Publications

Most of these papers are in Postscript® format; these are also available in PDF ®. If you need a Postscript viewer, try Ghostscript.

Books and Chapters

Salvatore Stolfo, Steven M. Bellovin, Angelos D. Keromytis, Sara Sinclair, Sean Smith, and Shlomo Hershkop, Ed. Insider Attack and Cyber Security: Beyond the Hacker (Advances in Information Security). Springer, 2008.
Seymour E. Goodman and Herbert S. Lin, Ed. Toward a Safer and More Secure Cyberspace. National Academies Press, 2007. (Printed copies may be ordered from the National Academies Press.)
Stephen T. Kent and Lynette I. Millett, Ed. Who Goes There?: Authentication Through the Lens of Privacy. National Academies Press, 2003.
W. R. Cheswick, S. M. Bellovin, and A.D. Rubin. Firewalls and Internet Security: Repelling the Wily Hacker, Addison-Wesley, 2003, Second Edition.
Fred Schneider, ed., Trust in Cyberspace, National Academy Press, 1999.
Steven M. Bellovin, "Network and Internet Security", in Peter Denning and Dorothy Denning, eds., Internet Besieged: Countering Cyberspace Scofflaws, ACM Press, 1997.
Steven M. Bellovin, "Network Security Issues", in A. Tucker, ed., CRC Computer Science and Engineering Handbook, CRC Press, 1996.
Steven M. Bellovin, "Security and Software Engineering," in B. Krishnamurthy, editor. Practical Reusable UNIX Software. John Wiley & Sons, 1995.
W. R. Cheswick and S. M. Bellovin. Firewalls and Internet Security: Repelling the Wily Hacker, Addison-Wesley, 1994, First Edition. (Full text online.)

Papers

Quick Index
Host and Internet Security
Networking
Cryptography
Public Policy
IETF RFCs and Internet Drafts
IEEE Security and Privacy Columns

