Talks

Enclosed below are slides from a few of my recent talks. Some are in Postscript®, in which case there is a PDF® version as well; others are HTML converted from Powerpoint® or OpenOffice. (Note: If you need a Postscript viewer, try Ghostscript.)

I've played a bit with Magicpoint, a free presentation tool for X11-based systems. In such cases, I've included the derived HTML, Postscript, and PDF.

Regular Talks

• Compression, Correction, Confidentiality, and Comprehension: A Modern Look at Commercial Telegraph Codes, 2009 Cryptologic History Symposium, Laurel, MD, October 2009.
• Compression, Correction, Confidentiality, and Comprehension: A Modern Look at Commercial Telegraph Codes, invited talk, 18th Usenix Security Symposium, Montreal, QC, August 2009. (Audio here; video here for Usenix members or conference attendees.)
• Future Trends in Security AusCERT 2009, May 2009, Gold Coast, Queensland, Australia.
• Good Security and Privacy Things, The Dark and the Light of the Internet, The Marconi Society, April 16, 2009. (Apple Keynote, Powerpoint).
• Security Assurance for Web Device APIs, Maritza Johnson and Steven M. Bellovin, Security for Access to Device APIs from the Web — W3C Workshop, December 2008, London, UK.
• Newspeak: A Paradigm for Architectural Security, ENISA-FORTH Summer School on Network & Information Security, Crete, Greece, September 2008.
• Newspeak: A Paradigm for Architectural Security, Cybersecurity Summit 2008 for NSF Large Research Facilities, Arlington, VA, May 2008.
• Issues in Routing Security, DIMACS Workshop on Secure Interdomain Routing, March 2008.
• Internet Privacy: Big Brother and Little Brother, NICT Symposium on Internet Security and Privacy, Tokyo, Japan, February 2008; First International Symposium on Global Information Governance, Pisa, Italy, March 2008.
• Configuration Management and Security, LISA Configuration Workshop, Dallas, TX, November 2007.
• The Future of Internet Security , European Conference on Computer Network Defense, October 2007, Heraklion, Greece.
• Routing Security Economics, DIMACS Workshop on Information Security Economics, 18-19 Jan 2007.
• Where to Now?, acceptance talk, 2007 National Computer Systems Security Award, Miami Beach, FL.
• Real Attacks and Threat Models, IETF 67, San Diego, CA, November 2006.
• On the Brittleness of Software and the Infeasibility of Security Metrics, First Workshop on Security Metrics (MetriCon 1.0), Vancouver, BC, August 2006.
• Routing Security, ARIN XVII, Montreal, April 2006. (PDF here.)
• Square Wheels and Round Tuits, Keynote address, Workshop on Research Directions for Security and Networking in Critical Real-Time and Embedded Systems, San Jose, 2006. (PDF here.)
• Encrypted Key Exchange, Stuyvesant High School, NY, February 2006. (PDF here.)
• Cryptography and the Internet: Where It Is, Where It Isn't, Where it Should Be --- and Why It Isn't There, Cognos Innovation Lecture, Carleton University, Ottawa, ON, Dec 1, 2005. (PDF here.)
• Deploying New Hash Functions, NIST Cryptographic Hash Workshop, Oct 31-Nov 1, 2005. (PDF here.)
• Application Security: Threats and Architecture, FDIC Designing an Information Security Program, September 2005.
• Application Security: Threats and Architecture, IETF 63, Paris, August 2005. (PDF here)
• Lessons from IPv6. Next-Generation Secure Internet workshop, July 2005. (OpenOffice, Powerpoint)
• IPv6 Threats to Communications, May 2005. (PDF here.)
• Steven M. Bellovin, John Ioannidis, and Randy Bush. Operational Requirements for Secured BGP. DHS Secure Routing Workshop, March 2005. (OpenOffice here; Powerpoint here.)
• Moving Application Security into the Network. End-to-End Meeting, January 2005. (PDF here.)
• TCP/IP Security Holes: A Look Back. Invited talk, "classic papers" session, 20th Annual Computer Security Applications Conference, December 2004. (PDF version here.)
• Security Challenges, TI Workshop on Dependability and Security, December 2004. (PDF here.)
• Measurement and Security, AT&T IP Security Day, November 2004. (PDF here.)
• Cryptography and the Internet: Where It Is, Where It Isn't, Where it Should Be --- and Why It Isn't There, DIMACS Workshop on Cryptography: Theory Meets Practice, October 2004. (PDF version here.)
• Privacy, Anonynmity, and Security on the Internet, Australian Unix Users' Group, Melbourne, AU, August 2004. (PDF here.)
• An Introduction to Cryptography, tutorial, Australian Unix Users' Group, Melbourne, AU, August 2004. (PDF here.)
• Permissive Action Links and the History of Public Key Cryptography, invited talk, Usenix Security Symposium, August 2004. (PDF here.) An MP3 of the talk itself is here (99.41 MB).
• Securing the Net: Where the Holes Are, INET 2004, Barcelona, May 2004. (PDF here, Powerpoint here.)
• CALEA and VoIP: The Internet is not the PSTN. Computers, Freedom, and Privacy, April 2004. (OpenOffice, Powerpoint)
