CA, November 2000.

Other Professional Activities

  • Advisory Board, Aponix Financial Technologists, 2014 onward.
  • ACM Distinguished Scientist, 2012 onward.
  • Member, Executive Committee for the Institute for Data Sciences and Engineering (IDSE), Columbia University, 2012 - 2013.
  • Co-chair, ACM Computing Classification System Update Committee ("Security and Privacy" top-level node), 2011.
  • Founder, Allure Security Technology Inc., 2010 - present.
  • Member, ACM Computing Classification System Update Committee (top two levels), 2010.
  • External Advisory Board member, "i-code: Real-time Malicious Code Identification", EU project, 2010 - 2012.
  • Reviewer (grant applications), Greek Ministry of Education, 2010.
  • Reviewer (grant applications), Danish National Research Foundation, 2010.
  • Member of the Scientific Advisory Board, Centre for Research and Technology, Hellas (CERTH), 2008 - 2011.
  • Senior Member of the ACM, 2008 onward.
  • Senior Member of the IEEE, 2009 onward.
  • Visiting Scientist, Institute for Infocomm Research (I2R), Singapore, February - May 2007.
  • Columbia Representative to the Institute for Information Infrastructure Protection (I3P), 2006 - 2008.
  • Technical Advisory Board, StackSafe Inc. (formerly Revive Systems Inc.), 2006 - 2009.
  • Technical Advisory Board, Radiuz Inc., 2006.
  • Reviewer (grant applications), Institute for Security Technology Studies (ISTS), Dartmouth College, 2006.
  • Reviewer, Singapore National Science and Technology Awards (NSTA), 2006.
  • Board of Directors, StackSafe Inc. (formerly Revive Systems Inc.), 2005 - 2009.
  • Founder, StackSafe Inc. (formerly Revive Systems Inc.), 2005 - 2009.
  • Expert witness in criminal and intellectual property litigation cases, 2005, 2006, 2007, 2009, 2010, 2011, 2012, 2013.
  • Science Fair Judge, Middle School for Democracy and Leadership, Brooklyn, NY, 2005, 2006.
  • Reviewer (grant applications), Swiss National Science Foundation, 2007.
  • Reviewer (grant applications), Netherlands Organisation for Scientific Research, 2005, 2006.
  • Reviewer (grant applications), US/Israel Binational Science Foundation, 2003, 2005.
  • NSF reviewer & panelist, 2002, 2003, 2006, 2008, 2009, 2011, 2012, 2013.
  • Internet Engineering Task Force (IETF) Security Area Advisor, 2001 - 2008.

Ph.D. Thesis Committee Service

  1. Jingyue Wu, "Sound and Precise Analysis of Multithreaded Programs through Schedule Specialization", Department of Computer Science, Columbia University, May 2014.
  2. Dimitris Mitropoulos, "Secure Software Development Technologies", Department of Management Science and Technology, Athens University of Economics and Business, March 2014.
  3. Iasonas Polakis, "Online Social Networks From A Malicious Perspective: Novel Attack Techniques and Defense Mechanisms", Computer Science Department, University of Crete, February 2014.
  4. Kapil Anand, "Binary Analysis Based on a Compiler-level Intermediate Representation", Electrical and Computer Engineering Department, University of Maryland, July 2013.
  5. Theodoor Scholte, "Securing Web Applications by Design", Computer Science Group, Communications and Electronics Department, Ecole Nationale Superieure des Telecommunications, May 2012.
  6. Maritza Johnson, "Toward Usable Access Control for End-Users: A Case Study of Facebook Privacy Settings", Department of Computer Science, Columbia University, April 2012.
  7. Collin R. Mulliner, "On the Impact of the Cellular Modem on the Security of Mobile Phones", Technische Universitat Berlin, December 2011.
  8. Malek Ben Salem, "Towards Effective Masquerade Attack Detection", Department of Computer Science, Columbia University, October 2011.
  9. Michalis Polychronakis, "Generic Code Injection Attack Detection using Code Emulation", Computer Science Department, University of Crete, October 2009.
  10. Spyros Antonatos, "Defending against Known and Unknown Attacks using a Network of Affined Honeypots", Computer Science Department, University of Crete, October 2009.
  11. Van-Hau Pham, "Honeypot Traces Forensics by Means of Attack Event Identification", Computer Science Group, Communications and Electronics Department, Ecole Nationale Superieure des Telecommunications, September 2009.
  12. Gabriela F. Ciocarlie, "Towards Self-Adaptive Anomaly Detection Sensors", Department of Computer Science, Columbia University, September 2009.
  13. Wei-Jen Li, "SPARSE: A Hybrid System for Malcode-Bearing Document Detection", Department of Computer Science, Columbia University, June 2008.
  14. Raj Kumar Rajendran, "The Method for Strong Detection for Distributed Routing", Electrical Engineering Department, Columbia University, March 2008.
  15. Constantin Serban, "Advances in Decentralized and Stateful Access Control", Computer Science Department, Rutgers University, December 2007.
  16. Ricardo A. Baratto, "THINC: A Virtual and Remote Display Architecture for Desktop Computing", Computer Science Department, Columbia University, October 2007.
  17. Zhenkai Liang, "Techniques in Automated Cyber-Attack Response and Recovery", Computer Science Department, Stony Brook University, November 2006.
  18. Ke Wang, "Network Payload-based Anomaly Detection and Content-based Alert Correlation", Computer Science Department, Columbia University, August 2006.
  19. Seoung-Bum Lee, "Adaptive Quality of Service for Wireless Ad hoc Networks", Electrical Engineering Department, Columbia University, June 2006.
  20. Shlomo Hershkop, "Behavior-based Email Analysis with Application to Spam Detection", Computer Science Department, Columbia University, August 2005.
  21. Gaurav S. Kc, "Defending Software Against Process-subversion Attacks", Computer Science Department, Columbia University, April 2005.
  22. Gong Su, "MOVE: A New Virtualization Approach to Mobile Communication", Computer Science Department, Columbia University, May 2004.
  23. Jonathan M. Lennox, "Services for Internet Telephony", Computer Science Department, Columbia University, December 2003.
  24. Michael E. Kounavis, "Programming Network Architectures", Electrical Engineering Department, Columbia University, June 2003.
  25. Wenyu Jiang, "QoS Measurement and Management for Internet Real-time Multimedia Services", Computer Science Department, Columbia University, April 2003.

Post-doctoral Students / Research Scientists

  1. Hyung Chan Kim (October 2007 - October 2008)
  2. Stelios Sidiroglou (October 2008 - December 2008)
  3. Dimitris Geneiatakis (June 2010 - September 2011)
  4. Georgios Portokalidis (March 2010 - December 2012)
  5. Elias Athanasopoulos (January 2012 - November 2013)
  6. Michalis Polychronakis (May 2010 - present)
  7. Yossef Oren (December 2013 - present)
  8. Iasonas Polakis (April 2014 - present)

Current Ph.D. Students

  1. Ihimu Ukpo (October 2013 - present)
  2. Alexander W. Miranda (September 2013 - present)
  3. Suphannee Sivakorn (September 2013 - present)
  4. Amos Alubala (September 2012 - present)
  5. Marios Pomonis (September 2012 - present)
  6. Theofilos Petsios (September 2012 - present)
  7. Georgios Argyros (September 2012 - present)
  8. Georgios Kontaxis (September 2011 - present)
  9. Vasileios Kemerlis (September 2008 - present)
  10. Kangkook Jee (January 2008 - present)

Graduated Ph.D. Students

  1. Debra Cook (January 2002 - June 2006)
    • Thesis title: "Elastic Block Ciphers"
    • Post-graduation: Member of the Technical Staff, Bell Labs
    • Currently: Research Staff Member, Telcordia Research
  2. Angelos Stavrou (January 2003 - August 2007)
  3. Michael E. Locasto (September 2002 - December 2007)
    • Thesis title: "Integrity Postures for Software Self-Defense" (awarded with distinction)
    • Post-graduation: ISTS Research Fellow, Dartmouth College
    • Currently: Assistant Professor, Department of Computer Science, University of Calgary
  4. Stelios Sidiroglou (June 2003 - May 2008)
  5. Vanessa Frias-Martinez (September 2003 - October 2008; co-advised with Salvatore J. Stolfo)
  6. Mansoor Alicherry (September 2006 - October 2010)
  7. Brian Bowen (September 2007 - December 2010; co-advised with Salvatore J. Stolfo)
  8. Sambuddho Chakravarty (January 2007 - December 2013)
  9. Angelika Zavou (September 2006 - May 2014)
    • Thesis title: "Information Flow Auditing in the Cloud"
    • Post-graduation:
    • Currently:
  10. Vasilis Pappas (September 2009 - May 2014)
    • Thesis title: "Defending against Return-Oriented Programming"
    • Post-graduation: Senior Research Scientist, Appthority Inc.
    • Currently: Senior Research Scientist, Appthority Inc.

Service at Columbia

  • Computer Science Department Ph.D. Committee, 2010 - 2011
  • Computer Science Department Computing Research Facilities committee, 2001 - 2008, 2010 - 2013
    • Chair, 2003 - 2005, 2011 - 2013
  • M.Sc. Admissions committee, 2007 - 2013.
  • M.Sc. Committee, 2008 - 2013.
  • Computer Science Department Faculty Recruiting committee, 2002, 2008, 2012
  • Columbia committee on Research Conflict of Interest Policy, 2007 - 2008
  • Co-organizer, Computer Science Faculty Retreat, Fall 2007
  • Advisor for the School of Engineering Computer Science Majors, Freshmen & Sophomores, 2004 - 2005
  • Computer Science Department Undergraduate Admissions Representative, 2003 - 2008
  • Advisor for the School of Engineering Computer Science Majors, Seniors, 2003 - 2004, 2006 - 2007
  • Computer Science Department Space Allocation Policy committee, 2002 - 2010
  • Computer Science Department Events Representative, 2002 - 2008
  • Advisor for the School of Engineering Computer Science Majors, Juniors, 2002 - 2003, 2005 - 2006
  • Computer Science Department CRF Director Hiring committee, 2003
  • Advisor for the School of Engineering Computer Science Majors, Sophomores, 2001 - 2002
  • Computer Science Department Faculty Recruiting committee, 2001 - 2002
  • Executive Vice Provost committee on Columbia's response to the 9/11 events, Fall 2001

Teaching

(Scores indicate mean overall course quality rating from student survey; survey not conducted for summer sessions)
  • Instructor, COMS E6183-1 - Advanced Topics in Network Security, Columbia University
    • Fall 2006: 17 on-campus students (4.58/5)
  • Instructor, COMS W6998.1 - Advanced Topics in Network Security, Columbia University
    • Fall 2004: 17 on-campus students (4.62/5)
    • Spring 2003: 18 on-campus students (N/A)
  • Instructor, COMS W4180 - Network Security, Columbia University
    • Fall 2012: 19 on-campus and 3 CVN students (4.64/5)
    • Spring 2012: 21 on-campus and 2 CVN students (4.33/5)
    • Spring 2011: 4 CVN students (N/A)
    • Fall 2010: 2 CVN students (N/A)
    • Spring 2010: 25 on-campus and 5 CVN students (4.48/5)
    • Summer 2006: 7 CVN students (N/A)
    • Spring 2006: 63 on-campus and 9 CVN students (4.14/5)
    • Summer 2005: 4 CVN students (N/A)
    • Spring 2005: 41 on-campus and 5 CVN students (4.25/5)
    • Summer 2004: 6 CVN students (N/A)
    • Fall 2003: 45 on-campus and 12 CVN students (3.74/5)
    • Summer 2003: 5 CVN students (N/A)
    • Fall 2002: 43 on-campus and 9 CVN students (3.21/5)
    • Fall 2001: 23 on-campus students (3.6/5)
  • Instructor, COMS W4118 - Operating Systems, Columbia University
    • Summer 2007: 8 CVN students (N/A)
    • Fall 2006: 59 on-campus and 7 CVN students (3.73/5)
    • Summer 2006: 15 CVN students (N/A)
    • Fall 2005: 52 on-campus and 9 CVN students (3.86/5)
    • Spring 2004: 32 on-campus and 4 CVN students (3.39/5)
    • Spring 2002: 37 on-campus students (3.13/5)
  • Instructor, COMS W3157 - Advanced Programming, Columbia University
    • Fall 2010: 37 on-campus students (3.25/5)
    • Fall 2007: 30 on-campus students (4.16/5)
  • Instructor, CIS700/002 - Building Secure Systems, University of Pennsylvania, Spring 1998

Support for Research and Teaching (Gifts and Grants)

