David Wagner's technical work

Here you may find some of my publications, papers, unpublished manuscripts, and other writings. Comments welcomed.

Also available are some of my talks, as well as my posts on cryptography and related issues.

Papers

Toxicity Detection for Free: Zhanhao Hu, Julien Piet, Geng Zhao, Jiantao Jiao, David Wagner. To appear at NeurIPS 2024, December 12, 2024.
Demystifying Behavior-Based Malware Detection at Endpoints: Yigitcan Kaya, Yizheng Chen, Shoumik Saha, Fabio Pierazzi, Lorenzo Cavallaro, David Wagner, Tudor Dumitras. arXiv:2405.06124.
Certifiably Robust RAG against Retrieval Corruption: Chong Xiang, Tong Wu, Zexuan Zhong, David Wagner, Danqi Chen, Prateek Mittal. arXiv:2405.15556.
StruQ: Defending Against Prompt Injection with Structured Queries: Sizhe Chen, Julien Piet, Chawin Sitawarin, David Wagner. To appear at Usenix Security 2025.
Generative AI Security: Challenges and Countermeasures: Banghua Zhu, Norman Mu, Jiantao Jiao, David Wagner. arXiv:2402.12617.
Vulnerability Detection with Code Language Models: How Far Are We?: Yangruibo Ding, Yanjun Fu, Omniyyah Ibrahim, Chawin Sitawarin, Xinyun Chen, Basel Alomair, David Wagner, Baishakhi Ray, Yizheng Chen. To appear at International Conference on Software Engineering (ICSE) 2025.
Jatmo: Prompt Injection Defense by Task-Specific Finetuning: Julien Piet, Maha Alrashed, Chawin Sitawarin, Sizhe Chen, Zeming Wei, Elizabeth Sun, Basel Alomair, David Wagner. ESORICS 2024, September 16, 2024. [code]
PAL: Proxy-Guided Black-Box Attack on Large Language Models: Chawin Sitawarin, Norman Mu, David Wagner, Alexandre Araujo. arXiv:2402.09674. [code]
Mark My Words: Analyzing and Evaluating Language Model Watermarks: Julien Piet, Chawin Sitawarin, Vivian Fang, Norman Mu, David Wagner. arXiv:2312.00273. [code]
PubDef: Defending Against Transfer Attacks From Public Models: Chawin Sitawarin, Jaewon Chang, David Huang, Wesson Altoyan, David Wagner. ICLR 2024, May 7, 2024. [code, web page]
Can LLMs Follow Simple Rules?: Norman Mu, Sarah Chen, Zifan Wang, Sizhe Chen, David Karamardian, Lulwa Aljeraisy, Dan Hendrycks, David Wagner. arXiv:2311.04235. [paper page, demo, code]
REAP: A Large-Scale Realistic Adversarial Patch Benchmark: Nabeel Hingun, Chawin Sitawarin, Jerry Li, David Wagner. IEEE/CVF international conference on computer vision (ICCV 2023), October 4, 2023. [code]
DeTagTive: Linking MACs to Protect Against Malicious BLE Trackers: Tess Despres, Noelle Davis, Prabal Dutta, David Wagner. Second Workshop on Situating Network Infrastructure with People, Practices, and Beyond (SNIP2+ '23), September 10, 2023.
Continuous Learning for Android Malware Detection: Yizheng Chen, Zhoujie Ding, and David Wagner. Usenix Security 2023, August 9, 2023. [code + data]
Network Detection of Interactive SSH Impostors Using Deep Learning: Julien Piet, Aashish Sharma, Vern Paxson, David Wagner. Usenix Security 2023, August 9, 2023.
DiverseVul: A New Vulnerable Source Code Dataset for Deep Learning Based Vulnerability Detection: Yizheng Chen, Zhoujie Ding, Lamya Alowain, Xinyun Chen, and David Wagner. 26th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2023), October 16, 2023. [data]
Part-Based Models Improve Adversarial Robustness: Chawin Sitawarin, Kornrapat Pongmala, Yizheng Chen, Nicholas Carlini, David Wagner. 11th International Conference on Learning Representations (ICLR 2023), May 1-5, 2023. [code]
Can Humans Detect Malicious Always-Listening Assistants? A Framework for Crowdsourcing Test Drives: Nathan Malkin, David Wagner, Serge Egelman. Proceedings of the ACM on Human-Computer Interaction, volume 6, issue CSCW2, November 2022.
SLIP: Self-supervision meets Language-Image Pre-training: Norman Mu, Alexander Kirillov, David Wagner, Saining Xie. ECCV 2022, October 25, 2022. [code]
Runtime Permissions for Privacy in Proactive Intelligent Assistants: Nathan Malkin, David Wagner, and Serge Egelman. 18th Symposium on Usable Privacy and Security (SOUPS 2022), August 9, 2022.
Demystifying the Adversarial Robustness of Random Transformation Defenses: Chawin Sitawarin, Zachary Golan-Strieb, David Wagner. 39th International Conference on Machine Learning (ICML 2022), July 19, 2022. [code]
Learning Security Classifiers with Verified Global Robustness Properties: Yizheng Chen, Shiqi Wang, Yue Qin, Xiaojing Liao, Suman Jana, David Wagner. 28th ACM Conference on Computer and Communications Security (CCS 2021), November 16, 2021. [code]
SEAT: Similarity Encoder by Adversarial Training for Detecting Model Extraction Attack Queries: Zhanyuan Zhang, Yizheng Chen, David Wagner. 14th ACM Workshop on Artificial Intelligence and Security (AISEC 2021), November 15, 2021. [code]
SAT: Improving Adversarial Training via Curriculum-Based Loss Smoothing: Chawin Sitawarin, Supriyo Chakraborty, David Wagner. 14th ACM Workshop on Artificial Intelligence and Security (AISEC 2021), November 15, 2021.
Adversarial Examples for k-Nearest Neighbor Classifiers Based on Higher-Order Voronoi Diagrams: Chawin Sitawarin, Evgenios M. Kornaropoulos, Dawn Song, David Wagner. Advances in Neural Information Processing Systems (NeurIPS 2021), December 7, 2021. [code]
Hopper: Modeling and Detecting Lateral Movement: Grant Ho, Mayank Dhiman, Devdatta Akhawe, Vern Paxson, Stefan Savage, Geoffrey M. Voelker, David Wagner. Usenix Security 2021, August 13, 2021.
