security.bib

@inproceedings{zimmeck.bellovin:privee,
  abstract = {Privacy policies on websites are based on the
		  notice-and-choice principle. They notify Web users of their
		  privacy choices. However, many users do not read privacy
		  policies or have difficulties understanding them. In order
		  to increase privacy transparency we propose Privee---a
		  software architecture for analyzing essential policy terms
		  based on crowdsourcing and automatic classification
		  techniques. We implement Privee in a proof of concept
		  browser extension that retrieves policy analysis results
		  from an online privacy policy repository or, if no such
		  results are available, performs automatic classifications.
		  While our classifiers achieve an overall F-1 score of 90%,
		  our experimental results suggest that classifier
		  performance is inherently limited as it correlates to the
		  same variable to which human interpretations
		  correlate---the ambiguity of natural language. This finding
		  might be interpreted to call the notice-and-choice
		  principle into question altogether. However, as our results
		  further suggest that policy ambiguity decreases over time,
		  we believe that the principle is workable. Consequently, we
		  see Privee as a promising avenue for facilitating the
		  notice-and-choice principle by accurately notifying Web
		  users of privacy practices and increasing privacy
		  transparency on the Web. },
  address = {San Diego, CA},
  author = {Sebastian Zimmeck and Steven M. Bellovin},
  booktitle = {23rd USENIX Security Symposium (USENIX Security 14)},
  date = {2014-08},
  date-added = {2014-08-20 16:38:28 +0000},
  date-modified = {2014-08-20 20:43:26 +0000},
  isbn = {978-1-931971-15-7},
  month = aug,
  pages = {1--16},
  publisher = {USENIX Association},
  title = {Privee: An Architecture for Automatically Analyzing Web
		  Privacy Policies},
  url = {https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/zimmeck},
  year = {2014},
  bdsk-url-1 = {http://blogs.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/zimmeck}
}
@inproceedings{zhao.bellovin:high,
  abstract = {Doing route selection based in part on source addresses is
		  a form of policy routing, which has started to receive
		  increased amounts of attention. In this paper, we extend
		  our previous work on ROFL (ROuting as the Firewall Layer)
		  to achieve source prefix filtering. This permits easy
		  definition of ``inside'' and ``outside'', even in MANET
		  environment where there is no topological boundary. We
		  present algorithms for route propagation and packet
		  forwarding using ROFL; we measure its performance in a
		  simulated environment with two different ad hoc routing
		  protocols. Simulation results demonstrate that ROFL can
		  significantly reduce unwanted packets without extra control
		  traffic incurred, and thus improves overall system
		  performance and preserves battery power of mobile nodes.
		  ROFL is the first scheme to provide a concrete defense
		  against some battery exhaustion attacks in MANETs.
		  Moreover, it requires only minor changes to existing ad hoc
		  network routing protocols, making it practical and feasible
		  to be deployed in real world.},
  author = {Hang Zhao and Steven M. Bellovin},
  booktitle = {International Conference on Mobile Ad-hoc and Sensor
		  Networks},
  month = {December},
  pages = {154--160},
  title = {High Performance Firewalls in {MANETs}},
  url = {https://www.cs.columbia.edu/~smb/papers/rofl-perf-msn10.pdf},
  xaddress = {Los Alamitos, CA, USA},
  xdoi = {http://doi.ieeecomputersociety.org/10.1109/MSN.2010.30},
