Site design copied from Alex Halderman.
|
My research focuses on computer
security and privacy, with an emphasis on computer security as
an ecosystem. Much of my work explores solutions to computer security
problems from non-traditional disciplines. Topics that interest me include software security, user
and data privacy, anonymity, computer
human interaction, ethics, and cybercrime, malware evolution and the
security arms race. Lately I've been focused on the interaction
of technology with law, governmental regulation, and international
affairs.
My advisor is Matt Blaze,
and my co-advisor is Jonathan Smith.
Selected Publications by topic
SECURITY ECOSYSTEM
Moving Target:Security and Rapid-Release in Firefox. Sandy
Clark, Michael Collis, Matt Blaze, Jonathan Smithi. To be presented at the 21st ACM Conference on Computer and Communications Security (CCS), November, 2014
Familiarity Breeds Contempt: The Honeymoon Effect and
the Role of Legacy Code in Zero-Day Vulnerabilities. Sandy
Clark, Stefan Frei, Matt Blaze and Jonathan Smith. Annual
Computer Security Applications Conference(ACSAC), December, 2010
The
Casino and the OODA Loop: why our protocols always eventually
fail. Sandy Clark, Matt Blaze, Jonathan Smith. SP'12
Proceedings of the 20th international conference on Security
Protocols, pages 60-63
TECHNOLOGY and LEGAL POLICY
Lawful
hacking: Using existing vulnerabilities for wiretapping on the
Internet. Steven M. Bellovin, Matt Blaze, Sandy Clark, and Susan Landau. Northwestern Journal of Technology & Intellectual Property,
12(1), 2014
Going bright: Wiretapping without weakening communications
infrastructure. Steven M. Bellovin, Matt Blaze, Sandy
Clark, and Susan Landau. IEEE Security & Privacy, 11(1):62-72, January-February,
2013.
Project
EVEREST - The in depth analysis of voting systems under real world
conditions for the Secretary of State of Ohio, Jennifer Brunner.
PI: Patrick McDaniel, Pennsylvania State University, Team Leaders:
Matt Blaze, University of Pennsylvania, Giovanni Vigna, WebWise
Security, Inc. see here for more information: PI statement
SECURITY and PRIVACY
Why (Special Agent) Johnny
(Still) Can't Encrypt: A Security Analysis of the APCO Project 25
Two-Way Radio System [pdf]. Sandy Clark, Travis Goodspeed, Perry Metzger,
Zachary Wasserman, Kevin Xu, and Matt Blaze
Proc. 20th USENIX Security Symposium — Outstanding Paper Award
Sec ’11, San Francisco, CA, August, 2011
Signaling Vulnerabilities in Wiretapping Systems..
M. Sherr, E. Cronin, S. Clark and M. Blaze. IEEE Security and Privacy, November/December, 2005.
Also see:
http://www.crypto.com/papers/wiretapping/ web
page.
Selected Hackercon Contributions
DEFCON Review Board
SHMOOCON Program Committee
Presentations
HOPEX: CSI EFFECT
SHMOOCON: OODA LOOP and the Red Queen
CONFIDENCE POLAND: P25 Radios
DEFCON: P25
DEFCON: EVOTING
|