Improving the Accuracy-Robustness Trade-off for Dual-Domain Adversarial Training: Chawin Sitawarin, Arvind P. Sridhar, David Wagner. ICML Workshop on Uncertainty and Robustness in Deep Learning 2021, July 23, 2021. [code]
Defending Against Patch Adversarial Attacks with Robust Self-Attention: Norman Mu, David Wagner. ICML Workshop on Uncertainty and Robustness in Deep Learning 2021, July 23, 2021. [code]
Mitigating Adversarial Training Instability with Batch Normalization: Arvind P. Sridhar, Chawin Sitawarin, David Wagner. Security and Safety in Machine Learning Systems at ICLR 2021, May 7, 2021.
Model-Agnostic Defense for Lane Detection against Adversarial Attack: Henry Xu, An Ju, David Wagner. Automotive and Autonomous Vehicle Security (AutoSec 21), February 25, 2021. Baidu Security AutoDriving Security Award [code]
E-ABS: Extending the Analysis-By-Synthesis Robust Classification Model to More Complex Image Domains: An Ju, David Wagner. 13th ACM Workshop on Artificial Intelligence and Security (AISEC 2020), November 13, 2020.
Minority Reports Defense: Defending Against Adversarial Patches: Michael McCoyd, Won Park, Steven Chen, Neil Shah, Ryan Roggenkemper, Minjune Hwang, Jason Xinyu Liu, David Wagner. Security in Machine Learning and its Applications (SiMLA 2020), October 20, 2020.
Stateful Detection of Black-Box Adversarial Attacks: Steven Chen, Nicholas Carlini, David Wagner. Security and Privacy on Artificial Intelligence (SPAI 2020), October 6, 2020.
A Large-Scale Analysis of Attacker Activity in Compromised Enterprise Accounts: Neil Shah, Grant Ho, Marco Schweighauser, M.H. Afifi, Asaf Cidon, David Wagner. MLHat: The First International Workshop on Deployable Machine Learning for Security Defense, August 24, 2020.
Clipped BagNet: Defending Against Sticker Attacks with Clipped Bag-of-features: Zhanyuan Zhang, Benson Yuan, Michael McCoyd, David Wagner. Deep Learning Security 2020, May 21, 2020.
Minimum-Norm Adversarial Examples on KNN and KNN-Based Models: Chawin Sitawarin, David Wagner. Deep Learning Security 2020, May 21, 2020. [code]
Privacy Controls for Always-Listening Devices: Nathan Malkin, Serge Egelman, David Wagner. New Security Paradigms Workshop 2019, September 23, 2019.
Detecting and Characterizing Lateral Phishing at Scale: Grant Ho, Asaf Cidon, Lior Gavish, Marco Schweighauser, Vern Paxson, Stefan Savage, Geoffrey M. Voelker, David Wagner. Usenix Security Symposium 2019, August 15, 2019. [full version]
On the Robustness of Deep K-Nearest Neighbors: Chawin Sitawarin, David Wagner. Deep Learning and Security Workshop 2019, May 23, 2019.
Privacy Attitudes of Smart Speaker Users: Nathan Malkin, Joe Deatrick, Allen Tong, Primal Wijesekera, Serge Egelman, David Wagner. Proceedings on Privacy Enhancing Technologies, volume 2019, issue 4, October 2019.
Inferring Phone Location State: Steven Chen, Won Park, Joanna Yang, David Wagner. STWiMob 2018, October 15, 2018.
Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples: Anish Athalye, Nicholas Carlini, David Wagner. ICML 2018, July 11, 2018. (Also on arXiv:1802.00420.)
Audio Adversarial Examples: Targeted Attacks on Speech-to-Text: Nicholas Carlini, David Wagner. DLS 2018, May 24, 2018. [examples]
Background Class Defense Against Adversarial Examples: Michael McCoyd, David Wagner. DLS 2018, May 24, 2018.
Detecting Phone Theft Using Machine Learning: Xinyu Liu, David Wagner, Serge Egelman. ICISS 2018, April 28, 2018.
Contextualizing Privacy Decisions for Better Prediction (and Protection): Primal Wijesekera, Joel Reardon, Irwin Reyes, Lynn Tsai, Jung-Wei Chen, Nathan Good, David Wagner, Konstantin Beznosov, Serge Egelman. CHI 2018, April 24, 2018.
Adversarially Robust Malware Detection Using Monotonic Classification: Inigo Incer, Michael Theodorides, Sadia Afroz, David Wagner. IWSPA 2018, March 21, 2018.
Dynamically Regulating Mobile Application Permissions: Primal Wijesekera, Arjun Baokar, Lynn Tsai, Joel Reardon, Serge Egelman, David Wagner, Konstantin Beznosov. IEEE Security & Privacy magazine, volume 16, issue 1, January/February 2018, February 6, 2018.
MagNet and "Efficient Defenses Against Adversarial Attacks" are Not Robust to Adversarial Examples: Nicholas Carlini, David Wagner. arXiv:1711.08478, November 22, 2017.
Adversarial Examples Are Not Easily Detected: Bypassing Ten Detection Methods: Nicholas Carlini, David Wagner. AISec 2017, November 3, 2017.
A Large-Scale Study of Modern Code Review and Security in Open Source Projects: Christopher Thompson, David Wagner. PROMISE 2017, November 8, 2017. [data]
Oscar: A Practical Page-Permissions-Based Scheme for Thwarting Dangling Pointers: Thurston H.Y. Dang, Petros Maniatis, David Wagner. Usenix Security 2017, August 17, 2017.
Detecting Credential Spearphishing Attacks in Enterprise Settings: Grant Ho, Aashish Sharma, Mobin Javed, Vern Paxson, David Wagner. Usenix Security 2017, August 17, 2017.
A Usability Evaluation of Tor Launcher: Linda Lee, David Fifield, Nathan Malkin, Ganesh Iyer, Serge Egelman, David Wagner. Proceedings on Privacy Enhancing Technologies, 2017 (3):87--106, July 6, 2017.