  1. PI (with Sal Stolfo), "Trust Estimation System for Wireless Networks via Multi-Pronged Detection (TREND)", DARPA Wireless Network Defense (WND), $253,700 (10/2013 - 09/2014; part of a larger project)
  2. co-PI (with Michalis Polychronakis), "TWC: Small: Virtual Private Social Networks", NSF Secure and Trustworthy Computing (SaTC), CNS-13-18415, $498,332 (09/2013 - 08/2016)
  3. PI, "Runtime Program Behavior Monitoring Combining Control and Data Flow Tracking", Intel (research gift), $92,000 (06/2013)
  4. PI, "REU: TWC: Small: Auditing PII in the Cloud with CloudFence", NSF Secure and Trustworthy Computing (SaTC), $15,600 (05/2013 - 08/2013)
  5. PI, "Runtime Program Behavior Monitoring Combining Control and Data Flow Tracking", Intel (research gift), $92,000 (09/2012)
  6. PI, "TWC: Small: Auditing PII in the Cloud with CloudFence", NSF Secure and Trustworthy Computing (SaTC), CNS-12-22748, $499,998 (09/2012 - 08/2015)
  7. PI, "MINESTRONE Task: Automatic Discovery of Rescue Points Using Static and Dynamic Analysis", IARPA, $270,400 (09/2012 - 11/2014)
  8. PI, "Vulnerability Protections for End Nodes (VPEN)", Air Force Research Labs (AFRL), $263,385 (08/2012 - 07/2013)
  9. PI, "NSF Support for the 2012 New Security Paradigms Workshop Financial Aid", NSF Trustworthy Computing, $10,000 (07/2012 - 08/2013)
  10. co-PI (with Junfeng Yang), "Transparently Extending Programs at Compilation to Prevent Bugs", ONR, $749,975 (07/2012 - 06/2015)
  11. PI (co-PIs: Junfeng Yang, Sal Stolfo), "MINESTRONE, Phase 2 Extension", IARPA, $637,624 (08/2010 - 11/2014; leading team that includes Stanford University, George Mason University, and Symantec Corp.)
  12. PI (co-PIs: Roxana Geambasu, Junfeng Yang, Simha Sethumadhavan, Sal Stolfo), "MEERKATS: Maintaining EnterprisE Resiliency via Kaleidoscopic Adaptation & Transformation of Software Services", DARPA MRC, $6,619,270 (09/2011 - 09/2015; leading team that includes George Mason University and Symantec Corp.)
  13. co-PI (with Tal Malkin, Steve Bellovin, and Vladimir Kolesnikov), "Practical and Secure Database Access Using Encrypted Bloom Filters", IARPA, $2,236,144 (09/2011 - 03/2015)
  14. PI, "NSF Support for the 2011 New Security Paradigms Workshop Financial Aid (Supplement)", NSF Trustworthy Computing, $10,000 (06/2011 - 07/2012)
  15. PI, "Leveraging the Cloud to Audit Use of Sensitive Infomation", Google (research gift), $60,200 (05/2011)
  16. co-PI (with Sal Stolfo), "ADAMS Advanced Behavioral Sensors (ABS)", DARPA ADAMS, $780,996 (05/2011 - 04/2013)
  17. PI, "Tracking Sensitive Information Flows in Modern Enterprises", Intel, $84,951 (12/2010 - 12/2011)
  18. co-PI (with Simha Sethumadhavan, Sal Stolfo, Junfeng Yang, and David August @ Princeton), "SPARCHS: Symbiotic, Polymorphic, Autotomic, Resilient, Clean-slate, Host Security", DARPA CRASH, $6,424,180 (10/2010 - 09/2014)
  19. PI, "NSF Support for the 2010 New Security Paradigms Workshop Financial Aid", NSF Trustworthy Computing, $10,000 (09/2010 - 08/2011)
  20. PI (co-PIs: Junfeng Yang, Sal Stolfo), "MINESTRONE", IARPA, $7,530,113 (08/2010 - 07/2014; leading team that includes Stanford University, George Mason University, and Symantec Corp.)
  21. co-PI (with Junfeng Yang and Dawson Engler @ Stanford), "Seed: CSR: Large: Collaborative Research: SemGrep: Improving Software Reliability Through Semantic Similarity Bug Search", NSF CSR, CNS-10-12107, $325,000 (07/2010 - 06/2011)
  22. PI, "Tracking Sensitive Information Flows in Modern Enterprises", Intel, $82,286 (08/2009 - 07/2010)
  23. PI, "Supplement for International Research Collaborations", NSF Trustworthy Computing, $41,769 (09/2009 - 08/2011)
  24. PI, "NSF Support for the 2009 New Security Paradigms Workshop Financial Aid", NSF Trustworthy Computing, $10,000 (09/2009 - 08/2010)
  25. PI, "Measuring the Health of Internet Routing: A Longitudinal Study", Google (research gift), $60,000 (07/2009)
  26. PI, "CSR: Small: An Information Accountability Architecture for Distributed Enterprise Systems", NSF Trustworthy Computing, CNS-09-14312, $450,000 (07/2009 - 06/2012)
  27. co-PI (with Jason Nieh), "TC: Small: Exploiting Software Elasticity for Automatic Software Self-Healing", NSF Trustworthy Computing, CNS-09-14845, $450,000 (07/2009 - 06/2012)
  28. co-PI (with Steve Bellovin and Sal Stolfo), "Pro-actively Removing the Botnet Threat", Office of Naval Research (ONR), $294,625 (04/2009 - 09/2010)
  29. co-PI (with Simha Sethumadhavan and Sal Stolfo), "SCOPS: Secure Cyber Operations and Parallelization Studies Cluster", Air Force Office for Scientific Research (AFOSR), $650,000 (04/15/2009 - 04/14/2010)
  30. PI (co-PIs: Sal Stolfo), "Program Whitelisting, Vulnerability Analytics and Risk Assessment", Symantec (research gift), $65,000 (12/2008)
  31. co-PI (with Sal Stolfo), "Automated Creation of Network and Content Traffic For the National Cyber Range", DARPA/STO, $85,000 (01/01/2009 - 06/30/2011; part of a larger project)
  32. co-PI (with Steve Bellovin, Tal Malkin, and Sal Stolfo), "Secure Encrypted Search", IARPA, $648,787 (09/2008 - 02/2010)
  33. PI, "Tracking Sensitive Information Flows in Modern Enterprises", Intel (research gift), $64,000 (05/2008)
  34. PI, "Privacy and Search: Having it Both Ways in Web Services", Google (research gift), $50,000 (03/2008)
  35. PI (co-PI: Sal Stolfo), "Continuation: Safe Browsing Through Web-based Application Communities", Google (research gift), $50,000 (03/2008)
  36. co-PI (with Steve Bellovin, Vishal Misra, Henning Schulzrinne, Dan Rubenstein, Nick Maxemchuck), "Zero Outage Dynamic Intrinsically Assurable Communities (ZODIAC)", DARPA/STO, $835,357 (11/2007 - 05/2009; part of a larger project with Telcordia, Sparta, GMU, and the University of Pennsylvania)
  37. PI, "Travel Supplement under the US/Japan Critical Infrastructure Protection Cooperation Program", NSF CyberTrust, $38,640 (09/2007 - 08/2009)
  38. PI, "PacketSpread: Practical Network Capabilities", NSF CyberTrust, CNS-07-14277, $280,000 (09/2007 - 08/2010)
  39. PI, "Integrated Enterprise Security Management", NSF CyberTrust, CNS-07-14647, $286,486 (08/2007 - 07/2009)
  40. PI, "Safe Browsing Through Web-based Application Communities", NY State/Polytechnic CAT, $25,000 (06/2007 - 06/2009)
  41. PI, "MURI: Foundational and Systems Support for Quantitative Trust Management", Office of Naval Research (ONR), $750,000 (05/2007 - 04/2012; part of a larger project with the University of Pennsylvania and Georgia Institute of Technology)
  42. PI (co-PIs: Jason Nieh, Sal Stolfo), "MURI: Autonomic Recovery of Enterprise-Wide Systems After Attack or Failure with Forward Correction", Air Force Office of Scientific Research (AFOSR), $1,368,000 (05/2007 - 04/2012; part of a larger project with GMU and Penn State University)
  43. co-PI (with Sal Stolfo), "Human Behavior, Insider Threat, and Awareness", DHS/I3P, $616,442 (04/2007 - 03/2009)
  44. PI (co-PI: Sal Stolfo), "Safe Browsing Through Web-based Application Communities", Google (research gift), $50,000 (01/2007)
  45. PI (co-PI: Sal Stolfo), "Supplement to Behavior-based Access Control and Communication in MANETs grant", DARPA/IPTO and NRO, $96,627 (09/2006 - 07/2007)
  46. PI, "Secure Overlay Services", NY State/Polytechnic CAT, $10,000 (09/2006 - 06/2007)
  47. PI (co-PIs: Gail Kaiser, Sal Stolfo), "Enabling Collaborative Self-healing Software Systems", NSF CyberTrust, CNS-06-27473, $800,000 (09/2006 - 08/2010)
  48. PI (co-PI: Sal Stolfo), "Behavior-based Access Control and Communication in MANETs", DARPA/IPTO, $100,000 (07/2006 - 06/2007)
  49. co-PI (with Steve Bellovin and Sal Stolfo), "Large-Scale System Defense", DTO, $535,555 (07/2006 - 12/2007)
  50. PI, "Active Decoys for Spyware", NY State/Polytechnic CAT, $25,000 (06/2006 - 12/2007)
  51. PI, "Retrofitting A Flow-oriented Paradigm in Commodity Operating Systems for High-Performance Computing", NSF CPA, CCF-05-41093, $378,091 (01/2006 - 12/2008)
  52. co-PI (with Jason Nieh, Gail Kaiser), "Broadening Participation in Research", NSF BPC, $133,565 (09/2005 - 08/2006)
  53. PI, "Secure Overlay Services", NY State/Polytechnic CAT, $12,500 (09/2005 - 06/2006)
  54. co-PI (with Dan Rubenstein, Vishal Misra), "Secure Overlay Services", Intel Corp. (research gift), $75,000 (08/2005)
  55. PI, "Snakeyes", New York State Center for Advanced Technology, $14,999 (07/2005 - 06/2006)
  56. PI, "Self-protecting Software", Columbia Science and Technology Ventures (research gift), $65,000 (06/2005 - 09/2005)
  57. co-PI (with Gail Kaiser), "Trustworthy Computing Curriculum Development", Microsoft Research (research gift), $50,000 (12/2004 - 12/2005)
  58. co-PI (with Jason Nieh, Gail Kaiser), "Secure Remote Computing Services", NSF ITR, CNS-04-26623, $1,200,000 (09/2004 - 08/2009)
  59. PI, "Secure Overlay Services", NY State/Polytechnic CAT, $12,500 (09/2004 - 06/2005)
  60. co-PI (with Dan Rubenstein, Vishal Misra), "Secure Overlay Services", Intel Corp. (research gift), $90,000 (06/2004)
  61. co-PI (with Dan Rubenstein, Vishal Misra), "Secure Overlay Services", Intel Corp. (research gift), $120,000 (08/2003)
  62. PI (co-PIs: Dan Rubenstein, Vishal Misra), "Secure Overlay Services", Cisco Corp. (research gift), $76,000 (07/2003)
  63. co-PI (with Sal Stolfo, Tal Malkin, Vishal Misra), "Distributed Intrusion Detection Feasibility Study", Department of Defense, $300,000 (03/2003 - 03/2004)
  64. PI, "STRONGMAN", DARPA/ATO, $23,782 (09/2002 - 08/2003; part of a larger project with the University of Pennsylvania)
  65. PI, "POSSE", DARPA/ATO, $16,341 (09/2002 - 08/2003; part of a larger project with the University of Pennsylvania)
  66. PI, "GRIDLOCK", NSF Trusted Computing, CCR-TC-02-08972, $207,000 (07/2002 - 06/2005; part of a larger project with the University of Pennsylvania and Yale University)
  67. PI (co-PIs: Dan Rubenstein, Vishal Misra), "Secure Overlay Services", Cisco Corp. (research gift), $70,000 (07/2002)
  68. PI (co-PIs: Dan Rubenstein, Vishal Misra), "Secure Overlay Services", DARPA/ATO, $695,000 (06/2002 - 05/2004)
  69. PI, "Code Security Analysis Kit (CoSAK)", DARPA/ATO, $37,000 (07/2001 - 06/2003; part of a larger project with Drexel University)

Select Recent Invited Talks

  • "A Decoy Substrate for Information Security", MITRE, McLean, VA, February 2014.
  • "Automated Patch (-and-Pray?)", DARPA Cyber Forum II, Arlington, VA, November 2013.
  • "Software Failure Recovery via Error Virtualization", Technical University of Braunschweig, Germany, October 2013.
  • "Quo vadis cautela?", DARPA Cyber Forum, Arlington, VA, September 2013.
  • "Computational Decoys for Cloud Security", ARO Workshop on Cloud Security, Fairfax, VA, March 2013.
  • "A Decoy Substrate for Information Security", Applied Communication Sciences (ACS), Basking Ridge, NJ, March 2013.
  • "A Decoy Substrate for Information Security", CyLab, Carnegie Mellon University, Pittsburgh, PA, January 2013.
  • "Information Security via Large-scale Decoy Use", Department of Computer Science, Rice University, Houston, TX, September 2012.
  • "Information Security via Large-scale Decoy Use", Cyber Infrastructure Protection (CIP) Conference, New York, NY, September 2012.
  • "Evaluating a ROP Defense Mechanism", 2nd Experimental Security Panoramas for Critical System Protection (ESP-CSP) Workshop, Salt Lake City, UT, August 2012.
  • "Cloud Security: Control or Misdirection?", Department of Computer Science, University of Calgary, Calgary, Canada, April 2012.
  • "Active Defense in CyberSecurity", Distinguished Lecture Series, Institute for Security, Privacy, and Information Assurance (ISPIA), University of Calgary, Calgary, Canada, April 2012.
  • "Future Directions in Cyber Security R&D", 1st Cyber Security Research Institute (CSRI) Invitational Workshop, Arlington, VA, April 2012.
  • "REASSURE: A Self-contained Software Hardening and Self-healing Mechanism", Technical University Berlin, Germany, December 2011.
  • "REASSURE: A Self-contained Software Hardening and Self-healing Mechanism", Computer Science Department, Georgetown University, Washigton, DC, October 2011.

Publications

(Student co-authors are underlined.)

