Publications are sorted by research area (Online crime, Security analytics, Online censorship, Cryptocurrencies, Economics of security, (Usable) User authentication, Security, usability, and psychology, Security and policy, Mobile device security, Economics-informed design and analysis of networked systems, Peer-to-peer & digital rights management, Service differentiation in packet networks), and Other).
More recent areas of investigation come first, although all but the last four (“other” excepted) are currently active areas; some papers could actually fit in more than one area, and classification is a bit arbitrary. (You may want to check this page instead if you prefer to see papers sorted chronologically.)
Most of my publications should be available here. The rare exceptions are a couple of papers I published early in my career, and for which I embarrassingly signed rapacious copyright transfer agreements. For these, please read the (open access) technical report version instead. For the same reason, I have to put this mandatory legal disclaimer:
The documents distributed from this webpage are provided as a means to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author’s copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder.
Some of the works presented here are © ACM. This is the authors’ version of the work. It is posted here by permission of the ACM for your personal use. Not for redistribution.
Online crime
Alejandro Cuevas and
Nicolas Christin.
Does Online Anonymous Market Vendor Reputation Matter?
To appear in
Proceedings of the 33rd USENIX Security Symposium
(USENIX Security'24).
Philadelphia, PA.
August 2024.
[paper (pdf, 316K)]
[BibTeX]
Alejandro Cuevas,
Fieke Miedema,
Nicolas Christin,
Kyle Soska,
and
Rolf van Wegberg.
Measurement by Proxy: On the Accuracy of Online Marketplace Measurements.
In
Proceedings of the 31st USENIX Security Symposium
(USENIX Security'22).
Boston, MA.
August 2022.
[paper (pdf, 832K)]
[BibTeX]
[datasets (graphical)]
[Hansa datasets (raw, anonymized)]
[Hansa datasets (raw, full)]
Janos Szurdi,
Meng Luo,
Brian Kondracki,
Nick Nikiforakis, and
Nicolas Christin.
Where are you taking me?
Understanding abusive Traffic Distribution Systems.
In
Proceedings of the 30th Web Conference (WWW'21).
Ljubljana, Slovenia (online).
April 2021.
[paper (pdf, 1.4K)]
[BibTeX]
[talk video]
James E. Arps and
Nicolas Christin.
Open Market or Ghost Town? The Curious Case of OpenBazaar.
In
Proceedings of the 24th International Conference on Financial Cryptography and Data Security
(FC'20).
Kota Kinabalu, Malaysia. February 2020.
[paper (pdf, 796K)]
[BibTeX]
Xiao Hui Tai,
Kyle Soska, and
Nicolas Christin.
Adversarial Matching of Dark Net Market Vendor Accounts.
In Proceedings of the 25th ACM SIGKDD Conference on Knowledge, Discovery, and Data Mining
(KDD'19), pages 1871–1880.
Anchorage, AK.
August 2019.
[paper (pdf, 660K)]
BibTeX
[lightning talk (mp4, 6M)]
[interactive website]
[datasets (raw)]
[scripts]
Rolf van Wegberg,
Samaneh Tajalizadehkhoob,
Kyle Soska,
Ugur Akyazi,
Carlos Gañán,
Bram Klievink,
Nicolas Christin,
and
Michel van Eeten.
Plug and Prey? Measuring the Commoditization of Cybercrime via Online Anonymous Markets.
In
Proceedings of the 27th USENIX Security Symposium
(USENIX Security'18).
Baltimore, MD.
August 2018.
[paper (pdf, 648K)]
[BibTeX]
[datasets (graphical)]
[Alphabay datasets (raw, anonymized)]
[Alphabay datasets (raw, full)]
Malte Möser,
Kyle Soska,
Ethan Heilman,
Kevin Lee,
Henry Heffan,
Shashvat Srivastava,
Kyle Hogan,
Jason Hennessey,
Andrew Miller,
Arvind Narayanan,
and
Nicolas Christin.
An Empirical Analysis of Traceability in the Monero Blockchain.
In
Proceedings of the Privacy Enhancing Technology Symposium
(PETS 2018), volume 3.
Barcelona, Spain.
