Publications

"If we knew what it was we were doing, it would not be called research, would it?"

— attributed to Albert Einstein

Book Chapters

Adam Bates, Devin Pohly, and Kevin R. B. Butler. Secure and Trustworthy Provenance Collection for Digital Forensics. In C. Wang, R. M. Gerges, Y. Guan, and S. K. Kasera, eds., Digital Fingerprinting (pp. 141--176). New York: Springer-Verlag, 2016.

Kevin Butler, William Enck, Patrick Traynor, Jennifer Plasterr, and Patrick McDaniel. Privacy Preserving Web-Based Email. Algorithms, Architectures and Information Systems Security, Statistical Science and Interdisciplinary Research. World Scientific Computing, November 2008.

Journal Publications

Adam Bates, Dave (Jing) Tian, Grant Hernandez, Thomas Moyer, Kevin R. B. Butler, and Trent Jaeger. Taming the Costs of Trustworthy Provenance through Policy Reduction. ACM Transactions on Internet Technology, March 2017, accepted for publication.

Bradley Reaves, Jasmine Bowers, Sigmund Albert Gorski III, Rahul Bobate, Raymond Cho, Hiranava Sas, Sharique Hussain, Hamza Karachiwala, Nolen Scaife, Byron Wright, Kevin Butler, William Enck, and Patrick Traynor. *droid: Assessment and Evaluation of Android Application Analysis Tools. ACM Computing Surveys, 49(3), Article 55, November 2016,.

Henry Carter, Benjamin Mood, Patrick Traynor, and Kevin Butler. Outsourcing Secure Two-Party Computation as a Black Box. Security and Communication Networks, 9(14), pg. 2261-2275, September 2016.

Henry Carter, Benjamin Mood, Patrick Traynor, and Kevin Butler. Secure Outsourced Garbled Circuit Evaluation for Mobile Devices. Journal of Computer Security, 24(2), pg. 137-180, 2016.

Adam Bates, Kevin Butler, Micah Sherr, Clay Shields, Patrick Traynor, and Dan Wallach. Accountable Wiretapping -or- I Know That They Can Hear You Now. Journal of Computer Security, 23(2), pg. 167-195, 2015.

Adam Bates, Benjamin Mood, Joe Pletcher, Hannah Pruse, Masoud Valafar, and Kevin Butler. On Detecting Co-resident Cloud Instances Using Network Flow Watermarking Techniques. International Journal of Information Security, 13(2), pg. 171-198, April 2014.

Thomas Moyer, Kevin Butler, Joshua Schiffman, Patrick McDaniel, and Trent Jaeger. Scalable Web Content Attestation. IEEE Transactions on Computers. 61(5) pg. 686-699, May 2012.

Kevin Butler, Stephen McLaughlin, Thomas Moyer, and Patrick McDaniel. New Security Architectures Based on Emerging Disk Functionality. IEEE Security and Privacy, 8(5), pg. 34-31, Sept./Oct. 2010.

Kevin Butler, Toni Farley, Patrick McDaniel, and Jennifer Rexford. A Survey of BGP Security Issues and Solutions. Proceedings of the IEEE, 98(1):100--122, January 2010.

Patrick Traynor, Kevin Butler, William Enck, Kevin Borders, and Patrick McDaniel. malnets: Large-Scale Malicious Networks via Compromised Wireless Access Points. Journal of Security and Communication Networks (SCN). 2009.

Kevin Butler, Sunam Ryu, Patrick Traynor, and Patrick McDaniel. Leveraging Identity-based Cryptography for Node ID Assignment in Structured P2P Systems. IEEE Transactions on Parallel and Distributed Systems (TPDS), 20(12):1803--1815, December 2009.

Patrick McDaniel, William Aiello, Kevin Butler, and John Ioannidis, Origin Authentication in Interdomain Routing. Computer Networks, 50(16), pg. 2953-2980, 14 November 2006.

