2016
Passive security intelligence to analyze the security risks of mobile/BYOD activities.
IBM J. Res. Dev., 2016
Security 360°: Enterprise security for the cognitive era.
IBM J. Res. Dev., 2016
Closing the loop: Network and in-host monitoring tandem for comprehensive cloud security visibility.
IBM J. Res. Dev., 2016
Detecting Malicious Exploit Kits using Tree-based Similarity Searches.
Proceedings of the Sixth ACM on Conference on Data and Application Security and Privacy, 2016
2015
FCCE: Highly scalable distributed Feature Collection and Correlation Engine for low latency big data analytics.
Proceedings of the 31st IEEE International Conference on Data Engineering, 2015
2014
MUSE: asset risk scoring in enterprise network with mutually reinforced reputation propagation.
EURASIP J. Inf. Secur., 2014
Asset Risk Scoring in Enterprise Network with Mutually Reinforced Reputation Propagation.
Proceedings of the 35. IEEE Security and Privacy Workshops, 2014
Kaleido: Network Traffic Attribution using Multifaceted Footprinting.
Proceedings of the 2014 SIAM International Conference on Data Mining, 2014
Stream computing for large-scale, multi-channel cyber threat analytics.
Proceedings of the 15th IEEE International Conference on Information Reuse and Integration, 2014
Reconciling malware labeling discrepancy via consensus learning.
Proceedings of the Workshops Proceedings of the 30th International Conference on Data Engineering Workshops, 2014
Outsourcing multi-version key-value stores with verifiable data freshness.
Proceedings of the IEEE 30th International Conference on Data Engineering, Chicago, 2014
2013
Practical Comprehensive Bounds on Surreptitious Communication over DNS.
Proceedings of the 22th USENIX Security Symposium, Washington, DC, USA, August 14-16, 2013, 2013
2011
2010
Synthesizing Near-Optimal Malware Specifications from Suspicious Behaviors.
Proceedings of the 31st IEEE Symposium on Security and Privacy, 2010
Scalable integrity monitoring in virtualized environments.
Proceedings of the fifth ACM workshop on Scalable trusted computing, 2010
2009
Security for the cloud infrastructure: Trusted virtual data center implementation.
,
,
,
,
,
,
,
,
,
,
,
IBM J. Res. Dev., 2009
Cloud security is not (just) virtualization security: a short paper.
Proceedings of the first ACM Cloud Computing Security Workshop, 2009
2008
TVDc: managing security in the trusted virtual datacenter.
ACM SIGOPS Oper. Syst. Rev., 2008
Virtualization and Hardware-Based Security.
IEEE Secur. Priv., 2008
Trustworthy and personalized computing on public kiosks.
Proceedings of the 6th International Conference on Mobile Systems, 2008
2007
A layered approach to simplified access control in virtualized systems.
ACM SIGOPS Oper. Syst. Rev., 2007
Towards Trustworthy Kiosk Computing.
Proceedings of the Eighth IEEE Workshop on Mobile Computing Systems and Applications, 2007
Managing the risk of covert information flows in virtual machine systems.
Proceedings of the 12th ACM Symposium on Access Control Models and Technologies, 2007
Retrofitting the IBM POWER Hypervisor to Support Mandatory Access Control.
Proceedings of the 23rd Annual Computer Security Applications Conference (ACSAC 2007), 2007
2006
Shame on Trust in Distributed Systems.
Proceedings of the 1st USENIX Workshop on Hot Topics in Security, 2006
vTPM: Virtualizing the Trusted Platform Module.
Proceedings of the 15th USENIX Security Symposium, Vancouver, BC, Canada, July 31, 2006
PRIMA: policy-reduced integrity measurement architecture.
Proceedings of the 11th ACM Symposium on Access Control Models and Technologies, 2006
Toward Automated Information-Flow Integrity Verification for Security-Critical Applications.
Proceedings of the Network and Distributed System Security Symposium, 2006
Linking remote attestation to secure tunnel endpoints.
Proceedings of the 1st ACM Workshop on Scalable Trusted Computing, 2006
Shamon: A System for Distributed Mandatory Access Control.
Proceedings of the 22nd Annual Computer Security Applications Conference (ACSAC 2006), 2006
2005
Building a MAC-Based Security Architecture for the Xen Open-Source Hypervisor.
Proceedings of the 21st Annual Computer Security Applications Conference (ACSAC 2005), 2005
2004
Design and Implementation of a TCG-based Integrity Measurement Architecture.
Proceedings of the 13th USENIX Security Symposium, August 9-13, 2004, San Diego, CA, USA, 2004
Resolving constraint conflicts.
Proceedings of the 9th ACM Symposium on Access Control Models and Technologies, 2004
Pervasive Authentication Domains for Automatic Pervasive Device Authorization.
Proceedings of the 2nd IEEE Conference on Pervasive Computing and Communications Workshops (PerCom 2004 Workshops), 2004
Attestation-based policy enforcement for remote access.
Proceedings of the 11th ACM Conference on Computer and Communications Security, 2004
2003
Analyzing Integrity Protection in the SELinux Example Policy.
Proceedings of the 12th USENIX Security Symposium, Washington, D.C., USA, August 4-8, 2003, 2003
2002
Secure coprocessor-based intrusion detection.
Proceedings of the 10th ACM SIGOPS European Workshop, Saint-Emilion, France, July 1, 2002, 2002
Authentication for Distributed Web Caches.
Proceedings of the Computer Security, 2002
2001
Building the IBM 4758 Secure Coprocessor.
Computer, 2001
IPSECvalidate: A Tool to Validate IPSEC Configurations.
Proceedings of the 15th Conference on Systems Administration (LISA 2001), 2001
Verteiltes Filtern mit Contags und Sicherheits-Labeln.
Proceedings of the Kommunikation in Verteilten Systemen (KiVS), 2001
2000
History-based Distributed Filtering - A Tagging Approach to Network-Level Access Control.
Proceedings of the 16th Annual Computer Security Applications Conference (ACSAC 2000), 2000
1998
An Evolutionary Approach to Multilaterally Secure Services in ISDN / IN.
Proceedings of the International Conference On Computer Communications and Networks (ICCCN 1998), 1998
Security Services in an Open Service Environment.
Proceedings of the 14th Annual Computer Security Applications Conference (ACSAC 1998), 1998
1997
Authentikation als Grundlage der Skalierung von Sicherheit in der Kommunikationstechnik.
Proceedings of the Kommunikation in Verteilten Systemen, 1997
1996
Ein Domain-Konzept zur systematischen und wirtschaftlichen Integration von Sicherheit in Kommunikationsnetze.
Informationstechnik Tech. Inform., 1996