July 2018.
[paper (pdf, 1.8M)]
[BibTeX]
[datasets (graphical)]
[Alphabay datasets (raw, anonymized)]
[Alphabay datasets (raw, full)]
Janos Szurdi and
Nicolas Christin.
Domain Registration Policy Strategies and the Fight against Online Crime.
In Proceedings (online) of the 17th Workshop on Economics of Information Security
(WEIS 2018).
Innsbruck, Austria.
June 2018.
[paper (pdf, 2.0M)]
[BibTeX]
Janos Szurdi
and
Nicolas Christin.
Email Typosquatting.
In
Proceedings of the 2017 ACM Internet Measurement Conference
(IMC'17),
pages 419–431.
London, UK.
November 2017.
[paper (pdf, 1.1M)]
[appendix (pdf, 116K)]
[BibTeX]
James Martin and
Nicolas Christin.
Ethics in Cryptomarket Research.
In
International Journal of Drug Policy,
Volume 35,
Issue 6,
pages 84–91.
2016.
[paper (pdf, 460K)]
[BibTeX]
Kyle Soska and
Nicolas Christin.
Measuring the Longitudinal Evolution of the Online Anonymous Marketplace Ecosystem.
In Proceedings of the 24th USENIX Security Symposium
(USENIX Security'15),
pages 33–48.
Washington, DC.
August 2015.
[paper (pdf, 3.3M)]
[BibTeX]
[dataset (graphical)]
[dataset (raw, anonymized)]
[dataset (raw, full)]
[slides (pdf, 2.2M)]
[trailer (“lightning talk”) (mp4, 14M)]
[trailer (“lightning talk”) (YouTube)]
Richard Clayton,
Tyler Moore, and
Nicolas Christin.
Concentrating Correctly on Cybercrime Concentration.
In
Proceedings (online) of the 14th Workshop on Economics of Information Security
(WEIS 2015).
Delft, Netherlands.
June 2015.
[paper (pdf, 196K)]
[BibTeX]
Nektarios Leontiadis,
Tyler Moore, and
Nicolas Christin.
A Nearly Four-Year Longitudinal Study of Search-Engine Poisoning.
In
Proceedings of the 21st ACM Conference on Computer and Communication Security
(CCS'14),
pages 930–941.
Scottsdale, AZ.
November 2014.
[paper (pdf, 1.3M)]
[BibTeX]
[datasets]
Nektarios Leontiadis
and
Nicolas Christin.
Empirically measuring WHOIS misuse.
In
Proceedings of the 19th European Symposium on Research in Computer Security
(ESORICS 2014),
pages 19–36.
Wroclaw, Poland.
September 2014.
[paper (pdf, 1.8M)]
[BibTeX]
Nicolas Christin.
Steps toward characterizing online anonymous drug marketplaces customers.
(Commentary on Barratt et al:
Use of Silk Road, the online drug marketplace, in the UK, Australia and the USA.)
In Addiction,
volume 109,
issue 5,
pages 784–785.
May 2014
[paper (pdf, 1.1M)]
[BibTeX]
Nektarios Leontiadis,
Tyler Moore, and
Nicolas Christin.
Pick Your Poison: Pricing and Inventories at Unlicensed Online Pharmacies.
In Proceedings of the 14th ACM Conference on Electronic Commerce
(EC'13),
pages 621–638.
Philadelphia, PA. June 2013.
[paper (pdf, 1.3M)]
[BibTeX]
[datasets]
Nicolas Christin.
Traveling the Silk Road:
A measurement analysis of a large anonymous online marketplace.
In Proceedings of the 22nd International World Wide Web Conference
(WWW'13),
pages 213–224.
Rio de Janeiro, Brazil.
May 2013.
See also (preliminary version):
CMU CyLab
Technical Report
CMU-CyLab-12-018.
(Also: arXiv
1207.7139 [cs.CY].)
July 2012 (revised: November 2012).
[paper (pdf, 896K)]
[BibTeX]
[slides (pdf, 5.7M)]
[datasets (graphical)]
[datasets (raw, anonymized)]
[datasets (raw, full)]
Tyler Moore,
Nektarios Leontiadis, and
Nicolas Christin.