Host and Internet Security

Hang Zhao, Chi-Kin Chau, and Steven M. Bellovin, "ROFL: Routing as the Firewall Layer", New Security Paradigms Workshop, to appear. (A version of this paper has appeared as Technical Report CUCS-026-08.)
Maritza L. Johnson, Chaitanya Atreya, Adam J. Aviv, Steven M. Bellovin, and Gail E. Kaiser, RUST: A Retargetable Usability Testbed for Web Site Authentication Technologies, Usenix UPSEC '80: Usability, Psychology, and Security, 2008.
Kyle Dent and Steven M. Bellovin, Newspeak: A Secure Approach for Designing Web Applications, Technical Report CUCS-008-08, February 2008.
Hang Zhao and Steven M. Bellovin, Policy Algebras for Hybrid Firewalls, Technical Report CUCS-017-07, March 2007.
Steven M. Bellovin, "Virtual Machines, Virtual Security", Communications of the ACM, Vol. 49, No. 10, October 2006, Inside Risks.
Sotiris Ioannidis, Steven M. Bellovin, John Ioannidis, Angelos D. Keromytis, Kostas Anagnostakis, and Jonathan M. Smith, Virtual Private Services: Coordinated Policy Enforcement for Distributed Applications, International Journal of Network Security, Vol.4, No.1, pp.69-80, Jan. 2007.
Ka-Ping Yee, David Wagner, Marti Hearst and Steven M. Bellovin, "Prerendered User Interfaces for Higher-Assurance Electronic Voting", Usenix/ACCURATE Electronic Voting Technology Workshop, August 2006. (An earlier version appeared as U.C. Berkeley EECS Technical Report No. UCB/EECS-2006-35, April 5, 2006.)
Steven M. Bellovin, Angelos Keromytis, and Bill Cheswick, "Worm Propagation Strategies in an IPv6 Internet", ;login:, February 2006, pp. 70-76. (PDF.)
Steven M. Bellovin, John Ioannidis, and Randy Bush. Position Paper: Operational Requirements for Secured BGP. DHS Secure Routing Workshop, March 2005. (PDF here.)
Steven M. Bellovin and Emden R. Gansner, Using Link Cuts to Attack Internet Routing, May 2003. Draft; do not mirror or archive. (PDF here.)
Sotiris Ioannidis, Steven M. Bellovin, John Ioannidis, Angelos D. Keromytis, and Jonathan M. Smith. "Design and Implementation of Virtual Private Services", Proceedings of the IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE), Workshop on Enterprise Security, Special Session on Trust Management in Collaborative Global Computing. June 2003, Linz, Austria. (PDF here.)
Sotiris Ioannidis, Steven M. Bellovin, and Jonathan Smith, "Sub-Operating Systems: A New Approach to Application Security", SIGOPS European Workshop, September 2002. (PDF here.)
Ratul Mahajan, Steven M. Bellovin, Sally Floyd, John Ioannidis, Vern Paxson, and Scott Shenker, Controlling High Bandwidth Aggregates in the Network, Computer Communications Review 32:3, July 2002, pp. 62-73. (PDF here.) This is the primary citation for pushback, a DDoS defense technique.
John Ioannidis and Steven M. Bellovin, "Implementing Pushback: Router-Based Defense Against DDoS Attacks", NDSS, February 2002. (PDF here.)
Peter M. Gleitz and Steven M. Bellovin, "Transient Addressing for Related Processes: Improved Firewalling by Using IPV6 and Multiple Addresses per Host", Proceedings of the Eleventh Usenix Security Symposium, August 2001. (PDF here; HTML here.)
Sotiris Ioannidis and Steven M. Bellovin, "Building a Secure Web Browser", Usenix Conference, June 2001. (PDF here.)
Steven M. Bellovin, Computer Security -- An End State?, Communications of the ACM, Vol. 44, No. 3, March 2001, pp. 131-132. (PDF here.)
S.M. Bellovin, C. Cohen, J. Havrilla, S. Herman, B. King, J. Lanza, L. Pesante, R. Pethia, S. McAllister, G. Henault, R.T. Goodden, A. P. Peterson, S. Finnegan, K. Katano, R.M. Smith, R.A. Lowenthal, Results of the Security in ActiveX Workshop, December 2000.
Sotiris Ioannidis, Angelos D. Keromytis, Steven M. Bellovin, and Jonathan M. Smith, "Implementing a Distributed Firewall", ACM Conference on Computer and Communications Security, Athens, Greece, November 2000. (PDF here.)
J.S. Denker, S.M. Bellovin, H. Daniel, N.L. Mintz, T. Killian, and M.A. Plotnick, "Moat: A Virtual Private Network Appliance and Services Platform", Proceedings of LISA XIII, November 1999, pp. 251-260. (PDF here.)
Steven M. Bellovin, "Distributed Firewalls", ;login:, November 1999, pp. 39-47. (HTML, Postscript, PDF.)
Steven M. Bellovin, Why Systems Administration is Hard, foreword to Solaris Security, Peter Gregory, Prentice-Hall, 1999.
William Cheswick and Steven M. Bellovin, "How Computer Security Works: Firewalls", Scientific American, October 1998, pp. 106-107.
Bill Cheswick and Steven M. Bellovin, "A DNS Filter and Switch for Packet-filtering Gateways," in Proceedings of the Sixth Usenix UNIX Security Symposium, pp. 15-19, San Jose, CA, July 1996.
Steven M. Bellovin, "Using the Domain Name System for System Break-Ins", in Proceedings of the Fifth Usenix UNIX Security Symposium, Salt Lake City, UT, June, 1995. (PDF here.)
Steven M.Bellovin, "Security and Uses of the Internet", in Proceedings of the North American Serials Interest Group", June 1995.
Steven M. Bellovin, "There Be Dragons," in Proceedings of the Third Usenix UNIX Security Symposium , pp. 1-16, 1992. (PDF here.)
Steven M. Bellovin, "Towards a Commercial IP Security Option", in Commercial IPSO Workshop, INTEROP '89, October 1989.
Steven M. Bellovin, "Security Problems in the TCP/IP Protocol Suite," in Computer Communications Review 2:19, pp. 32-48, April 1989. (PDF here.)
Steven M. Bellovin, "The Session Tty Manager," in USENIX Conference Proceedings, pp. 339-354, Summer 1988. (PDF here.)

