Selected Publications

Books and Book Chapters

  • David Challener, Kent Yoder, Ryan Catherman, David Safford, Leendert Van Doorn.
    A Practical Guide to Trusted Computing
    IBM Press, 2008.
    ISBN 978-0132398428.
  • Pankaj Rohatgi.
    Side-channel attacks.
    In Hossein Bidgoli, editor, Handbook of Information Security, Volume 3: Threats, Vulnerabilities, Prevention Detection and Management, pages 241-259. John Wiley & Sons, 2005.
    ISBN 0471648337.
  • Marco Pistoia, Nataraj Nagaratnam, Larry Koved, and Anthony Nadalin.
    Enterprise Java Security: Building Secure J2EE Applications.
    Addison-Wesley, 2004.
    ISBN 0-321-11889-8.
  • Suresh Chari, Charanjit S. Jutla, Josyula R. Rao, and Pankaj Rohatgi.
    Programming methodology.
    In Annabelle McIver and Carroll Morgan, editors, Programming methodology, Monographs in Computer Science, chapter Power Analysis: Attacks and Countermeasures, pages 415-439. Springer-Verlag, Berlin Germany, 2003.
    ISBN 0-387-95349.

Articles in Journals and Refereed Conferences

  • Stefan Berger, Ramón Cáceres, Dimitrios Pendarakis, Reiner Sailer, Enriquillo Valdez, Ronald Perez, Wayne Schildhauer, and Deepa Srinivasan.
    TVDc: Managing security in the trusted virtual datacenter.
    ACM Operating Systems Review, 42(2), 2008.
  • Frederik De Keukelaere, Sumeer Bhola, Michael Steiner, Suresh Chari, and Sachiko Yoshihama.
    SMash: Secure cross-domain mashups on unmodified browsers.
    In 17th International Conference on the World-Wide Web, 2008.
  • Pau-Chen Cheng, Pankaj Rohatgi, Claudia Keser, Paul A. Karger, Grant M. Wagner, and Angela Schuett Reninger.
    Fuzzy multi-level security: An experiment on quantified risk-adaptive access control.
    In Proceedings of the IEEE Symposium on Research in Security and Privacy, Oakland, CA, May 2007. IEEE Computer Society, Technical Committee on Security and Privacy, IEEE Computer Society Press.
  • Dakshi Agrawal, Selcuk Baktir, Deniz Karakoyunlu, Pankaj Rohatgi, and Berk Sunar.
    Trojan detection using IC fingerprinting.
    In Proceedings of the IEEE Symposium on Research in Security and Privacy, pages 296-310, Oakland, CA, May 2007. IEEE Computer Society, Technical Committee on Security and Privacy, IEEE Computer Society Press.
  • Jonathan M McCune, Stefan Berger, Ramón Cáceres, Trent Jaeger, and Reiner Sailer.
    Shamon - a system for distributed mandatory access control.
    In 22nd Annual Computer Security Applications Conference. ACM, December 2006.
  • Ran Canetti, Shai Halevi, and Michael Steiner.
    Mitigating dictionary attacks on password-protected local storage.
    In Advances in Cryptology - CRYPTO '2006, Lecture Notes in Computer Science. International Association for Cryptologic Research, Springer-Verlag, Berlin Germany, 2006.
  • Charanjit S. Jutla.
    PRF domain extension using DAGs.
    In Theory of Cryptography Conference, Lecture Notes in Computer Science, pages 561-580. Springer-Verlag, Berlin Germany, 2006.
  • X. Zhang, L. Koved, M. Pistoia, S. Weber, J. Jaeger, G. Marceau, and L Zeng.
    The case for analysis preserving language transformation.
    In Proceedings of International Symposium on Software Testing and Analysis (ISSTA 2006), Portland, Maine, USA, June 2006.
  • Vugranam C. Sreedhar.
    Data-centric security: Role analysis and role typestate.
    In Eleventh ACM Symposium on Access Control Models and Technologies (SACMAT 2006), pages 170-179, Lake Tahoe, California, USA, June 2006. ACM Press.
  • Stefan Berger, Ramon Caceres, Kenneth A. Goldman, Ronald Perez, Reiner Sailer, and Leendert van Doorn.
