Columbia University Network Security Lab
 

Links to the papers will be posted soon.

Journal Publications

  1. "SOS: An Architecture for Mitigating DDoS Attacks"
    Angelos D. Keromytis, Vishal Misra, and Dan Rubenstein. To appear in the IEEE Journal on Selected Areas in Communications (JSAC), special issue on Service Overlay Networks.
  2. "A Secure PLAN"
    Michael Hicks, Angelos D. Keromytis, and Jonathan M. Smith. To appear in the IEEE Transactions on Systems, Man, and Cybernetics (T-SMC), special issue on technologies promoting computational intelligence, openness and programmability in networks and Internet services, August/September 2003.
  3. "Drop-in Security for Distributed and Portable Computing Elements"
    Vassilis Prevelakis and Angelos D. Keromytis. In MCB Press Emerald Journal of Internet Research: Electronic Networking, Applications and Policy, vol. 13, no. 2, pp. 107 - 115, 2003.
  4. "Secure Overlay Services"
    Angelos D. Keromytis, Vishal Misra, and Dan Rubenstein. In ACM Computer Communications Review, vol. 32, no. 4, pp. 61 - 72, October 2002. Also published in the Proceedings of the ACM SIGCOMM Conference, August 2002.
  5. "Trust Management for IPsec"
    Matt Blaze, John Ioannidis, and Angelos D. Keromytis. In ACM Transactions on Information and System Security (TISSEC), vol. 5, no. 2, pp. 1 - 24, May 2002. This is a revised version of the paper that appeared in the NDSS 2001 proceedings.
  6. "The Price of Safety in an Active Network"
    D. Scott Alexander, Paul B. Menage, Angelos D. Keromytis, William A. Arbaugh, Kostas G. Anagnostakis, and Jonathan M. Smith. In Journal of Communications and Networks (JCN), special issue on programmable switches and routers, vol. 3, no. 1, pp. 4 - 18, March 2001. Older versions are available as University of Pennsylvania Technical Report MS-CIS-99-04 and University of Pennsylvania Technical Report MS-CIS-98-02.