Conference Publications

Adam Bates, Wajih Ul Hassan, Kevin Butler, Alin Dobra, Brad Reaves, Patrick Cable, Thomas Moyer, and Nabil Schear. Transparent Web Service Auditing via Network Provenance Functions. 26th World Wide Web Conference (WWW 2017), Perth, Australia, April 2017.
(acceptance rate=17.0%)

Sriharsha Etigowni, Dave (Jing) Tian, Grant Hernandez, Saman Zonouz, and Kevin Butler. CPAC: Securing Critical Infrastructure with Cyber-Physical Access Control. 32nd Annual Computer Security Applications Conference (ACSAC 2016), Los Angeles, CA, USA, December 2016.
(acceptance rate=22.8%)

Thomas Moyer, Patrick Cable, Karishma Chadha, Robert Cunningham, Nabil Schear, Warren Smith, Adam Bates, Kevin Butler, Frank Capobianco, and Trent Jaeger. Leveraging Data Provenance to Enhance Cyber Resilience. 1st IEEE Cybersecurity Development Conference (SecDev 2016), Boston, MA, USA, November 2016.
(acceptance rate=52.2%)

Dave (Jing) Tian, Adam Bates, Kevin Butler, and Raju Rangaswami. ProvUSB: Block-level Provenance-Based Data Protection for USB Storage Devices. 23rd ACM Conference on Computer and Communications Security (CCS'16), Vienna, Austria, October 2016.
(acceptance rate=16.5%)

Dave (Jing) Tian, Nolen Scaife, Adam Bates, Kevin Butler, and Patrick Traynor. Making USB Great Again with USBFILTER. 25th USENIX Security Symposium (USENIX Security'16), Austin, TX, USA, August 2016.
(acceptance rate=15.5%)

Bradley Reaves, Logan Blue, Dave Tian, Patrick Traynor, and Kevin Butler. Detecting SMS Spam in the Age of Legitimate Bulk Messaging. 9th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec'16), Darmstadt, Germany, July 2016.
(acceptance rate=35.0%)

Nolen Scaife, Henry Carter, Patrick Traynor, and Kevin Butler. CryptoLock (and Drop It): Stopping Ransomware Attacks on User Data. 36th IEEE International Conference on Distributed Computing Systems (ICDCS 2016), Nara, Japan, June 2016.
(acceptance rate=17.6%)

Bradley Reaves, Dave Tian, Nolen Scaife, Logan Blue, Patrick Traynor, and Kevin Butler. Sending out an SMS: Characterizing the Security of the SMS Ecosystem with Public Gateways. 2016 IEEE Symposium on Security and Privacy (Oakland’16), San Jose, CA, USA, May 2016.
(acceptance rate=13.3%)

Benjamin Mood, Debayan Gupta, Henry Carter, Kevin Butler, and Patrick Traynor. Frigate: A Validated, Extensible, and Efficient Compiler and Interpreter for Secure Computation. 1st IEEE European Symposium on Security and Privacy (Euro S&P 2016), Saarbrücken, Germany, March 2016.
(acceptance rate=17.3%)

Henry Carter, Benjamin Mood, Patrick Traynor, and Kevin Butler. Outsourcing Secure Two-Party Computation as a Black Box. 14th International Conference on Cryptology and Network Security (CANS 2015), Marrakesh, Morocco, December 2015.
(acceptance rate=52.9%)

Jing (Dave) Tian, Adam Bates, and Kevin Butler. Defending Against Malicious USB Firmware with GoodUSB. 31st Annual Computer Security Applications Conference (ACSAC 2015), Los Angeles, CA, USA, December 2015.
(acceptance rate=24.4%)

Adam Bates, Dave Tian, Kevin Butler, and Thomas Moyer. Trustworthy Whole-System Provenance for the Linux Kernel. 24th USENIX Security Symposium (Security'15), Washington, DC, USA, August 2015.
(acceptance rate=15.7%)

Bradley Reaves, Nolen Scaife, Adam Bates, Patrick Traynor, and Kevin Butler. Mo(bile) Money, Mo(bile) Problems: Analysis of Branchless Banking Applications in the Developing World. 24th USENIX Security Symposium (Security'15), Washington, DC, USA, August 2015.
(acceptance rate=15.7%)