    vTPM: Virtualizing the Trusted Platform Module.
    In Proceedings of the 15th USENIX Security Symposium, pages 305-320. USENIX, August 2006.
  • Hyen-Vui Chung, Michael McIntosh, Paula Austel, and Masayoshi Teraguchi.
    Web services security - sign and encrypt any element in a SOAP message.
    IBM developerWorks, http://www-128.ibm.com/developerworks/websphere/library/techarticles/0605_chung/0605_chung.html, May 2006.
  • Nataraj Nagaratnam, Anthony Nadalin, Maryann Hondo, Michael McIntosh, and Paula Austel.
    Business-driven application security: From modeling to managing secure applications.
    IBM Systems Journal, 44(4):847-868, 2005.
  • Marco Pistoia, Robert J. Flynn, Larry Koved, and Vugranam C. Sreedhar.
    Interprocedural analysis for privileged code placement and tainted variable detection.
    In Proceedings of the 19th European Conference on Object-Oriented Programming (ECOOP), pages 362-386, Glasgow, Scotland, UK, July 2005. Springer-Verlag, Berlin Germany.
  • Michael McIntosh and Paula Austel.
    Web services: XML signature element wrapping attacks and countermeasures.
    In Workshop on Secure Web Services, pages 20-27, Washington DC, November 2005. ACM.
  • Marina Biberstein, Vugranam C. Sreedhar, and Bihla Mendelson.
    Instrumenting annotated programs.
    In First ACM/USENIX International Conference on Virtual Execution Environments (VEE'05), 2005.
  • Vugranam C. Sreedhar and Maria-Cristina Marinescu.
    From statecharts to ESP*: Programming with events, states and predicates for embedded systems.
    In ACM Conference of Embedded System Software (EMSOFT) 2005, 2005.
  • Sam Weber, Hoi Chan, Lou Degenaro, Judah Diament, Achille Fokoue, and Isabelle Rouvellou.
    Fusion: A system for business users to manage program variability.
    IEEE Transactions on Software Engineering, 31(7):570-587, July 2005.
  • Sam Weber, Paul A. Karger, and Amit Paradkar.
    A software flaw taxonomy: Aiming tools at security.
    SIGSOFT Software Engineering Notes, 30(4):1-7, 2005.
    Also appeared in Proceedings of the 2005 Workshop on Software Engineering for Secure Systems - Building trustworthy applications, 2005 , St. Louis, Missouri.
  • Amit Paradkar, Suzanne McIntosh, Sam Weber, David Toll, Paul Karger, and Matt Kaplan.
    Chicken & egg: Dependencies in security testing and compliance with common criteria evaluations.
    In International Symposium on Secure Software Engineering (ISSSE'06). IEEE, 2006.
  • Dakshi Agrawal, Josyula R. Rao, Pankaj Rohatgi, and Kai Schramm.
    Templates as master keys.
    In Josyula R. Rao and Berk Sunar, editors, Cryptographic Hardware and Embedded Systems -- CHES 2005, volume 3659 of Lecture Notes in Computer Science, pages 15-29. Springer-Verlag, Berlin Germany, 2005.
  • W. Eric Hall and Charanjit S. Jutla.
    Parallelizable authentication trees.
    In 12th Annual Workshop on Selected Areas in Cryptography, Lecture Notes in Computer Science, pages 95-109. Springer-Verlag, Berlin Germany, August 2005.
  • Liqun Chen, Matthias Enzmann, Ahmad-Reza Sadeghi, Markus Schneider, and Michael Steiner.
    A privacy-protecting coupon system.
    In Proceedings of the Nineth Conference on Financial Cryptography (FC '05), Lecture Notes in Computer Science, pages 93-108, Roseau, The Commonwealth Of Dominica, 2005. International Financial Cryptography Association (IFCA), Springer-Verlag, Berlin Germany.
  • Ran Canetti, Shai Halevi, and Michael Steiner.
    Hardness amplification of weakly verifiable puzzles.
    In Theory of Cryptography Conference, Lecture Notes in Computer Science. Springer-Verlag, Berlin Germany, 2005.