Patents

  1. "Systems and methods for inhibiting attacks on applications"
    Michael E. Locasto, Salvatore J. Stolfo, Angelos D. Keromytis, and Ke Wang. U.S. Patent Numnber 8,763,103. Issued on June 24, 2014.
  2. "Methods, media, and systems for detecting an anomalous sequence of function calls"
    Angelos D. Keromytis and Salvatore J. Stolfo. U.S. Patent Number 8,694,833. Issued on April 8, 2014.
  3. "Systems, methods, and media for testing software patches"
    Angelos D. Keromytis and Stylianos Sidiroglou. U.S. Patent Number 8,683,450. Issued on March 25, 2014.
  4. "Systems and methods for correlating and distributing intrusion alert information among collaborating computer systems"
    Salvatore J. Stolfo, Angelos D. Keromytis, Vishal Misra, Michael Locasto, and Janak Parekh. U.S. Patent Number 8,667,588. Issued on March 4, 2014.
  5. "Systems and methods for inhibiting attacks with a network"
    Angelos Stavrou and Angelos D. Keromytis. U.S. Patent Number 8,631,484. Issued on January 14, 2014.
  6. "Methods, media and systems for detecting anomalous program executions"
    Salvatore J. Stolfo, Angelos D. Keromytis, and Stylianos Sidiroglou. U.S. Patent Number 8,601,322. Issued on December 3, 2013.
  7. "Methods, media and systems for responding to a denial of service attack"
    Angelos Stavrou, Angelos D. Keromytis, Jason Nieh, Vishal Misra, and Daniel Rubenstein. U.S. Patent Number 8,549,646. Issued on October 1, 2013.
  8. "Methods, systems, and media for detecting covert malware"
    Brian M. Bowen, Pratap V. Prabhu, Vasileios P. Kemerlis, Stylianos Sidiroglou, Salvatore J. Stolfo, and Angelos D. Keromytis. U.S. Patent Number 8,528,091. Issued on September 3, 2013.
  9. "Systems, methods, and media for enforcing a security policy in a network including a plurality of components"
    Matthew Burnside and Angelos D. Keromytis. U.S. Patent Number 8,516,575. Issued on August 20, 2013.
  10. "Methods, media, and systems for detecting an anomalous sequence of function calls"
    Angelos D. Keromytis and Salvatore J. Stolfo. U.S. Patent Number 8,489,931. Issued on July 16, 2013.
  11. "Systems, methods, and media protecting a digital data processing device from attack"
    Stylianos Sidiroglou, Angelos D. Keromytis, and Salvatore J. Stolfo. U.S. Patent Number 8,407,785. Issued on March 26, 2013.
  12. "Systems, methods, and media for generating sanitized data, sanitizing anomaly detection models, and/or generating sanitized anomaly detection models"
    Gabriela Cretu, Angelos Stavrou, Salvatore J. Stolfo, Angelos D. Keromytis, and Michael E. Locasto. U.S. Patent Number 8,407,160. Issued on March 26, 2013.
  13. "Systems and methods for correlating and distributing intrusion alert information among collaborating computer systems"
    Salvatore J. Stolfo, Tal Malkin, Angelos D. Keromytis, Vishal Misra, Michael Locasto, and Janak Parekh. U.S. Patent Number 8,381,295. Issued on February 19, 2013.
  14. "Systems and methods for computing data transmission characteristics of a network path based on single-ended measurements"
    Angelos D. Keromytis, Sambuddho Chakravarty, and Angelos Stavrou. U.S. Patent Number 8,228,815. Issued on July 24, 2012.
  15. "Methods, media, and systems for detecting an anomalous sequence of function calls"
    Angelos D. Keromytis and Salvatore J. Stolfo. U.S. Patent Number 8,135,994. Issued on March 13, 2012.
  16. "Methods, media and systems for detecting anomalous program executions"
    Salvatore J. Stolfo, Angelos D. Keromytis, and Stelios Sidiroglou. U.S. Patent Number 8,074,115. Issued on December 6, 2011.
  17. "Microbilling using a trust management system"
    Matthew A. Blaze, John Ioannidis, and Angelos D. Keromytis. U.S. Patent Number 7,996,325. Issued on August 9, 2011.
  18. "Methods, systems and media for software self-healing"
    Michael E. Locasto, Angelos D. Keromytis, Salvatore J. Stolfo, Angelos Stavrou, Gabriela Cretu, Stylianos Sidiroglou, Jason Nieh, and Oren Laadan. U.S. Patent Number 7,962,798. Issued on June 14, 2011.
  19. "Systems and methods for detecting and inhibiting attacks using honeypots"
    Stylianos Sidiroglou, Angelos D. Keromytis, and Kostas G. Anagnostakis. U.S. Patent Number 7,904,959. Issued on March 8, 2011.
  20. "Systems and methods for correlating and distributing intrusion alert information among collaborating computer systems"
    Salvatore J. Stolfo, Angelos D. Keromytis, Vishal Misra, Michael Locasto, and Janak Parekh. U.S. Patent Number 7,784,097. Issued on August 24, 2010.
  21. "Systems and methods for correlating and distributing intrusion alert information among collaborating computer systems"
    Salvatore J. Stolfo, Tal Malkin, Angelos D. Keromytis, Vishal Misra, Michael Locasto, and Janak Parekh. U.S. Patent Number 7,779,463. Issued on August 17, 2010.
  22. "Systems and methods for computing data transmission characteristics of a network path based on single-ended measurements"
    Angelos D. Keromytis, Sambuddho Chakravarty, and Angelos Stavrou. U.S. Patent Number 7,660,261. Issued on February 9, 2010.
  23. "Microbilling using a trust management system"
    Matthew A. Blaze, John Ioannidis, and Angelos D. Keromytis. U.S. Patent Number 7,650,313. Issued on January 19, 2010.
  24. "Methods and systems for repairing applications"
    Angelos D. Keromytis, Michael E. Locasto, and Stylianos Sidiroglou. U.S. Patent Number 7,490,268. Issued on February 10, 2009.
  25. "System and method for microbilling using a trust management system"
    Matthew A. Blaze, John Ioannidis, and Angelos D. Keromytis. U.S. Patent Number 6,789,068. Issued on September 7, 2004.
  26. "Secure and reliable bootstrap architecture"
    William A. Arbaugh, David J. Farber, Angelos D. Keromytis, and Jonathan M. Smith. U.S. Patent Number 6,185,678. Issued on February 6, 2001.

Journal Publications

  1. "Detection and Analysis of Eavesdropping in Anonymous Communication Networks"
    Sambuddho Chakravarty, Michalis Polychronakis, Georgios Portokalidis, and Angelos D. Keromytis. To appear in the International Journal of Information Security (IJIJ).
  2. "Privacy Policy-driven Mashups"
    Soon Ae Chun, Janice Warner, and Angelos D. Keromytis. In the International Journal of Business Continuity and Risk Management (IJBCRM), vol. 4, no. 4, pp. 344 - 370. 2013.
  3. "kGuard: Lightweight Kernel Protection"
    Vasileios P. Kemerlis, Georgios Portokalidis, Elias Athanasopoulos, and Angelos D. Keromytis. In the USENIX ;login: Magazine, vol. 37, no. 6, pp. 7 - 14. December 2012.
  4. "A System for Generating and Injecting Indistinguishable Network Decoys"
    Brian M. Bowen, Vasileios P. Kemerlis, Pratap Prabhu, Angelos D. Keromytis, and Salvatore J. Stolfo. In the Journal of Computer Security (JCS), vol. 20, no. 2 - 3, pp. 199 - 221, June 2012.
  5. "A Comprehensive Survey of Voice over IP Security Research"
    Angelos D. Keromytis. In the IEEE Communications Surveys and Tutorials, vol. 14, no. 2, pp. 514 - 537, May 2012.
  6. "The Efficient Dual Receiver Cryptosystem and Its Applications"
    Ted Diament, Homin K. Lee, Angelos D. Keromytis, and Moti Yung. In the International Journal of Network Security (IJNS), vol. 13, no. 3, pp. 135 - 151, November 2011.
  7. "On the Infeasibility of Modeling Polymorphic Shellcode: Re-thinking the Role of Learning in Intrusion Detection Systems"
    Yingbo Song, Michael E. Locasto, Angelos Stavrou, Angelos D. Keromytis, and Salvatore J. Stolfo. In the Machine Learning Journal (MLJ), vol. 81, no. 2, pp. 179 - 205, November 2010.
  8. "On The General Applicability of Instruction-Set Randomization"
    Stephen W. Boyd, Gaurav S. Kc, Michael E. Locasto, Angelos D. Keromytis, and Vassilis Prevelakis. In the IEEE Transactions on Dependable and Secure Computing (TDSC), vol. 7, no. 3, pp. 255 - 270, July - September 2010.
  9. "Shadow Honeypots"
    Michalis Polychronakis, Periklis Akritidis, Stelios Sidiroglou, Kostas G. Anagnostakis, Angelos D. Keromytis, and Evangelos P. Markatos. In the International Journal of Computer and Network Security (IJCNS), vol. 2, no. 9, pp. 1 - 15, September 2010.
  10. "Ethics in Security Vulnerability Research"
    Andrea M. Matwyshyn, Ang Cui, Salvatore J. Stolfo, and Angelos D. Keromytis. In the IEEE Security & Privacy Magazine, vol. 8, no. 2, pp. 67 - 72, March/April 2010.
  11. "Voice over IP Security: Research and Practice"
    Angelos D. Keromytis. In the IEEE Security & Privacy Magazine, vol. 8, no. 2, pp. 76 - 78, March/April 2010.
  12. "A Market-based Bandwidth Charging Framework"
    David Michael Turner, Vassilis Prevelakis, and Angelos D. Keromytis. In the ACM Transactions on Internet Technology (ToIT), vol. 10, no. 1, pp. 1 - 30, February 2010.
  13. "A Look at VoIP Vulnerabilities"
    Angelos D. Keromytis. In the USENIX ;login: Magazine, vol. 35, no. 1, pp. 41 - 50, February 2010.
  14. "Designing Host and Network Sensors to Mitigate the Insider Threat"
    Brian M. Bowen, Malek Ben Salem, Shlomo Hershkop, Angelos D. Keromytis, and Salvatore J. Stolfo. In the IEEE Security & Privacy Magazine, vol. 7, no. 6, pp. 22 - 29, November/December 2009.
  15. "Elastic Block Ciphers: Method, Security and Instantiations"
    Debra L. Cook, Moti Yung, and Angelos D. Keromytis. In the Springer International Journal of Information Security (IJIS), vol 8, no. 3, pp. 211 - 231, June 2009.
  16. "On the Deployment of Dynamic Taint Analysis for Application Communities"
    Hyung Chan Kim and Angelos D. Keromytis. In the IEICE Transactions, vol. E92-D, no. 3, pp. 548 - 551, March 2009.
  17. "Dynamic Trust Management"
    Matt Blaze, Sampath Kannan, Insup Lee, Oleg Sokolsky, Jonathan M. Smith, Angelos D. Keromytis, and Wenke Lee. In the IEEE Computer Magazine, vol. 42, no. 2, pp. 44 - 52, February 2009.
  18. "Randomized Instruction Sets and Runtime Environments: Past Research and Future Directions"
    Angelos D. Keromytis. In the IEEE Security & Privacy Magazine, vol. 7, no. 1, pp. 18 - 25, January/February 2009.
  19. "Anonymity in Wireless Broadcast Networks"
    Matt Blaze, John Ioannidis, Angelos D. Keromytis, Tal Malkin, and Avi Rubin. In the International Journal of Network Security (IJNS), vol. 8, no. 1, pp. 37 - 51, January 2009.
  20. "Decentralized Access Control in Networked File Systems"
    Stefan Miltchev, Jonathan M. Smith, Vassilis Prevelakis, Angelos D. Keromytis, and Sotiris Ioannidis. In the ACM Computing Surveys, vol. 40, no. 3, pp. 10:1 - 10:30, August 2008.
  21. "Robust Reactions to Potential Day-Zero Worms through Cooperation and Validation"
    Kostas G. Anagnostakis, Michael Greenwald, Sotiris Ioannidis, and Angelos D. Keromytis. In the Springer International Journal of Information Security (IJIS), ISC 2006 Special Issue, vol.6, no. 6, pp. 361 - 378, October 2007. (Extended version of the ISC 2006 paper.)
  22. "Requirements for Scalable Access Control and Security Management Architectures"
    Angelos D. Keromytis and Jonathan M. Smith. In the ACM Transactions on Internet Technology (ToIT), vol. 7, no. 2, pp. 1 - 22, May 2007.
  23. "Virtual Private Services: Coordinated Policy Enforcement for Distributed Applications"
    Sotiris Ioannidis, Steven M. Bellovin, John Ioannidis, Angelos D. Keromytis, Kostas G. Anagnostakis, and Jonathan M. Smith. In the International Journal of Network Security (IJNS), vol. 4, no. 1, pp. 69 - 80, January 2007.
  24. "Countering DDoS Attacks with Multi-path Overlay Networks"
    Angelos Stavrou and Angelos D. Keromytis. In the Information Assurance Technology Analysis Center (IATAC) Information Assurance Newsletter (IAnewsletter), vol. 9, no. 3, pp. 26 - 30, Winter 2006. (Invited paper, based on the CCS 2005 paper.)
  25. "Conversion Functions for Symmetric Key Ciphers"
    Debra L. Cook and Angelos D. Keromytis. In the Journal of Information Assurance and Security (JIAS), vol. 1, no. 2, pp. 119 - 128, June 2006. (Extended version of the IAS 2005 paper.)
  26. "Execution Transactions for Defending Against Software Failures: Use and Evaluation"
    Stelios Sidiroglou and Angelos D. Keromytis. In the Springer International Journal of Information Security (IJIS), vol. 5, no. 2, pp. 77 - 91, April 2006. (Extended version of the ISC 2005 paper.)
  27. "Worm Propagation Strategies in an IPv6 Internet"
    Steven M. Bellovin, Bill Cheswick, and Angelos D. Keromytis. In the USENIX ;login, vol. 31, no. 1, pp. 70 - 76, February 2006.
  28. "Cryptography As An Operating System Service: A Case Study"
    Angelos D. Keromytis, Theo de Raadt, Jason Wright, and Matthew Burnside. In the ACM Transactions on Computer Systems (ToCS), vol. 24, no. 1, pp. 1 - 38, February 2006. (Extended version of USENIX Technical 2003 paper.)
  29. "Countering Network Worms Through Automatic Patch Generation"
    Stelios Sidiroglou and Angelos D. Keromytis. In the IEEE Security & Privacy Magazine, vol. 3, no. 6, pp. 41 - 49, November/December 2005.
  30. "WebSOS: An Overlay-based System For Protecting Web Servers From Denial of Service Attacks"
    Angelos Stavrou, Debra L. Cook, William G. Morein, Angelos D. Keromytis, Vishal Misra, and Dan Rubenstein. In the Elsevier Journal of Computer Networks, special issue on Web and Network Security, vol. 48, no. 5, pp. 781 - 807, August 2005. (Extended version of the CCS 2003 paper.)
  31. "Hardware Support For Self-Healing Software Services"
    Stelios Sidiroglou, Michael E. Locasto, and Angelos D. Keromytis. In the ACM SIGARCH Computer Architecture News, Special Issue on Workshop on Architectural Support for Security and Anti-Virus (WASSA), vol. 33, no. 1, pp. 42 - 47, March 2005. Also appeared in the Proceedings of the Workshop on Architectural Support for Security and Anti-Virus (WASSA), held in conjunction with the 11th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS-XI), pp. 37 - 43. October 2004, Boston, MA.
  32. "The Case For Crypto Protocol Awareness Inside The OS Kernel"
    Matthew Burnside and Angelos D. Keromytis. In the ACM SIGARCH Computer Architecture News, Special Issue on Workshop on Architectural Support for Security and Anti-Virus (WASSA), vol. 33, no. 1, pp. 58 - 64, March 2005. Also appeared in the Proceedings of the Workshop on Architectural Support for Security and Anti-Virus (WASSA), held in conjunction with the 11th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS-XI), pp. 54 - 60. October 2004, Boston, MA.
  33. "Patch-on-Demand Saves Even More Time?"
    Angelos D. Keromytis. In the IEEE Computer, vol. 37, no. 8, pp. 94 - 96, August 2004.
  34. "Just Fast Keying: Key Agreement In A Hostile Internet"
    William Aiello, Steven M. Bellovin, Matt Blaze, Ran Canetti, John Ioannidis, Angelos D. Keromytis, and Omer Reingold. In the ACM Transactions on Information and System Security (TISSEC), vol. 7, no. 2, pp. 1 - 32, May 2004. (Extended version of the CCS 2002 paper.)
  35. "SOS: An Architecture for Mitigating DDoS Attacks"
    Angelos D. Keromytis, Vishal Misra, and Dan Rubenstein. In the IEEE Journal on Selected Areas in Communications (JSAC), special issue on Recent Advances in Service Overlay Networks, vol. 22, no. 1, pp. 176 - 188, January 2004. (Extended version of the SIGCOMM 2002 paper.)
  36. "A Secure PLAN"
    Michael Hicks, Angelos D. Keromytis, and Jonathan M. Smith. In the IEEE Transactions on Systems, Man, and Cybernetics (T-SMC) Part C: Applications and Reviews, Special issue on technologies promoting computational intelligence, openness and programmability in networks and Internet services: Part I, vol. 33, no. 3, pp. 413 - 426, August 2003. (Extended version of the DANCE 2002 paper.)
  37. "Drop-in Security for Distributed and Portable Computing Elements"
    Vassilis Prevelakis and Angelos D. Keromytis. In the MCB Press Emerald Journal of Internet Research: Electronic Networking, Applications and Policy, vol. 13, no. 2, pp. 107 - 115, 2003. (Extended version of the INC 2002 paper.)
  38. "Trust Management for IPsec"
    Matt Blaze, John Ioannidis, and Angelos D. Keromytis. In the ACM Transactions on Information and System Security (TISSEC), vol. 5, no. 2, pp. 1 - 24, May 2002. (Extended version of the NDSS 2001 paper.)
  39. "The Price of Safety in an Active Network"
    D. Scott Alexander, Paul B. Menage, Angelos D. Keromytis, William A. Arbaugh, Kostas G. Anagnostakis, and Jonathan M. Smith. In the Journal of Communications and Networks (JCN), special issue on programmable switches and routers, vol. 3, no. 1, pp. 4 - 18, March 2001. Older versions are available as University of Pennsylvania Technical Report MS-CIS-99-04 and University of Pennsylvania Technical Report MS-CIS-98-02.
  40. "Secure Quality of Service Handling (SQoSH)"
    D. Scott Alexander, William A. Arbaugh, Angelos D. Keromytis, Steve Muir, and Jonathan M. Smith. In the IEEE Communications Magazine, vol. 38, no. 4, pp. 106 - 112, April 2000. An older version is available as University of Pennsylvania Technical Report MS-CIS-99-05.
  41. "Safety and Security of Programmable Network Infrastructures"
    D. Scott Alexander, William A. Arbaugh, Angelos D. Keromytis, and Jonathan M. Smith. In the IEEE Communications Magazine, issue on Programmable Networks, vol. 36, no. 10, pp. 84 - 92, October 1998.
  42. "A Secure Active Network Environment Architecture"
    D. Scott Alexander, William A. Arbaugh, Angelos D. Keromytis, and Jonathan M. Smith. In the IEEE Network Magazine, special issue on Active and Controllable Networks, vol. 12, no. 3, pp. 37 - 45, May/June 1998.
  43. "The SwitchWare Active Network Architecture"
    D. Scott Alexander, William A. Arbaugh, Michael Hicks, Pankaj Kakkar, Angelos D. Keromytis, Jonathan T. Moore, Carl A. Gunter, Scott M. Nettles, and Jonathan M. Smith. In the IEEE Network Magazine, special issue on Active and Programmable Networks, vol. 12, no. 3, pp. 29 - 36, May/June 1998.