Fashion Crimes: Trending-Term Exploitation on the Web. In
Proceedings of the 18th ACM Conference on Computer and Communications Security
(CCS 2011),
pages 455–466.
Chicago, IL.
October 2011.
[paper (pdf, 738K)]
[BibTeX]
Nektarios Leontiadis,
Tyler Moore, and
Nicolas Christin.
Measuring and Analyzing Search-Redirection Attacks in the Illicit Online Prescription Drug Trade.
In Proceedings of the 20th USENIX Security Symposium
(USENIX Security'11),
pages 281–298.
San Francisco, CA.
August 2011.
[paper (pdf, 2.3M)]
[BibTeX]
[talk (video)]
[datasets]
Nicolas Christin,
Sally Yanagihara, and
Keisuke Kamataki.
Dissecting One Click Frauds.
In Proceedings of the 17th ACM Conference on Computer and Communications Security
(CCS 2010),
pages 15–26.
Chicago, IL.
October 2010.
See also (earlier version):
CMU CyLab
Technical Report
CMU-CyLab-10-011,
April 2010.
[paper (pdf, 2.4M)]
[BibTeX]
David Molnar,
Serge Egelman, and
Nicolas Christin.
This Is Your Data on Drugs:
Lessons Computer Security Can Learn From The Drug War.
In Proceedings of the 13th New Security Paradigms Workshop
(NSPW 2010).
Concord, MA.
September 2010.
[paper (pdf, 124K)]
[BibTeX]
Security analytics
Nicolas Christin.
The effectiveness of security measures: technical perspective. Communications of the ACM, Volume 65, Issue 9, p. 92. September 2022.
[paper (pdf, 464K)]
[BibTeX]
[DOI]
Mathew Vermeer,
Jonathan West,
Alejandro Cuevas,
Shuonan Niu,
Nicolas Christin,
Michel van Eeten,
Tobias Fiebig,
Carlos Gañán,
and
Tyler Moore.
SoK:
A Framework for Asset Discovery:
Systematizing Advances in Network Measurements
for Protecting Organizations.
In
Proceedings of the 6th IEEE European Symposium on Security and Privacy
(Euro S&P'21).
Vienna, Austria (online).
September 2021.
[paper (pdf, 272K)]
[BibTeX]
Wanzheng Zhu,
Hongyu Gong,
Rohan Bansal,
Zachary Weinberg,
Nicolas Christin,
Giulia Fanti, and
Suma Bhat.
Self-Supervised Euphemism Detection and Identification
for Content Moderation.
In
Proceedings of the 42nd IEEE Symposium on Security and Privacy (Oakland 2021).
San Francisco, CA (online). May 2021.
[paper (pdf, 640K)]
[BibTeX]
Mahmood Sharif,
Jumpei Urakawa,
Nicolas Christin,
Ayumu Kubota, and
Akira Yamada.
Predicting Impending Exposure to Malicious Content from User Behavior.
In
Proceedings of the 25th ACM Conference on Computer and Communication Security
(CCS'18).
Toronto, ON. October 2018.
[paper (pdf, 2M)]
[BibTeX]
[code]
Kyle Soska,
Christopher Gates,
Kevin Roundy,
and Nicolas Christin.
Automatic Application Identification from Billions of Files.
In Proceedings of the 23rd ACM SIGKDD Conference on Knowledge, Discovery, and Data Mining
(KDD'17),
pages 2021–2030.
Halifax, NS, Canada.
August 2017.
[paper (pdf, 856K)]
[BibTeX]
Kyle Soska and
Nicolas Christin.
Automatically Detecting Vulnerable Websites Before They Turn Malicious.
In Proceedings of the 23rd USENIX Security Symposium
(USENIX Security'14),
pages 625–640.
San Diego, CA.
August 2014.
Best student paper award.
[paper (pdf, 3.3M)]
[BibTeX]
[slides (pdf, 4.5M)]
[trailer (“lightning talk”) (mp4, 14M)]
[trailer (“lightning talk”) (YouTube)]
Online censorship
Nguyen Phong Hoang,
Jakub Dalek,
Masashi Crete-Nishihata,
Nicolas Christin,
Vinod Yegneswaran,
Michalis Polychronakis, and
Nick Feamster.
