Publications

Books and Chapters

Salvatore Stolfo, Steven M. Bellovin, Angelos D. Keromytis, Sara Sinclair, Sean Smith, and Shlomo Hershkop, editors. Insider Attack and Cyber Security: Beyond the Hacker (Advances in Information Security). Springer, 2008. [ bib | http ]

Seymour E. Goodman and Herbert S. Lin, editors. Toward a Safer and More Secure Cyberspace. National Academy Press, 2007. [ bib | .pdf ]

Stephen T. Kent and Lynette I. Millett, editors. Who Goes There? Authentication Through the Lens of Privacy. National Academies Press, 2003. [ bib | .html ]

John L. Hennessy, David A. Patterson, and Herbert S. Lin, editors. Information Technology for Counterterrorism: Immediate Actions and Future Possibilities. National Academies Press, 2003. [ bib | .html ]

William R. Cheswick, Steven M. Bellovin, and Aviel D. Rubin. Firewalls and Internet Security; Repelling the Wily Hacker. Addison-Wesley, Reading, MA, second edition, 2003. [ bib | http ]

Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. National Academies Press, 2002. [ bib | http ]

Stephen T. Kent and Lynette I. Millett, editors. IDs-Not That Easy: Questions About Nationwide Identity Systems. National Academies Press, 2002. [ bib | http ]

Fred B. Schneider, editor. Trust in Cyberspace. National Academy Press, 1999. [ bib | http ]

Peter Denning and Dorothy Denning, editors. Network Security Issues. ACM Press, 1997. [ bib ]

A. Tucker, editor. Network Security Issues. CRC Press, 1996. [ bib | http ]

B. Krishnamurthy, editor. Security and Software Engineering. John Wiley & Sons, 1995. [ bib | .pdf ]

William R. Cheswick and Steven M. Bellovin. Firewalls and Internet Security: Repelling the Wily Hacker. Addison-Wesley, Reading, MA, first edition, 1994. [ bib | http ]

Papers

Host and Internet Security

Steven M. Bellovin. Position paper: Security and simplicity. In W3C/IAB Workshop on Strengthening the Internet Against Pervasive Monitoring (STRINT), March 2014. [ bib | .pdf ]

Maritza Johnson, Serge Egelman, and Steven M. Bellovin. Facebook and privacy: It's complicated. In Symposium On Usable Privacy and Security (SOUPS), July 2012. [ bib | .pdf | Abstract ]

Michelle Madejski, Maritza Johnson, and Steven M. Bellovin. A study of privacy setting errors in an online social network. In Proceedings of SESOC 2012, 2012. [ bib | .pdf | Abstract ]

Carl Landwehr, Dan Boneh, John Mitchell, Steven M. Bellovin, Susan Landau, and Mike Lesk. Privacy and cybersecurity: The next 100 years. Proceedings of the IEEE, PP(99):1-15, 2012. [ bib | DOI | http ]

Hang Zhao, Jorge Lobo, Arnab Roy, and Steven M Bellovin. Policy refinement of network services for MANETs. In The 12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011), Dublin, Ireland, May 2011. [ bib | .pdf ]

Sal Stolfo, Steven M. Bellovin, and David Evans. Measuring security. IEEE Security & Privacy, 9(3):88, May-June 2011. [ bib | DOI ]

Hang Zhao and Steven M. Bellovin. High performance firewalls in MANETs. In International Conference on Mobile Ad-hoc and Sensor Networks, pages 154-160, December 2010. [ bib | .pdf | Abstract ]

Maritza Johnson and Steven M. Bellovin. Policy management for e-health records. Usenix HealthSec, August 2010. Position paper. [ bib | .html | .pdf ]

Shaya Potter, Steven M. Bellovin, and Jason Nieh. Two person control administration: Preventing administration faults through duplication. In LISA '09, November 2009. [ bib | .pdf ]

Maritza Johnson, Steven M. Bellovin, Robert W. Reeder, and Stuart Schechter. Laissez-faire file sharing: Access control designed for individuals at the endpoints. In New Security Paradigms Workshop, September 2009. [ bib | .pdf ]

Yuu-Heng Cheng, Mariana Raykova, Alex Poylisher, Scott Alexander, Martin Eiger, and Steve M. Bellovin. The Zodiac policy subsystem: a policy-based management system for a high-security MANET. In IEEE Policy 2009, July 2009. Longer version issued as CUCS-023-09. [ bib ]

Steven M. Bellovin and Randy Bush. Configuration management and security. IEEE Journal on Selected Areas in Communications, 27(3):268-274, April 2009. [ bib | .pdf ]