Networking

A Clean-Slate Design for the Next-Generation Secure Internet, Steven M. Bellovin, David D. Clark, Adrian Perrig, and Dawn Song. March, 2005. This is the report of an NSF workshop held in July, 2004. (PDF here.)
A Look Back at "Security Problems in the TCP/IP Protocol Suite", invited paper, "classic papers" session, 20th Annual Computer Security Applications Conference, December 2004. (PDF here.)
Steven M. Bellovin, "Spamming, Phishing, Authentication, and Privacy", Communications of the ACM, Vol. 47, No. 12, December 2004, Inside Risks. (PDF here.)
Steven M. Bellovin, "A Technique for Counting NATted Hosts. Proc. Second Internet Measurement Workshop, November 2002. (PDF here.)
Steven M. Bellovin, "Packets Found on an Internet," in Computer Communications Review 23:3, pp. 26-31, July 1993. (PDF here.)
Steven M. Bellovin, "A Best-Case Network Performance Model," February 1992. (PDF here.)
Steven M. Bellovin, "Pseudo-Network Drivers and Virtual Networks," in USENIX Conference Proceedings, pp. 229-244, Winter 1990. (PDF here.)
Peter Honeyman and Steven M. Bellovin, "PATHALIAS or The Care and Feeding of Relative Addresses," in USENIX Conference Proceedings, pp. 126--141, Summer 1986. (PDF here.)

Cryptography

"Privacy-Enhanced Searches Using Encrypted Bloom Filters", Steven M. Bellovin and William R. Cheswick, Technical Report CUCS-034-07, September 2007.
Elli Androulaki, Mariana Raykova, Angelos Stavrou, and Steven M. Bellovin, OpenTor: Anonymity as a Commodity Service, Technical Report CUCS-031-07, September 2007.
Elli Androulaki, Seung Geol Choi, Steven M. Bellovin, and Tal Malkin, Reputation Systems for Anonymous Networks, Technical Report CUCS-029-07, September 2007.
"Deploying a New Hash Algorithm", Steven M. Bellovin and Eric K. Rescorla. September 2005. To be presented at the NIST Hash Function Workshop, October 2005. (A longer version of the paper, covering DNSSEC and design principles, will appear as a CU-CS technical report in mid-October.) (PDF here.)
"Just Fast Keying: Key Agreement In A Hostile Internet", William Aiello, Steven M. Bellovin, Matt Blaze, Ran Canetti, John Ioannidis, Angelos D. Keromytis, and Omer Reingold. In ACM Transactions on Information and System Security (TISSEC), vol. 7, no. 2, pp. 1 - 32, May 2004. (Extended version of the CCS 2002 paper.)
"Efficient, DoS-Resistant, Secure Key Exchange for Internet Protocols", William Aiello, Steven M. Bellovin, Matt Blaze, Ran Canetti, John Ioannidis, Angelos D. Keromytis, and Omer Reingold. Proceedings of the ACM Computer and Communications Security (CCS) Conference. November 2002, Washington, DC. (PDF here.)
S. Bellovin and M. Blaze, "Cryptographic Modes of Operation for the Internet", Second NIST Workshop on Modes of Operation, August 2001. (PDF here.)
D. Whiting, B. Schneier, and S. Bellovin. "AES Key Agility Issues in High-Speed IPsec Implementations". May, 2000. (PDF here.)
Steven M. Bellovin, "Cryptography and the Internet", in Proceedings of CRYPTO '98, August 1998. (PDF here.)
Steven M. Bellovin, "Probable Plaintext Cryptanalysis of the IP Security Protocols," in Proceedings of the Symposium on Network and Distributed System Security, San Diego, CA, pp. 155-160, February 1997. (PDF here.)
Uri Blumenthal and Steven M. Bellovin, "A Better Key Schedule for DES-like Ciphers," in Proceedings of PRAGOCRYPT '96, Prague, September 1996. (PDF here.)
Steven M. Bellovin, "Problem Areas for the IP Security Protocols," in Proceedings of the Sixth Usenix Unix Security Symposium, pp. 1-16, San Jose, CA, July 1996. (PDF here.)
David A. Wagner and Steven M. Bellovin, "A "Bump in the Stack" Encryptor for MS-DOS Systems," in Proceedings of the Symposium on Network and Distributed System Security, San Diego, CA, pp. 155-160, February 1996. (PDF here.)
Matt Blaze and Steven M. Bellovin, "Session-Layer Encryption," in Proceedings of the Fifth Usenix UNIX Security Symposium, Salt Lake City, UT, June, 1995. (PDF here.)
David A. Wagner and Steven M. Bellovin, "A Programmable Plaintext Recognizer," 1994. (PDF here.)
Steven M. Bellovin and Michael Merritt, "An Attack on the Interlock Protocol When Used for Authentication," in IEEE Transactions on Information Theory 40:1, pp. 273-275, January 1994. (PDF here.)
Steven M. Bellovin and Michael Merritt, "Augmented Encrypted Key Exchange," in Proceedings of the First ACM Conference on Computer and Communications Security , pp. 244-250, November 1993. (PDF here.)
Steven M. Bellovin and Michael Merritt, "Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks," in Proc. IEEE Computer Society Symposium on Research in Security and Privacy , pp. 72--84, May 1992. (PDF here.)
Steven M. Bellovin and Michael Merritt, "Limitations of the Kerberos Authentication System," in USENIX Conference Proceedings, pp. 253--267, Winter 1991. (PDF here.)
Steven M. Bellovin and Michael Merritt, "Limitations of the Kerberos Authentication System", in Computer Communication Review, pp. 119--132, October 1990.