Turtle Guard: Helping Android Users Apply Contextual Privacy Preferences: Lynn Tsai, Primal Wijesekera, Joel Reardon, Irwin Reyes, Serge Egelman, David Wagner, Nathan Good, Jung-Wei Chen. SOUPS 2017, July 13, 2017.
Towards Evaluating the Robustness of Neural Networks: Nicholas Carlini, David Wagner. IEEE Symposium on Security and Privacy 2017, May 24, 2017.
The Feasibility of Dynamically Granted Permissions: Aligning Mobile Privacy with User Preferences: Primal Wijesekera, Arjun Baokar, Lynn Tsai, Joel Reardon, Serge Egelman, David Wagner, Konstantin Beznosov. IEEE Symposium on Security and Privacy 2017, May 24, 2017.
Breaking active-set backward-edge CFI: Michael Theodorides, David Wagner. Hardware Oriented Security and Trust: HOST 2017, May 3, 2017.
Spoofing 2D Face Detection: Machines See People Who Aren't There: Michael McCoyd, David Wagner. arXiv:1608.02128, August 6, 2016.
Securing Recognizers for Rich Video Applications: Chris Thompson, David Wagner. Security and Privacy in Smartphones and Mobile Devices: SPSM 2016, October 24, 2016.
Hidden Voice Commands: Nicholas Carlini, Pratyush Mishra, Tavish Vaidya, Yuankai Zhang, Micah Sherr, Clay Shields, David Wagner, Wenchao Zhou. Usenix Security 2016, August 11, 2016. See our demos. First place, CSAW'16 applied research competition.
Defensive Distillation is Not Robust to Adversarial Examples: Nicholas Carlini, David Wagner. arXiv:1607.04311, July 14, 2016.
Smart Locks: Lessons for Securing Commodity Internet of Things Devices: Grant Ho, Derek Leung, Pratyush Mishra, Ashkan Hosseini, Dawn Song, and David Wagner. ASIACCS 2016, June 1, 2016.
Attestation Transparency: Building secure Internet services for legacy clients: Jethro Beekman, John Manferdelli, and David Wagner. ASIACCS 2016, June 1, 2016.
Information Disclosure Concerns in The Age of Wearable Computing: Linda Lee, JoongHwa Lee, Serge Egelman, David Wagner. USEC 2016, February 21, 2016.
Tor's Usability for Censorship Circumvention: David Fifield, Linda Lee, Serge Egelman, David Wagner. HoTPETS 2015, July 2, 2015.
Control-Flow Bending: On the Effectiveness of Control-Flow Integrity: Nicolas Carlini, Antonio Barresi, Mathias Payer, David Wagner, Thomas R. Gross. Usenix Security 2015.
Android Permissions Remystified: A Field Study on Contextual Integrity: Primal Wijesekera, Arjun Baokar, Ashkan Hosseini, Serge Egelman, David Wagner, and Konstantin Beznosov. Usenix Security 2015.
The Performance Cost of Shadow Stacks and Stack Canaries: Thurston H.Y. Dang, Petros Maniatis, David Wagner. ASIACCS 2015.
Somebody's Watching Me? Assessing the Effectiveness of Webcam Indicator Lights: Rebecca S. Portnoff, Linda N. Lee, Serge Egelman, Pratyush Mishra, Derek Leung, and David Wagner. CHI 2015.
Are You Ready to Lock? Understanding User Motivations for Smartphone Locking Behaviors: Serge Egelman, Sakshi Jain, Rebecca S. Portnoff, Kerwell Liao, Sunny Consolvo, and David Wagner. ACM CCS 2014. November 5, 2014.
ROP is Still Dangerous: Breaking Modern Defenses: Nicholas Carlini and David Wagner. Usenix Security 2014. August 21, 2014.
The Effect of Developer-Specified Explanations for Permission Requests on Smartphone User Behavior: Joshua Tan, Khanh Nguyen, Michael Theodorides, Heidi Negrón-Arroyo, Christopher Thompson, Serge Egelman, and David Wagner. CHI 2014. April 28, 2014.
Symbolic Software Model Validation: Cynthia Sturton, Rohit Sinha, Thurston Dang, Sakshi Jain, Michael McCoyd, Wei Yang Tan, Petros Maniatis, Sanjit Seshia, and David Wagner. 11th ACM-IEEE International Conference on Formal Methods and Models for Codesign (MEMOCODE 2013), October 19, 2013.
Bifocals: Analyzing WebView Vulnerabilities in Android Applications: Erika Chin and David Wagner. 14th International Workshop on Information Security Applications (WISA 2013), August 19, 2013.
An Empirical Study of Vulnerability Rewards Programs: Matthew Finifter, Devdatta Akhawe, and David Wagner. Usenix Security 2013, August 15, 2013.
Improved Support for Machine-Assisted Ballot-Level Audits: Eric Kim, Nicholas Carlini, Andrew Chang, George Yiu, Kai Wang, and David Wagner. USENIX Journal of Election Technology and Systems (JETS), volume 1 number 1. Presented at EVT/WOTE 2013, August 13, 2013.
When It's Better to Ask Forgiveness than Get Permission: Attribution Mechanisms for Smartphone Resources: Christopher Thompson, Maritza Johnson, Serge Egelman, David Wagner, and Jennifer King. SOUPS 2013, July 25-26, 2013.
CALEA II: Risks of Wiretap Modifications to Endpoints: Ben Adida, Collin Anderson, Annie I. Anton, Matt Blaze, Roger Dingledine, Edward W. Felten, Matthew D. Green, J. Alex Halderman, David R. Jefferson, Cullen Jennings, Susan Landau, Navroop Mitter, Peter G. Neumann, Eric Rescorla, Fred B. Schneider, Bruce Schneier, Hovav Shacham, Micah Sherr, David Wagner, and Philip Zimmermann. Public report, May 17, 2013. (Coordinated by the CDT.)
An Empirical Study on the Effectiveness of Security Code Review: Anne Edmundson, Brian Holtkamp, Emanuel Rivera, Matthew Finifter, Adrian Mettler, and David Wagner. ESSOS 2013, March 1, 2013.
Do Android Users Write About Electric Sheep? Examining Consumer Reviews in Google Play: Elizabeth Ha and David Wagner. IEEE Consumer Communications & Networking Conference (CCNC) 2013, Mobile Devices, Platforms & Applications track, January 8-11, 2013. (This version corrects two minor errors in the printed version.)