Peer-Reviewed Conference Proceedings

  1. "IntFlow: Improving the Accuracy of Arithmetic Error Detection Using Information Flow Tracking"
    Kangkook Jee, Theofilos Petsios, Marios Pomonis, Michalis Polychronakis, and Angelos D. Keromytis. To appear in Proceedings of the 30th Annual Computer Security Applications Conference (ACSAC). December 2014, New Orleans, LA. (Acceptance rate: 19.9%)
  2. "Faces in the Distorting Mirror: Revisiting Photo-based Social Authentication"
    Iasonas Polakis, Panagiotis Ilia, Federico Maggi, Marco Lancini, Georgios Kontaxis, Stefano Zanero, Sotiris Ioannidis, and Angelos D. Keromytis. To appear in the Proceedings of the 21st ACM Conference on Computer and Communications Security (CCS). November 2014, Scottsdale, AZ. (Acceptance rate: 19.5%)
  3. "Dynamic Reconstruction of Relocation Information for Stripped Binaries"
    Vasilis Pappas, Michalis Polychronakis, and Angelos D. Keromytis. To appear in the Proceedings of the 17th International Symposium on Research in Attacks, Intrusions and Defenses (RAID). September 2014, Gothenburg, Sweden. (Acceptance rate: 19.5%)
  4. "ret2dir: Rethinking Kernel Isolation"
    Vasileios P. Kemerlis, Michalis Polychronakis, and Angelos D. Keromytis. To appear in the Proceedings of the 23rd USENIX Security Symposium. August 2014, San Diego, CA. (Acceptance rate: 19%)
  5. "From the Aether to the Ethernet - Attacking the Internet using Broadcast Digital Television"
    Yossef Oren and Angelos D. Keromytis. To appear in the Proceedings of the 23rd USENIX Security Symposium. August 2014, San Diego, CA. (Acceptance rate: 19%)
  6. "Blind Seer: A Scalable Private DBMS"
    Vasilis Pappas, Fernando Krell, Binh Vo, Vladimir Kolesnikov, Tal Malkin, Seung Geol Choi, Wesley George, Angelos D. Keromytis, and Steven M. Bellovin. In Proceedings of the 35th IEEE Symposium on Security & Privacy (S&P), pp. 359 - 374. May 2014, San Jose, CA. (Acceptance rate: 13.5%)
  7. "On the Effectiveness of Traffic Analysis Against Anonymity Networks Using Flow Records"
    Sambuddho Chakravarty, Marco V. Barbera, Georgios Portokalidis, Michalis Polychronakis, and Angelos D. Keromytis. In Proceedings of the 15th Passive and Active Measurement Conference (PAM), pp. 247 - 254. March 2014, Los Angeles, CA. (Acceptance rate: 31.5%)
  8. "SAuth: Protecting User Accounts from Password Database Leaks"
    George Kontaxis, Elias Athanasopoulos, Georgios Portokalidis, and Angelos D. Keromytis. In Proceedings of the 20th ACM Conference on Computer and Communications Security (CCS), pp. 187 - 198. November 2013, Berlin, Germany. (Acceptance rate: 19.8%)
  9. "ShadowReplica: Efficient Parallelization of Dynamic Data Flow Tracking"
    Kangkook Jee, Vasileios P. Kemerlis, Angelos D. Keromytis, and Georgios Portokalidis. In Proceedings of the 20th ACM Conference on Computer and Communications Security (CCS), pp. 235 - 246. November 2013, Berlin, Germany. (Acceptance rate: 19.8%)
  10. "CloudFence: Data Flow Tracking as a Cloud Service"
    Vasilis Pappas, Vasileios P. Kemerlis, Angeliki Zavou, Michalis Polychronakis, and Angelos D. Keromytis. In Proceedings of the 16th International Symposium on Recent Advances in Intrusion Detection (RAID), pp. 411 - 431. October 2013, Saint Lucia. (Acceptance rate: 23%)
  11. "An Accurate Stack Memory Abstraction and Symbolic Analysis Framework for Executables"
    Kapil Anand, Khaled Elwazeer, Aparna Kotha, Matthew Smithson, Rajeev Barua, and Angelos D. Keromytis. In Proceedings of the 29th IEEE International Conference on Software Maintenance (ICSM), pp. 90 - 99. September 2013, Eindhoven, Netherlands. (Acceptance rate: 22%)
  12. "CellFlood: Attacking Tor Onion Routers on the Cheap"
    Marco Valerio Barbera, Vasileios P. Kemerlis, Vasilis Pappas, and Angelos D. Keromytis. In Proceedings of the 18th European Symposium on Research in Computer Security (ESORICS), pp. 664 - 681. September 2013, Egham, UK. (Acceptance rate: 18%)
  13. "A Privacy-Preserving Entropy-Driven Framework for Tracing DoS Attacks in VoIP"
    Zisis Tsiatsikas, Dimitris Geneiatakis, Georgios Kambourakis, and Angelos D. Keromytis. In Proceedings of the 8th International Conference on Availability, Reliability and Security (ARES), pp. 224- 229. September 2013, Regensburg, Germany.
  14. "Transparent ROP Exploit Mitigation using Indirect Branch Tracing"
    Vasilis Pappas, Michalis Polychronakis, and Angelos D. Keromytis. In Proceedings of the 22nd USENIX Security Symposium, pp. 447 - 462. August 2013, Washington, DC. (Acceptance rate: 16.2%)
  15. "Cloudopsy: an Autopsy of Data Flows in the Cloud"
    Angeliki Zavou, Vasilis Pappas, Vasileios P. Kemerlis, Michalis Polychronakis, Georgios Portokalidis, and Angelos D. Keromytis. In Proceedings of the 15th International Conference on Human-Computer Interaction (HCI), pp. 366 - 375. July 2013, Las Vegas, NV.
  16. "SecureGov: Secure Government Data Sharing"
    Jong Uk Choi, Soon Ae Chun, Dong Hwa Kim, and Angelos D. Keromytis. In Proceedings of the 14th Annual International Conference on Digital Government Research (dg.o), pp. 127 - 135. June 2013, Quebec City, Canada.
  17. "Bait and Snitch: Defending Computer Systems with Decoys"
    Jonathan Voris, Jill Jermyn, Angelos D. Keromytis, and Salvatore J. Stolfo. In Proceedings (electronic) of the Cyber Infrastructure Protection (CIP) Conference. September 2012, New York, NY. (Invited paper)
  18. "All Your Face Are Belong to Us: Breaking Facebook's Social Authentication"
    Iasonas Polakis, Marco Lancini, George Kontaxis, Federico Maggi, Sotiris Ioannidis, Angelos D. Keromytis, and Stefano Zanero. In Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC), pp. 399 - 408. December 2012, Orlando, FL. (Acceptance rate: 19%)
  19. "Self-healing Multitier Architectures Using Cascading Rescue Points"
    Angelika Zavou, Georgios Portokalidis, and Angelos D. Keromytis. In Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC), pp. 379 - 388. December 2012, Orlando, FL. (Acceptance rate: 19%)
  20. "Adaptive Defenses for Commodity Software Through Virtual Application Partitioning"
    Dimitris Geneiatakis, Georgios Portokalidis, Vasileios P. Kemerlis, and Angelos D. Keromytis. In Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS), pp. 133 - 144. October 2012, Raleigh, NC. (Acceptance rate: 18.9%)
  21. "Privacy-Preserving Social Plugins"
    George Kontaxis, Michalis Polychronakis, Angelos D. Keromytis, and Evangelos P. Markatos. In Proceedings of the 21st USENIX Security Symposium, pp. 631 - 646. August 2012, Bellevue, WA. (Acceptance rate: 19.4%)
  22. "kGuard: Lightweight Kernel Protection against Return-to-user Attacks"
    Vasileios P. Kemerlis, Georgios Portokalidis, and Angelos D. Keromytis. In Proceedings of the 21st USENIX Security Symposium, pp. 459 - 474. August 2012, Bellevue, WA. (Acceptance rate: 19.4%)
  23. "Towards a Universal Data Provenance Framework using Dynamic Instrumentation"
    Eleni Gessiou, Vasilis Pappas, Elias Athanasopoulos, Angelos D. Keromytis, and Sotiris Ioannidis. In Proceedings of the 27th IFIP International Information Security and Privacy Conference (SEC), pp. 103 - 114. June 2012, Heraclion, Crete, Greece. (Acceptance rate: 25%)
  24. "Smashing the Gadgets: Hindering Return-Oriented Programming Using In-Place Code Randomization"
    Vasilis Pappas, Michalis Polychronakis, and Angelos D. Keromytis. In Proceedings of the 33rd IEEE Symposium on Security & Privacy (S&P), pp. 601 - 615. May 2012, San Francisco, CA. (Acceptance rate: 13%)
  25. "libdft: Practical Dynamic Data Flow Tracking for Commodity Systems"
    Vasileios P. Kemerlis, Georgios Portokalidis, Kangkook Jee, and Angelos D. Keromytis. In Proceedings of the 8th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments (VEE), pp. 121 - 132. March 2012, London, UK.
  26. "A General Approach for Efficiently Accelerating Software-based Dynamic Data Flow Tracking on Commodity Hardware"
    Kangkook Jee, Georgios Portokalidis, Vasileios P. Kemerlis, Soumyadeep Ghosh, David I. August, and Angelos D. Keromytis. In Proceedings of the 19th Internet Society (ISOC) Symposium on Network and Distributed Systems Security (SNDSS). February 2012, San Diego, CA. (Acceptance rate: 17.8%)
  27. "A Multilayer Overlay Network Architecture for Enhancing IP Services Availability Against DoS"
    Dimitris Geneiatakis, Georgios Portokalidis, and Angelos D. Keromytis. In Proceedings of the 7th International Conference on Information Systems Security (ICISS), pp. 322 - 336. December 2011, Kolkata, India. (Acceptance rate: 22.8%)
  28. "ROP Payload Detection Using Speculative Code Execution"
    Michalis Polychronakis and Angelos D. Keromytis. In Proceedings of the 6th International Conference on Malicious and Unwanted Software (MALWARE), pp. 58 - 65. October 2011, Fajardo, PR. (Best Paper Award)
  29. "Detecting Traffic Snooping in Tor Using Decoys"
    Sambuddho Chakravarty, Georgios Portokalidis, Michalis Polychronakis, and Angelos D. Keromytis. In Proceedings of the 14th International Symposium on Recent Advances in Intrusion Detection (RAID), pp. 222 - 241. September 2011, Menlo Park, CA. (Acceptance rate: 23%)
  30. "Measuring the Deployment Hiccups of DNSSEC"
    Vasilis Pappas and Angelos D. Keromytis. In Proceedings of the International Conference on Advances in Computing and Communications (ACC), Part III, pp. 44 - 54. July 2011, Kochi, India. (Acceptance rate: 39%)
  31. "Misuse Detection in Consent-based Networks"
    Mansoor Alicherry and Angelos D. Keromytis. In Proceedings of the 9th International Conference on Applied Cryptography and Network Security (ACNS), pp. 38 - 56. June 2011, Malaga, Spain. (Acceptance rate: 18%)
  32. "Retrofitting Security in COTS Software with Binary Rewriting"
    Padraig O'Sullivan, Kapil Anand, Aparna Kothan, Matthew Smithson, Rajeev Barua, and Angelos D. Keromytis. In Proceedings of the 26th IFIP International Information Security Conference (SEC), pp. 154 - 172. June 2011, Lucerne, Switzerland. (Acceptance rate: 24%)
  33. "Fast and Practical Instruction-Set Randomization for Commodity Systems"
    Georgios Portokalidis and Angelos D. Keromytis. In Proceedings of the 26th Annual Computer Security Applications Conference (ACSAC), pp. 41 - 48. December 2010, Austin, TX. (Acceptance rate: 17%)
  34. "An Adversarial Evaluation of Network Signaling and Control Mechanisms"
    Kangkook Jee, Stelios Sidiroglou-Douskos, Angelos Stavrou, and Angelos D. Keromytis. In Proceedings of the 13th International Conference on Information Security and Cryptology (ICISC). December 2010, Seoul, Korea.
  35. "Evaluation of a Spyware Detection System using Thin Client Computing"
    Vasilis Pappas, Brian M. Bowen, and Angelos D. Keromytis. In Proceedings of the 13th International Conference on Information Security and Cryptology (ICISC), pp. 222 - 232. December 2010, Seoul, Korea.
  36. "Crimeware Swindling without Virtual Machines"
    Vasilis Pappas, Brian M. Bowen, and Angelos D. Keromytis. In Proceedings of the 13th Information Security Conference (ISC), pp. 196 - 202. October 2010, Boca Raton, FL. (Acceptance rate: 27.6%)
  37. "iLeak: A Lightweight System for Detecting Inadvertent Information Leaks"
    Vasileios P. Kemerlis, Vasilis Pappas, Georgios Portokalidis, and Angelos D. Keromytis. In Proceedings of the 6th European Conference on Computer Network Defense (EC2ND), pp. 21 - 28. October 2010, Berlin, Germany.
  38. "Traffic Analysis Against Low-Latency Anonymity Networks Using Available Bandwidth Estimation"
    Sambuddho Chakravarty, Angelos Stavrou, and Angelos D. Keromytis. In Proceedings of the 15th European Symposium on Research in Computer Security (ESORICS), pp. 249 - 267. September 2010, Athens, Greece. (Acceptance rate: 20%)
  39. "BotSwindler: Tamper Resistant Injection of Believable Decoys in VM-Based Hosts for Crimeware Detection"
    Brian M. Bowen, Pratap Prabhu, Vasileios P. Kemerlis, Stelios Sidiroglou, Angelos D. Keromytis, and Salvatore J. Stolfo. In Proceedings of the 13th International Symposium on Recent Advances in Intrusion Detection (RAID), pp. 118 - 137. September 2010, Ottawa, Canada. (Acceptance rate: 23.5%)
  40. "An Analysis of Rogue AV Campaigns"
    Marco Cova, Corrado Leita, Olivier Thonnard, Angelos D. Keromytis, and Marc Dacier. In Proceedings of the 13th International Symposium on Recent Advances in Intrusion Detection (RAID), pp. 442 - 463. September 2010, Ottawa, Canada. (Acceptance rate: 23.5%)
  41. "DIPLOMA: Distributed Policy Enforcement Architecture for MANETs"
    Mansoor Alicherry and Angelos D. Keromytis. In Proceedings of the 4th International Conference on Network and System Security (NSS), pp. 89 - 98. September 2010, Melbourne, Australia. (Acceptance rate: 26%)
  42. "Automating the Injection of Believable Decoys to Detect Snooping" (Short Paper)