Ethan Shernan, Henry Carter, Dave Tian, Patrick Traynor, and Kevin Butler. More Guidelines Than Rules: CSRF Vulnerabilities from Noncompliant OAuth 2.0 Implementations Proceedings of the International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA), Milan, Italy, July 2015.
(acceptance rate=22.7%)

Jing (Dave) Tian, Kevin Butler, Patrick McDaniel, and Padma Krishnaswamy. Securing ARP from the Ground Up. 5th ACM Conference on Data and Application Security and Privacy (CODASPY 2015), San Antonio, TX, USA, March 2015.
(acceptance rate=33.3%)

Benjamin Mood, Debayan Gupta, Kevin Butler, and Joan Feigenbaum. Reuse It Or Lose It: More Efficient Secure Computation Through Reuse of Encrypted Values. 21st ACM Conference on Computer and Communications Security (CCS'14), Scottsdale, AZ, USA, November 2014.
(acceptance rate=19.5%)

Adam Bates, Joe Pletcher, Tyler Nichols, Braden Hollembaek, Dave Tian, Abdulrahman Alkhelaifi, and Kevin Butler. Securing SSL Certificate Verification through Dynamic Linking. 21st ACM Conference on Computer and Communications Security (CCS'14), Scottsdale, AZ, USA, November 2014.
(acceptance rate=19.5%)

Adam Bates, Joe Pletcher, Tyler Nichols, Braden Hollembaek, and Kevin Butler. Forced Perspectives: Evaluating an SSL Trust Enhancement at Scale. 2014 ACM Internet Measurement Conference (IMC'14), Vancouver, BC, Canada, November 2014.
(acceptance rate=22.9%)

Adam Bates, Ryan Leonard, Hannah Pruse, Daniel Lowd, and Kevin Butler. Leveraging USB to Establish Host Identity Using Commodity Devices. 21st ISOC Network and Distributed System Security Symposium (NDSS'14), San Diego, CA, USA, February 2014.
(acceptance rate=18.6%)

Henry Carter, Benjamin Mood, Patrick Traynor, and Kevin Butler. Secure Outsourced Garbled Circuit Evaluation for Mobile Devices. 22nd USENIX Security Symposium (Security'13), Washington, DC, USA, August 2013.
(acceptance rate=16.2%)

Benjamin Kreuter, abhi shelat, Benjamin Mood, and Kevin Butler. PCF: A Portable Circuit Format For Scalable Two-Party Secure Computation. 22nd USENIX Security Symposium (Security'13), Washington, DC, USA, August 2013.
(acceptance rate=16.2%)

Adam Bates, Benjamin Mood, Masoud Valafar, and Kevin Butler. An Infrastructure for Provenance-Based Access Control in Cloud Environments. 3rd ACM Conference on Data and Application Security and Privacy (CODASPY 2013), San Antonio, TX, USA, February 2013.
(acceptance rate=31.8%)

Vasant Tendulkar, Joe Pletcher, Ashwin Shashidharan, Ryan Snyder, Kevin Butler, and William Enck. Abusing Cloud-based Browsers for Fun and Profit. 28th Annual Computer Security Applications Conference (ACSAC 2012), Orlando, FL, USA, December 2012.
(acceptance rate=19.0%)

Devin J. Pohly, Stephen McLaughlin, Patrick McDaniel, and Kevin Butler. Hi-Fi: Collecting High-Fidelity Whole-System Provenance. 28th Annual Computer Security Applications Conference (ACSAC 2012), Orlando, FL, USA, December 2012.
(acceptance rate=19.0%)

Benjamin Mood, Lara Letaw, and Kevin Butler. Memory-Efficient Garbled Circuit Generation for Mobile Devices. 16th IFCA International Conference on Financial Cryptography and Data Security (FC'12). Bonaire, February 2012.
(acceptance rate=26.1%)

