Computer Security Lab: Rice University

• Distributed and Peer-to-Peer Systems
• Electronic Voting
• Programming Languages and Mobile Code

Distributed, Web, and Peer-to-Peer Systems Security

• Scott Crosby and Dan S. Wallach, Super-efficient Aggregating History-independent Persistent Authenticated Dictionaries, 14th European Symposium on Research in Computer Security (Saint Malo, France), September 2009.
• Scott Crosby and Dan S. Wallach. Efficient Data Structures for Tamper Evident Logging. 18th USENIX Security Symposium (Montreal, Canada), August 2009.
• Chris Grier, Samuel T. King, and Dan S. Wallach, How I Learned to Stop Worrying and Love Plugins, Workshop on Web 2.0 Security and Privacy (W2SP ‘09) (Oakland, California), May 2009.
• Daniel R. Sandler and Dan S. Wallach. Birds of a FETHR: Open, Decentralized Micropublishing. 8th International Workshop on Peer-to-Peer Systems (IPTPS ’09) (Boston, Massachusetts), April 2009.
• Dan S. Wallach, Technical Perspective: Tools for Information to Flow Securely and Swift-ly. Communications of the ACM, vol. 52, no. 2, February 2009, p. 78.
• Scott A. Crosby, Rudolf H. Riedi, and Dan S. Wallach, Opportunities and Limits of Remote Timing Attacks, ACM Transactions on Information and Systems Security (TISSEC), vol. 12, no. 3, January 2009.
• Tsuen-Wan “Johnny” Ngan, Roger Dingledine, and Dan S. Wallach, Building Incentives into Tor. Technical Report TR08-09, Department of Computer Science, Rice University, Nov 2008.
• Daniel R. Sandler and Dan S. Wallach. <input type="password"> must die! Web 2.0 Security & Privacy (W2SP 2008) (Oakland, California), May 2008.
• Scott A. Crosby, Dan S. Wallach, An Analysis of BitTorrent’s Two Kademlia-Based DHTs. Technical Report TR07-04, Department of Computer Science, Rice University, May 2007.
• Scott A Crosby, Rudolf H Riedi, and Dan S. Wallach, Opportunities and Limits of Remote Timing Attacks. Technical Report TR07-03, Department of Computer Science, Rice University, May 2007.
• Atul Singh, Tsuen-Wan “Johnny” Ngan, Peter Druschel, and Dan S. Wallach, Eclipse Attacks on Overlay Networks: Threats and Defenses, IEEE INFOCOM ‘06, (Barcelona, Spain), April 2006.
• Cristian Coarfa, Peter Druschel, Dan S. Wallach, Performance Analysis of TLS Web Servers, ACM Transactions on Computer Systems, vol. 24, no. 1, February 2006.
• Animesh Nandi, Tsuen-Wan “Johnny” Ngan, Atul Singh, Peter Druschel, and Dan S. Wallach, Scrivener: Providing Incentives in Cooperative Content Distribution Systems, ACM/IFIP/USENIX 6th International Middleware Conference (Middleware 2005), (Grenoble, France), November 2005.
• Seth James Nielson, Scott S. Crosby, and Dan S. Wallach, A Taxonomy of Rational Attacks, Proceedings of the Fourth International Workshop on Peer-to-Peer Systems (IPTPS ‘05), (Ithaca, New York), February, 2005.
• Adam B. Stubblefield, Aviel D. Rubin, and Dan S. Wallach, Managing the Performance Impact of Web Security, Electronic Commerce Research Journal, vol 5, no. 1, February 2005.
• Tsuen-Wan “Johnny” Ngan, Dan S. Wallach, and Peter Druschel, Incentives-Compatible Peer-to-Peer Multicast, 2nd Workshop on Economics of Peer-to-Peer Systems, (Cambridge, Massachusetts), June 2004.
• Tsuen-Wan “Johnny” Ngan, Animesh Nandi, Atul Singh, Dan S. Wallach, and Peter Druschel, Designing Incentives-Compatible Peer-to-Peer Systems, 2nd Bertinoro Workshop on Future Directions in Distributed Computing (FuDiCo 2004), Bertinoro, Italy, June 2004.
• Scott Crosby and Dan S. Wallach, Denial of Service via Algorithmic Complexity Attacks, 12th Usenix Security Symposium (Washington, D.C.), August 2003.
• Tsuen-Wan “Johnny” Ngan, Dan S. Wallach, and Peter Druschel, Enforcing Fair Sharing of Peer-to-Peer Resources, 2nd International Workshop on Peer-to-Peer Systems (IPTPS ‘03) (Berkeley, California), February 2003.
• Miguel Castro, Peter Druschel, Ayalvadi Ganesh, Antony Rowstron, Dan S. Wallach, Security for Peer-to-Peer Routing Overlays. Fifth Symposium on Operating Systems Design and Implementation (OSDI ‘02) (Boston, Massachusetts), December 2002.
• Dan S. Wallach, A Survey of Peer-to-Peer Security Issues, International Symposium on Software Security (Tokyo, Japan), November 2002.
• Cristian Coarfa, Peter Druschel, Dan S. Wallach, Performance Analysis of TLS Web Servers, Network and Distributed Systems Security Symposium (San Diego, California), February 2002.