    Brian M. Bowen, Vasileios Kemerlis, Pratap Prabhu, Angelos D. Keromytis, and Salvatore J. Stolfo. In Proceedings of the 3rd ACM Conference on Wireless Network Security (WiSec), pp. 81 - 86. March 2010, Hoboken, NJ. (Acceptance rate: 21%)
  43. "BARTER: Behavior Profile Exchange for Behavior-Based Admission and Access Control in MANETs"
    Vanessa Frias-Martinez, Salvatore J. Stolfo, and Angelos D. Keromytis. In Proceedings of the 5th International Conference on Information Systems Security (ICISS), pp. 193 - 207. December 2009, Kolkata, India. (Acceptance rate: 19.8%)
  44. "A Survey of Voice Over IP Security Research"
    Angelos D. Keromytis. In Proceedings of the 5th International Conference on Information Systems Security (ICISS), pp. 1 - 17. December 2009, Kolkata, India. (Invited paper)
  45. "A Network Access Control Mechanism Based on Behavior Profiles"
    Vanessa Frias-Martinez, Joseph Sherrick, Salvatore J. Stolfo, and Angelos D. Keromytis. In Proceedings of the 25th Annual Computer Security Applications Conference (ACSAC), pp. 3 - 12. December 2009, Honolulu, HI. (Acceptance rate: 20%)
  46. "Gone Rogue: An Analysis of Rogue Security Software Campaigns"
    Marco Cova, Corrado Leita, Olivier Thonnard, Angelos D. Keromytis, and Marc Dacier. In Proceedings of the 5th European Conference on Computer Network Defense (EC2ND), pp. 1 - 3. November 2009, Milan, Italy. (Invited paper)
  47. "Baiting Inside Attackers Using Decoy Documents"
    Brian M. Bowen, Shlomo Hershkop, Angelos D. Keromytis, and Salvatore J. Stolfo. In Proceedings of the 5th International ICST Conference on Security and Privacy in Communication Networks (SecureComm), pp. 51 - 70. September 2009, Athens, Greece. (Acceptance rate: 25.3%)
  48. "Deny-by-Default Distributed Security Policy Enforcement in Mobile Ad Hoc Networks (Short Paper)"
    Mansoor Alicherry, Angelos D. Keromytis, and Angelos Stavrou. In Proceedings of the 5th International ICST Conference on Security and Privacy in Communication Networks (SecureComm), pp. 41 - 50. September 2009, Athens, Greece. (Acceptance rate: 34.7%)
  49. "Adding Trust to P2P Distribution of Paid Content"
    Alex Sherman, Angelos Stavrou, Jason Nieh, Angelos D. Keromytis, and Clifford Stein. In Proceedings of the 12th Information Security Conference (ISC), pp. 459 - 474. September 2009, Pisa, Italy. (Acceptance rate: 27.6%)
  50. "A2M: Access-Assured Mobile Desktop Computing"
    Angelos Stavrou, Ricardo A. Baratto, Angelos D. Keromytis, and Jason Nieh. In Proceedings of the 12th Information Security Conference (ISC), pp. 186 - 201. September 2009, Pisa, Italy. (Acceptance rate: 27.6%)
  51. "F3ildCrypt: End-to-End Protection of Sensitive Information in Web Services"
    Matthew Burnside and Angelos D. Keromytis. In Proceedings of the 12th Information Security Conference (ISC), pp. 491 - 506. September 2009, Pisa, Italy. (Acceptance rate: 27.6%)
  52. "DoubleCheck: Multi-path Verification Against Man-in-the-Middle Attacks"
    Mansoor Alicherry and Angelos D. Keromytis. In Proceedings of the IEEE Symposium on Computers and Communications (ISCC), pp. 557 - 563. July 2009, Sousse, Tunisia. (Acceptance rate: 36%)
  53. "Voice over IP: Risks, Threats and Vulnerabilities"
    Angelos D. Keromytis. In Proceedings (electronic) of the Cyber Infrastructure Protection (CIP) Conference. June 2009, New York, NY. (Invited paper)
  54. "Capturing Information Flow with Concatenated Dynamic Taint Analysis"
    Hyung Chan Kim, Angelos D. Keromytis, Michael Covington, and Ravi Sahita. In Proceedings of the 4th International Conference on Availability, Reliability and Security (ARES), pp. 355 - 362. March 2009, Fukuoka, Japan. (Acceptance rate: 25%)
  55. "ASSURE: Automatic Software Self-healing Using REscue points"
    Stelios Sidiroglou, Oren Laadan, Nico Viennot, Carlos-René Pérez, Angelos D. Keromytis, and Jason Nieh. In Proceedings of the 14th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), pp. 37 - 48. March 2009, Washington, DC. (Acceptance rate: 25.6%)
  56. "Spectrogram: A Mixture-of-Markov-Chains Model for Anomaly Detection in Web Traffic"
    Yingbo Song, Angelos D. Keromytis, and Salvatore J. Stolfo. In Proceedings of the 16th Internet Society (ISOC) Symposium on Network and Distributed Systems Security (SNDSS), pp. 121 - 135. February 2009, San Diego, CA. (Acceptance rate: 11.7%)
  57. "Constructing Variable-Length PRPs and SPRPs from Fixed-Length PRPs"
    Debra L. Cook, Moti Yung, and Angelos D. Keromytis. In Proceedings of the 4th International Conference on Information Security and Cryptology (Inscrypt), pp. 157 - 180. December 2008, Beijing, China. (Acceptance rate: 17.5%)
  58. "Behavior-Profile Clustering for False Alert Reduction in Anomaly Detection Sensors"
    Vanessa Frias-Martinez, Salvatore J. Stolfo, and Angelos D. Keromytis. In Proceedings of the 24th Annual Computer Security Applications Conference (ACSAC), pp. 367 - 376. December 2008, Anaheim, CA. (Acceptance rate: 24.2%)
  59. "Authentication on Untrusted Remote Hosts with Public-key Sudo"
    Matthew Burnside, Mack Lu, and Angelos D. Keromytis. In Proceedings of the 22nd USENIX Large Installation Systems Administration (LISA) Conference, pp. 103 - 107. November 2008, San Diego, CA.
  60. "Behavior-Based Network Access Control: A Proof-of-Concept"
    Vanessa Frias-Martinez, Salvatore J. Stolfo, and Angelos D. Keromytis. In Proceedings of the 11th Information Security Conference (ISC), pp. 175 - 190. Taipei, Taiwan, September 2008. (Acceptance rate: 23.9%)
  61. "Path-based Access Control for Enterprise Networks"
    Matthew Burnside and Angelos D. Keromytis. In Proceedings of the 11th Information Security Conference (ISC), pp. 191 - 203. Taipei, Taiwan, September 2008. (Acceptance rate: 23.9%)
  62. "Methods for Linear and Differential Cryptanalysis of Elastic Block Ciphers"
    Debra L. Cook, Moti Yung, and Angelos D. Keromytis. In Proceedings of the 13th Australasian Conference on Information Security and Privacy (ACISP), pp. 187 - 202. July 2008, Wollongong, Australia.(Acceptance rate: 29.7%)
  63. "Pushback for Overlay Networks: Protecting against Malicious Insiders"
    Angelos Stavrou, Michael E. Locasto, and Angelos D. Keromytis. In Proceedings of the 6th International Conference on Applied Cryptography and Network Security (ACNS), pp 39 - 54. June 2008, New York, NY. (Acceptance rate: 22.9%)
  64. "Casting out Demons: Sanitizing Training Data for Anomaly Sensors"
    Gabriela F. Cretu, Angelos Stavrou, Michael E. Locasto, Salvatore J. Stolfo, and Angelos D. Keromytis. In Proceedings of the IEEE Symposium on Security & Privacy (S&P), pp. 81 - 95. May 2008, Oakland, CA. (Acceptance rate: 11.2%)
  65. "Taming the Devil: Techniques for Evaluating Anonymized Network Data"
    Scott E. Coull, Charles V. Wright, Angelos D. Keromytis, Fabian Monrose, and Michael K. Reiter. In Proceedings of the 15th Internet Society (ISOC) Symposium on Network and Distributed Systems Security (SNDSS), pp. 125 - 135. February 2008, San Diego, CA. (Acceptance rate: 17.8%)
  66. "SSARES: Secure Searchable Automated Remote Email Storage"
    Adam J. Aviv, Michael E. Locasto, Shaya Potter, and Angelos D. Keromytis. In Proceedings of the 23rd Annual Computer Security Applications Conference (ACSAC), pp. 129 - 138. December 2007, Miami Beach, FL. (Acceptance rate: 22%)
  67. "On the Infeasibility of Modeling Polymorphic Shellcode"
    Yingbo Song, Michael E. Locasto, Angelos Stavrou, Angelos D. Keromytis, and Salvatore J. Stolfo. In Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS), pp. 541 - 551. October/November 2007, Alexandria, VA. (Acceptance rate: 18.1%)
  68. "Defending Against Next Generation Attacks Through Network/Endpoint Collaboration and Interaction"
    Spiros Antonatos, Michael E. Locasto, Stelios Sidiroglou, Angelos D. Keromytis, and Evangelos P. Markatos. In Proceedings of the 3rd European Conference on Computer Network Defense (EC2ND). October 2007, Heraclion, Greece. (Invited paper)
  69. "Elastic Block Ciphers in Practice: Constructions and Modes of Encryption"
    Debra L. Cook, Moti Yung, and Angelos D. Keromytis. In Proceedings of the 3rd European Conference on Computer Network Defense (EC2ND). October 2007, Heraclion, Greece.
  70. "The Security of Elastic Block Ciphers Against Key-Recovery Attacks"
    Debra L. Cook, Moti Yung, and Angelos D. Keromytis. In Proceedings of the 10th Information Security Conference (ISC), pp. 89 - 103. Valparaiso, Chile, October 2007. (Acceptance rate: 25%)
  71. "Characterizing Self-healing Software Systems"
    Angelos D. Keromytis. In Proceedings of the 4th International Conference on Mathematical Methods, Models and Architectures for Computer Networks Security (MMM-ACNS), pp. 22 - 33. September 2007, St. Petersburg, Russia. (Invited paper)
  72. "A Study of Malcode-Bearing Documents"
    Wei-Jen Li, Salvatore J. Stolfo, Angelos Stavrou, Elli Androulaki, and Angelos D. Keromytis. In Proceedings of the 4th GI International Conference on Detection of Intrusions & Malware, and Vulnerability Assessment (DIMVA), pp. 231 - 250. July 2007, Lucerne, Switzerland. (Acceptance rate: 21%)
  73. "From STEM to SEAD: Speculative Execution for Automated Defense"
    Michael E. Locasto, Angelos Stavrou, Gabriela F. Cretu, and Angelos D. Keromytis. In Proceedings of the USENIX Annual Technical Conference, pp. 219 - 232. June 2007, Santa Clara, CA. (Acceptance rate: 18.75%)
  74. "Using Rescue Points to Navigate Software Recovery (Short Paper)"
    Stelios Sidiroglou, Oren Laadan, Angelos D. Keromytis, and Jason Nieh. In Proceedings of the IEEE Symposium on Security & Privacy (S&P), pp. 273 - 278. May 2007, Oakland, CA. (Acceptance rate: 8.3%)
  75. "Mediated Overlay Services (MOSES): Network Security as a Composable Service"
    Stelios Sidiroglou, Angelos Stavrou, and Angelos D. Keromytis. In Proceedings of the IEEE Sarnoff Symposium. May 2007, Princeton, NJ. (Invited paper)
  76. "Elastic Block Ciphers: The Basic Design"
    Debra L. Cook, Moti Yung, and Angelos D. Keromytis. In Proceedings of the 2nd ACM Symposium on InformAtion, Computer and Communications Security (ASIACCS), pp. 350 - 355. March 2007, Singapore.
  77. "Robust Reactions to Potential Day-Zero Worms through Cooperation and Validation"
    Kostas G. Anagnostakis, Michael B. Greenwald, Sotiris Ioannidis, and Angelos D. Keromytis. In Proceedings of the 9th Information Security Conference (ISC), pp. 427 - 442. August/September 2006, Samos, Greece. (Acceptance rate: 20.2%)
  78. "Low Latency Anonymity with Mix Rings"
    Matthew Burnside and Angelos D. Keromytis. In Proceedings of the 9th Information Security Conference (ISC), pp. 32 - 45. August/September 2006, Samos, Greece. (Acceptance rate: 20.2%)
  79. "W3Bcrypt: Encryption as a Stylesheet"
    Angelos Stavrou, Michael E. Locasto, and Angelos D. Keromytis. In Proceedings of the 4th International Conference on Applied Cryptography and Network Security (ACNS), pp. 349 - 364. June 2006, Singapore.
  80. "Software Self-Healing Using Collaborative Application Communities"
    Michael E. Locasto, Stelios Sidiroglou, and Angelos D. Keromytis. In Proceedings of the 13th Internet Society (ISOC) Symposium on Network and Distributed Systems Security (SNDSS), pp. 95 - 106. February 2006, San Diego, CA. (Acceptance rate: 13.6%)
  81. "Remotely Keyed Cryptographics: Secure Remote Display Access Using (Mostly) Untrusted Hardware"
    Debra L. Cook, Ricardo A. Baratto, and Angelos D. Keromytis. In Proceedings of the 7th International Conference on Information and Communications Security (ICICS), pp. 363 - 375. December 2005, Beijing, China. (Acceptance rate: 17.4%)
  82. "e-NeXSh: Achieving an Effectively Non-Executable Stack and Heap via System-Call Policing"
    Gaurav S. Kc and Angelos D. Keromytis. In Proceedings of the 21st Annual Computer Security Applications Conference (ACSAC), pp. 259 - 273. December 2005, Tucson, AZ. (Acceptance rate: 19.6%)
  83. "Action Amplification: A New Approach To Scalable Administration"
    Kostas G. Anagnostakis and Angelos D. Keromytis. In Proceedings of the 13th IEEE International Conference on Networks (ICON), vol. 2, pp. 862 - 867. November 2005, Kuala Lumpur, Malaysia.
  84. "A Repeater Encryption Unit for IPv4 and IPv6"
    Norimitsu Nagashima and Angelos D. Keromytis. In Proceedings of the 13th IEEE International Conference on Networks (ICON), vol. 1, pp. 335 - 340. November 2005, Kuala Lumpur, Malaysia.
  85. "Countering DoS Attacks With Stateless Multipath Overlays"
    Angelos Stavrou and Angelos D. Keromytis. In Proceedings of the 12th ACM Conference on Computer and Communications Security (CCS), pp. 249 - 259. November 2005, Alexandria, VA. (Acceptance rate: 15.2%)
  86. "A Dynamic Mechanism for Recovering from Buffer Overflow Attacks"
    Stelios Sidiroglou, Giannis Giovanidis, and Angelos D. Keromytis. In Proceedings of the 8th Information Security Conference (ISC), pp. 1 - 15. September 2005, Singapore. (Acceptance rate: 14%)