  xisbn = {978-0-7695-4315-4},
  xpublisher = {IEEE Computer Society},
  year = {2010},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/rofl-perf-msn10.pdf},
  bdsk-url-2 = {http://doi.ieeecomputersociety.org/10.1109/MSN.2010.30}
}
@article{landwehr.boneh.ea:privacy,
  author = {Carl Landwehr and Dan Boneh and John Mitchell and Steven
		  M. Bellovin and Susan Landau and Mike Lesk},
  date-modified = {2012-12-18 16:25:20 +0000},
  doi = {10.1109/JPROC.2012.2189794},
  journal = {Proceedings of the {IEEE}},
  number = {99},
  pages = {1--15},
  title = {Privacy and Cybersecurity: The Next 100 Years},
  url = {http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6182691},
  volume = {PP},
  year = {2012},
  bdsk-url-1 = {http://dx.doi.org/10.1109/JPROC.2012.2189794},
  bdsk-url-2 = {http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6182691}
}
@article{bellovin.cheswick:network,
  author = {Bellovin, S.M. and Cheswick, W.R.},
  date-added = {2014-03-17 17:58:10 +0000},
  date-modified = {2014-03-17 17:59:21 +0000},
  doi = {10.1109/35.312843},
  issn = {0163-6804},
  journal = {IEEE Communications Magazine},
  keyword = {Unix;computer networks;internetworking;network
		  servers;protocols;security of data;Internet;TCP/IP
		  protocol;UNIX operating system;UNIX programs;UNIX
		  systems;application gateways;circuit gateways;computer
		  network firewalls;computer security;network
		  gateways;networked computer;packet filtering;Application
		  software;Circuits;Computer networks;Computer
		  security;Information filtering;Information
		  filters;Internet;Operating systems;Protocols;TCPIP},
  month = {Sept},
  number = {9},
  pages = {50-57},
  title = {Network firewalls},
  volume = {32},
  year = {1994},
  bdsk-url-1 = {http://dx.doi.org/10.1109/35.312843}
}
@misc{bellovin.cohen.ea:results,
  author = {Steven M. Bellovin and C. Cohen and J. Havrilla and S.
		  Herman and B. King and J. Lanza and L. Pesante and R.
		  Pethia and S. McAllister and G. Henault and R.~T. Goodden
		  and A. P. Peterson and S. Finnegan and K. Katano and R.~M.
		  Smith and R.~A. Lowenthal},
  month = {December},
  title = {Results of the ``{Security} in {ActiveX} {Workshop}''},
  url = {http://www.cert.org/reports/activeX_report.pdf},
  year = {2000},
  bdsk-url-1 = {http://www.cert.org/reports/activeX_report.pdf}
}
@inproceedings{bellovin:towards,
  author = {Steven M. Bellovin},
  booktitle = {Commercial {IPSO} Workshop, {INTEROP} '89},
  title = {Towards a Commercial {IP} Security Option},
  year = {1989}
}
@article{bellovin.bush:configuration,
  author = {Steven M. Bellovin and Randy Bush},
  journal = {{IEEE} Journal on Selected Areas in Communications},
  month = {April},
  number = {3},
  pages = {268--274},
  smb-major = {yes},
  title = {Configuration Management and Security},
  url = {https://www.cs.columbia.edu/~smb/papers/config-jsac.pdf},
  volume = {27},
  year = {2009},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/config-jsac.pdf}
}
@article{bellovin:distributed,
  author = {Steven M. Bellovin},
  htmurl = {https://www.cs.columbia.edu/~smb/papers/distfw.html},
  journal = {;login:},
  month = {November},
  pages = {39--47},
  psurl = {https://www.cs.columbia.edu/~smb/papers/distfw.ps},
  smb-major = {yes},
  title = {Distributed Firewalls},
  url = {https://www.cs.columbia.edu/~smb/papers/distfw.pdf},
  year = {1999},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/distfw.pdf}
}
@inproceedings{ioannidis.keromytis.ea:implementing,
  address = {Athens, Greece},
  author = {Sotiris Ioannidis and Angelos D. Keromytis and Steven M.