Public Policy

Risking Communications Security: Potential Hazards of the "Protect America Act", Steven M. Bellovin, Matt Blaze, Whitfield Diffie, Susan Landau, Peter G. Neumann, and Jennifer Rexford. IEEE Security and Privacy, Vol. 6, No. 1, January/February 2008, pp. 24-33, to appear.
Steven M. Bellovin, Matt Blaze, Whitfield Diffie, Susan Landau, Peter G. Neumann, and Jennifer Rexford, Internal Surveillance, External Risks, Communications of the ACM, Vol. 50, No. 12, December 2007, Inside Risks.
Security Implications of Applying the Communications Assistance to Law Enforcement Act to Voice over IP, Steven Bellovin, Matt Blaze, Ernest Brickell, Clinton Brooks, Vinton Cerf, Whitfield Diffie, Susan Landau, Jon Peterson, and John Treichler, June 2006.
Statewide Databases of Registered Voters: Study Of Accuracy, Privacy, Usability, Security, and Reliability Issues, Paula Hawthorn, Barbara Simons, Chris Clifton, David Wagner, Steven M. Bellovin, Rebecca Wright, Arnold Rosenthal, Ralph Poore, Lillie Coney, Robert Gellman, Harry Hochheiser. Commissioned by the U.S. Public Policy Committee of the Association for Computing Machinery, February 2006.
Steven M. Bellovin, Matt Blaze, and Susan Landau, The Real National-Security Needs for VoIP, Communications of the ACM, Vol. 48, No. 11, November 2005, Inside Risks.
Cybersecurity Research Needs, statement by Steven M. Bellovin before the House Select Committee on Homeland Security, Subcommittee on Cybersecurity, Science, Research, & Development, hearing on "Cybersecurity--Getting it Right", July 22, 2003. (PDF here.)
Here's a transcript of the hearing.
John L. Hennessy, David A. Patterson, and Herbert S. Lin, Ed. Information Technology for Counterterrorism: Immediate Actions and Future Possibilities. National Academies Press, 2003.
Committee on Science and Technology for Countering Terrorism, National Research Council. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. National Academies Press, 2002.
Stephen T. Kent and Lynette Millett, ed. IDs -- Not That Easy: Questions About Nationwide Identity Systems. National Academies Press, 2002.
Steven M. Bellovin, Matt Blaze, David Farber, Peter Neumann, and Gene Spafford, Comments on the Carnivore System Technical Review Draft, 4 December 2000.
Steven M. Bellovin, "Wiretapping the Net", The Bridge, Summer 2000, vol. 20, no. 2, pp. 21-26, National Academy of Engineering. (PDF here.)
Matt Blaze and Steven M. Bellovin, "Tapping on my Network Door", Communications of the ACM, Vol. 43, No. 10, October 2000, Inside Risks.
S. Bellovin and M. Blaze. Open Internet Wiretapping. Written testimony for a hearing on "Fourth Amendment Issues Raised by the FBI's 'Carnivore' Program" by the Subcommittee on the Constitution, House Judiciary Committee, 24 July 2000.
F. Schneider, S. Bellovin, and A. Inouye, "Building Trustworthy Systems", IEEE Internet Computing, November/December 1999, Vol. 3, No. 6, pp. 64-72.
Fred Schneider, Steven M. Bellovin, and Alan Inouye, "Critical Infrastructures You Can Trust: Where Telecommunications Fits", Telecommunications Policy Research Conference, October 1998. (PDF here; rtf here.)
Yakov Rekhter, Paul Resnick, and Steven M. Bellovin, "Financial Incentives for Route Aggregation and Efficient Address Utilization in the Internet," in Proceedings of Telecommunications Policy Research Conference, Solomons, MD..Also in Brian Kahin and James H. Keller, eds., Coordinating the Internet, MIT Press, 1997
Hal Abelson, Ross Anderson, Steven M. Bellovin, et al., "The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption," May 1997.