  87. "gore: Routing-Assisted Defense Against DDoS Attacks"
    Stephen T. Chou, Angelos Stavrou, John Ioannidis, and Angelos D. Keromytis. In Proceedings of the 8th Information Security Conference (ISC), pp. 179 - 193. September 2005, Singapore. (Acceptance rate: 14%)
  88. "FLIPS: Hybrid Adaptive Intrusion Prevention"
    Michael E. Locasto, Ke Wang, Angelos D. Keromytis, and Salvatore J. Stolfo. In Proceedings of the 8th International Symposium on Recent Advances in Intrusion Detection (RAID), pp. 82 - 101. September 2005, Seattle, WA. (Acceptance rate: 20.4%)
  89. "Detecting Targeted Attacks Using Shadow Honeypots"
    Kostas G. Anagnostakis, Stelios Sidiroglou, Periklis Akritidis, Konstantinos Xinidis, Evangelos P. Markatos, and Angelos D. Keromytis. In Proceedings of the 14th USENIX Security Symposium, pp. 129 - 144. August 2005, Baltimore, MD. (Acceptance rate: 14%)
  90. "The Bandwidth Exchange Architecture"
    David Michael Turner, Vassilis Prevelakis, and Angelos D. Keromytis. In Proceedings of the 10th IEEE Symposium on Computers and Communications (ISCC), pp. 939 - 944. June 2005, Cartagena, Spain.
  91. "An Email Worm Vaccine Architecture"
    Stelios Sidiroglou, John Ioannidis, Angelos D. Keromytis, and Salvatore J. Stolfo. In Proceedings of the 1st Information Security Practice and Experience Conference (ISPEC), pp. 97 - 108. April 2005, Singapore.
  92. "Building a Reactive Immune System for Software Services"
    Stelios Sidiroglou, Michael E. Locasto, Stephen W. Boyd, and Angelos D. Keromytis. In Proceedings of the USENIX Annual Technical Conference, pp. 149 - 161. April 2005, Anaheim, CA. (Acceptance rate: 20.3%)
  93. "Conversion and Proxy Functions for Symmetric Key Ciphers"
    Debra L. Cook and Angelos D. Keromytis. In Proceedings of the IEEE International Conference on Information Technology: Coding and Computing (ITCC), Information and Security (IAS) Track, pp. 662 - 667. April 2005, Las Vegas, NV.
  94. "The Effect of DNS Delays on Worm Propagation in an IPv6 Internet"
    Abhinav Kamra, Hanhua Feng, Vishal Misra, and Angelos D. Keromytis. In Proceedings of IEEE INFOCOM, vol. 4, pp. 2405 - 2414. March 2005, Miami, FL. (Acceptance rate: 17%)
  95. "MOVE: An End-to-End Solution To Network Denial of Service"
    Angelos Stavrou, Angelos D. Keromytis, Jason Nieh, Vishal Misra, and Dan Rubenstein. In Proceedings of the 12th Internet Society (ISOC) Symposium on Network and Distributed Systems Security (SNDSS), pp. 81 - 96. February 2005, San Diego, CA. (Acceptance rate: 12.9%)
  96. "CryptoGraphics: Secret Key Cryptography Using Graphics Cards"
    Debra L. Cook, John Ioannidis, Angelos D. Keromytis, and Jake Luck. In Proceedings of the RSA Conference, Cryptographer's Track (CT-RSA), pp. 334 - 350. February 2005, San Francisco, CA.
  97. "The Dual Receiver Cryptogram and Its Applications"
    Ted Diament, Homin K. Lee, Angelos D. Keromytis, and Moti Yung. In Proceedings of the 11th ACM Conference on Computer and Communications Security (CCS), pp. 330 - 343. October 2004, Washington, DC. (Acceptance rate: 13.9%)
  98. "Hydan: Hiding Information in Program Binaries"
    Rakan El-Khalil and Angelos D. Keromytis. In Proceedings of the 6th International Conference on Information and Communications Security (ICICS), pp. 187 - 199. October 2004, Malaga, Spain. (Acceptance rate: 16.9%)
  99. "Recursive Sandboxes: Extending Systrace To Empower Applications"
    Aleksey Kurchuk and Angelos D. Keromytis. In Proceedings of the 19th IFIP International Information Security Conference (SEC), pp. 473 - 487. August 2004, Toulouse, France. (Acceptance rate: 22%)
  100. "SQLrand: Preventing SQL Injection Attacks"
    Stephen W. Boyd and Angelos D. Keromytis. In Proceedings of the 2nd International Conference on Applied Cryptography and Network Security (ACNS), pp. 292 - 302. June 2004, Yellow Mountain, China. (Acceptance rate: 12.1%)
  101. "CamouflageFS: Increasing the Effective Key Length in Cryptographic Filesystems on the Cheap"
    Michael E. Locasto and Angelos D. Keromytis. In Proceedings of the 2nd International Conference on Applied Cryptography and Network Security (ACNS), pp. 1 - 15. June 2004, Yellow Mountain, China. (Acceptance rate: 12.1%)
  102. "A Pay-per-Use DoS Protection Mechanism For The Web"
    Angelos Stavrou, John Ioannidis, Angelos D. Keromytis, Vishal Misra, and Dan Rubenstein. In Proceedings of the 2nd International Conference on Applied Cryptography and Network Security (ACNS), pp. 120 - 134. June 2004, Yellow Mountain, China. (Acceptance rate: 12.1%)
  103. "Dealing with System Monocultures"
    Angelos D. Keromytis and Vassilis Prevelakis. In Proceedings (electronic) of the NATO Information Systems Technology (IST) Panel Symposium on Adaptive Defense in Unclassified Networks. April 2004, Toulouse, France.
  104. "Managing Access Control in Large Scale Heterogeneous Networks"
    Angelos D. Keromytis, Kostas G. Anagnostakis, Sotiris Ioannidis, Michael Greenwald, and Jonathan M. Smith. In Proceedings (electronic) of the NATO NC3A Symposium on Interoperable Networks for Secure Communications (INSC). November 2003, The Hague, Netherlands.
  105. "Countering Code-Injection Attacks With Instruction-Set Randomization"
    Gaurav S. Kc, Angelos D. Keromytis, and Vassilis Prevelakis. In Proceedings of the 10th ACM International Conference on Computer and Communications Security (CCS), pp. 272 - 280. October 2003, Washington, DC. (Acceptance rate: 13.8%) (ACM CCS 2013 Test of Time Award)
  106. "Using Graphic Turing Tests to Counter Automated DDoS Attacks Against Web Servers"
    William G. Morein, Angelos Stavrou, Debra L. Cook, Angelos D. Keromytis, Vishal Misra, and Dan Rubenstein. In Proceedings of the 10th ACM International Conference on Computer and Communications Security (CCS), pp. 8 - 19. October 2003, Washington, DC. (Acceptance rate: 13.8%)
  107. "EasyVPN: IPsec Remote Access Made Easy"
    Mark C. Benvenuto and Angelos D. Keromytis. In Proceedings of the 17th USENIX Large Installation Systems Administration (LISA) Conference, pp. 87 - 93. October 2003, San Diego, CA. (Acceptance rate: 25%)
  108. "A Cooperative Immunization System for an Untrusting Internet"
    Kostas G. Anagnostakis, Michael B. Greenwald, Sotiris Ioannidis, Angelos D. Keromytis, and Dekai Li. In Proceedings of the 11th IEEE International Conference on Networks (ICON), pp. 403 - 408. September/October 2003, Sydney, Australia.
  109. "Accelerating Application-Level Security Protocols"
    Matthew Burnside and Angelos D. Keromytis. In Proceedings of the 11th IEEE International Conference on Networks (ICON), pp. 313 - 318. September/October 2003, Sydney, Australia.
  110. "WebSOS: Protecting Web Servers From DDoS Attacks"
    Debra L. Cook, William G. Morein, Angelos D. Keromytis, Vishal Misra, and Dan Rubenstein. In Proceedings of the 11th IEEE International Conference on Networks (ICON), pp. 455 - 460. September/October 2003, Sydney, Australia.
  111. "TAPI: Transactions for Accessing Public Infrastructure"
    Matt Blaze, John Ioannidis, Sotiris Ioannidis, Angelos D. Keromytis, Pekka Nikander, and Vassilis Prevelakis. In Proceedings of the 8th IFIP Personal Wireless Communications (PWC) Conference, pp. 90 - 100. September 2003, Venice, Italy.
  112. "Tagging Data In The Network Stack: mbuf_tags"
    Angelos D. Keromytis. In Proceedings of the USENIX BSD Conference (BSDCon), pp. 125 - 131. September 2003, San Mateo, CA.
  113. "The Design of the OpenBSD Cryptographic Framework"
    Angelos D. Keromytis, Jason L. Wright, and Theo de Raadt. In Proceedings of the USENIX Annual Technical Conference, pp. 181 - 196. June 2003, San Antonio, TX. (Acceptance rate: 23%)
  114. "Secure and Flexible Global File Sharing"
    Stefan Miltchev, Vassilis Prevelakis, Sotiris Ioannidis, John Ioannidis, Angelos D. Keromytis, and Jonathan M. Smith. In Proceedings of the USENIX Annual Technical Conference, Freenix Track, pp. 165 - 178. June 2003, San Antonio, TX.
  115. "Experience with the KeyNote Trust Management System: Applications and Future Directions"
    Matt Blaze, John Ioannidis, and Angelos D. Keromytis. In Proceedings of the 1st International Conference on Trust Management, pp. 284 - 300. May 2003, Heraclion, Greece.
  116. "The STRONGMAN Architecture"
    Angelos D. Keromytis, Sotiris Ioannidis, Michael B. Greenwald, and Jonathan M. Smith. In Proceedings of the 3rd DARPA Information Survivability Conference and Exposition (DISCEX III), volume 1, pp. 178 - 188. April 2003, Washington, DC.
  117. "Efficient, DoS-Resistant, Secure Key Exchange for Internet Protocols"
    William Aiello, Steven M. Bellovin, Matt Blaze, Ran Canetti, John Ioannidis, Angelos D. Keromytis, and Omer Reingold. In Proceedings of the 9th ACM International Conference on Computer and Communications Security (CCS), pp. 48 - 58. November 2002, Washington, DC. (Acceptance rate: 17.6%)
  118. "Secure Overlay Services"
    Angelos D. Keromytis, Vishal Misra, and Dan Rubenstein. In Proceedings of the ACM SIGCOMM Conference, pp. 61 - 72. August 2002, Pittsburgh, PA. Also available through the ACM Computer Communications Review (SIGCOMM Proceedings), vol. 32, no. 4, October 2002. (Acceptance rate: 8.3%)
  119. "Using Overlays to Improve Network Security"
    Angelos D. Keromytis, Vishal Misra, and Dan Rubenstein. In Proceedings of the ITCom Conference, special track on Scalability and Traffic Control in IP Networks, pp. 245 - 254. July/August 2002, Boston, MA. (Invited paper)
  120. "Designing an Embedded Firewall/VPN Gateway"
    Vassilis Prevelakis and Angelos D. Keromytis. In Proceedings of the International Network Conference (INC), pp. 313 - 322. July 2002, Plymouth, England. (Best Paper Award)
  121. "A Study of the Relative Costs of Network Security Protocols"
    Stefan Miltchev, Sotiris Ioannidis, and Angelos D. Keromytis. In Proceedings of the USENIX Annual Technical Conference, Freenix Track, pp. 41 - 48. June 2002, Monterey, CA.
  122. "A Secure Plan (Extended Version)"
    Michael W. Hicks, Angelos D. Keromytis, and Jonathan M. Smith. In Proceedings of the DARPA Active Networks Conference and Exposition (DANCE), pp. 224 - 237. May 2002, San Francisco, CA. (Extended version of the paper IWAN 1999 paper.)
  123. "Fileteller: Paying and Getting Paid for File Storage"
    John Ioannidis, Sotiris Ioannidis, Angelos D. Keromytis, and Vassilis Prevelakis. In Proceedings of the 6th Financial Cryptography (FC) Conference, pp. 282 - 299. March 2002, Bermuda. (Acceptance rate: 25.6%)
  124. "Offline Micropayments without Trusted Hardware"
    Matt Blaze, John Ioannidis, and Angelos D. Keromytis. In Proceedings of the 5th Financial Cryptography (FC) Conference, pp. 21 - 40. February 2001, Cayman Islands.
  125. "Trust Management for IPsec"
    Matt Blaze, John Ioannidis, and Angelos D. Keromytis. In Proceedings of the 8th Internet Society (ISOC) Symposium on Network and Distributed Systems Security (SNDSS) , pp. 139 - 151. February 2001, San Diego, CA. (Acceptance rate: 24%)
  126. "Implementing a Distributed Firewall"
    Sotiris Ioannidis, Angelos D. Keromytis, Steven M. Bellovin, and Jonathan M. Smith. In Proceedings of the 7th ACM International Conference on Computer and Communications Security (CCS), pp. 190 - 199. November 2000, Athens, Greece. (Acceptance rate: 21.4%)
  127. "Implementing Internet Key Exchange (IKE)"
    Niklas Hallqvist and Angelos D. Keromytis. In Proceedings of the USENIX Annual Technical Conference, Freenix Track, pp. 201 - 214. June 2000, San Diego, CA.
  128. "Transparent Network Security Policy Enforcement"
    Angelos D. Keromytis and Jason Wright. In Proceedings of the USENIX Annual Technical Conference, Freenix Track, pp. 215 - 226. June 2000, San Diego, CA.
  129. "Cryptography in OpenBSD: An Overview"
    Theo de Raadt, Niklas Hallqvist, Artur Grabowski, Angelos D. Keromytis, and Niels Provos. In Proceedings of the USENIX Annual Technical Conference, Freenix Track, pp. 93 - 101. June 1999, Monterey, CA.
  130. "DHCP++: Applying an efficient implementation method for fail-stop cryptographic protocols"
    William A. Arbaugh, Angelos D. Keromytis, and Jonathan M. Smith. In Proceedings of the IEEE Global Internet (GlobeCom), pp. 59 - 65. November 1998, Sydney, Australia.
  131. "Automated Recovery in a Secure Bootstrap Process"
    William A. Arbaugh, Angelos D. Keromytis, David J. Farber, and Jonathan M. Smith. In Proceedings of the 5th Internet Society (ISOC) Symposium on Network and Distributed System Security (SNDSS), pp. 155 - 167. March 1998, San Diego, CA. An older version is available as University of Pennsylvania Technical Report MS-CIS-97-13.
  132. "Implementing IPsec"
    Angelos D. Keromytis, John Ioannidis, and Jonathan M. Smith. In Proceedings of the IEEE Global Internet (GlobeCom), pp. 1948 - 1952. November 1997, Phoenix, AZ.