Maritza Johnson and Steven M. Bellovin. Security assurance for web device APIs. In Security for Access to Device APIs from the Web - W3C Workshop, December 2008. [ bib | .pdf | Abstract ]

Hang Zhao, Chi-Kin Chau, and Steven M. Bellovin. ROFL: Routing as the firewall layer. In New Security Paradigms Workshop, September 2008. A version is available as Technical Report CUCS-026-08. [ bib | http ]

Hang Zhao, Jorge Lobo, and Steven M. Bellovin. An algebra for integration and analysis of Ponder2 policies. In Proceeding of the 9th IEEE Workshop on Policies for Distributed Systems and Networks, June 2008. [ bib | .pdf ]

Maritza Johnson, Chaitanya Atreya, Adam Aviv, Mariana Raykova, Steven M. Bellovin, and Gail Kaiser. RUST: A retargetable usability testbed for website authentication technologies. In Usenix Workshop on Usability, Psychology, and Security, April 2008. [ bib | .pdf ]

Sotiris Ioannidis, Steven M. Bellovin, John Ioannidis, Angelos D. Keromytis, Kostas Anagnostakis, and Jonathan M. Smith. Coordinated policy enforcement for distributed applications. International Journal of Network Security, 4(1):69-80, January 2007. [ bib | .pdf ]

Steven M. Bellovin. Virtual machines, virtual security. Communications of the ACM, 49(10), October 2006. “Inside RISKS” column. [ bib | http | http ]

Ka-Ping Yee, David Wagner, Marti Hearst, and Steven M. Bellovin. Prerendered user interfaces for higher-assurance electronic voting. In Usenix/ACCURATE Electronic Voting Technology Workshop, August 2006. An earlier version appeared as Technical Report UCB/EECS-2006-35. [ bib | .pdf ]

Steven M. Bellovin, Angelos Keromytis, and Bill Cheswick. Worm propagation strategies in an IPv6 Internet. ;login:, pages 70-76, February 2006. [ bib | .pdf ]

Steven M. Bellovin. A look back at “Security problems in the TCP/IP protocol suite”. In Annual Computer Security Applications Conference, December 2004. Invited paper. [ bib | .pdf ]

Sotiris Ioannidis, Steven M. Bellovin, John Ioannidis, Angelos D. Keromytis, and Jonathan M. Smith. Design and implementation of virtual private services. In Proceedings of the IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE), Workshop on Enterprise Security, Linz, Austria, June 2003. [ bib | .pdf ]

Steven M. Bellovin and Emden R. Gansner. Using link cuts to attack Internet routing, 2003. Draft. [ bib | .ps | .pdf ]

Sotiris Ioannidis, Steven M. Bellovin, and Jonathan Smith. Sub-operating systems: A new approach to application security. In SIGOPS European Workshop, September 2002. [ bib | .pdf ]

Ratul Mahajan, Steven M. Bellovin, Sally Floyd, John Ioannidis, Vern Paxson, and Scott Shenker. Controlling high bandwidth aggregates in the network. Computer Communications Review, 32(3):62-73, July 2002. [ bib | .pdf ]

John Ioannidis and Steven M. Bellovin. Implementing pushback: Router-based defense against DDoS attacks. In Proc. Internet Society Symposium on Network and Distributed System Security, 2002. [ bib | .ps | .pdf ]

Peter M. Gleitz and Steven M. Bellovin. Transient addressing for related processes: Improved firewalling by using IPv6 and multiple addresses per host. In Proceedings of the Eleventh Usenix Security Symposium,, August 2001. [ bib | .pdf ]

Sotiris Ioannidis and Steven M. Bellovin. Building a secure web browser. In Usenix Conference, June 2001. [ bib | .pdf ]

Steven M. Bellovin. Computer security-an end state? Communications of the ACM, 44(3), March 2001. [ bib | .pdf ]

Steven M. Bellovin, C. Cohen, J. Havrilla, S. Herman, B. King, J. Lanza, L. Pesante, R. Pethia, S. McAllister, G. Henault, R. T. Goodden, A. P. Peterson, S. Finnegan, K. Katano, R. M. Smith, and R. A. Lowenthal. Results of the “Security in ActiveX Workshop”, December 2000. [ bib | .pdf ]

Sotiris Ioannidis, Angelos D. Keromytis, Steven M. Bellovin, and Jonathan M. Smith. Implementing a distributed firewall. In ACM Conference on Computer and Communications Security, Athens, Greece, November 2000. [ bib | .pdf ]