Verification with Small and Short Worlds: Rohit Sinha, Cynthia Sturton, Petros Maniatis, Sanjit A. Seshia, and David Wagner. Formal Methods in Computer-Aided Design (FMCAD) 2012, October 23, 2012.
I've Got 99 Problems, But Vibration Ain't One: A Survey of Smartphone Users' Concerns: Adrienne Porter Felt, Serge Egelman, and David Wagner. ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM) 2012, October 19, 2012.
Short Paper: Location Privacy: User Behavior in the Field: Drew Fisher, Leah Dorner, and David Wagner. ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM) 2012, October 19, 2012. [poster]
Reducing Attack Surfaces for Intra-Application Communication in Android: David Kantola, Erika Chin, Warren He, and David Wagner. ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM) 2012, October 19, 2012.
How To Ask For Permission: Adrienne Porter Felt, Serge Egelman, Matthew Finifter, Devdatta Akhawe, and David Wagner. HotSec 2012.
Operator-Assisted Tabulation of Optical Scan Ballots: Kai Wang, Eric Kim, Nicholas Carlini, Ivan Motyashov, Daniel Nguyen, and David Wagner. EVT/WOTE 2012.
Automated Analysis of Election Audit Logs: Patrick Baxter, Anne Edmundson, Keishla Ortiz, Ana Maria Quevedo, Samuel Rodriguez, Cynthia Sturton, David Wagner. EVT/WOTE 2012.
An Evaluation of the Google Chrome Extension Security Architecture: Nicholas Carlini, Adrienne Porter Felt, and David Wagner. Usenix Security 2012.
Choice Architecture and Smartphone Privacy: There's A Price for That: Serge Egelman, Adrienne Porter Felt, and David Wagner. Workshop on the Economics of Information Security (WEIS) 2012.
Measuring User Confidence in Smartphone Security and Privacy: Erika Chin, Adrienne Porter Felt, Vyas Sekar, and David Wagner. SOUPS 2012.
Android Permissions: User Attention, Comprehension, and Behavior: Adrienne Porter Felt, Elizabeth Ha, Serge Egelman, Ariel Haney, Erika Chin, and David Wagner. SOUPS 2012.
AdDroid: Privilege Separation for Applications and Advertisers in Android: Paul Pearce, Adrienne Porter Felt, Gabriel Nunez, and David Wagner. ASIACCS 2012.
Evidence-Based Elections: Philip B. Stark and David A. Wagner. IEEE Security and Privacy magazine, vol. 10 no. 5, Sept.-Oct. 2012, special issue on electronic voting.
A Survey of Mobile Malware in the Wild: Adrienne Porter Felt, Matthew Finifter, Erika Chin, Steven Hanna, and David Wagner. ACM Workshop on Security and Privacy in Mobile Devices (SPSM) 2011, October 17, 2011.
Android Permissions Demystified: Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn Song, and David Wagner. ACM CCS 2011. [data and tools are available at android-permissions.org]
Computing the Margin of Victory in IRV Elections: Thomas R. Magrino, Ronald L. Rivest, Emily Shen, and David Wagner. EVT/WOTE 2011, August 8, 2011.
An Analysis of Write-in Marks on Optical Scan Ballots: Theron Ji, Eric Kim, Raji Srikantan, Alan Tsai, Arel Cordero, and David Wagner. EVT/WOTE 2011, August 8, 2011.
Tweakable Block Ciphers: Moses Liskov, Ronald L. Rivest, and David Wagner. Journal of Cryptology, volume 24, number 3, July 2011.
Analyzing Inter-Application Communication in Android: Erika Chin, Adrienne Porter Felt, Kate Greenwood, and David Wagner. MobiSys 2011, June 30, 2011. [tool available at comdroid.org]
The Effectiveness of Application Permissions: Adrienne Porter Felt, Kate Greenwood, and David Wagner. WebApps 2011, June 15, 2011.
Exploring the Relationship Between Web Application Development Tools and Security: Matthew Finifter and David Wagner. WebApps 2011, June 15, 2011.
Phishing on Mobile Devices: Adrienne Porter Felt and David Wagner. W2SP 2011, May 26, 2011.
Defeating UCI: Building Stealthy and Malicious Hardware: Cynthia Sturton, Matthew Hicks, David Wagner, and Samuel T. King. IEEE Security & Privacy 2011.
Diesel: Applying Privilege Separation to Database Access: Adrienne Porter Felt, Matthew Finifter, Joel Weinberger, David Wagner. ASIACCS 2011, March 23, 2011. [the full version]
Efficient User-Guided Ballot Image Verification: Arel Cordero, Theron Ji, Alan Tsai, Keaton Mowery, and David Wagner. EVT/WOTE 2010, August 9, 2010.
Voting Systems Audit Log Study: David Wagner. Report commissioned by the California Secretary of State. June 1, 2010.
Class Properties for Security Review in an Object-Capability Subset of Java (Short Paper): Adrian Mettler and David Wagner. PLAS 2010, June 10, 2010.
Fine-Grained Privilege Separation for Web Applications: Akshay Krishnamurthy, Adrian Mettler, and David Wagner. WWW 2010, April 26-30, 2010.
Joe-E: A Security-Oriented Subset of Java: Adrian Mettler, David Wagner, and Tyler Close. ISOC NDSS 2010, March 3, 2010.
Efficient Character-level Taint Tracking for Java: Erika Chin and David Wagner. 2009 ACM Workshop on Secure Web Services, November 13, 2009.
On Voting Machine Design for Verification and Testability: Cynthia Sturton, Susmit Jha, Sanjit A. Seshia, and David Wagner. ACM CCS 2009.
Weight, Weight, Don't Tell Me: Using Scales to Select Ballots for Auditing: Cynthia Sturton, Eric Rescorla, and David Wagner. EVT/WOTE '09.
Dynamic Test Generation To Find Integer Bugs in x86 Binary Linux Programs: David Molnar, Xue Cong Li, and David A. Wagner. Usenix Security 2009.
Conditioned-safe Ceremonies and a User Study of an Application to Web Authentication: Chris Karlof, J.D. Tygar, and David Wagner. 16th Annual Network and Distributed Systems Security Symposium (NDSS 2009), February 11, 2009.