Adam Bates, Kevin Butler, Micah Sherr, Clay Shields, Patrick Traynor, and Dan Wallach. Accountable Wiretapping -or- I Know That They Can Hear You Now. 19th ISOC Network and Distributed System Security Symposium (NDSS 2012). San Diego, CA, USA, February 2012.
(acceptance rate=17.8%)

Kevin Butler, Stephen McLaughlin, and Patrick McDaniel. Kells: A Protection Framework for Portable Data. 26th Annual Computer Security Applications Conference (ACSAC 2010). Austin, TX, USA, December 2010.
(acceptance rate=16.3%)

Machigar Ongtang, Kevin Butler, and Patrick McDaniel. Porscha: Policy Oriented Secure Content Handling in Android. 26th Annual Computer Security Applications Conference (ACSAC 2010). Austin, TX, USA, December 2010.
(acceptance rate=16.3%)

Thomas Moyer, Kevin Butler, Joshua Schiffman, Patrick McDaniel, and Trent Jaeger. Scalable Asynchronous Web Content Attestation. 25th Annual Computer Security Applications Conference (ACSAC 2009). Honolulu, HI, USA, December 2009.
(acceptance rate=19.0%)

William Enck, Kevin Butler, Thomas Richardson, Patrick McDaniel, and Adam Smith, Defending Against Attacks on Main Memory Persistence. 24th Annual Computer Security Applications Conference (ACSAC 2008), Anaheim, CA, USA. December 2008.
(acceptance rate=24.3%)

Kevin Butler, Stephen McLaughlin, and Patrick McDaniel, Rootkit-Resistant Disks. 15th ACM Conference on Computer and Communications Security (CCS'08), Alexandria, VA, USA. November 2008.
(acceptance rate=18.1%)

Patrick Traynor, Kevin Butler, William Enck, and Patrick McDaniel, Realizing Massive-Scale Conditional Access Systems Through Attribute-Based Cryptosystems. 15th Annual Network and Distributed System Security Symposium (NDSS'08), San Diego, CA, USA. February 2008.
(acceptance rate=17.8%)

Dhananjay Bapat, Kevin Butler, and Patrick McDaniel, Towards Automatic Privilege Separation. Third International Conference on Information Systems Security (ICISS 2007), Delhi, India. December 2007.
(acceptance rate=25.0%)

Lisa Johansen, Kevin Butler, Michael Rowell, and Patrick McDaniel, Email Communities of Interest. Fourth Conference on Email and Anti-Spam (CEAS 2007), Mountain View, CA, USA. August 2007.
(acceptance rate=19.0%)

Anusha Sriraman, Kevin Butler, Patrick McDaniel, and Padma Raghavan, Analysis of the IPv4 Address Delegation Structure. IEEE Symposium on Computers and Communications (ISCC'07), Aveiro, Portugal. July 2007.
(acceptance rate=40%)

Sunam Ryu, Kevin Butler, Patrick Traynor, and Patrick McDaniel, Leveraging Identity-based Cryptography for Node ID Assignment in Structured P2P Systems. 3rd IEEE International Symposium on Security in Networks and Distributed Systems (SSNDS'07), Niagara Falls, ON, Canada. May 2007.
(acceptance rate=40%)

Kevin Butler, Patrick Traynor, William Enck, Jennifer Plasterr, and Patrick McDaniel, Privacy Preserving Web-Based Email. 2nd International Conference on Information Systems Security (ICISS 2006), Kolkata, India. December 2006.
(acceptance rate=30.4%)

Kevin Butler, Patrick McDaniel, and William Aiello, Optimizing BGP Security by Exploiting Path Stability. 13th ACM Conference on Computer and Communications Security (CCS'06), Alexandria, VA, USA. November 2006.
(acceptance rate=14.8%)

Trent Jaeger, Kevin Butler, David King, Serge Hallyn, Joy Latten, and Xiolan Zhang. Leveraging IPsec for Distributed Authorization. 2nd IEEE Communications Society/CreateNet International Conference on Security and Privacy in Communication Networks (SecureComm'06), Baltimore, MD, USA. August 2006.
(acceptance rate=25.4%)