Steven M. Bellovin. Distributed firewalls. ;login:, pages 39-47, November 1999. [ bib | .html | .ps | .pdf ]

J. S. Denker, S. M. Bellovin, H. Daniel, N. L. Mintz, T. Killian, and M. A. Plotnick. Moat: A virtual private network appliance and services platform. In Proceedings of LISA XIII, November 1999. [ bib | .pdf ]

Peter Gregory. Why systems administration is hard. In Solaris Security. Prentice-Hall, 1999. (Foreword). [ bib | .html ]

William Cheswick and Steven M. Bellovin. How computer security works: Firewalls. Scientific American, pages 106-107, October 1998. [ bib ]

Bill Cheswick and Steven M. Bellovin. A DNS filter and switch for packet-filtering gateways. In Proceedings of the Sixth Usenix Unix Security Symposium, pages 15-19, San Jose, CA, 1996. [ bib | .html ]

Steven M. Bellovin. Using the domain name system for system break-ins. In Proceedings of the Fifth Usenix Unix Security Symposium, pages 199-208, Salt Lake City, UT, June 1995. [ bib | .pdf ]

Steven M. Bellovin. Security and uses of the Internet. In Proceedings of the North American Serials Interest Group, June 1995. [ bib ]

S.M. Bellovin and W.R. Cheswick. Network firewalls. IEEE Communications Magazine, 32(9):50-57, Sept 1994. [ bib | DOI ]

Steven M. Bellovin. There be dragons. In Proceedings of the Third Usenix Unix Security Symposium, pages 1-16, September 1992. [ bib | .pdf ]

Steven M. Bellovin. Security problems in the TCP/IP protocol suite. Computer Communications Review, 19(2):32-48, April 1989. [ bib | .pdf ]

Steven M. Bellovin. Towards a commercial IP security option. In Commercial IPSO Workshop, INTEROP '89, 1989. [ bib ]

Steven M. Bellovin. The “session tty” manager. In Proc. Usenix Conference, Summer 1988. [ bib | .pdf ]

Cryptography

Vasilis Pappas, Fernando Krell, Binh Vo, Vlad Kolesnimov, Tal Malkin, Seung Geol Choi, Wesley George, Angelos Keromytis, and Steven M. Bellovin. Blind seer: A scalable private DBMS. In IEEE Symposium on Security and Privacy, May 2014. To appear. [ bib ]

Steven M. Bellovin. Mysterious checks from Mauborgne to Fabyan. Cryptologia, 2014. To appear. [ bib ]

Mariana Raykova, Ang Cui, Binh Vo, Bin Liu, Tal Malkin, Steven M. Bellovin, and Salvatore J. Stolfo. Usable secure private search. IEEE Security & Privacy, 10(5), September-October 2012. [ bib | DOI | .pdf | Abstract ]

Mariana Raykova, Hang Zhao, and Steven M. Bellovin. Privacy enhanced access control for outsourced data sharing. In Financial Cryptography and Data Security, March 2012. [ bib | .pdf | Abstract ]

Vasilis Pappas, Mariana Raykova, Binh Vo, Steven M. Bellovin, and Tal Malkin. Private search in the real world. In Proceedings of the 2011 Annual Computer Security Applications Conference, December 2011. [ bib | .pdf | Abstract ]

Steven M. Bellovin. Frank Miller: Inventor of the one-time pad. Cryptologia, 35(3):203-222, July 2011. An earlier version is available as technical report CUCS-009-11. [ bib | http | Abstract ]

Elli Androulaki, Binh Vo, and Steven M. Bellovin. Privacy-preserving, taxable bank accounts. In Proceedings of the European Symposium on Research in Computer Security (ESORICS), Athens, September 2010. Longer version issued as Tech Report CUCS-005-10. [ bib | Abstract ]

Elli Androulaki and Steven M. Bellovin. A secure and privacy-preserving targeted ad-system. In Proceedings of the 1st Workshop on Real-Life Cryptographic Protocols and Standardization, January 2010. [ bib | .pdf ]

Mariana Raykova, Binh Vo, Tal Malkin, and Steven M. Bellovin. Secure anonymous database search. In Proceedings of the ACM Cloud Computing Security Workshop, November 2009. [ bib | .pdf ]

Elli Androulaki and Steven M. Bellovin. An anonymous credit card system. In Proceedings of 6th International Conference on Trust, Privacy & Security in Digital Business (TrustBus), September 2009. Longer version issued as Tech Report CUCS-010-09. [ bib | .pdf ]