Books/Book Chapters

  1. "Practical Software Diversification Using In-Place Code Randomization"
    Vasilis Pappas, Michalis Polychronakis, and Angelos D. Keromytis. In "Moving Target Defense II: Application of Game Theory and Adversarial Modeling", Sushil Jajodia, Anup K. Ghosh, V. S. Subrahmanian, Vipin Swarup, Cliff Wang, and X. Sean Wang (editors), pp. 169 - 196. Springer, 2012.
  2. Proceedings of the 2012 Financial Cryptography and Data Security (FC) Conference
    Angelos D. Keromytis (editor). Lecture Notes in Computer Science (LNCS) 7397. Springer, 2012.
  3. "Voice over IP Security: A Comprehensive Survey of Vulnerabilities and Academic Research"
    Angelos D. Keromytis. Springer Briefs, ISBN 978-1-4419-9865-1, April 2011.
  4. "Buffer Overflow Attacks"
    Angelos D. Keromytis. In Encyclopedia of Cryptography and Security, 2nd Edition, pp. 174 - 177. Springer, 2011.
  5. "Network Bandwidth Denial of Service (DoS)"
    Angelos D. Keromytis. In Encyclopedia of Cryptography and Security, 2nd Edition, pp. 836 - 838. Springer, 2011.
  6. "Monitoring Technologies for Mitigating Insider Threats"
    Brian M. Bowen, Malek Ben Salem, Angelos D. Keromytis, and Salvatore J. Stolfo. In Insider Threats in Cyber Security and Beyond, Matt Bishop, Dieter Gollman, Jeffrey Hunker, and Christian Probst (editors), pp. 197 - 218. Springer, 2010.
  7. "Voice over IP: Risks, Threats, and Vulnerabilities"
    Angelos D. Keromytis. In Cyber Infrastructure Security, Tarek Saadawi and Louis Jordan (editors). Strategic Study Institute (SSI), 2010.
  8. Proceedings of the 2008 New Security Paradigms Workshop (NSPW)
    Angelos D. Keromytis, Anil Somayaji, and M. Hossain Heydari (editors).
  9. Proceedings of the 6th International Conference on Applied Cryptography and Network Security (ACNS)
    Steven M. Bellovin, Rosario Gennaro, Angelos D. Keromytis, and Moti Yung (editors). Lecture Notes in Computer Science (LNCS). Springer, 2008.
  10. "Insider Attack and Cyber Security: Beyond the Hacker"
    Salvatore J. Stolfo, Steven M. Bellovin, Angelos D. Keromytis, Sara Sinclair, and Sean W. Smith (editors). Advances in Information Security Series, ISBN 978-0387773216. Springer, 2008.
  11. Proceedings of the 2007 New Security Paradigms Workshop (NSPW)
    Kostantin Beznosov (Editor), Angelos D. Keromytis (editor), and M. Hossain Heydari (Editor).
  12. "The Case for Self-Healing Software"
    Angelos D. Keromytis. In Aspects of Network and Information Security: Proceedings NATO Advanced Studies Institute (ASI) on Network Security and Intrusion Detection, held in Nork, Yerevan, Armenia, October 2006, E. Haroutunian, E. Kranakis, and E. Shahbazian (editors). IOS Press, 2007. (By invitation, as part of the NATO ASI on Network Security, October 2005.)
  13. "Designing Firewalls: A Survey"
    Angelos D. Keromytis and Vassilis Prevelakis. In Network Security: Current Status and Future Directions, Christos Douligeris and Dimitrios N. Serpanos (editors), pp. 33 - 49. Wiley - IEEE Press, April 2007.
  14. "Composite Hybrid Techniques for Defending against Targeted Attacks"
    Stelios Sidiroglou and Angelos D. Keromytis. In Malware Detection, vol. 27 of Advances in Information Security Series, Mihai Christodorescu, Somesh Jha, Douglas Maughan, Dawn Song, and Cliff Wang (editors). Springer, October 2006. (By invitation, as part of the ARO/DHS 2005 Workshop on Malware Detection.)
  15. "Trusted computing platforms and secure Operating Systems"
    Angelos D. Keromytis. In Phishing and Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft, Markus Jakobsson and Steven Myers (editors), pp. 387 - 405. Wiley, 2006.
  16. "CryptoGraphics: Exploiting Graphics Cards for Security"
    Debra Cook and Angelos D. Keromytis. Advances in Information Security Series, ISBN 0-387-29015-X. Springer, 2006.
  17. Proceedings of the 3rd Workshop on Rapid Malcode (WORM)
    Angelos D. Keromytis (editor). ACM Press, 2005.
  18. Proceedings of the 3rd International Conference on Applied Cryptography and Network Security (ACNS)
    John Ioannidis, Angelos D. Keromytis, and Moti Yung (editors). Lecture Notes in Computer Science (LNCS) 3531. Springer, 2005.
  19. "Distributed Trust"
    John Ioannidis and Angelos D. Keromytis. In Practical Handbook of Internet Computing, Munindar Singh (editor), pp. 47/1 - 47/16. CRC Press, 2004.
  20. "Experiences Enhancing Open Source Security in the POSSE Project"
    Jonathan M. Smith, Michael B. Greenwald, Sotiris Ioannidis, Angelos D. Keromytis, Ben Laurie, Douglas Maughan, Dale Rahn, and Jason L. Wright. In Free/Open Source Software Development, Stefan Koch (editor), pp. 242 - 257. Idea Group Publishing, 2004. Also re-published in Global Information Technologies: Concepts, Methodologies, Tools, and Applications, Felix B. Tan (editor), pp. 1587 - 1598. Idea Group Publishing, 2007.
  21. "STRONGMAN: A Scalable Solution to Trust Management in Networks"
    Angelos D. Keromytis. Ph.D. Thesis, University of Pennsylvania, November 2001.
  22. "The Role of Trust Management in Distributed Systems Security"
    Matt Blaze, Joan Feigenbaum, John Ioannidis, and Angelos D. Keromytis. In Secure Internet Programming: Issues in Distributed and Mobile Object Systems, Jan Vitek and Christian Jensen (editors), pp. 185 - 210. Springer-Verlag Lecture Notes in Computer Science State-of-the-Art series, 1999.
  23. "Security in Active Networks"
    D. Scott Alexander, William A. Arbaugh, Angelos D. Keromytis, and Jonathan M. Smith. In Secure Internet Programming: Issues in Distributed and Mobile Object Systems, Jan Vitek and Christian Jensen (editors), pp. 433 - 451. Springer-Verlag Lecture Notes in Computer Science State-of-the-Art series, 1999.