GFWeb: Measuring the Great Firewall’s Web Censorship at Scale.
To appear in
Proceedings of the 33rd USENIX Security Symposium
(USENIX Security'24).
Philadelphia, PA.
August 2024.
[paper (pdf, 952K)]
[BibTeX]
Jenny Tang,
Leo Alvarez,
Arjun Brar,
Nguyen Phong Hoang,
and
Nicolas Christin.
Automatic generation of web censorship probe lists.
To appear in the
Proceedings of the 24th Privacy Enhancing Technologies Symposium
(PETS'24).
Bristol, UK.
July 2024.
[paper (pdf, 616K)]
[BibTeX]
Daniela Lopes,
Jin-Dong Dong,
Daniel Castro,
Pedro Medeiros,
Diogo Barradas,
Bernardo Portela,
João Vinagre,
Bernardo Ferreira,
Nicolas Christin, and
Nuno Santos.
Flow Correlation Attacks on Tor Onion Service Sessions with Sliding Subset Sum.
In
Proceedings of the 32nd Network and Distributed Systems Security Symposium (NDSS'24).
San Diego, CA.
February 2024.
[paper (pdf, 2M)]
[BibTeX]
Raymond Rambert,
Zachary Weinberg,
Diogo Barradas, and
Nicolas Christin.
Chinese wall or Swiss cheese?
Keyword filtering in the Great Firewall of China.
In
Proceedings of the 30th Web Conference (WWW'21).
Ljubljana, Slovenia (online).
April 2021.
[paper (pdf, 944K)]
[BibTeX]
[talk video]
Arian Akhavan Niaki,
Shinyoung Cho,
Zachary Weinberg,
Nguyen Phong Hoang,
Abbas Razaghpanah,
Nicolas Christin,
and
Phillipa Gill.
ICLab: A Global, Longitudinal Internet Censorship Measurement Platform.
In
Proceedings of the 41st IEEE Symposium on Security and Privacy (Oakland 2020),
pages 135–151.
San Francisco, CA (online). May 2020.
DOI:
10.1109/SP40000.2020.00014
[paper (pdf, 640K)]
[BibTeX]
[video]
[project website]
[data (Google Drive)]
[data (Internet Archive)]
[code]
Zachary Weinberg,
Shinyoung Cho,
Nicolas Christin,
Vyas Sekar,
and
Phillipa Gill.
How to Catch when Proxies Lie:
Verifying the Physical Locations of Network Proxies with Active Geolocation.
In
Proceedings of the 2018 ACM Internet Measurement Conference
(IMC'18).
Boston, MA. October 2018.
[paper (pdf, 2.4M)]
[BibTeX]
Zachary Weinberg,
Mahmood Sharif,
János Szurdi,
and Nicolas Christin.
Topics of Controversy: An Empirical Analysis of Web Censorship Lists.
In Proceedings of the Privacy Enhancing Technology Symposium
(PETS 2017),
volume 1, pages 42–61.
Minneapolis, MN.
July 2017.
[paper (pdf, 812K)]
[BibTeX]
Cryptocurrencies
Elijah Bouma-Sims,
Hiba Hassan,
Alexandra Nisenoff,
Lorrie Faith Cranor,
and
Nicolas Christin.
“It was honestly just gambling”:
Investigating the Experiences of Teenage Cryptocurrency Users on Reddit.
To appear in the
Proceedings of the 20th Symposium on Usable Privacy and Security
(SOUPS'24).
Philadephia, PA.
August 2024.
[paper (pdf, 620K)]
[BibTeX]
Taro Tsuchiya,
Alejandro Cuevas, and
Nicolas Christin.
Identifying risky vendors in cryptocurrency P2P marketplaces.
In Proceedings of the 33rd Web Conference (WWW'24).
pages 99-110.
Singapore.
May 2024.