Elli Androulaki and Steven M. Bellovin. Anonymous delivery of physical objects. In Symposium on Privacy-Enhancing Technologies (PET), July 2009. [ bib | .pdf ]

Elli Androulaki, Mariana Raykova, Angelos Stavrou, and Steven M. Bellovin. PAR: Payment for anonymous routing. In Proceedings of the 8th Privacy Enhancing Technologies Symposium, July 2008. [ bib | .pdf ]

Elli Androulaki, Seung Geol Choi, Steven M. Bellovin, and Tal Malkin. Reputation systems for anonymous networks. In Proceedings of the 8th Privacy Enhancing Technologies Symposium, July 2008. [ bib | .pdf ]

Steven M. Bellovin and Eric K. Rescorla. Deploying a new hash algorithm. In Proceedings of NDSS '06, 2006. [ bib | .pdf ]

William Aiello, Steven M. Bellovin, Matt Blaze, Ran Canetti, John Ioannidis, Angelos D. Keromytis, and Omer Reingold. Just fast keying: Key agreement in a hostile Internet. ACM Transactions on Information and System Security (TISSEC), 7(2):1-32, May 2004. [ bib ]

William Aiello, Steven M. Bellovin, Matt Blaze, Ran Canetti, John Ioannidis, Angelos D. Keromytis, and Omer Reingold. Efficient, DoS-resistant, secure key exchange for internet protocols. In Proceedings of the ACM Computer and Communications Security (CCS) Conference, November 2002. [ bib | .ps | .pdf ]

S.M. Bellovin and M.A. Blaze. Cryptographic modes of operation for the Internet. In Second NIST Workshop on Modes of Operation, August 2001. [ bib | .ps | .pdf ]

D. Whiting, B. Schneier, and S. Bellovin. AES key agility issues in high-speed IPsec implementations, 2000. [ bib | .ps | .pdf ]

Steven M. Bellovin. Cryptography and the internet. In Advances in Cryptology: Proceedings of CRYPTO '98, August 1998. [ bib | .ps | .pdf ]

Steven M. Bellovin. Probable plaintext cryptanalysis of the IP security protocols. In Proc. of the Symposium on Network and Distributed System Security, pages 155-160, 1997. [ bib | .ps | .pdf ]

Steven M. Bellovin. Problem areas for the IP security protocols. In Proceedings of the Sixth Usenix Unix Security Symposium, pages 205-214, July 1996. [ bib | .ps | .pdf ]

David A. Wagner and Steven M. Bellovin. A “bump in the stack” encryptor for MS-DOS systems. In Proceedings of the Symposium on Network and Distributed System Security, pages 155-160, San Diego, February 1996. [ bib | .ps | .pdf ]

Uri Blumenthal and Steven M. Bellovin. A better key schedule for DES-like ciphers. In Proceedings of PRAGOCRYPT '96, Prague, 1996. [ bib | .ps | .pdf ]

Matt Blaze and Steven M. Bellovin. Session-layer encryption. In Proc. 5th USENIX UNIX Security Symposium, Salt Lake City, UT, June 1995. [ bib | .ps | .pdf ]

Steven M. Bellovin and Michael Merritt. An attack on the Interlock Protocol when used for authentication. IEEE Transactions on Information Theory, 40(1):273-275, January 1994. [ bib | .ps | .pdf ]

David A. Wagner and Steven M. Bellovin. A programmable plaintext recognizer, 1994. Unpublished. [ bib | .ps | .pdf ]

Steven M. Bellovin and Michael Merritt. Augmented encrypted key exchange. In Proceedings of the First ACM Conference on Computer and Communications Security, pages 244-250, Fairfax, VA, November 1993. [ bib | .ps | .pdf ]

Steven M. Bellovin and Michael Merritt. Encrypted key exchange: Password-based protocols secure against dictionary attacks. In Proc. IEEE Computer Society Symposium on Research in Security and Privacy, pages 72-84, Oakland, CA, May 1992. [ bib | .ps | .pdf ]

Steven M. Bellovin and Michael Merritt. Limitations of the Kerberos authentication system. In USENIX Conference Proceedings, pages 253-267, Dallas, TX, Winter 1991. [ bib | .ps | .pdf ]

Public Policy

Steven M. Bellovin, Renée M. Hutchins, Tony Jebara, and Sebastian Zimmeck. When enough is enough: Location tracking, mosaic theory, and machine learning. NYU Journal of Law and Liberty, 2014. To appear. [ bib | http ]