Conference Proceedings

  1. " A Pay-per-Use DoS Protection Mechanism For The Web"
    Angelos Stavrou, John Ioannidis, Angelos D. Keromytis, Vishal Misra, and Dan Rubenstein.
    In Proceedings of the Applied Cryptography and Network Security (ACNS) Conference. June 2004, Yellow Mountain, China. LNCS Volume 3089/2004, pp. 120-134, ISBN: 3-540-22217-0
  2. "Countering Code-Injection Attacks With Instruction-Set Randomization"
    Gaurav S. Kc, Angelos D. Keromytis, and Vassilis Prevelakis. To appear in the Proceedings of the 10th ACM International Conference on Computer and Communications Security (CCS). October 2003, Washington, DC.
  3. "Using Graphic Turing Tests to Counter Automated DDoS Attacks Against Web Servers"
    William G. Morein, Angelos Stavrou, Debra L. Cook, Angelos D. Keromytis, Vishal Misra, and Dan Rubenstein. To appear in the Proceedings of the 10th ACM International Conference on Computer and Communications Security (CCS). October 2003, Washington, DC.
  4. "EasyVPN: IPsec Remote Access Made Easy"
    Mark C. Benvenuto and Angelos D. Keromytis. To appear in the Proceedings of the 17th USENIX Systems Administration Conference (LISA). October 2003, San Diego, CA.
  5. "A Cooperative Immunization System for an Untrusting Internet"
    Kostas Anagnostakis, Michael B. Greenwald, Sotiris Ioannidis, Angelos D. Keromytis, and Dekai Li. To appear in the Proceedings of the 11th IEEE International Conference on Networks (ICON). September/October 2003, Sydney, Australia.
  6. "Accelerating Application-Level Security Protocols"
    Matthew Burnside and Angelos D. Keromytis. To appear in the Proceedings of the 11th IEEE International Conference on Networks (ICON). September/October 2003, Sydney, Australia.
  7. "Accelerating Application-Level Security Protocols"
    Matthew Burnside and Angelos D. Keromytis. To appear in the Proceedings of the 11th IEEE International Conference on Networks (ICON). September/October 2003, Sydney, Australia.
  8. "WebSOS: Protecting Web Servers From DDoS Attacks"
    Debra L. Cook, William G. Morein, Angelos D. Keromytis, Vishal Misra, and Daniel Rubenstein. To appear in the Proceedings of the 11th IEEE International Conference on Networks (ICON). September/October 2003, Sydney, Australia.
  9. "TAPI: Transactions for Accessing Public Infrastructure"
    Matt Blaze, John Ioannidis, Sotiris Ioannidis, Angelos D. Keromytis, Pekka Nikander, and Vassilis Prevelakis. To appear in the Proceedings of the 8th IFIP Personal Wireless Communications (PWC) Conference. September 2003, Venice, Italy.
  10. "Tagging Data In The Network Stack: mbuf_tags"
    Angelos D. Keromytis. To appear in the Proceedings of the USENIX BSD Conference (BSDCon). September 2003, San Mateo, CA.
  11. "The Design of the OpenBSD Cryptographic Framework"
    Angelos D. Keromytis, Jason L. Wright, and Theo de Raadt. In Proceedings of the USENIX Annual Technical Conference, pp. 181 - 196. June 2003, San Antonio, TX.
  12. "Secure and Flexible Global File Sharing"
    Stefan Miltchev, Vassilis Prevelakis, Sotiris Ioannidis, John Ioannidis, Angelos D. Keromytis, and Jonathan M. Smith. In Proceedings of the USENIX Annual Technical Conference, Freenix Track, pp. 165 - 178. June 2003, San Antonio, TX.
  13. "Experience with the KeyNote Trust Management System: Applications and Future Directions"
    Matt Blaze, John Ioannidis, and Angelos D. Keromytis. In Proceedings of the 1st International Conference on Trust Management, pp. 284 - 300. May 2003, Heraclion, Greece.
  14. "The STRONGMAN Architecture"
    Angelos D. Keromytis, Sotiris Ioannidis, Michael B. Greenwald, and Jonathan M. Smith. In Proceedings of the 3rd DARPA Information Survivability Conference and Exposition (DISCEX III), pp. 178 - 188. April 2003, Washington, DC.
  15. "Efficient, DoS-Resistant, Secure Key Exchange for Internet Protocols"
    William Aiello, Steven M. Bellovin, Matt Blaze, Ran Canetti, John Ioannidis, Angelos D. Keromytis, and Omer Reingold. In Proceedings of the 9th ACM International Conference on Computer and Communications Security (CCS), pp. 48 - 58. November 2002, Washington, DC.
  16. "Secure Overlay Services"
    Angelos D. Keromytis, Vishal Misra, and Dan Rubenstein. In Proceedings of the ACM SIGCOMM Conference, pp. 61 - 72. August 2002, Pittsburgh, PA.
  17. "Using Overlays to Improve Network Security"
    Angelos D. Keromytis, Vishal Misra, and Dan Rubenstein. In Proceedings of the ITCom Conference, special track on Scalability and Traffic Control in IP Networks, pp. 245 - 254. July/August 2002, Boston, MA.
  18. "Designing an Embedded Firewall/VPN Gatweway"
    Vassilis Prevelakis and Angelos D. Keromytis. In Proceedings of the International Network Conference (INC), pp. 313 - 322. July 2002, Plymouth, England (Best Paper Award). A previous version of this paper is available as University of Pennsylvania Technical Report MS-CIS-00-21, October 2000.
  19. "A Study of the Relative Costs of Network Security Protocols"
    Stefan Miltchev, Sotiris Ioannidis, and Angelos D. Keromytis. In Proceedings of the USENIX Annual Technical Conference, Freenix Track, pp. 41 - 48. June 2002, Monterey, CA.
  20. "Fileteller: Paying and Getting Paid for File Storage"
    John Ioannidis, Sotiris Ioannidis, Angelos D. Keromytis, and Vassilis Prevelakis. In Proceedings of the Financial Cryptography (FC) Conference, pp. 282 - 299. March 2002, Bermuda.
  21. "Offline Micropayments without Trusted Hardware"
    Matt Blaze, John Ioannidis, and Angelos D. Keromytis. In Proceedings of the Financial Cryptography (FC) Conference, pp. 21 - 40. February 2001, Cayman Islands.
  22. "Trust Management for IPsec"
    Matt Blaze, John Ioannidis, and Angelos D. Keromytis. In Proceedings of the Internet Society Symposium on Network and Distributed Systems Security (SNDSS) , pp. 139 - 151. February 2001, San Diego, CA.
  23. "Implementing a Distributed Firewall"
    Sotiris Ioannidis, Angelos D. Keromytis, Steven M. Bellovin, and Jonathan M. Smith. In Proceedings of the 7th ACM International Conference on Computer and Communications Security (CCS), pp. 190 - 199. November 2000, Athens, Greece.
  24. "Implementing Internet Key Exchange (IKE)"
    Niklas Hallqvist and Angelos D. Keromytis. In Proceedings of the USENIX Annual Technical Conference, Freenix Track, pp. 201 - 214. June 2000, San Diego, CA.
  25. "Transparent Network Security Policy Enforcement"
    Angelos D. Keromytis and Jason Wright. In Proceedings of the USENIX Annual Technical Conference, Freenix Track, pp. 215 - 226. June 2000, San Diego, CA.