[paper (pdf, 812K)]
[BibTeX]
[DOI]
Anton Wahrstätter,
Jens Ernstberger,
Aviv Yaish,
Liyi Zhou,
Kaihua Qin,
Taro Tsuchiya,
Sebastian Steinhorst,
Davor Svetinovic,
Nicolas Christin,
Mikołaj Barczentewicz, and
Arthur Gervais.
Blockchain Censorship.
In Proceedings of the 33rd Web Conference (WWW'24),
pages 1632-1643.
Singapore.
May 2024.
See also (preliminary version):
arXiv
2305.18545 [cs.CR],
June 2023.
[paper (pdf, 748K)]
[BibTeX]
[DOI]
Daisuke Kawai,
Kyle Soska,
Bryan Routledge,
Ariel Zetlin-Jones, and
Nicolas Christin.
Stranger Danger? Investor Behavior and Incentives on Cryptocurrency Copy-Trading Platforms.
In Proceedings of the 2024 ACM Conference on Human Factors in Computing Systems
(CHI 2024),
pages 1-20.
Oahu, HI. May 2024.
[paper (pdf, 5M)]
[BibTeX]
[DOI]
Daisuke Kawai,
Nicolas Christin,
Bryan Routledge,
Kyle Soska, and
Ariel Zetlin-Jones.
User participation in cryptocurrency derivative markets.
In
Proceedings of the 5th International Conference on Advances in Financial Technologies (AFT'23).
Princeton, NJ.
October 2023.
[paper (pdf, 1.6M)]
[BibTeX]
[DOI]
Daisuke Kawai,
Alejandro Cuevas,
Bryan Routledge,
Kyle Soska,
Ariel Zetlin-Jones, and
Nicolas Christin.
Is your digital neighbor a reliable investment advisor?
In
Proceedings of the 32nd Web Conference (WWW'23), pages 3581-3591.
Austin, TX.
May 2023.
[paper (pdf, 3.3M)]
[BibTeX]
[trailer (YouTube)]
[DOI]
Taro Tsuchiya,
Alejandro Cuevas,
Thomas Magelinski, and
Nicolas Christin.
Misbehavior and Account Suspension in an Online Financial Communication Platform.
In
Proceedings of the 32nd Web Conference (WWW'23), pages 2686-2697.
Austin, TX.
May 2023.
[paper (pdf, 2.7M)]
[BibTeX]
[trailer (YouTube)]
[DOI]
Kyle Soska,
Jin-Dong Dong,
Alex Khodaverdian,
Ariel Zetlin-Jones,
Bryan Routledge, and
Nicolas Christin.
Towards understanding cryptocurrency derivatives:
A case study of BitMEX.
In
Proceedings of the 30th Web Conference (WWW'21).
Ljubljana, Slovenia (online).
April 2021.
[paper (pdf, 2M)]
[BibTeX]
[talk video]
[interactive website]
Tyler Moore,
Nicolas Christin, and
Janos Szurdi.
Revisiting the Risks of Bitcoin Currency Exchange Closure.
In
ACM Transactions on Internet Technology,
Volume 58,
Number 4,
pages 50:1–50:18.
September 2018.
[paper (pdf, 696K)]
[BibTeX]
Rainer Böhme,
Nicolas Christin,
Benjamin Edelman, and
Tyler Moore.
Bitcoin: Economics, Technology, and Governance.
In
Journal of Economic Perspectives,
Volume 29,
Number 2,
pages 213–238.
Spring 2015.
[paper (pdf, 1.4M)]
[BibTeX]
Tyler Moore and
Nicolas Christin.
Beware the Middleman: Empirical Analysis of Bitcoin-Exchange Risk.
In Proceedings of the 17th International Conference on Financial Cryptography and Data Security
(FC'13),
pages 25–33.
Naha, Japan.
April 2013.
[paper (pdf, 248K)]
[BibTeX]
[slides (pdf, 1.3M)]
Economics of security
James Graves,
Alessandro Acquisti and
Nicolas Christin.
Should Credit Card Issuers Reissue Cards in Response to a Data Breach?: Uncertainty and Transparency in Metrics for Data Security Policymaking.
In
ACM Transactions on Internet Technology,
Volume 58,
Number 4,
pages 54:1–54:19.
September 2018.