		  Bellovin and Jonathan M. Smith},
  booktitle = {{ACM} Conference on Computer and Communications Security},
  month = {November},
  smb-major = {yes},
  title = {Implementing a Distributed Firewall},
  url = {https://www.cs.columbia.edu/~smb/papers/ccs-df.pdf},
  year = {2000},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/ccs-df.pdf}
}
@inproceedings{bellovin:using*1,
  address = {Salt Lake City, UT},
  author = {Steven M. Bellovin},
  booktitle = {Proceedings of the Fifth Usenix Unix Security Symposium},
  month = {June},
  pages = {199--208},
  smb-major = {yes},
  title = {Using the Domain Name System for System Break-Ins},
  url = {https://www.cs.columbia.edu/~smb/papers/dnshack.pdf},
  year = {1995},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/dnshack.pdf}
}
@inproceedings{cheswick.bellovin:dns,
  address = {San Jose, CA},
  author = {Bill Cheswick and Steven M. Bellovin},
  booktitle = {Proceedings of the Sixth Usenix Unix Security Symposium},
  pages = {15--19},
  title = {A {DNS} Filter and Switch for Packet-filtering Gateways},
  url = {http://www.cheswick.com/ches/papers/dnsproxy.html},
  year = {1996},
  bdsk-url-1 = {http://www.cheswick.com/ches/papers/dnsproxy.html}
}
@inproceedings{bellovin:there,
  annote = {A discussion of attacks observed against our firewall.},
  author = {Steven M. Bellovin},
  booktitle = {Proceedings of the Third Usenix Unix Security Symposium},
  month = {September},
  pages = {1--16},
  title = {There Be Dragons},
  url = {https://www.cs.columbia.edu/~smb/papers/dragon.pdf},
  year = {1992},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/dragon.pdf}
}
@article{bellovin:computer,
  author = {Steven M. Bellovin},
  journal = {Communications of the {ACM}},
  month = {March},
  number = {3},
  title = {Computer Security---An End State?},
  url = {https://www.cs.columbia.edu/~smb/papers/acm-predict.pdf},
  volume = {44},
  year = {2001},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/acm-predict.pdf}
}
@inproceedings{johnson.egelman.ea:facebook,
  abstract = {We measure users' attitudes toward interpersonal privacy
		  concerns on Facebook and measure users' strategies for
		  reconciling their concerns with their desire to share
		  content online. To do this, we recruited 260 Facebook users
		  to install a Facebook application that surveyed their
		  privacy concerns, their friend network compositions, the
		  sensitivity of posted content, and their privacy-preserving
		  strategies. By asking participants targeted questions about
		  people randomly selected from their friend network and
		  posts shared on their profiles, we were able to quantify
		  the extent to which users trust their ``friends'' and the
		  likelihood that their content was being viewed by
		  unintended audiences. We found that while strangers are the
		  most concerning audience, almost 95\% of our participants
		  had taken steps to mitigate those concerns. At the same
		  time, we observed that 16.5\% of participants had at least
		  one post that they were uncomfortable sharing with a
		  specific friend---someone who likely already had the
		  ability to view it---and that 37\% raised more general
		  concerns with sharing their content with friends. We
		  conclude that the current privacy controls allow users to
		  effectively manage the outsider threat, but that they are
		  unsuitable for mitigating concerns over the insider
		  threat---members of the friend network who dynamically
		  become inappropriate audiences based on the context of a
		  post.},
  author = {Maritza Johnson and Serge Egelman and Steven M. Bellovin},
  booktitle = {Symposium On Usable Privacy and Security (SOUPS)},
  date-modified = {2012-05-18 19:20:51 +0000},
  month = {July},
  title = {Facebook and Privacy: It's Complicated},
  url = {https://www.cs.columbia.edu/~smb/papers/a9_Johnson.pdf},
  year = {2012},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/a9_Johnson.pdf}
}
@article{cheswick.bellovin:how,
  author = {William Cheswick and Steven M. Bellovin},
  journal = {Scientific American},
  month = {October},
  pages = {106-107},
  title = {How Computer Security Works: Firewalls},
  year = {1998}
}
@misc{johnson.bellovin:policy,
  author = {Maritza Johnson and Steven M. Bellovin},
  howpublished = {Usenix HealthSec},
  htmurl = {https://www.cs.columbia.edu/~smb/papers/johnson_healthSec.html},
  month = {August},
  note = {Position paper},
  title = {Policy Management for E-Health Records},
  url = {https://www.cs.columbia.edu/~smb/papers/johnson_healthSec.pdf},