Steven M. Bellovin, Matt Blaze, Sandy Clark, and Susan Landau. Lawful hacking: Using existing vulnerabilities for wiretapping on the Internet. Northwestern Journal of Technology & Intellectual Property, 12(1), 2014. [ bib | http | Abstract ]

Steven M. Bellovin. Why healthcare.gov has so many problems. CNN.com, October 15 2013. [ bib | http ]

Steven M. Bellovin. Submission to the Privacy and Civil Liberties Oversight Board: Technical issues raised by the Section 215 and Section 702 surveillance programs, July 2013. [ bib | .pdf ]

Steven M. Bellovin, Matt Blaze, Sandy Clark, and Susan Landau. Going bright: Wiretapping without weakening communications infrastructure. IEEE Security & Privacy, 11(1):62-72, January-February 2013. [ bib | DOI | .pdf | Abstract ]

Steven M. Bellovin, Scott O. Bradner, Whitfield Diffie, Susan Landau, and Jennifer Rexford. Can it really work? Problems with extending EINSTEIN 3 to critical infrastructure. National Security Journal, 3, 2012. [ bib | .pdf | Abstract ]

Maritza L. Johnson, Steven M. Bellovin, and Angelos D. Keromytis. Computer security research with human subjects: Risks, benefits and informed consent. In Financial Cryptography and Data Security, Lecture Notes in Computer Science. Springer Berlin / Heidelberg, 2011. [ bib | .pdf | Abstract ]

Steven M. Bellovin, Scott O. Bradner, Whitfield Diffie, Susan Landau, and Jennifer Rexford. As simple as possible - but not more so. Communications of the ACM, 2011. Note: this is a shorter version of “Can it really work?”. [ bib | .pdf ]

Elli Androulaki, Binh Vo, and Steven M. Bellovin. Cybersecurity through identity management. In Engaging Data: First International Forum on the Application and Management of Personal Electronic Information, October 2009. [ bib | .pdf ]

Steven M. Bellovin, Matt Blaze, Whitfield Diffie, Susan Landau, Peter G. Neumann, and Jennifer Rexford. Risking communications security: Potential hazards of the “Protect America Act”. IEEE Security & Privacy, 6(1):24-33, January/February 2008. [ bib | .pdf ]

Steven M. Bellovin, Matt Blaze, Whitfield Diffie, Susan Landau, Peter G. Neumann, and Jennifer Rexford. Internal surveillance, external risks. Communications of the ACM, 50(12), December 2007. [ bib ]

Paula Hawthorn, Barbara Simons, Chris Clifton, David Wagner, Steven M. Bellovin, Rebecca Wright, Arnold Rosenthal, Ralph Poore, Lillie Coney, Robert Gellman, and Harry Hochheiser. Statewide databases of registered voters: Study of accuracy, privacy, usability, security, and reliability issues, February 2006. Report commissioned by the U.S. Public Policy Committee of the Association for Computing Machinery. [ bib | http ]

Steven M. Bellovin, Matt Blaze, Ernest Brickell, Clinton Brooks, Vint Cerf, Whitfield Diffie, Susan Landau, Jon Peterson, and John Treichler. Security implications of applying the Communications Assistance to Law Enforcement Act to Voice over IP, 2006. [ bib | .pdf ]

Steven M. Bellovin, Matt Blaze, and Susan Landau. The real national-security needs for VoIP. Communications of the ACM, 48(11), November 2005. “Inside RISKS” column. [ bib | .pdf ]

Steven M. Bellovin. Cybersecurity research needs, July 2003. Testimony before the House Select Committee on Homeland Security, Subcommittee on Cybersecurity, Science, Research, & Development, hearing on “Cybersecurity-Getting it Right”. [ bib | .ps | .pdf ]

Steven M. Bellovin, Matt Blaze, David Farber, Peter Neumann, and Gene Spafford. Comments on the Carnivore system technical review draft, December 2000. [ bib | .html ]

Matt Blaze and Steven M. Bellovin. Tapping on my network door. Communications of the ACM, 43(10), October 2000. [ bib | .html ]

Matt Blaze and Steven M. Bellovin. Open Internet wiretapping, July 2000. Written testimony for a hearing on “Fourth Amendment Issues Raised by the FBI's `Carnivore' Program” by the Subcommittee on the Constitution, House Judiciary Committee. [ bib | .html ]

Steven M. Bellovin. Wiretapping the Net. The Bridge, 20(2):21-26, Summer 2000. [ bib | .ps | .pdf ]