Workshops

  1. "Security and Privacy Measurements on Social Networks: Experiences and Lessons Learned"
    Iasonas Polakis, Federico Maggi, Stefano Zanero, and Angelos D. Keromytis. To appear in Proceedings of the 3rd International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS). September 2014, Wroclaw, Poland.
  2. "Computational Decoys for Cloud Security"
    George Kontaxis, Michalis Polychronakis, and Angelos D. Keromytis. In Proceedings of the ARO Workshop on Cloud Security. March 2013, Fairfax, VA.
  3. "Exploiting Split Browsers for Efficiently Protecting User Data"
    Angelika Zavou, Elias Athanasopoulos, Georgios Portokalidis, and Angelos D. Keromytis. In Proceedings of the ACM Cloud Computing Security Workshop (CCSW), pp. 37 - 42. October 2012, Raleigh, NC.
  4. "The MEERKATS Cloud Security Architecture"
    Angelos D. Keromytis, Roxana Geambasu, Simha Sethumadhavan, Salvatore J. Stolfo, Junfeng Yang, Azzedine Benameur, Marc Dacier, Matthew Elder, Darrell Kienzle, and Angelos Stavrou. In Proceedings of the 3rd International Workshop on Security and Privacy in Cloud Computing (ICDCS-SPCC), pp. 446 - 450. June 2012, Macao, China.
  5. "Fog Computing: Mitigating Insider Data Theft Attacks in the Cloud"
    Salvatore J. Stolfo, Malek Ben Salem, and Angelos D. Keromytis. In Proceedings of the Workshop on Research for Insider Threat (WRIT). May 2012, San Francisco, CA.
  6. "REASSURE: A Self-contained Mechanism for Healing Software Using Rescue Points"
    Georgios Portokalidis and Angelos D. Keromytis. In Proceedings of the 6th International Workshop on Security (IWSEC), pp. 16 - 32. November 2011, Tokyo, Japan. (Best Paper Award)
  7. "Taint-Exchange: a Generic System for Cross-process and Cross-host Taint Tracking"
    Angeliki Zavou, Georgios Portokalidis, and Angelos D. Keromytis. In Proceedings of the 6th International Workshop on Security (IWSEC), pp. 113 - 128. November 2011, Tokyo, Japan.
  8. "The MINESTRONE Architecture: Combining Static and Dynamic Analysis Techniques for Software Security"
    Angelos D. Keromytis, Salvatore J. Stolfo, Junfeng Yang, Angelos Stavrou, Anup Ghosh, Dawson Engler, Marc Dacier, Matthew Elder, and Darrell Kienzle. In Proceedings of the 1st Workshop on Systems Security (SysSec). July 2011, Amsterdam, Netherlands.
  9. "The SPARCHS Project: Hardware Support for Software Security"
    Simha Sethumadhavan, Salvatore J. Stolfo, David August, Angelos D. Keromytis, and Junfeng Yang. In Proceedings of the 1st Workshop on Systems Security (SysSec). July 2011, Amsterdam, Netherlands.
  10. "Towards a Forensic Analysis for Multimedia Communication Services"
    Dimitris Geneiatakis and Angelos D. Keromytis. In Proceedings of the 7th International Symposium on Frontiers in Networking with Applications (FINA), pp. 424 - 429. March 2011, Biopolis, Singapore.
  11. "Security Research with Human Subjects: Informed Consent, Risk, and Benefits"
    Maritza Johnson, Steven M. Bellovin, and Angelos D. Keromytis. In Proceedings of the 2nd Workshop on Ethics in Computer Security Research (WECSR). March 2011, Saint Lucia.
  12. "Global ISR: Toward a Comprehensive Defense Against Unauthorized Code Execution"
    Georgios Portokalidis and Angelos D. Keromytis. In Proceedings of the ARO Workshop on Moving Target Defense, pp. 49 - 76. October 2010, Fairfax, VA.
  13. "Securing MANET Multicast Using DIPLOMA"
    Mansoor Alicherry and Angelos D. Keromytis. In Proceedings of the 5th International Workshop on Security (IWSEC), pp. 232 - 250. November 2010, Kobe, Japan. (Acceptance rate: 29%)
  14. "Evaluating a Collaborative Defense Architecture for MANETs"
    Mansoor Alicherry, Angelos Stavrou, and Angelos D. Keromytis. In Proceedings (electronic) of the IEEE Workshop on Collaborative Security Technologies (CoSec), pp. 37 - 42. December 2009, Bangalore, India. (Acceptance rate: 17.2%)
  15. "Identifying Proxy Nodes in a Tor Anonymization Circuit"
    Sambuddho Chakravarty, Angelos Stavrou, and Angelos D. Keromytis. In Proceedings of the 2nd Workshop on Security and Privacy in Telecommunications and Information Systems (SePTIS), pp. 633 - 639. December 2008, Bali, Indonesia. (Acceptance rate: 37.5%)
  16. "Online Network Forensics for Automatic Repair Validation"
    Michael E. Locasto, Matthew Burnside, and Angelos D. Keromytis. In Proceedings of the 3rd International Workshop on Security (IWSEC), pp. 136 - 151. November 2008, Kagawa, Japan. (Acceptance rate: 19.1%)
  17. "Return Value Predictability for Self-Healing"
    Michael E. Locasto, Angelos Stavrou, Gabriela F. Cretu, Angelos D. Keromytis, and Salvatore J. Stolfo. In Proceedings of the 3rd International Workshop on Security (IWSEC), pp. 152 - 166. November 2008, Kagawa, Japan. (Acceptance rate: 19.1%)
  18. "Asynchronous Policy Evaluation and Enforcement"
    Matthew Burnside and Angelos D. Keromytis. In Proceedings of the 2nd Computer Security Architecture Workshop (CSAW), pp. 45 - 50. October 2008, Fairfax, VA.
  19. "Race to the bottom: Malicious Hardware"
    Angelos D. Keromytis, Simha Sethumadhavan, and Ken Shepard. In Proceedings of the 1st FORWARD Invitational Workshop for Identifying Emerging Threats in Information and Communication Technology Infrastructures. April 2008, Goteborg, Sweden. (Invited paper)
  20. "Arachne: Integrated Enterprise Security Management"
    Matthew Burnside and Angelos D. Keromytis. In Proceedings of the 8th Annual IEEE SMC Information Assurance Workshop (IAW), pp. 214 - 220. June 2007, West Point, NY.
  21. "Poster Paper: Band-aid Patching"
    Stelios Sidiroglou, Sotiris Ioannidis, and Angelos D. Keromytis. In Proceedings of the 3rd Workshop on Hot Topics in System Dependability (HotDep), pp. 102 - 106. June 2007, Edinburgh, UK.
  22. "Data Sanitization: Improving the Forensic Utility of Anomaly Detection Systems"
    Gabriela F. Cretu, Angelos Stavrou, Salvatore J. Stolfo, and Angelos D. Keromytis. In Proceedings of the 3rd Workshop on Hot Topics in System Dependability (HotDep), pp. 64 - 70. June 2007, Edinburgh, UK.
  23. "Bridging the Network Reservation Gap Using Overlays"
    Angelos Stavrou, David Michael Turner, Angelos D. Keromytis, and Vassilis Prevelakis. In Proceedings of the 1st Workshop on Information Assurance for Middleware Communications (IAMCOM), pp. 1 - 6. January 2007, Bangalore, India.
  24. "Next Generation Attacks on the Internet"
    Evangelos P. Markatos and Angelos D. Keromytis. In Proceedings (electronic) of the EU-US Summit Series on Cyber Trust: Workshop on System Dependability & Security, pp. 67 - 73. November 2006, Dublin, Ireland. (Invited paper)
  25. "Dark Application Communities"
    Michael E. Locasto, Angelos Stavrou, and Angelos D. Keromytis. In Proceedings of the New Security Paradigms Workshop (NSPW), pp. 11 - 18. September 2006, Schloss Dagstuhl, Germany.
  26. "Privacy as an Operating System Service"
    Sotiris Ioannidis, Stelios Sidiroglou, and Angelos D. Keromytis. In Proceedings (electronic) of the 1st Workshop on Hot Topics in Security (HotSec). July 2006, Vancouver, Canada.
  27. "PalProtect: A Collaborative Security Approach to Comment Spam"
    Benny Wong, Michael E. Locasto, and Angelos D. Keromytis. In Proceedings of the 7th Annual IEEE SMC Information Assurance Workshop (IAW), pp. 170 - 175. June 2006, West Point, NY.
  28. "Adding a Flow-Oriented Paradigm to Commodity Operating Systems"
    Christian Soviani, Stephen A. Edwards, and Angelos D. Keromytis. In Proceedings of the Workshop on Interaction between Operating System and Computer Architecture (IOSCA), held in conjunction with the IEEE International Symposium on Workload Characterization, pp. 1 - 6. October 2005, Austin, TX.
  29. "Speculative Virtual Verification: Policy-Constrained Speculative Execution"
    Michael E. Locasto, Stelios Sidiroglou, and Angelos D. Keromytis. In Proceedings of the New Security Paradigms Workshop (NSPW), pp. 119 - 124. September 2005, Lake Arrowhead, CA.
  30. "Application Communities: Using Monoculture for Dependability"
    Michael E. Locasto, Stelios Sidiroglou, and Angelos D. Keromytis. In Proceedings of the 1st Workshop on Hot Topics in System Dependability (HotDep), held in conjunction with the International Conference on Dependable Systems and Networks (DSN), pp. 288 - 292. June 2005, Yokohama, Japan.
  31. "Towards Collaborative Security and P2P Intrusion Detection"
    Michael E. Locasto, Janak Parekh, Angelos D. Keromytis, and Salvatore J. Stolfo. In Proceedings of the 6th Annual IEEE SMC Information Assurance Workshop (IAW), pp. 333 - 339. June 2005, West Point, NY.
  32. "FlowPuter: A Cluster Architecture Unifying Switch, Server and Storage Processing"
    Alfred V. Aho, Angelos D. Keromytis, Vishal Misra, Jason Nieh, Kenneth A. Ross, and Yechiam Yemini. In Proceedings of the 1st International Workshop on Data Processing and Storage Networking: towards Grid Computing (DPSN), pp. 2/1 - 2/7. May 2004, Athens, Greece.
  33. "One Class Support Vector Machines for Detecting Anomalous Windows Registry Accesses"
    Katherine Heller, Krysta Svore, Angelos D. Keromytis, and Salvatore J. Stolfo. In Proceedings of the ICDM Workshop on Data Mining for Computer Security, held in conjunction with the 3rd International IEEE Conference on Data Mining, pp. 2 - 9. November 2003, Melbourn, FL.
  34. "A Holistic Approach to Service Survivability"
    Angelos D. Keromytis, Janak Parekh, Philip N. Gross, Gail Kaiser, Vishal Misra, Jason Nieh, Dan Rubenstein, and Salvatore J. Stolfo. In Proceedings of the 1st ACM Workshop on Survivable and Self-Regenerative Systems (SSRS), held in conjunction with the 10th ACM International Conference on Computer and Communications Security (CCS), pp. 11 - 22. October 2003, Fairfax, VA.
  35. "High-Speed I/O: The Operating System As A Signalling Mechanism"
    Matthew Burnside and Angelos D. Keromytis. In Proceedings of the ACM SIGCOMM Workshop on Network-I/O Convergence: Experience, Lessons, Implications (NICELI), held in conjunction with the ACM SIGCOMM Conference, pp. 220 - 227. August 2003, Karlsruhe, Germany.
  36. "A Network Worm Vaccine Architecture"
    Stelios Sidiroglou and Angelos D. Keromytis. In Proceedings of the 12th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE), Workshop on Enterprise Security, pp. 220 - 225. June 2003, Linz, Austria.
  37. "Design and Implementation of Virtual Private Services"
    Sotiris Ioannidis, Steven M. Bellovin, John Ioannidis, Angelos D. Keromytis, and Jonathan M. Smith. In Proceedings of the 12th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE), Workshop on Enterprise Security, Special Session on Trust Management in Collaborative Global Computing, pp. 269 - 274. June 2003, Linz, Austria.
  38. "WebDAVA: An Administrator-Free Approach To Web File-Sharing"
    Alexander Levine, Vassilis Prevelakis, John Ioannidis, Sotiris Ioannidis, and Angelos D. Keromytis. In Proceedings of the 12th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE), Workshop on Distributed and Mobile Collaboration, pp. 59 - 64. June 2003, Linz, Austria.
  39. "Protocols for Anonymity in Wireless Networks"
    Matt Blaze, John Ioannidis, Angelos D. Keromytis, Tal Malkin, and Avi Rubin. In Proceedings of the 11th International Workshop on Security Protocols. April 2003, Cambridge, England.
  40. "xPF: Packet Filtering for Low-Cost Network Monitoring"
    Sotiris Ioannidis, Kostas G. Anagnostakis, John Ioannidis, and Angelos D. Keromytis. In Proceedings of the Workshop on High Performance Switching and Routing (HPSR), pp. 121 - 126. May 2002, Kobe, Japan.
  41. "Toward Understanding the Limits of DDoS Defenses"
    Matt Blaze, John Ioannidis, and Angelos D. Keromytis. In Proceedings of the 10th International Workshop on Security Protocols, Springer-Verlag Lecture Notes in Computer Science, vol. 2467. April 2002, Cambridge, England.
  42. "Toward A Unified View of Intrusion Detection and Security Policy"
    Matt Blaze, Angelos D. Keromytis, and Salvatore J. Stolfo. In Proceedings of the 10th International Workshop on Security Protocols, Springer-Verlag Lecture Notes in Computer Science, vol. 2467. April 2002, Cambridge, England.
  43. "Efficient, DoS-resistant, Secure Key Exchange for Internet Protocols"
    William Aiello, Steven M. Bellovin, Matt Blaze, Ran Canetti, John Ioannidis, Angelos D. Keromytis, and Omer Reingold. In Proceedings of the 9th International Workshop on Security Protocols, Springer-Verlag Lecture Notes in Computer Science, vol. 2133, pp. 40 - 48. April 2001, Cambridge, England.
  44. "Scalable Resource Control in Active Networks"
    Kostas G. Anagnostakis, Michael W. Hicks, Sotiris Ioannidis, Angelos D. Keromytis, and Jonathan M. Smith. In Proceedings of the 2nd International Workshop for Active Networks (IWAN), pp. 343 - 357. October 2000, Tokyo, Japan.
  45. "A Secure Plan"
    Michael W. Hicks and Angelos D. Keromytis. In Proceedings of the 1st International Workshop for Active Networks (IWAN), pp. 307 - 314. June - July 1999, Berlin, Germany. An extended version is available as University of Pennsylvania Technical Report MS-CIS-99-14, and was also published in the Proceedings of the DARPA Active Networks Conference and Exposition (DANCE), May 2002.
  46. "Trust Management and Network Layer Security Protocols"
    Matt Blaze, John Ioannidis, and Angelos D. Keromytis. In Proceedings of the 7th International Workshop on Security Protocols, Springer-Verlag Lecture Notes in Computer Science, vol. 1796, pp. 103 - 108. April 1999, Cambridge, England.
  47. "The SwitchWare Active Network Implementation"
    D. Scott Alexander, Michael W. Hicks, Pankaj Kakkar, Angelos D. Keromytis, Marianne Shaw, Jonathan T. Moore, Carl A. Gunter, Trevor Jim, Scott M. Nettles, and Jonathan M. Smith. In Proceedings of the ACM SIGPLAN Workshop on ML, held in conjunction with the International Conference on Functional Programming (ICFP), pp. 67 - 76. September 1998, Baltimore, MD.
  48. "KeyNote: Trust Management for Public-Key Infrastructures"
    Matt Blaze, Joan Feigenbaum, and Angelos D. Keromytis. In Proceedings of the 6th International Workshop on Security Protocols, Springer-Verlag Lecture Notes in Computer Science, vol. 1550, pp. 59 - 63. April 1998, Cambridge, England. Also available as AT&T Technical Report 98.11.1.

Additional Publications

  1. "Transport Layer Security (TLS) Authorization Using KeyNote"
    Angelos D. Keromytis. Request For Comments (RFC) 6042, October 2010.
  2. "X.509 Key and Signature Encoding for the KeyNote Trust Management System"
    Angelos D. Keromytis. Request For Comments (RFC) 5708, January 2010.
  3. "SSARES: Secure Searchable Automated Remote Email Storage"
    Adam J. Aviv, Michael E. Locasto, Shaya Potter, and Angelos D. Keromytis. In the Columbia Computer Science Student Research Symposium, Fall 2006.
  4. "IP Security Policy Requirements"
    Matt Blaze, Angelos D. Keromytis, Michael Richardson, and Luis Sanchez. Request For Comments (RFC) 3586, August 2003.
  5. "On the Use of Stream Control Transmission Protocol (SCTP) with IPsec"
    Steven M. Bellovin, John Ioannidis, Angelos D. Keromytis, and Randal R. Stewart. Request For Comments (RFC) 3554, June 2003.
  6. "The Use of HMAC-RIPEMD-160-96 within ESP and AH"
    Angelos D. Keromytis and Niels Provos. Request For Comments (RFC) 2857, June 2000.
  7. "DSA and RSA Key and Signature Encoding for the KeyNote Trust Management System"
    Matt Blaze, John Ioannidis, and Angelos D. Keromytis. Request For Comments (RFC) 2792, March 2000.
  8. "The KeyNote Trust-Management System, Version 2"
    Matt Blaze, Joan Feigenbaum, John Ioannidis, and Angelos D. Keromytis. Request For Comments (RFC) 2704, September 1999.

Technical Reports/Works in Progress

  1. "Symantec Report on Rogue Security Software, July 2008 - June 2009"
    Marc Fossi, Dean Turner, Eric Johnson, Trevor Mack, Teo Adams, Joseph Blackbird, Mo King Low, David McKinney, Marc Dacier, Angelos D. Keromytis, Corrado Leita, Marco Cova, Jon Orbeton, and Olivier Thonnard. Symantec Technical Report, October 2009.
  2. "LinkWidth: A Method to Measure Link Capacity and Available Bandwidth using Single-End Probes"
    Sambuddho Chakravarty, Angelos Stavrou, and Angelos D. Keromytis. Columbia University Computer Science Department Technical Report CUCS-002-08, January 2008.
  3. "Can P2P Replace Direct Download for Content Distribution?"
    Alex Sherman, Angelos Stavrou, Jason Nieh, Cliff Stein, and Angelos D. Keromytis. Columbia University Computer Science Department Technical Report CUCS-020-07, March 2007.
  4. "A Model for Automatically Repairing Execution Integrity"
    Michael E. Locasto, Gabriela F. Cretu, Angelos Stavrou, and Angelos D. Keromytis. Columbia University Computer Science Department Technical Report CUCS-005-07, January 2007.
  5. "Speculative Execution as an Operating System Service"
    Michael E. Locasto and Angelos D. Keromytis. Columbia University Computer Science Department Technical Report CUCS-024-06, May 2006.
  6. "Quantifying Application Behavior Space for Detection and Self-Healing"
    Michael E. Locasto, Angelos Stavrou, Gabriela F. Cretu, Angelos D. Keromytis, and Salvatore J. Stolfo. Columbia University Computer Science Department Technical Report CUCS-017-06, April 2006.
  7. "Bloodhound: Searching Out Malicious Input in Network Flows for Automatic Repair Validation"
    Michael E. Locasto, Matthew Burnside, and Angelos D. Keromytis. Columbia University Computer Science Department Technical Report CUCS-016-06, April 2006.
  8. "Binary-level Function Profiling for Intrusion Detection and Smart Error Virtualization"
    Michael E. Locasto and Angelos D. Keromytis. Columbia University Computer Science Department Technical Report CUCS-002-06, January 2006.
  9. "A General Analysis of the Security of Elastic Block Ciphers"
    Debra Cook, Moti Yung, and Angelos D. Keromytis. Columbia University Computer Science Department Technical Report CUCS-038-05, September 2005.
  10. "The Pseudorandomness of Elastic Block Ciphers"
    Debra Cook, Moti Yung, and Angelos D. Keromytis. Columbia University Computer Science Department Technical Report CUCS-037-05, September 2005.
  11. "PachyRand: SQL Randomization for the PostgreSQL JDBC Driver"
    Michael E. Locasto and Angelos D. Keromytis. Columbia University Computer Science Department Technical Report CUCS-033-05, August 2005.
  12. "Elastic Block Ciphers: The Feistel Cipher Case"
    Debra L. Cook, Moti Yung, and Angelos D. Keromytis. Columbia University Computer Science Department Technical Report CUCS-021-04, May 2004.
  13. "Collaborative Distributed Intrusion Detection"
    Michael E. Locasto, Janak J. Parekh, Salvatore J. Stolfo, Angelos D. Keromytis, Tal Malkin, and Vishal Misra. Columbia University Computer Science Department Technical Report CUCS-012-04, March 2004.
  14. "Elastic Block Ciphers"
    Debra L. Cook, Moti Yung, and Angelos D. Keromytis. Columbia University Computer Science Department Technical Report CUCS-010-04, February 2004.
  15. "Just Fast Keying (JFK)"
    William Aiello, Steven M. Bellovin, Matt Blaze, Ran Canetti, John Ioannidis, Angelos D. Keromytis, and Omer Reingold. IETF IPsec Working Group, April 2002,.
  16. "CASPER: Compiler-Assisted Securing of Programs at Runtime"
    Gaurav S. Kc, Stephen A. Edwards, Gail E. Kaiser, and Angelos D. Keromytis. Columbia University Computer Science Department Technical Report CUCS-025-02, 2002.
  17. "The 'suggested ID' extension for IKE"
    Angelos D. Keromytis and William Sommerfeld. IETF IPsec Working Group, November 2001.
  18. "SPKI: ShrinkWrap"
    Angelos D. Keromytis and William A. Simpson. IETF SPKI Working Group, September 1997.
  19. "Active Network Encapsulation Protocol (ANEP)"
    D. Scott Alexander, Bob Braden, Carl A. Gunter, Alden W. Jackson, Angelos D. Keromytis, Gary J. Minden, and David Wetherall. Active Networks Group, DARPA Active Networks Project, August 1997.
  20. "Creating Efficient Fail-Stop Cryptographic Protocols"
    Angelos D. Keromytis and Jonathan M. Smith. University of Pennsylvania Technical Report MS-CIS-96-32, December 1996.