  year = {2010},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/johnson_healthSec.pdf}
}
@inproceedings{bellovin:look,
  author = {Steven M. Bellovin},
  booktitle = {Annual Computer Security Applications Conference},
  month = {December},
  note = {Invited paper},
  title = {A Look Back at ``{Security} Problems in the {TCP/IP}
		  Protocol Suite''},
  url = {https://www.cs.columbia.edu/~smb/papers/acsac-ipext.pdf},
  year = {2004},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/acsac-ipext.pdf}
}
@article{bellovin:security*4,
  annote = {An early paper describing some security risks from the
		  then-standard protocols in TCP/IP. Not all of the attacks
		  have happened yet\ldots.},
  author = {Steven M. Bellovin},
  journal = {Computer Communication Review},
  month = {April},
  number = {2},
  pages = {32--48},
  smb-major = {yes},
  title = {Security Problems in the {TCP/IP} Protocol Suite},
  url = {https://www.cs.columbia.edu/~smb/papers/ipext.pdf},
  volume = {19},
  year = {1989},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/ipext.pdf}
}
@inproceedings{potter.bellovin.ea:two,
  author = {Shaya Potter and Steven M. Bellovin and Jason Nieh},
  booktitle = {LISA '09},
  month = {November},
  smb-major = {yes},
  title = {Two Person Control Administration: Preventing
		  Administration Faults through Duplication},
  url = {http://www.usenix.org/events/lisa09/tech/full_papers/potter.pdf},
  year = {2009},
  bdsk-url-1 = {http://www.usenix.org/events/lisa09/tech/full_papers/potter.pdf}
}
@inproceedings{johnson.bellovin.ea:laissez-faire,
  author = {Maritza Johnson and Steven M. Bellovin and Robert W.
		  Reeder and Stuart Schechter},
  booktitle = {New Security Paradigms Workshop},
  month = {September},
  smb-major = {yes},
  title = {Laissez-Faire File Sharing: Access Control Designed for
		  Individuals at the Endpoints},
  url = {https://www.cs.columbia.edu/~smb/papers/nspw-use.pdf},
  year = {2009},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/nspw-use.pdf}
}
@misc{bellovin.gansner:using,
  author = {Steven M. Bellovin and Emden R. Gansner},
  note = {Draft},
  psurl = {https://www.cs.columbia.edu/~smb/papers/reroute.ps},
  title = {Using Link Cuts to Attack {Internet} Routing},
  url = {https://www.cs.columbia.edu/~smb/papers/reroute.pdf},
  year = {2003},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/reroute.pdf}
}
@article{stolfo.bellovin.ea:measuring,
  author = {Sal Stolfo and Steven M. Bellovin and David Evans},
  date = {2011-05/2011-06},
  doi = {10.1109/MSP.2011.48},
  journal = {{IEEE} Security \& Privacy},
  month = {May--June},
  number = {3},
  pages = {88},
  title = {Measuring Security},
  volume = {9},
  xxurl = {https://www.cs.columbia.edu/~smb/papers/},
  year = {2011},
  bdsk-url-1 = {http://dx.doi.org/10.1109/MSP.2011.48}
}
@inproceedings{denker.bellovin.ea:moat,
  author = {J.~S. Denker and S.~M. Bellovin and H. Daniel and N.~L.
		  Mintz and T. Killian and M.~A. Plotnick},
  booktitle = {Proceedings of LISA XIII},
  month = {November},
  title = {Moat: A Virtual Private Network Appliance and Services
		  Platform},
  url = {https://www.cs.columbia.edu/~smb/papers/moat.pdf},
  year = {1999},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/moat.pdf}
}
@inproceedings{bellovin:security*5,
  author = {Steven M. Bellovin},
  booktitle = {Proceedings of the North American Serials Interest Group},
  month = {June},
  title = {Security and Uses of the {Internet}},
  year = {1995}
}
@inproceedings{madejski.johnson.ea:study,
  abstract = {Access control policies are notoriously difficult to
		  configure correctly, even people who are professionally
		  trained system administrators experience difficulty with
		  the task. With the increasing popularity of online social
		  networks (OSN) users of all levels are sharing an
		  unprecedented amount of personal information on the
		  Internet. Most OSNs give users the ability to specify what
		  they share with whom, but the difficulty of the task raises
		  the question of whether users' privacy settings match their
		  sharing intentions. We present the results of a study that
		  measures sharing intentions to identify potential
		  violations in users' real Facebook privacy settings. Our
		  results indicate a serious mismatch between intentions and
		  reality: every one of the 65 participants in our study had
		  at least one confirmed sharing violation. In other words,
		  OSN users' are unable to correctly manage their privacy
		  settings. Furthermore, a majority of users cannot or will
		  not fix such errors.},
  author = {Michelle Madejski and Maritza Johnson and Steven M.