Workshops

  1. "A Holistic Approach to Service Survivability"
    Angelos D. Keromytis, Janak Parekh, Philip N. Gross, Gail Kaiser, Vishal Misra, Jason Nieh, Dan Rubenstein, and Sal Stolfo. To appear in the Proceedings of the ACM Workshop on Survivable and Self-Regenerative Systems (SRS), held in conjunction with the 10th ACM International Conference on Computer and Communications Security (CCS). October 2003, Fairfax, VA.
  2. "High-Speed I/O: The Operating System As A Signalling Mechanism"
    Matthew Burnside and Angelos D. Keromytis. To appear in the Proceedings of the ACM SIGCOMM Workshop on Network-I/O Convergence: Experience, Lessons, Implications (NICELI), held in conjunction with the ACM SIGCOMM Conference. August 2003, Karlsruhe, Germany.
  3. "A Network Worm Vaccine Architecture"
    Stelios Sidiroglou and Angelos D. Keromytis. In Proceedings of the IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE), Workshop on Enterprise Security. June 2003, Linz, Austria.
  4. "Design and Implementation of Virtual Private Services"
    Sotiris Ioannidis, Steven M. Bellovin, John Ioannidis, Angelos D. Keromytis, and Jonathan M. Smith. In Proceedings of the IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE), Workshop on Enterprise Security, Special Session on Trust Management in Collaborative Global Computing. June 2003, Linz, Austria.
  5. "WebDAVA: An Administrator-Free Approach To Web File-Sharing"
    Alexander Levine, Vassilis Prevelakis, John Ioannidis, Sotiris Ioannidis, and Angelos D. Keromytis. In Proceedings of the IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE), Workshop on Distributed and Mobile Collaboration. June 2003, Linz, Austria.
  6. "Protocols for Anonymity in Wireless Networks"
    Matt Blaze, John Ioannidis, Angelos D. Keromytis, Tal Malkin, and Avi Rubin. In Proceedings of the 11th International Workshop on Security Protocols. April 2003, Cambridge, England.
  7. "xPF: Packet Filtering for Low-Cost Network Monitoring"
    Sotiris Ioannidis, Kostas G. Anagnostakis, John Ioannidis, and Angelos D. Keromytis. In Proceedings of the Workshop on High Performance Switching and Routing (HPSR), pp. 121 - 126. May 2002, Kobe, Japan.
  8. "Toward Understanding the Limits of DDoS Defenses"
    Matt Blaze, John Ioannidis, and Angelos D. Keromytis. In Proceedings of the 10th International Workshop on Security Protocols, Springer-Verlag Lecture Notes in Computer Science, vol. 2467. April 2002, Cambridge, England.
  9. "Toward A Unified View of Intrusion Detection and Security Policy"
    Matt Blaze, Angelos D. Keromytis, and Sal Stolfo. In Proceedings of the 10th International Workshop on Security Protocols, Springer-Verlag Lecture Notes in Computer Science, vol. 2467. April 2002, Cambridge, England.
  10. "Efficient, DoS-resistant, Secure Key Exchange for Internet Protocols"
    William Aiello, Steven M. Bellovin, Matt Blaze, Ran Canetti, John Ioannidis, Angelos D. Keromytis, and Omer Reingold. In Proceedings of the 9th International Workshop on Security Protocols, Springer-Verlag Lecture Notes in Computer Science, vol. 2133, pp. 40 - 48. April 2001, Cambridge, England.
  11. "Scalable Resource Control in Active Networks"
    Kostas G. Anagnostakis, Michael W. Hicks, Sotiris Ioannidis, Angelos D. Keromytis, and Jonathan M. Smith. In Proceedings of the 2nd International Workshop for Active Networks (IWAN), pp. 343 - 357. October 2000, Tokyo, Japan.
  12. "A Secure Plan"
    Michael Hicks and Angelos D. Keromytis. In Proceedings of the 1st International Workshop for Active Networks (IWAN), pp. 307 - 314. June - July 1999, Berlin, Germany. An extended version is available as University of Pennsylvania Technical Report MS-CIS-99-14, and was also published in the Proceedings of the DARPA Active Networks Conference and Exposition (DANCE), May 2002.
Sponsors of the NSL
Copyright © 2003 NSL
Last Updated: 2 August, 2003 14:56