Fred Schneider, Steven M. Bellovin, and Alan Inouye. Critical infrastructures you can trust: Where telecommunications fits. In Telecommunications Policy Research Conference, October 1998. [ bib | .ps | .pdf ]

Hal Abelson, Ross Anderson, Steven M. Bellovin, Josh Benaloh, Matt Blaze, Whitfield Diffie, John Gilmore, Peter G. Neumann, Ronald L. Rivest, Jeffrey I. Schiller, and Bruce Schneier. The risks of key recovery, key escrow, and trusted third-party encryption, May 1997. A report by an ad hoc group of cryptographers and computer scientists. [ bib | .pdf ]

Yakov Rekhter, Paul Resnick, and Steven M. Bellovin. Financial incentives for route aggregation and efficient address utilization in the Internet. In Proceedings of Telecommunications Policy Research Conference, 1997. [ bib | .html ]

Networking

Steven M. Bellovin, David D. Clark, Adrian Perrig, and Dawn Song. Workshop report: Clean-slate design for the next-generation secure Internet, March 2006. NSF workshop report. [ bib | .ps | .pdf ]

Steven M. Bellovin. Spamming, phishing, authentication, and privacy. Communications of the ACM, 47(12), December 2004. “Inside RISKS” column. [ bib | .ps | .pdf ]

Steven M. Bellovin. A technique for counting NATted hosts. In Proc. Second Internet Measurement Workshop, pages 267-272, Marseille, 2002. [ bib | .ps | .pdf ]

Steven M. Bellovin. Packets found on an internet. Computer Communications Review, 23(3):26-31, July 1993. [ bib | .ps | .pdf ]

Steven M. Bellovin. A best-case network performance model, 1992. Unpublished. [ bib | .ps | .pdf ]

Steven M. Bellovin. Pseudo-network drivers and virtual networks. In USENIX Conference Proceedings, pages 229-244, Washington, D.C., January 22-26, 1990. [ bib | .ps | .pdf ]

Peter Honeyman and Steven M. Bellovin. PATHALIAS or the care and feeding of relative addresses. In Proc. Summer Usenix Conference, 1986. [ bib | .ps | .pdf ]

CUCS Tech Reports

Steven M. Bellovin. The economics of cyberwar. Technical Report CUCS-010-14, Department of Computer Science, Columbia University, April 2014. Presented at the Institute for New Economic Thinking's Human After All. [ bib | http | Abstract ]

Steven M. Bellovin. Frank Miller: Inventor of the one-time pad. Technical Report CUCS-009-11, Department of Computer Science, Columbia University, March 2011. A revised version appeared in Cryptologia 35(3), July 2011. [ bib | http | Abstract ]

Michelle Madejski, Maritza Johnson, and Steven M. Bellovin. The failure of online social network privacy settings. Technical Report CUCS-010-11, Department of Computer Science, Columbia University, February 2011. [ bib | http | Abstract ]

Mariana Raykova, Hang Zhao, and Steven M. Bellovin. Privacy enhanced access control for outsourced data sharing. Technical Report CUCS-039-11, Department of Computer Science, Columbia University, 2011. [ bib | http | Abstract ]

Vasilis Pappas, Mariana Raykova, Binh Vo, Steven M. Bellovin, and Tal Malkin. Trade-offs in private search. Technical Report CUCS-022-10, Department of Computer Science, Columbia University, September 2010. [ bib | http | Abstract ]

Shreyas Srivatsan, Maritza Johnson, and Steven M. Bellovin. Simple-VPN: Simple IPsec configuration. Technical Report CUCS-020-10, Department of Computer Science, Columbia University, July 2010. [ bib | http | Abstract ]

Elli Androulaki, Binh Vo, and Steven M. Bellovin. A real-world identity management system with master secret revocation. Technical Report CUCS-008-10, Department of Computer Science, Columbia University, April 2010. [ bib | http | Abstract ]

Elli Androulaki, Binh Vo, and Steven M. Bellovin. Privacy-preserving, taxable bank accounts. Technical Report CUCS-005-10, Department of Computer Science, Columbia University, April 2010. [ bib | http | Abstract ]

Elli Androulaki and Steven M. Bellovin. A secure and privacy-preserving targeted ad-system. Technical Report CUCS-044-09, Department of Computer Science, Columbia University, October 2009. A revised version will appear at the 1st Workshop on Real-Life Cryptographic Protocols and Standardization. [ bib | http ]