		  Bellovin},
  booktitle = {Proceedings of SESOC 2012},
  title = {A Study of Privacy Setting Errors in an Online Social
		  Network},
  url = {https://www.cs.columbia.edu/~smb/papers/fb-violations-sesoc.pdf},
  xnote = {An earlier version is available as Technical Report
		  CUCS-010-11.},
  year = {2012},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/fb-violations-sesoc.pdf}
}
@inproceedings{zhao.lobo.ea:algebra,
  author = {Hang Zhao and Jorge Lobo and Steven M. Bellovin},
  booktitle = {Proceeding of the 9th IEEE Workshop on Policies for
		  Distributed Systems and Networks},
  month = {June},
  title = {An Algebra for Integration and Analysis of {Ponder2}
		  Policies},
  url = {https://www.cs.columbia.edu/~smb/papers/ponder_short.pdf},
  year = {2008},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/ponder_short.pdf}
}
@inproceedings{yee.wagner.ea:prerendered,
  author = {Ka-Ping Yee and David Wagner and Marti Hearst and Steven
		  M. Bellovin},
  booktitle = {Usenix/ACCURATE Electronic Voting Technology Workshop},
  month = {August},
  note = {An earlier version appeared as Technical Report
		  UCB/EECS-2006-35},
  title = {Prerendered User Interfaces for Higher-Assurance
		  Electronic Voting},
  url = {https://www.cs.columbia.edu/~smb/papers/prui-evt06.pdf},
  year = {2006},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/prui-evt06.pdf}
}
@article{mahajan.bellovin.ea:controlling,
  author = {Ratul Mahajan and Steven M. Bellovin and Sally Floyd and
		  John Ioannidis and Vern Paxson and Scott Shenker},
  journal = {Computer Communication Review},
  month = {July},
  number = {3},
  pages = {62--73},
  smb-major = {yes},
  title = {Controlling High Bandwidth Aggregates in the Network},
  url = {https://www.cs.columbia.edu/~smb/papers/pushback-CCR.pdf},
  volume = {32},
  year = {2002},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/pushback-CCR.pdf}
}
@inproceedings{ioannidis.bellovin:implementing,
  author = {John Ioannidis and Steven M. Bellovin},
  booktitle = {Proc. Internet Society Symposium on Network and
		  Distributed System Security},
  psurl = {https://www.cs.columbia.edu/~smb/papers/pushback-impl.ps},
  smb-major = {yes},
  title = {Implementing Pushback: Router-Based Defense Against
		  {DD}o{S} Attacks},
  url = {https://www.cs.columbia.edu/~smb/papers/pushback-impl.pdf},
  year = {2002},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/pushback-impl.pdf}
}
@inproceedings{zhao.chau.ea:rofl,
  author = {Hang Zhao and Chi-Kin Chau and Steven M. Bellovin},
  booktitle = {New Security Paradigms Workshop},
  month = {September},
  note = {A version is available as Technical Report CUCS-026-08},
  smb-major = {yes},
  title = {{ROFL}: Routing as the Firewall Layer},
  url = {https://mice.cs.columbia.edu/getTechreport.php?techreportID=541},
  year = {2008},
  bdsk-url-1 = {https://mice.cs.columbia.edu/getTechreport.php?techreportID=541}
}
@inproceedings{zhao.lobo.ea:policy,
  address = {Dublin, Ireland},
  author = {Hang Zhao and Jorge Lobo and Arnab Roy and Steven M
		  Bellovin},
  booktitle = {The 12th IFIP/IEEE International Symposium on Integrated
		  Network Management (IM 2011)},
  days = {23},
  month = {May},
  title = {Policy Refinement of Network Services for {MANETs}},
  url = {https://www.cs.columbia.edu/~smb/papers/rofl-refine.pdf},
  year = {2011},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/rofl-refine.pdf}
}
@inproceedings{johnson.atreya.ea:rust*1,
  author = {Maritza Johnson and Chaitanya Atreya and Adam Aviv and
		  Mariana Raykova and Steven M. Bellovin and Gail Kaiser},
  booktitle = {Usenix Workshop on Usability, Psychology, and Security},