Portably solving file races with hardness amplification: Dan Tsafrir, Tomer Hertz, David Wagner, and Dilma Da Silva. ACM Transactions on Storage, volume 4, issue 3, November 2008.
Software Review and Security Analysis of Scytl Remote Voting Software: Michael Clarkson, Brian Hay, Meador Inge, abhi shelat, David Wagner, Alec Yasinsac. Report commissioned by the Florida Division of Elections. September 19, 2008.
Verifiable Functional Purity in Java: Matthew Finifter, Adrian Mettler, Naveen Sastry, and David Wagner. 15th ACM Conference on Computer and Communication Security (CCS 2008), October 27-31, 2008.
The Murky Issue of Changing Process Identity: Revising "Setuid Demystified": Dan Tsafrir, Dilma Da Silva, and David Wagner. ;login:, June 2008, Volume 33, Number 3, pp.55-66.
You Go to Elections with the Voting System You Have: Stop-Gap Mitigations for Deployed Voting Systems: J. Alex Halderman, Eric Rescorla, Hovav Shacham, and David Wagner. USENIX/ACCURATE Electronic Voting Workshop (EVT 2008), July 28, 2008.
Replayable Voting Machine Audit Logs: Arel Cordero and David Wagner. USENIX/ACCURATE Electronic Voting Workshop (EVT 2008), July 28, 2008.
A User Study Design for Comparing the Security of Registration Protocols: Chris Karlof, J.D. Tygar, and David Wagner. Proceedings of the First USENIX Workshop on Usability, Psychology, and Security (UPSEC 2008), April 15, 2008.
Portably Solving File TOCTTOU Races with Hardness Amplification: Dan Tsafrir, Tomer Hertz, David Wagner, and Dilma Da Silva. USENIX Conference on File and Storage Technologies (FAST 2008), February 28, 2008.
Algebraic and Slide Attacks on KeeLoq: Nicolas T. Courtois, Gregory V. Bard, and David Wagner. Fast Software Encryption (FSE 2008), February 11, 2008.
Risks of e-voting: Matt Bishop and David Wagner. Communications of the ACM, Inside Risks column, volume 50, issue 11, p.120, November 2007.
Dynamic Pharming Attacks and Locked Same-origin Policies for Web Browsers: Chris Karlof, J.D. Tygar, David Wagner, and Umesh Shankar. ACM CCS 2007. November 2007. [ps]
Source Code Review of the Diebold Voting System: Joseph A. Calandrino, Ariel J. Feldman, J. Alex Halderman, David Wagner, Harlan Yu, William P. Zeller. Report commissioned as part of the California Secretary of State's Top-To-Bottom Review of California voting systems. July 20, 2007.
Large-Scale Analysis of Format String Vulnerabilities in Debian Linux: Karl Chen and David Wagner. ACM SIGPLAN Workshop on Programming Languages and Analysis for Security (PLAS 2007), June 14, 2007. [ps]
Software Review and Security Analysis of the ES&S iVotronic 8.0.1.2 Voting Machine Firmware: Alec Yasinsac, David Wagner, Matt Bishop, Ted Baker, Breno de Medeiros, Gary Tyson, Michael Shamos, and Mike Burmester. February 23, 2007. Report commissioned by the Florida State Division of Elections.
Cryptanalysis of a Cognitive Authentication Scheme (Extended Abstract): Philippe Golle and David Wagner. IEEE Security & Privacy 2007, May 21, 2007. (Earlier version: IACR ePrint Archive, Report 2006/258, July 31, 2006.)
From Weak to Strong Watermarking: Nicholas Hopper, David Molnar, and David Wagner. TCC 2007, February 23, 2007. (Full version: IACR ePrint Archive, Report 2006/430, November 18, 2006.)
Prerendered User Interfaces for Higher-Assurance Electronic Voting: Ka-Ping Yee, David Wagner, Marti Hearst, and Steven M. Bellovin. USENIX/ACCURATE Electronic Voting Technology Workshop, August 1, 2006. [html]
The Role of Dice in Election Audits -- Extended Abstract: Arel Cordero, David Wagner, and David Dill. IAVoSS Workshop On Trustworthy Elections (WOTE 2006), June 29, 2006.
Security considerations for incremental hash functions based on pair block chaining: Raphael C.-W. Phan and David Wagner. Computers & Security, 25(2):131-136, 2006.
Designing voting machines for verification: Naveen Sastry, Tadayoshi Kohno, and David Wagner. Usenix Security 2006, August 4, 2006. [ps]
Private Circuits II: Keeping Secrets in Tamperable Circuits: Yuval Ishai, Manoj Prabhakaran, Amit Sahai, and David Wagner. Eurocrypt 2006, May 31, 2006.