[paper (pdf, 616K)]
[BibTeX]
James Graves,
Alessandro Acquisti and
Nicolas Christin.
Big Data and Bad Data:
On the Sensitivity of Security Policy to Imperfect Information.
In
The University of Chicago Law Review,
Vol. 83,
No. 1,
pp. 117-137.
Winter 2016.
[paper (pdf, 676K)]
[BibTeX]
Benjamin Johnson,
Paul Laskowski,
Thomas Maillart,
John Chuang, and
Nicolas Christin.
Caviar and Yachts: How Your Purchase Data May Come Back to Haunt You.
In
Proceedings (online) of the 14th Workshop on Economics of Information Security
(WEIS 2015).
Delft, Netherlands.
June 2015.
[paper (pdf, 224K)]
[BibTeX]
Jeremiah Blocki,
Nicolas Christin,
Anupam Datta,
Ariel Procaccia, and
Arunesh Sinha.
Audit Games with Multiple Defender Resources.
In
Proceedings of the 29th AAAI Conference on Artificial Intelligence
(AAAI'15),
pages 791–797.
Austin, TX.
January 2015.
[paper (pdf, 240K)]
[BibTeX]
James Graves,
Alessandro Acquisti and
Nicolas Christin.
Should Payment Card Issuers Re-Issue Cards in Response to a Data Breach?
In Proceedings (online) of the 13th Workshop on Economics of Information Security
(WEIS 2014).
State College, PA.
June 2014.
[paper (pdf, 6.6M)]
[BibTeX]
Jeremiah Blocki,
Nicolas Christin,
Anupam Datta, and
Arunesh Sinha.
Adaptive Regret Minimization in Bounded-Memory Games.
In Proceedings of the 4th Conference on Decision and Game Theory for Security
(GameSec 2013)
(Invited paper).
Fort Worth, Texas.
November 2013.
See also (extended version):
arXiv
1111.2888 [cs.GT],
November 2011
(last revised: March 2013).
[paper (pdf, 352K)]
[BibTeX]
Jeremiah Blocki,
Nicolas Christin,
Anupam Datta,
Ariel Procaccia, and
Arunesh Sinha.
Audit Games.
In Proceedings of the 23rd International Joint Conference on Artificial Intelligence
(IJCAI'13),
pages 41–47.
Beijing, China.
August 2013.
See also (preliminary, long version):
CMU CyLab
Technical Report
CMU-CyLab-13-004,
March 2013.
[paper (pdf, 560K)]
[BibTeX]
Jeremiah Blocki,
Nicolas Christin,
Anupam Datta, and
Arunesh Sinha.
Audit Mechanisms for Provable Risk Management and Accountable Data Governance.
In Proceedings of the 3rd Conference on Decision and Game Theory for Security
(GameSec 2012),
pages 38–59.
Budapest, Hungary.
November 2012.
See also (extended version):
CMU CyLab
[Technical Report] (http://www.cylab.cmu.edu/research/techreports/2012/tr_cylab12020.html)
CMU-CyLab-12-020,
September 2012.
[paper (pdf, 548K)]
[BibTeX]
Benjamin Johnson,
John Chuang,
Jens Grossklags, and
Nicolas Christin.
Metrics for Measuring ISP Badness: The Case of Spam (Short Paper).
In Proceedings of the 16th International Conference on Financial Cryptography and Data Security
(FC'12),
pages 89–97.
Kralendijk, Bonaire.
February 2012.
[paper (pdf, 860K)]
[BibTeX]
Nicolas Christin,
Alessandro Acquisti,
Adrian Perrig,
and
Bryan Parno.
Monetary Forgery in the Digital Age: Will Physical-Digital Cash Be a Solution?
In I/S: A Journal of Law and Policy for the Information Society,
Volume 7,
Number 2,
pages 171–206.
Winter 2012.
(Note: This is a thoroughly expanded and revised version of our FC'08 paper.)
[paper, 1.8M]
[BibTeX]
Anupam Datta,
Jeremiah Blocki,
Nicolas Christin,
Henry DeYoung,
Deepak Garg,
Limin Jia,
Dilsun Kaynar,
and
Arunesh Sinha.