• Internet Security: Then and Now, NANOG 30, Miami, FL, February 2004. (PDF here.)
• Protocol Problems and Architectural Issues, ICANN DNS Security and Stability Advisory Committee meeting on wildcard DNS records in TLDs, Washington, DC, October 2003. (OpenOffice, HTML, PDF, Postscript, Powerpoint.)
• Routing Security, British Columbia Institute of Technology, June 2003. (PDF here.)
• SBGP -- Secure BGP. (PDF here.)
  Where the Wild Things Are: BGP Threats. (PDF here.)
  NANOG 28, June 2003, Salt Lake City, UT.
• An Introduction to Modern Cryptography, Westfield High School Saturday Science Program, March 2003. (PDF here.)
• The State of Software Security, Information Security Law: Software Security and Vulnerability Reporting, Seton Hall University School of Law, November 2002. (PDF here.)
• A Technique for Counting NATted Hosts, Second Internet Measurement Workshop, Marseille, November 2002. (PDF here.)
• Realistic Security, Management of Technologies Symposium, Stevens Institute of Technology, 23 October 2002. (PDF here.)
• The IETF or Where do all those RFCs come from, anyway?, 13 June 2002, Usenix.
• Security and Software Engineering, 17 January 2002, MIT.
• ICANN and Internet Security, ICANN Open Meeting, 13 November 2001, Marina del Rey, CA.
• Telephone versus Internet Wiretaps: A Technical and Legal Perspective, NAE/CSTB Workshop on Critical Infrastructure Protection and the Law, 22-23 October 2001.
• Security and Software Engineering", Toolsmith Conference, University of North Carolina at Chapel Hill, 18 October 2001.
• "Internet Security in my Crystal Ball", End-to-End Research Group, June 2001. (PDF here.)
• "DDoS Attacks and Pushback", NANOG 21, February 2001. (PDF here.) (Note -- this talk is significantly different than the other talk of the same name.)
• "DDoS Attacks and Pushback", December 2000. (PDF here.)
• "Host versus Network Security", Center for Global Security Research (CGSR), Lawrence Livermore National Laboratory, University of California and Office of Engineering and Technology, Federal Communications Commission (FCC), Conference on Telecommunications Network Security and Reliability in the 21st Century, Washington, D.C., 31 October 2000.
• "Security and IPv6", IPv6 Summit, Washington, D.C., 19 October 2000.
• "Defense Strategies for DDoS Attacks", NISSC panel session, Baltimore, MD, 18 October 2000.
• "Preventing Denial of Service Attacks", NISSC panel session, Baltimore, MD, 18 October 2000.
• Key Agility Requirements for IPsec, August 2000, Works in Progress session, 9th Usenix Security Symposium, Denver, CO. (PDF here.)
  Note: this talk is based a long note posted to a few mailing lists; you can find a copy here.
• Extending Snoop to Handle IPSec Packets, August 2000, Works in Progress session, 9th Usenix Security Symposium, Denver, CO.
• Security: Present and Future, June 2000.
• Security Aspects of Napster and Gnutella, June 2000.
• Distributed Denial of Service Attacks, February 2000.
• Security for the Web, Seton Hall University, February 2000.
• Distributed Denial of Service Attacks, NANOG, San Jose, February 2000.
• Destroying the Net, RSA 2000, January 2000.
• Distributed Firewalls, August 1999, Works in Progress session, 8th Usenix Security Symposium, Washington, D.C. (PDF here.)
• Regulation, Cryptography, and Internet Security, July 1999, Multilateral Security in Communications, Stuttgart, Germany. (PDF here.)
• "Network Security", tutorial, IM '99, Boston MA, May 28, 1999.
• Authentication Architectures, February 1999.
• Transport-Friendly ESP, or, Layer Violations for Fun and Profit, NDSS '99, February 1999.
• Why Do We Need More Research?, NDSS '99, February 1999.
• Security, Cryptography, and Magic, RSA '99, January 1999.
• Computer Insecurity, 20 October 1998.
• Network and Internet Security, September 1998. (Powerpoint here)
• Cryptography and the Internet, CRYPTO '98, August 1998. (PDF here.)
• Trends in Internet Security, September 1997.
• Key Recovery, September 1997.
• Network Layer Security -- Structure and Challenges, DIMACS, October 1997.
• Trust Problems, NISSC panel session, Baltimore, MD, October 1997.
• Security for the NGI, December 1997.
• Where the Wild Things Are, NISSC panel session, Baltimore, MD, October 1996. (PDF here.)
• Java -- Threat or Menace, NISSC panel session, Baltimore, MD, October 1996. (PDF here.)
• IAB/IESG Statement on Cryptography, October 1996. (PDF here.)
• Is Encryption Unbreakable?, NISSC panel session, Baltimore, MD, October 1996. (PDF here.)
• WWW Problems, NISSC panel session, Baltimore, MD, October 1996. (PDF here.)
• Java Security Model, April 1996. (PDF here.)
• Shifting the Odds -- Writing More Secure Software, December 1994. (PDF here.)
• An Introduction to Escrowed Encryption Systems, Boston Usenix, June 1994. (PDF here.)
• Firewalls are Necessary, Oakland Symposium on Research in Security and Privacy, May 1994. (PDF here.)