Tamper-Evident, History-Independent, Subliminal-Free Data Structures on PROM Storage -or- How to Store Ballots on a Voting Machine (Extended Abstract): David Molnar, Tadayoshi Kohno, Naveen Sastry, and David Wagner. 2006 IEEE Symposium on Security and Privacy, May 24, 2006. [ps] [full version]
Generic On-line/Off-line Threshold Signatures: Chris Crutchfield, David Molnar, David Turner, and David Wagner. Public Key Cryptography (PKC) 2006, April 24, 2006. [ps]
Preventing Secret Leakage from fork(): Securing Privilege-Separated Applications: Umesh Shankar and David Wagner. Proceedings of the 2006 IEEE International Conference on Communications (Network Security and Information Assurance Symposium at ICC 2006), June 2006. [ps]
Statewide Databases of Registered Voters: Study Of Accuracy, Privacy, Usability, Security, and Reliability Issues: Paula Hawthorn, Barbara Simons, Chris Clifton, David Wagner, Steven M. Bellovin, Rebecca N. Wright, Arnon Rosenthal, Ralph Spencer Poore, Lillie Coney, Robert Gellman, Harry Hochheiser. Study commissioned by the U.S. Public Policy Committee of the Association for Computing Machinery, February 16, 2006. [overview; ACM's copy]
Security Analysis of the Diebold AccuBasic Interpreter: David Wagner, David Jefferson, Matt Bishop, Chris Karlof, Naveen Sastry. Report of the California Secretary of State's Voting Systems Technology Assessment Advisory Board (VSTAAB), February 14, 2006. [CA SOS copy]
Analysis of Volume Testing of the AccuVote TSx/AccuView: Matt Bishop, Loretta Guarino, David Jefferson, David Wagner. Report of the California Secretary of State's Voting Systems Technology Assessment Advisory Board (VSTAAB), October 11, 2005. [CA SOS copy]
The Program Counter Security Model: Automatic Detection and Removal of Control-Flow Side Channel Attacks: David Molnar, Matt Piotrowski, David Schultz, and David Wagner. ICISC 2005, December 1, 2005. [proceedings version (abridged): pdf, ps]
Model Checking An Entire Linux Distribution for Security Violations: Benjamin Schwarz, Hao Chen, David Wagner, Geoff Morrison, Jacob West, Jeremy Lin, and Wei Tu. ACSAC 2005, December 6, 2005. [ps] [proceedings version (abridged): pdf, ps]
Fault Attacks on Dual-Rail Encoded Systems: Jason Waddle and David Wagner. ACSAC 2005, December 8, 2005. [ps]
A class of polynomially solvable range constraints for interval analysis without widenings: Zhendong Su and David Wagner. Theoretical Computer Science, November 21, 2005, pp.122-138. [TCS web page]
Privacy For RFID Through Trusted Computing (Short Paper): David Molnar, Andrea Soppera, and David Wagner. WPES 2005, November 7, 2005. [ps]
A Scalable, Delegatable Pseudonym Protocol Enabling Ownership Transfer of RFID Tags: David Molnar, Andrea Soppera, and David Wagner. SAC 2005, August 11-12, 2005. [ps]
Killing, Recoding, and Beyond: David Molnar, Ross Stapleton-Gray, and David Wagner. Chapter 23 of RFID Applications, Security and Privacy, Addison Wesley Professional, July 6, 2005. [ps]
Security and Privacy Issues in E-passports: Ari Juels, David Molnar, and David Wagner. Proceedings of SECURECOMM 2005, September 6, 2005. [ps]
Fixing Races for Fun and Profit: How to abuse atime: Nikita Borisov, Rob Johnson, Naveen Sastry, and David Wagner. Proceedings of the Fourteenth USENIX Security Symposium (USENIX Security 2005), August 5, 2005. [ps]
Cryptographic Voting Protocols: A Systems Perspective: Chris Karlof, Naveen Sastry, and David Wagner. Proceedings of the Fourteenth USENIX Security Symposium (USENIX Security 2005), August 3, 2005. [ps]
The Promise of Cryptographic Voting Protocols: Chris Karlof, Naveen Sastry, and David Wagner. June 2005. [ps]
An Analysis of PMF Based Tests for Detection of Least Significant Bit Image Steganography: Stark Draper, Prakash Ishwar, David Molnar, Vinod Prabhakaran, Kannan Ramchandran, Daniel Schonberg, and David Wagner. Information Hiding Workshop 2005, June 8, 2005. [ps]
Towards a Privacy Measurement Criterion for Voting Systems: Lillie Coney, Joseph L. Hall, Poorvi L. Vora, David Wagner. Poster Paper, National Conference on Digital Government Research, May 2005.
Radio Frequency Id and Privacy with Information Goods: Nathan Good, David Molnar, Jennifer M. Urban, Deirdre Mulligan, Elizabeth Miles, Laura Quilter, and David Wagner. 2004 ACM Workshop on Privacy in the Electronic Society (WPES 2004), October 28, 2004.
Analyzing Internet Voting Security: David Jefferson, Aviel D. Rubin, Barbara Simons, and David Wagner. Communications of the ACM, 47(10), October 2004, Special issue: The problems and potentials of voting systems, pp.59-64. [ACM's archive]
Resilient Aggregation in Sensor Networks: David Wagner. 2004 ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN '04), October 25, 2004. [ps]
Cryptanalysis of a Provably Secure CRT-RSA Algorithm: David Wagner. ACM CCS 2004, October 26-28, 2004. [ps]
Security Considerations for IEEE 802.15.4 Networks: Naveen Sastry and David Wagner. ACM WiSe 2004, October 1, 2004. [ps]
TinySec: A Link Layer Security Architecture for Wireless Sensor Networks: Chris Karlof, Naveen Sastry, and David Wagner. ACM SenSys 2004, November 3-5, 2004. [ps]
Privacy and Security in Library RFID: Issues, Practices, and Architectures: David Molnar and David Wagner. ACM CCS 2004, October 26-28, 2004. [ps]
Towards Efficient Second-Order Power Analysis: Jason Waddle and David Wagner. CHES 2004, August 11, 2004.
Finding User/Kernel Pointer Bugs With Type Inference: Rob Johnson and David Wagner. 13th USENIX Security Symposium, August 12, 2004. [proceedings version (abridged)]
Security in wireless sensor networks: Adrian Perrig, John Stankovic, and David Wagner. Communications of the ACM, 47(6), June 2004, Special Issue on Wireless sensor networks, pp.53-57. [ACM's archive]
Model Checking One Million Lines of C Code: Hao Chen, Drew Dean, and David Wagner. Network and Distributed System Security (NDSS 2004), February 2004.
A Security Analysis of the Secure Electronic Registration and Voting Experiment (SERVE): David Jefferson, Aviel D. Rubin, Barbara Simons, and David Wagner. Report to the Department of Defense (DoD) Federal Voting Assistance Program (FVAP), January 20, 2004. [more info]
Towards a unifying view of block cipher cryptanalysis: David Wagner. Fast Software Encryption 2004, invited paper, February 7, 2004. [slides, powerpoint]
The EAX Mode of Operation: A Two-Pass Authenticated-Encryption Scheme Optimized for Simplicity and Efficiency: Mihir Bellare, Phillip Rogaway, and David Wagner. Fast Software Encryption 2004. [slides, powerpoint]
A Class of Polynomially Solvable Range Constraints for Interval Analysis without Widenings and Narrowings: Zhendong Su and David Wagner. TACAS 2004. [ps, slides]
On Compressing Encrypted Data Without the Encryption Key: Mark Johnson, David Wagner, and Kannan Ramchandran. Theory of Cryptography Conference (TCC 2004).