Electronic Voting Security

• Ersin Öksüzoğlu and Dan S. Wallach, VoteBox Nano: A Smaller, Stronger FPGA-based Voting Machine, 2009 Electronic Voting Technology Workshop / Workshop on Trustworthy Elections (EVT/WOTE ‘09) (Montreal, Canada), August 2009.
• Dan S. Wallach. Voting System Risk Assessment via Computational Complexity Analysis. William & Mary Bill of Rights Journal, vol. 17, December 2008.
• Dan S. Wallach, Testimony Before the Texas Senate Committee on State Affairs (Austin, Texas), October 2008.
• Daniel R. Sandler and Dan S. Wallach, The Case for Networked Remote Voting Precincts. 3rd USENIX/ACCURATE Electronic Voting Technology Workshop (EVT ‘08) (San Jose, California), August 2008.
• Daniel R. Sandler, Kyle Derr, and D. S. Wallach. VoteBox: A Tamper-Evident, Verifiable Electronic Voting System. 17th USENIX Security Symposium (USENIX Security ’08) (San Jose, California), August 2008.
• Dan S. Wallach, Testimony Before the Texas House Committee on Elections (Austin, Texas), June 2008.
• Robert M. Stein, Greg Vonnahme, Michael Byrne, and Dan S. Wallach, Voting Technology, Election Administration, and Voter Performance, Election Law Journal, vol. 7, no. 2, April 2008.
• Daniel R. Sandler, Kyle Derr, Scott Crosby, and Dan S. Wallach. Finding the evidence in tamper-evident logs. Proceedings of the 3rd International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE’08) (Oakland, California), May 2008.
• Sarah P. Everett, Kristen K. Greene, Michael D. Byrne, Dan S. Wallach, Kyle Derr, Daniel Sandler, and Ted Torous, Electronic Voting Machines versus Traditional Methods: Improved Preference, Similar Performance, Human Factors in Computing Systems: Proceedings of CHI 2008 (Florence, Italy), April 2008.
• Dan S. Wallach, Testimony Before the Tennessee Advisory Commission on Intergovernmental Relations (Nashville, Tennessee), September 2007.
• Daniel Sandler and Dan S. Wallach, Casting Votes in the Auditorium, 2nd USENIX/ACCURATE Electronic Voting Technology Workshop (EVT ‘07) (Boston, Massachusetts), August 2007.
• Srinivas Inguva, Eric Rescorla, Hovav Shacham, and Dan S. Wallach, Source Code Review of the Hart InterCivic Voting System, California Secretary of State’s "Top to Bottom" Review, July 2007.
• David L. Dill and Dan S. Wallach, Stones Unturned: Gaps in the Investigation of Sarasota’s Disputed Congressional Election, April 2007
• Dan S. Wallach, Testimony before the U.S. Senate Committee on Rules and Administration, February 7, 2007.
• Dan S. Wallach, "Expert Report in Conroy v. Dennis" (portions redacted), September 2006.
• Dan S. Wallach, "Security and Reliability of Webb County’s ES&S Voting System and the March ‘06 Primary Election" (Expert Report in Flores v. Lopez), May 2006.
• Dan S. Wallach, Testimony for the NIST/EAC Technical Guidelines Development Committee (Gaithersburg, Maryland), September 2004.
• Tadayoshi Kohno, Adam Stubblefield, Aviel D. Rubin, Dan S. Wallach, Analysis of an Electronic Voting System, 2004 IEEE Symposium on Security and Privacy (Oakland, California), May 2004.
• Jonathan Bannet, David W. Price, Algis Rudys, Justin Singer, Dan S. Wallach, Hack-a-Vote: Demonstrating Security Issues with Electronic Voting Systems, IEEE Security & Privacy Magazine, volume 2, number 1, January/February 2004, pp. 32-37. Also reprinted by ComputerUser, March 2004.

Programming Language / Mobile Code Safety and Security

• David W. Price, Algis Rudys, Dan S. Wallach, Garbage Collector Memory Accounting in Language-Based Systems, 2003 IEEE Symposium on Security and Privacy (Oakland, California), May 2003.
• Algis Rudys and Dan S. Wallach, Termination in Language-based Systems, ACM Transactions on Information and System Security, volume 5, number 2, May 2002.
• Dan S. Wallach, Edward W. Felten, Andrew W. Appel, The Security Architecture Formerly Known as Stack Inspection: A Security Mechanism for Language-based Systems, ACM Transactions on Software Engineering and Methodology, volume 9, number 4, October 2000.