  month = {April},
  title = {{RUST}: A Retargetable Usability Testbed for Website
		  Authentication Technologies},
  url = {http://www.usenix.org/events/upsec08/tech/full_papers/johnson/johnson.pdf},
  year = {2008},
  bdsk-url-1 = {http://www.usenix.org/events/upsec08/tech/full_papers/johnson/johnson.pdf}
}
@inproceedings{bellovin:session,
  author = {Steven M. Bellovin},
  booktitle = {Proc. Usenix Conference},
  month = {Summer},
  title = {The ``Session Tty'' Manager},
  url = {https://www.cs.columbia.edu/~smb/papers/sessext.pdf},
  year = {1988},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/sessext.pdf}
}
@inproceedings{bellovin:position,
  author = {Steven M. Bellovin},
  booktitle = {{W3C/IAB} Workshop on Strengthening the {Internet} Against
		  Pervasive Monitoring {(STRINT)}},
  month = {March},
  title = {Position Paper: Security and Simplicity},
  url = {https://www.w3.org/2014/strint/papers/34.pdf},
  year = {2014},
  bdsk-url-1 = {https://www.w3.org/2014/strint/papers/34.pdf}
}
@inproceedings{ioannidis.bellovin.ea:sub-operating,
  author = {Sotiris Ioannidis and Steven M. Bellovin and Jonathan
		  Smith},
  booktitle = {SIGOPS European Workshop},
  month = {September},
  smb-major = {yes},
  title = {Sub-Operating Systems: A New Approach to Application
		  Security},
  url = {https://www.cs.columbia.edu/~smb/papers/subos.pdf},
  year = {2002},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/subos.pdf}
}
@inproceedings{ioannidis.bellovin:building,
  author = {Sotiris Ioannidis and Steven M. Bellovin},
  booktitle = {Usenix Conference},
  month = {June},
  smb-major = {yes},
  title = {Building a Secure Web Browser},
  url = {https://www.cs.columbia.edu/~smb/papers/sub-browser.pdf},
  year = {2001},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/sub-browser.pdf}
}
@incollection{gregory:why,
  author = {Peter Gregory},
  booktitle = {Solaris Security},
  note = {(Foreword)},
  otherauth = {Bellovin},
  publisher = {Prentice-Hall},
  title = {Why Systems Administration is Hard},
  url = {https://www.cs.columbia.edu/~smb/papers/sysadmin.html},
  year = {1999},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/sysadmin.html}
}
@inproceedings{gleitz.bellovin:transient,
  author = {Peter M. Gleitz and Steven M. Bellovin},
  booktitle = {Proceedings of the Eleventh Usenix Security Symposium,},
  month = {August},
  smb-major = {yes},
  title = {Transient Addressing for Related Processes: Improved
		  Firewalling by Using {IPv6} and Multiple Addresses per
		  Host},
  url = {https://www.cs.columbia.edu/~smb/papers/tarp.pdf},
  year = {2001},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/tarp.pdf}
}
@article{bellovin.keromytis.ea:worm,
  author = {Steven M. Bellovin and Angelos Keromytis and Bill
		  Cheswick},
  journal = {;login:},
  month = {February},
  pages = {70-76},
  title = {Worm Propagation Strategies in an {IPv6} {Internet}},
  url = {https://www.cs.columbia.edu/~smb/papers/v6worms.pdf},
  year = {2006},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/v6worms.pdf}
}
@article{bellovin:virtual,
  author = {Steven M. Bellovin},
  htmurl = {http://www.csl.sri.com/users/neumann/insiderisks06.html#196},
  journal = {Communications of the ACM},
  month = {October},
  note = {``Inside RISKS'' column},
  number = {10},
  pdfurl = {http://portal.acm.org/citation.cfm?id=1164414},
  title = {Virtual Machines, Virtual Security},
  volume = {49},
  year = {2006}
}
@inproceedings{ioannidis.bellovin.ea:design,
  address = {Linz, Austria},
  author = {Sotiris Ioannidis and Steven M. Bellovin and John
		  Ioannidis and Angelos D. Keromytis and Jonathan M. Smith},