Hang Zhao and Steven M. Bellovin. Source prefix filtering in ROFL. Technical Report CUCS-033-09, Department of Computer Science, Columbia University, July 2009. [ bib | http ]

Yuu-Heng Cheng, Scott Alexander, Alex Poylisher, and Mariana Raykova Steven M. Bellovin. The Zodiac policy subsystem: a policy-based management system for a high-security MANET. Technical Report CUCS-023-09, Department of Computer Science, Columbia University, May 2009. [ bib | http ]

Elli Androulaki and Steven M. Bellovin. An anonymous credit card system. Technical Report CUCS-010-09, Department of Computer Science, Columbia University, February 2009. [ bib | http ]

Olaf Maennel, Randy Bush, Luca Cittadini, and Steven M. Bellovin. A better approach than carrier-grade-NAT. Technical Report CUCS-041-08, Department of Computer Science, Columbia University, September 2008. [ bib | http ]

Kyle Dent and Steven M. Bellovin. Newspeak: A secure approach for designing web applications. Technical Report CUCS-008-08, Department of Computer Science, Columbia University, February 2008. [ bib | http ]

Steven M. Bellovin and William R. Cheswick. Privacy-enhanced searches using encrypted Bloom filters. Technical Report CUCS-034-07, Department of Computer Science, Columbia University, September 2007. [ bib | http ]

Elli Androulaki, Mariana Raykova, Angelos Stavrou, and Steven M. Bellovin. Opentor: Anonymity as a commodity service. Technical Report CUCS-031-07, Department of Computer Science, Columbia University, September 2007. [ bib | http ]

Elli Androulaki, Seung Geol Choi, Steven M. Bellovin, and Tal Malkin. Reputation systems for anonymous networks. Technical Report CUCS-029-07, Department of Computer Science, Columbia University, September 2007. [ bib | http ]

Hang Zhao and Steven M. Bellovin. Policy algebras for hybrid firewalls. Technical Report CUCS-017-07, Department of Computer Science, Columbia University, March 2007. Also presented at the Annual Conference of the ITA, 2007. [ bib | http ]

IEEE Security & Privacy Columns

Note: because of recent changes to IEEE's copyright policies, I can no longer post final PDFs of my columns on this web page. All columns from 2011 onwards will therefore be approximations to what has actually appeared in print.

Steven M. Bellovin. Walls and gates. IEEE Security & Privacy, 6(11), November-December 2013. [ bib | .pdf ]

Steven M Bellovin. Military cybersomethings. IEEE Security & Privacy, 11(3):88, May-June 2013. [ bib | http ]

Steven M. Bellovin. The major cyberincident investigations board. IEEE Security & Privacy, 10(6):96, November-December 2012. [ bib | DOI ]

Steven M. Bellovin. Fighting the last war. IEEE Security & Privacy, 10(3), May-June 2012. [ bib | http ]

Steven M. Bellovin. Security think. IEEE Security & Privacy, 9(6), November-December 2011. [ bib | .pdf ]

Steven M. Bellovin. Clouds from both sides. IEEE Security & Privacy, 9(3), May-June 2011. [ bib | .pdf ]

Steven M. Bellovin. Perceptions and reality. IEEE Security & Privacy, 8(5), September-October 2010. [ bib | .pdf ]

Steven M. Bellovin. Identity and security. IEEE Security & Privacy, 8(2), March-April 2010. [ bib | .pdf ]

Steven M. Bellovin. Security as a systems property. IEEE Security & Privacy, 7(5), September-October 2009. [ bib | .pdf ]

Steven M. Bellovin. The government and cybersecurity. IEEE Security & Privacy, 7(2), March-April 2009. (Ignore the part that says I work for Microsoft - I don't...The editor and I both missed that in the galleys.). [ bib | .pdf ]

Steven M. Bellovin. The puzzle of privacy. IEEE Security & Privacy, 6(5), September-October 2008. [ bib | .pdf ]

Steven M. Bellovin. Security by checklist. IEEE Security & Privacy, 6(2), March-April 2008. [ bib | .pdf ]

Steven M. Bellovin. Seers and craftspeople. IEEE Security & Privacy, 5(5), September-October 2007. [ bib | .pdf ]

Steven M. Bellovin. DRM, complexity, and correctness. IEEE Security & Privacy, 5(1), January-February 2007. [ bib | .pdf ]

Steven M. Bellovin. On the brittleness of software and the infeasibility of security metrics. IEEE Security & Privacy, 4(4), July-August 2006. [ bib | .pdf ]

Steven M. Bellovin. Unconventional wisdom. IEEE Security & Privacy, 4(1), January-February 2006. [ bib | .pdf ]