Secure Verification of Location Claims: Naveen Sastry, Umesh Shankar, and David Wagner. CryptoBytes volume 6, no 1, Spring 2004, RSA Labs. Shortened version of our WiSe conference paper (below). [ps]
Secure Verification of Location Claims: Naveen Sastry, Umesh Shankar, and David Wagner. ACM Workshop on Wireless Security (WiSe 2003), September 19, 2003. [pdf]
Cryptanalysis of an Algebraic Privacy Homomorphism (revised version): David Wagner. ISC 2003, October 1-3, 2003.
Warning: The proceedings version has a bug. See this erratum.
[slides: pdf, ps]
Hidden Markov Model Cryptanalysis: Chris Karlof and David Wagner. CHES 2003. Full version available as tech report UCB//CSD-03-124.
Private Circuits: Securing Hardware against Probing Attacks: Yuval Ishai, Amit Sahai, and David Wagner. CRYPTO 2003. (Revised Feb 2013 to correct an error reported by Jean-Sebastien Coron.)
Security flaws in 802.11 data link protocols: Nancy Cam-Winget, Russ Housley, David Wagner, and Jesse Walker. Communications of the ACM, 46(5), May 2003, Special Issue on Wireless networking security, pp.35-39. [ACM's archive]
A Critique of CCM: P. Rogaway and D. Wagner. IACR ePrint Archive, Report 2003/070, April 13, 2003.
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures: Chris Karlof and David Wagner. Ad Hoc Networks, vol 1, issues 2--3 (Special Issue on Sensor Network Applications and Protocols), pp. 293-315, Elsevier, September 2003. [Also: the conference version, as it appeared at the First IEEE International Workshop on Sensor Network Protocols and Applications, May 11, 2003.]
Comments on RMAC: David Wagner. Formal contribution to the NIST Advanced Encryption Standard modes of operation standardization process, December 5, 2002.
Markov truncated differential cryptanalysis of Skipjack: Ben Reichardt and David Wagner. SAC 2002. [ps]
MOPS: an Infrastructure for Examining Security Properties of Software: Hao Chen and David Wagner. ACM CCS 2002. [ps]
Mimicry Attacks on Host-Based Intrusion Detection Systems: David Wagner and Paolo Soto. ACM CCS 2002. [ps] [slides: ps, ppt]
Tweakable Block Ciphers: Moses Liskov, Ronald L. Rivest, and David Wagner. CRYPTO 2002. [ps]
A Generalized Birthday Problem: David Wagner. Extended abstract published in CRYPTO 2002. [slides; errata]
Setuid Demystified: Hao Chen, David Wagner, and Drew Dean. 11th USENIX Security Symposium, 2002. [ps]
Insecurity in ATM-based passive optical networks: Stephen Thomas and David Wagner. IEEE International Conference on Communications (ICC 2002), Optical Networking Symposium. [ps]
Multiplicative Differentials: Nikita Borisov, Monica Chew, Rob Johnson, and David Wagner. Fast Software Encryption 2002.
Integral Cryptanalysis (Extended abstract): Lars Knudsen and David Wagner. Fast Software Encryption 2002.
A Cryptanalysis of the High-Bandwidth Digital Content Protection System: Scott Crosby, Ian Goldberg, Robert Johnson, Dawn Song, and David Wagner. Workshop on Security and Privacy in Digital Rights Management 2001 (proceedings here).
Homomorphic Signature Schemes: Robert Johnson, David Molnar, Dawn Song, and David Wagner. RSA 2002, Cryptographer's track. [ps]
A Note on NSA's Dual Counter Mode of Encryption: Pompiliu Donescu, Virgil D. Gligor, and David Wagner. Preliminary version, September 28, 2001. [ps]
Intercepting Mobile Communications: The Insecurity of 802.11: Nikita Borisov, Ian Goldberg, and David Wagner. MOBICOM 2001. [ps]
Detecting Format String Vulnerabilities With Type Qualifiers: Umesh Shankar, Kunal Talwar, Jeffrey S. Foster, and David Wagner. 10th USENIX Security Symposium, 2001. [pdf]
Timing Analysis of Keystrokes and Timing Attacks on SSH: Dawn Xiaodong Song, David Wagner, and Xuqing Tian. 10th USENIX Security Symposium, 2001. [ps] [a review of our work]
Intrusion Detection via Static Analysis: David Wagner and Drew Dean. 2001 IEEE Symposium on Security and Privacy. [ps, slides]
Static analysis and computer security: New techniques for software assurance: David Wagner. Ph.D. dissertation, Dec. 2000, University of California at Berkeley.
Comments to NIST Concerning AES-modes of Operations: CTR-mode Encryption: Helger Lipmaa, Phillip Rogaway, and David Wagner. Contribution to the NIST Modes of Operation Workshop (unpublished).
On The Structure of Skipjack: Lars Knudsen and David Wagner. Discrete Applied Mathematics, special issue on coding and cryptology, volume 111, issue 1-2, 15 July 2001, pp.103--116, C. Carlet (ed.).
Proofs of security for the Unix password hashing algorithm: David Wagner and Ian Goldberg. ASIACRYPT 2000. [slides]
Cryptanalysis of the Yi-Lam hash: David Wagner. ASIACRYPT 2000. [slides]
Real Time Cryptanalysis of A5/1 on a PC: Alex Biryukov, Adi Shamir, and David Wagner. FSE 2000.
Security Weaknesses in Maurer-Like Randomized Stream Ciphers: Niels Ferguson, Bruce Schneier, and David Wagner. ACISP 2000.
Practical Techniques for Searches on Encrypted Data: Dawn Xiaodong Song, David Wagner, and Adrian Perrig. 2000 IEEE Symposium on Security and Privacy (`Oakland').
Advanced Slide Attacks: Alex Biryukov and David Wagner. EUROCRYPT 2000.
Improved Cryptanalysis of Rijndael: Niels Ferguson, John Kelsey, Stefan Lucks, Bruce Schneier, Mike Stay, David Wagner, and Doug Whiting. FSE 2000.