  booktitle = {Proceedings of the {IEEE} International Workshops on
		  Enabling Technologies: Infrastructure for Collaborative
		  Enterprises {(WETICE)}, Workshop on Enterprise Security},
  month = {June},
  title = {Design and Implementation of Virtual Private Services},
  url = {https://www.cs.columbia.edu/~smb/papers/vps.pdf},
  year = {2003},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/vps.pdf}
}
@article{ioannidis.bellovin.ea:coordinated,
  author = {Sotiris Ioannidis and Steven M. Bellovin and John
		  Ioannidis and Angelos D. Keromytis and Kostas Anagnostakis
		  and Jonathan M. Smith},
  journal = {International Journal of Network Security},
  month = {January},
  number = {1},
  pages = {69--80},
  title = {Coordinated Policy Enforcement for Distributed
		  Applications},
  url = {https://www.cs.columbia.edu/~smb/papers/ijns-2007-v4-n1-p69-80.pdf},
  volume = {4},
  year = {2007},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/ijns-2007-v4-n1-p69-80.pdf}
}
@inproceedings{johnson.bellovin:security,
  abstract = {There are currently proposals for web access to devices.
		  The security threats are obvious. We propose design
		  principles intended to ensure that the user actually
		  controls access, despite potential errors in judgment,
		  tricky web pages, or flaws in browsers.},
  author = {Maritza Johnson and Steven M. Bellovin},
  booktitle = {Security for Access to Device APIs from the Web - W3C
		  Workshop},
  month = {December},
  title = {Security Assurance for Web Device {APIs}},
  url = {https://www.cs.columbia.edu/~smb/papers/webapi.pdf},
  year = {2008},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/webapi.pdf}
}
@inproceedings{cheng.raykova.ea:zodiac,
  author = {Yuu-Heng Cheng and Mariana Raykova and Alex Poylisher and
		  Scott Alexander and Martin Eiger and Steve M. Bellovin},
  booktitle = {{IEEE} Policy 2009},
  month = {July},
  note = {Longer version issued as CUCS-023-09},
  title = {The {Zodiac} Policy Subsystem: a Policy-Based Management
		  System for a High-Security {MANET}},
  year = {2009}
}
@inproceedings{vo.bellovin:anonymous,
  author = {Binh Vo and Steven Bellovin},
  title = {Anonymous Publish-Subscribe Systems},
  url = {https://www.cs.columbia.edu/~smb/papers/anon-pubsub.pdf},
  year = 2014,
  month = {September},
  booktitle = {SECURECOMM},
  address = {Beijing},
  abstract = { Publish-subscribe protocols offer a unique means of data
		  distribution, that has many applications for distributed
		  systems. These protocols enable message delivery based on
		  subscription rather than specific addressing; meaning a
		  message is addressed by a subject string rather than to a
		  specific recipient. Recipients may then subscribe to
		  subjects they are interested in receiving using a variety
		  of parameters, and receive these messages immediately
		  without having to poll for them. This format is a natural
		  match for anonymous delivery systems: systems that enable
		  users to send messages without revealing their identity.
		  These systems are an area of great interest, ranging from
		  messaging relays like Tor, to publication systems like
		  FreeHaven. However, existing systems do not allow delivery
		  based on topics, a mechanism which is a natural match for
		  anonymous communication since it is not addressed based on
		  identity. We concretely describe the properties of and
		  propose a system that allows publish-subscribe based
		  delivery, while protecting the identities of both the
		  publishers and subscribers from each other, from outside
		  parties, and from entities that handle the implementation
		  of the system. }
}