Kevin Butler and Patrick McDaniel, Understanding Mutable Internet Pathogens, or How I Learned to Stop Worrying and Love Parasitic Behavior. 1st International Conference on Information Systems Security (ICISS 2005), Kolkata, India. December 2005.
(Invited paper)

Workshop Publications

Siddhant Deshmukh, Henry Carter, Grant Hernandez, Patrick Traynor, and Kevin Butler. Efficient and Secure Template Blinding for Biometric Authentication. 2nd IEEE Workshop on Security and Privacy in the Cloud (SPC 2016), Philadelphia, PA, USA, October 2016.

Debayan Gupta, Benjamin Mood, Joan Feigenbaum, Kevin Butler and Patrick Traynor. Using Intel Software Guard Extensions for Efficient Two-Party Secure Function Evaluation. 2016 Workshop on Encrypted Computing and Applied Homomorphic Cryptography (WAHC’16), Barbados, February 2016.

Adam Bates, Kevin Butler, and Thomas Moyer. Take Only What You Need: Leveraging Mandatory Access Control Policy to Reduce Provenance Storage Costs. 7th International Workshop on Theory and Practice of Provenance (TaPP'15), Edinburgh, Scotland, July 2015.

Adam Bates, Kevin Butler, Andreas Haeberlen, Micah Sherr, and Wenchao Zhou. Let SDN Be Your Eyes: Secure Forensics in Data Center Networks. NDSS Workshop on Security of Emerging Network Technologies (SENT), San Diego, CA, USA, February 2014.

Matt Bishop, Carrie Gates, Steven Greenspan, Kevin Butler, and Emily Rine Butler. Forgive and Forget: Return to Obscurity. 2013 New Security Paradigms Workshop (NSPW), Banff, AB, Canada, September 2013.

Peter McKay, Bryan Clement, Sean Haverty, Elijah Newton, and Kevin Butler. Read My Lips: Towards Use of the Microsoft Kinect as a Visual-Only Automatic Speech Recognizer. 2013 Workshop on Home Usable Privacy and Security (HUPS), Newcastle, UK, July 2013.

Adam Bates, Benjamin Mood, Joe Pletcher, Hannah Pruse, Masoud Valafar, and Kevin Butler. Detecting Co-Residency with Active Traffic Analysis Techniques. 4th ACM Cloud Computing Security Workshop (CCSW 2012), Raleigh, NC, USA, October 2012.
(acceptance rate=12.0% [full papers], 22.0% [overall])

Lara Letaw, Joe Pletcher, and Kevin Butler. Host Identification via USB Fingerprinting. 6th IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE 2011), In conjunction with IEEE Security and Privacy Symposium, Oakland, CA, USA, May 2011.
(acceptance rate=34.8%)

Patrick McDaniel, Kevin Butler, Stephen McLaughlin, Radu Sion, Erez Zadok, and Marianne Winslett, Towards a Secure and Efficient System for End-to-End Provenance. 2nd USENIX Workshop on the Theory and Practice of Provenance (TaPP'10), San Jose, CA, USA, February 2010.

Kevin Butler and Petros Efstathopoulos, U Can’t Touch This: Block-Level Protection for Portable Storage. International Workshop on Software Support for Portable Storage (IWSSPS 2009), Grenoble, France, October 2009.

Kevin Butler, William Enck, Harri Hursti, Stephen McLaughlin, Patrick Traynor, and Patrick McDaniel, Systemic Issues in the Hart InterCivic and Premier Voting Systems: Reflections Following Project EVEREST. 2008 USENIX/ACCURATE Electronic Voting Technology Workshop (EVT'08), San Jose, CA, USA. July 2008.

Kevin Butler, Stephen McLaughlin, and Patrick McDaniel, Non-Volatile Memory and Disks: Avenues for Policy Architectures. 1st Computer Security Architecture Workshop (CSAW 2007), Alexandria, VA, USA. November 2007.