A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities: David Wagner, Jeffrey S. Foster, Eric A. Brewer, and Alexander Aiken. NDSS 2000. [ps, slides]
Cryptanalysis of Microsoft's PPTP Authentication Extensions (MS-CHAPv2): Bruce Schneier, Mudge, and David Wagner. Secure Networking--CQRE [Secure] '99, Springer-Verlag LNCS 1740. [ps]
The Ninja Jukebox: Ian Goldberg, Steven D. Gribble, David Wagner, and Eric A. Brewer. USITS'99.
Janus: an approach for confinement of untrusted applications: David A. Wagner. Master's thesis. Also available as tech. report UCB//CSD-99-1056, UC Berkeley, Computer Science division.
Truncated differentials and Skipjack: Lars R. Knudsen, M.J.B. Robshaw, and David Wagner. CRYPTO'99. [slides]
Equivalent keys for HPC: David Wagner. Rump session talk at AES'99.
Slide attacks: Alex Biryukov and David Wagner. FSE'99.
The boomerang attack: David Wagner. FSE'99. [slides]
Mod n Cryptanalysis, with Applications Against RC5P and M6: John Kelsey, Bruce Schneier, and David Wagner. FSE'99. [ps]
New Results on the Twofish Encryption Algorithm: Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson. AES'99.
Key Schedule Weaknesses in SAFER+: John Kelsey, Bruce Schneier, and David Wagner. AES'99.
Performance Comparison of the AES Submissions: Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson. AES'99.
Empirical Verification of Twofish Key Uniqueness Properties: Doug Whiting and David Wagner. Counterpane technical report (Twofish #2).
Cryptanalysis of ORYX.: D. Wagner, L. Simpson, E. Dawson, John Kelsey, W. Millan, and B. Schneier. SAC'98. [slides]
On the Twofish Key Schedule: Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson. SAC'98.
Cryptanalysis of FROG.: David Wagner, Niels Ferguson, and Bruce Schneier. Corrected version of a paper that appeared at AES'99. [slides, old version (submitted to AES'99), very old version (handed out at AES'98)]
Cryptanalysis of SPEED.: Chris Hall, John Kelsey, Vincent Rijmen, Bruce Schneier, and David Wagner. SAC'98.
Cryptanalysis of SPEED (extended abstract).: Chris Hall, John Kelsey, Bruce Schneier, and David Wagner. Financial Cryptography '98. [ps]
Architectural considerations for cryptanalytic hardware.: Ian Goldberg and David Wagner. Chapter 10 of Cracking DES: Secrets of Encryption Research, Wiretap Politics & Chip Design, O'Reilly, July 1998. (Initially submitted as a term paper for CS 252, May 1996.) [html, ps]
Twofish: a 128-bit block cipher.: Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson. Submission to the AES competition. [ps]
Building PRFs from PRPs.: Chris Hall, David Wagner, John Kelsey, and Bruce Schneier. CRYPTO '98. [published version, full version]
Side Channel Cryptanalysis of Product Ciphers.: John Kelsey, Bruce Schneier, David Wagner, and Chris Hall. Journal of Computer Security, vol 8, pp. 141--158, 2000. (An earlier version was published in ESORICS 1998.)
Cryptanalysis of TWOPRIME.: Don Coppersmith, David Wagner, Bruce Schneier, and John Kelsey. Fast Software Encryption 1998. [slides]
Cryptanalytic Attacks on Pseudorandom Number Generators.: John Kelsey, Bruce Schneier, David Wagner, and Chris Hall. Fast Software Encryption 1998.
Differential Cryptanalysis of KHF.: David Wagner. Fast Software Encryption 1998. [slides]
Cryptanalysis of some recently-proposed multiple modes of operation.: David Wagner. Fast Software Encryption 1998. [slides]
Secure Applications of Low-Entropy Keys.: John Kelsey, Bruce Schneier, Chris Hall, and David Wagner. 1997 Information Security Workshop.
Related-Key Cryptanalysis of 3-WAY, Biham-DES, CAST, DES-X, NewDES, RC2, and TEA.: John Kelsey, Bruce Schneier, and David Wagner. 1997 International Conference on Information and Communications Security, Beijing.
Protocol Interactions and the Chosen Protocol Attack.: John Kelsey, Bruce Schneier, and David Wagner. 1997 Security Protocols Workshop, Cambridge.
Cryptanalysis of the Cellular Message Encryption Algorithm.: David Wagner, Bruce Schneier, and John Kelsey. CRYPTO '97. [html version, slides]
TAZ Servers and the Rewebber Network: Enabling Anonymous Publishing on the World Wide Web.: Ian Goldberg and David Wagner. Published in the First Monday electronic journal, vol 3 no 4. [local copy]
System Security: A Management Perspective.: David Oppenheimer, David Wagner, and Michele Crabb. Booklet from the SAGE Short Topics in System Administration Series.
Privacy-enhancing technologies for the Internet.: Ian Goldberg, David Wagner, and Eric A. Brewer. IEEE COMPCON '97, February 1997. [html version, slides]
Analysis of the SSL 3.0 protocol (revised version).: David Wagner and Bruce Schneier. 2nd USENIX Workshop on Electronic Commerce, November 1996. [slides, a summary of the talk]
A secure environment for untrusted helper applications: confining the wily hacker.: Ian Goldberg, David Wagner, Randi Thomas, and Eric A. Brewer. 1996 USENIX Security Symposium. [source availability] [other formats: DVI]
Key-schedule cryptanalysis of IDEA, G-DES, GOST, SAFER, and triple-DES.: John Kelsey, Bruce Schneier, and David Wagner. CRYPTO '96.
Time-lock puzzles and timed-release Crypto.: Ronald Rivest, Adi Shamir, and David Wagner. Unpublished manuscript, March 1996.
Randomness and the Netscape Browser.: Ian Goldberg and David Wagner. Dr. Dobb's Journal, January 1996, pp. 66--70. [resources, DDJ's copy, copy at ACM digital library]
A ``bump in the stack'' encryptor for MS-DOS systems.: David Wagner and Steven M. Bellovin. Proceedings of the 1996 ISOC Symposium on Network & Distributed System Security. [slides]
The security of MacGuffin.: June 1995. Accepted by Cryptologia. [more info]
The security of MacGuffin.: Princeton University senior thesis, April 1995. [more info]
A programmable plaintext recognizer.: David Wagner and Steven M. Bellovin. Unpublished manuscript, September 1994.