Sandy Clark

Graduate Student(Ph.D.) in computer and information science at the University of Pennsylvania

email:	saender at cis upenn edu
twitter:	@sa3nder
	Seclab Moore Hall, Room 102 3330 Walnut St. Philadelphia, PA 19104

Curriculum Vitae

Site design copied from Alex Halderman.

My research focuses on computer security and privacy, with an emphasis on computer security as an ecosystem. Much of my work explores solutions to computer security problems from non-traditional disciplines. Topics that interest me include software security, user and data privacy, anonymity, computer human interaction, ethics, and cybercrime, malware evolution and the security arms race. Lately I've been focused on the interaction of technology with law, governmental regulation, and international affairs.

My advisor is Matt Blaze, and my co-advisor is Jonathan Smith.

Selected Publications by topic

SECURITY ECOSYSTEM

Moving Target:Security and Rapid-Release in Firefox. Sandy Clark, Michael Collis, Matt Blaze, Jonathan Smithi. To be presented at the 21st ACM Conference on Computer and Communications Security (CCS), November, 2014

Familiarity Breeds Contempt: The Honeymoon Effect and the Role of Legacy Code in Zero-Day Vulnerabilities. Sandy Clark, Stefan Frei, Matt Blaze and Jonathan Smith. Annual Computer Security Applications Conference(ACSAC), December, 2010

The Casino and the OODA Loop: why our protocols always eventually fail. Sandy Clark, Matt Blaze, Jonathan Smith. SP'12 Proceedings of the 20th international conference on Security Protocols, pages 60-63

TECHNOLOGY and LEGAL POLICY

Lawful hacking: Using existing vulnerabilities for wiretapping on the Internet. Steven M. Bellovin, Matt Blaze, Sandy Clark, and Susan Landau. Northwestern Journal of Technology & Intellectual Property, 12(1), 2014

Going bright: Wiretapping without weakening communications infrastructure. Steven M. Bellovin, Matt Blaze, Sandy Clark, and Susan Landau. IEEE Security & Privacy, 11(1):62-72, January-February, 2013.

Project EVEREST - The in depth analysis of voting systems under real world conditions for the Secretary of State of Ohio, Jennifer Brunner. PI: Patrick McDaniel, Pennsylvania State University, Team Leaders: Matt Blaze, University of Pennsylvania, Giovanni Vigna, WebWise Security, Inc. see here for more information: PI statement

SECURITY and PRIVACY

Why (Special Agent) Johnny (Still) Can't Encrypt: A Security Analysis of the APCO Project 25 Two-Way Radio System [pdf]. Sandy Clark, Travis Goodspeed, Perry Metzger, Zachary Wasserman, Kevin Xu, and Matt Blaze
Proc. 20th USENIX Security Symposium — Outstanding Paper Award
Sec ’11, San Francisco, CA, August, 2011

Signaling Vulnerabilities in Wiretapping Systems.. M. Sherr, E. Cronin, S. Clark and M. Blaze. IEEE Security and Privacy, November/December, 2005. Also see: http://www.crypto.com/papers/wiretapping/ web page.

Selected Hackercon Contributions

DEFCON Review Board

SHMOOCON Program Committee

Presentations

HOPEX: CSI EFFECT

SHMOOCON: OODA LOOP and the Red Queen

CONFIDENCE POLAND: P25 Radios

DEFCON: P25

DEFCON: EVOTING