Shiva Chaitanya, Kevin Butler, Anand Sivasubramaniam, Patrick McDaniel, and Murali Vilayannur, Design, implementation and evaluation of security in iSCSI-based network storage systems. 2nd International Workshop on Storge Security and Survivability (StorageSS 2006), Alexandria, VA, USA. October 2006.

Kevin Butler and Patrick McDaniel, Testing Large Scale BGP Security in Replayable Network Environments. DETER Community Workshop on Cyber Security Experimentation and Test, Arlington, VA, USA. June 2006.

Kevin Butler, Sophie Qiu, and Patrick McDaniel, BGPRV: Retrieving and Processing BGP Data with Efficiency and Convenience. DETER Community Workshop on Cyber Security Experimentation and Test, Arlington, VA, USA. June 2006.

Other Publications

Kevin Butler, Leon Perlman, Paul Makin, Henry Gerwitz, Patrick Traynor, Yury Grin, Evgeniy Bondarenko, and Richard Miller. Security Aspects of Digital Financial Services (DFS). ITU-T FG-DFS: Telecommunication Standardization Sector of the International Telecommunication Union, Focus Group on Digital Financial Services. Focus Group Technical Report, January 2017.

Patrick McDaniel, Kevin Butler, William Enck, Harri Hursti, Stephen McLaughlin, Patrick Traynor, Matt Blaze, Adam Aviv, Pavol Cerny, Sandy Clark, Eric Cronin, Gaurav Shah, Micah Sherr, Giovanni Vigna, Richard Kemmerer, David Balzarotti, Greg Banks, Marco Cova, Viktoria Felmetsger, William Robertson, Fredrik Valeur, Joseph Lorenzo Hall, and Laura Quilter, EVEREST: Evaluation and Validation of Election-Related Equipment, Standards and Testing. Public Report, Ohio Secretary of State, 2007.

Kevin Butler, 18th USENIX Security Symposium Conference Summaries. USENIX ;login Magazine, December 2009.

Kevin Butler, 16th USENIX Security Symposium Conference Summaries. USENIX ;login Magazine, December 2007.

Kevin Butler, 15th USENIX Security Symposium Conference Summaries. USENIX ;login Magazine, December 2006.

Kevin Butler, 14th USENIX Security Symposium Conference Summaries. USENIX ;login Magazine, December 2005.

Technical Reports

Kevin Butler and Petros Efstathopoulos. U Can't Touch This: Block-Level Protection for Portable Storage. Technical Report Symantec-SRL/MV2009-11, Symantec Research Labs, Mountain View, CA, June 2009.

Kevin Butler, Stephen McLaughlin, Thomas Moyer, Joshua Schiffman, Patrick McDaniel, and Trent Jaeger. Firma: Disk-Based Foundations for Trusted Operating Systems. Technical Report NAS-TR-0114-2009, Networking and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA, May 2009.

Kevin Butler, Stephen McLaughlin, Thomas Moyer, Patrick McDaniel, and Trent Jaeger. SwitchBlade: Policy-Driven Disk Segmentation. Technical Report NAS-TR-0098-2008, Networking and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA, November 2008.

Lisa Johansen, Kevin Butler, William Enck, Patrick Traynor, and Patrick McDaniel, Grains of SANs: Building Storage Area Networks from Memory Spots. Technical Report NAS-TR-0060-2006, Network and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA, January 2007.

Kevin Butler, Stephen McLaughlin, Patrick McDaniel, and Youngjae Kim. Autonomously Secure Disks. Technical Report NAS-TR-0072-2007, Network and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA, May 2007. (Updated September 2007.)

Luke St. Clair, Lisa Johansen, Kevin Butler, William Enck, Matthew Pirretti, Patrick Traynor, Patrick McDaniel, and Trent Jaeger, Password Exhaustion: Predicting the End of Password Usefulness. Technical Report NAS-TR-0030-2006, Network and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA, May 2006. (Updated January 2007.)