Steven M. Bellovin. Security and privacy: Enemies or allies? IEEE Security & Privacy, 3(3), May-June 2005. [ bib | .pdf ]

RFCs

F. Gont and S. Bellovin. Defending against Sequence Number Attacks. RFC 6528, RFC Editor, February 2012. [ bib | .txt | Abstract ]

S. Bellovin. Guidelines for Specifying the Use of IPsec Version 2. RFC 5406, RFC Editor, February 2009. [ bib | .txt | Abstract ]

S. Bellovin. Key Change Strategies for TCP-MD5. RFC 4808, RFC Editor, March 2007. [ bib | .txt | Abstract ]

S. Bellovin and A. Zinin. Standards Maturity Variance Regarding the TCP MD5 Signature Option (RFC 2385) and the BGP-4 Specification. RFC 4278, RFC Editor, January 2006. [ bib | .txt | Abstract ]

S. Bellovin and R. Housley. Guidelines for Cryptographic Key Management. RFC 4107, RFC Editor, June 2005. [ bib | .txt | Abstract ]

Security Mechanisms for the Internet. RFC 3631, RFC Editor, December 2003. [ bib | .txt | Abstract ]

S. Bellovin, J. Ioannidis, A. Keromytis, and R. Stewart. On the Use of Stream Control Transmission Protocol (SCTP) with IPsec. RFC 3554, RFC Editor, July 2003. [ bib | .txt | Abstract ]

S. Bellovin. The Security Flag in the IPv4 Header. RFC 3514, RFC Editor, April 1, 2003. [ bib | .txt | Abstract ]

H. Lu, M. Krishnaswamy, L. Conroy, S. Bellovin, F. Burg, A. DeSimone, K. Tewani, P. Davidson, H. Schulzrinne, and K. Vishwanathan. Toward the PSTN/Internet Inter-Networking-Pre-PINT Implementations. RFC 2458, RFC Editor, November 1998. [ bib | .txt | Abstract ]

S. Bellovin. Report of the IAB Security Architecture Workshop. RFC 2316, RFC Editor, April 1998. [ bib | .txt | Abstract ]

S. Bellovin. Defending Against Sequence Number Attacks. RFC 1948, RFC Editor, May 1996. [ bib | .txt | Abstract ]

S. Bellovin. Security Concerns for IPng. RFC 1675, RFC Editor, August 1994. [ bib | .txt | Abstract ]

S. Bellovin. On Many Addresses per Host. RFC 1681, RFC Editor, August 1994. [ bib | .txt | Abstract ]

S. Bellovin. Firewall-Friendly FTP. RFC 1579, RFC Editor, February 1994. [ bib | .txt | Abstract ]

Obsolete Internet Drafts

For assorted reasons, some of the otherwise-unpublished Internet drafts I have worked on are occasionally worth citing. They are preserved here. Note that these are unrefereed, and are perhaps just the ravings of a disordered mind...

Steven M. Bellovin. Access control prefix router advertisement option for IPv6. Obsolete Internet draft, February 2003. [ bib | .txt ]

Steven M. Bellovin, Marcus Leech, and Tom Taylor. ICMP traceback messages. Obsolete Internet draft, February 2003. [ bib | .txt ]

Steven M. Bellovin and Randy Bush. Security through obscurity considered dangerous. Obsolete Internet draft, February 2002. [ bib | .txt ]

Steven M. Bellovin. A “Reason” field for ICMP “Administratively Prohibited” messages. Obsolete Internet draft, December 2001. [ bib | .txt ]

Steven M. Bellovin. Using Bloom Filters for authenticated yes/no answers in the DNS. Obsolete Internet draft, December 2001. [ bib | .txt ]

Steven M. Bellovin and Robert G. Moskowitz. Client certificate and key retrieval for IKE. Obsolete Internet draft, November 2000. [ bib | .txt ]

Steven M. Bellovin, Adam Buchsbaum, and S. Muthukrishnan. TCP compression filter. Obsolete Internet draft, October 1999. [ bib | .txt ]

Steven M. Bellovin, Adam Buchsbaum, and S. Muthukrishnan. TCP filters. Obsolete Internet draft, October 1999. [ bib | .txt ]

Ph.D. Dissertation

Steven M. Bellovin. Verifiably Correct Code Generation Using Predicate Transformers. PhD thesis, Department of Computer Science, University of North Carolina, Chapel Hill, NC, December 1982. [ bib | .html ]

Updated 24 Apr 14