IETF RFCs and Internet Drafts

S. Bellovin. Key Change Strategies for TCP-MD5, March 2007.
S. Bellovin and A. Zinin, RFC 4278, Standards Maturity Variance Regarding the TCP MD5 Signature Option (RFC 2385) and the BGP-4 Specification, January 2006.
S. Bellovin and R. Housley, RFC 4107, Guidelines for Cryptographic Key Management, June 2005.
S. Bellovin, J. Schiller, and C. Kaufman, RFC 3631, Security Mechanisms for the Internet, December 2003.
S. Bellovin, J. Ioannidis, A. Keromytis, R. Stewart, RFC 3554, On the Use of Stream Control Transmission Protocol (SCTP) with IPsec. July 2003.
S.M. Bellovin, RFC 3514, The Security Flag in the IPv4 Header. April 1, 2003. (This RFC generated a lot of reaction.)
S.M. Bellovin, Access Control Prefix Router Advertisement Option for IPv6. February, 2003. (-00 is here.)
S.M. Bellovin, Guidelines for Mandating the Use of IPsec. September, 2005. Work in progress -- do not mirror or archive.
W. Aiello, S.M. Bellovin, M. Blaze, R. Canetti, J. Ioannidis, A.D. Keromytis, and O. Reingold. Just Fast Keying (JFK). March 2002. Work in progress -- do not mirror or archive.
S.M. Bellovin and R. Bush, Security Through Obscurity Considered Dangerous. February 2002. Work in progress -- do not mirror or archive.
S.M. Bellovin, A "Reason" Field for ICMP "Administratively Prohibited" Messages. February 2002. Work in progress -- do not mirror or archive.
S.M. Bellovin, "Using Bloom Filters for Authenticated Yes/No Answers in the DNS". December 2001. Work in progress -- do not mirror or archive.
S. Bellovin, M. Leech, and T. Taylor "The ICMP Traceback Message". October, 2001. Work in progress -- do not mirror or archive.
S. Bellovin and R. Moskowitz "Client Certificate and Key Retrieval for IKE". Work in progress -- do not mirror or archive.
S. Bellovin, A. Buchsbaum, and S. Muthukrishnan, "TCP Compression Filter". Work in progress -- do not mirror or archive.
S. Bellovin, A. Buchsbaum, and S. Muthukrishnan, "TCP Filters". Work in progress -- do not mirror or archive.
H. Lu, M. Krishnaswamy, L. Conroy, S. Bellovin, F. Burg, A. DeSimone, K. Tewani, P. Davidson, H. Schulzrinne, K. Vishwanathan, RFC 2458, Toward the PSTN/Internet Inter-Networking--Pre-PINT Implementations, November 1998.
S. Bellovin, ed., RFC 2316, Report of the IAB Security Architecture Workshop, April 1998.
Steven M. Bellovin, RFC 1948, "Defending Against Sequence Number Attacks", May 1996.
Steven M. Bellovin, RFC 1681, "On Many Addresses per Host", August 1994. (Also in IPng: Internet Protocol Next Generation, S. Bradner and A. Mankin, eds., Addison-Wesley, 1996.)
Steven M. Bellovin, RFC 1675, "Security Concerns for IPng," August 1994. (Also in IPng: Internet Protocol Next Generation, S. Bradner and A. Mankin, eds., Addison-Wesley, 1996.)
Steven M. Bellovin, RFC 1579 , "Firewall-Friendly FTP," February 1994.

IEEE Security and Privacy Columns

Security by Checklist, IEEE Security and Privacy 6:2, March-April 2008.
Seers and Craftspeople, IEEE Security and Privacy 5:5, September-October 2007.
DRM, Complexity, and Correctness, IEEE Security and Privacy 5:1, January-February 2007.
On the Brittleness of Software and the Infeasibility of Security Metrics, IEEE Security and Privacy 4:4, July-August 2006.
Unconventional Wisdom, IEEE Security and Privacy 4:1, January-February 2006.
Security and Privacy: Enemies or Allies?, IEEE Security and Privacy 3:3, May-June 2005.

Dissertation

"Verifiably Correct Code Generation Using Predicate Transformers", Department of Computer Science, University of North Carolina, December 1982.

smb home

Updated 03 Jun 08