Understanding and Protecting Privacy:
Formal Semantics and Principled Audit Mechanisms.
In Proceedings of the 7th International Conference on Information Systems Security
(ICISS 2011),
pages 1–27 (Invited paper).
Kolkata, India.
December 2011.
[paper (pdf, 419K)]
[BibTeX]
Nicolas Christin.
Network Security Games: Combining Game Theory, Behavioral Economics, and Network Measurements.
In Proceedings of the 2nd Conference on Decision and Game Theory for Security
(GameSec 2011),
pages 4–6 (Invited keynote).
College Park, MD.
November 2011.
[paper (pdf, 68K)]
[BibTeX]
[slides (pdf, 9.6M)]
Jeremiah Blocki,
Nicolas Christin,
Anupam Datta, and
Arunesh Sinha.
Audit Mechanisms for Privacy Protection in Healthcare Environments.
In Proceedings of the 2nd USENIX Workshop on Health Security and Privacy
(HealthSec ‘11).
San Francisco, CA.
August 2011.
[paper (pdf, 61K)]
[BibTeX]
Jeremiah Blocki,
Nicolas Christin,
Anupam Datta, and
Arunesh Sinha.
Regret Minimizing Audits: A Learning-theoretic Basis for Privacy Protection.
In Proceedings of the 24th IEEE Computer Security Foundations Symposium
(CSF 2011),
pages 312–327.
Domaine de l’Abbaye des Vaux de Cernay, France.
June 2011.
[paper (pdf, 371K)]
[BibTeX]
Benjamin Johnson,
Jens Grossklags,
Nicolas Christin,
and
John Chuang.
Nash Equilibria for Weakest Target Security Games with Heterogeneous Agents.
In Proceedings of the 2nd International ICST Conference on Game Theory for Networks
(GameNets 2011).
Shanghai, China.
April 2011.
[paper (pdf, 1.3M)]
[BibTeX]
Benjamin Johnson,
Jens Grossklags,
Nicolas Christin, and
John Chuang.
Uncertainty in Interdependent Security Games.
In Proceedings of the 1st Conference on Decision and Game Theory for Security
(GameSec 2010).
Berlin, Germany.
November 2010.
[paper (pdf, 549K)]
[BibTeX]
Benjamin Johnson,
Jens Grossklags,
Nicolas Christin, and
John Chuang.
Are Security Experts Useful?
Bayesian Nash Equilibria for Network Security Games with Limited Information.
In Proceedings of the 15th European Symposium on Research in Computer Security
(ESORICS 2010),
pages 588–606.
Athens, Greece.
September 2010.
See also:
CMU CyLab
Technical Report
CMU-CyLab-10-010,
April 2010.
[paper (pdf, 208K)]
[BibTeX]
Serge Egelman,
David Molnar,
Nicolas Christin,
Alessandro Acquisti,
Cormac Herley, and
Shriram Krishnamurthi.
Please Continue to Hold:
An Empirical Study on User Tolerance of Security Delays.
In Proceedings (online) of the 9th Workshop on Economics of Information Security
(WEIS 2010).
Cambridge, MA.
June 2010.
[paper (pdf, 346K)]
[BibTeX]
[slides (pdf, 1.1M)]
Jens Grossklags,
Benjamin Johnson, and
Nicolas Christin.
When Information Improves Information Security.
In Proceedings of the Fourteenth International Conference on Financial Cryptography and Data Security
(FC'10),
pages 416–423.
Tenerife, Spain.
January 2010.
See also (extended version):
CMU CyLab
Technical Report
CMU-CyLab-09-004,
March 2009.
[paper (pdf, 289K)]
[BibTeX]
Jens Grossklags,
Benjamin Johnson, and
Nicolas Christin.
The Price of Uncertainty in Security Games.
In Proceedings (online) of the 8th Workshop on Economics of Information Security
(WEIS 2009).
London, UK.
June 2009.
[paper (pdf, 587K]
[slides (pdf, 2148K)]
[BibTeX]
Ash Bashir and
Nicolas Christin.
Three Case Studies in Quantitative Information Risk Analysis.
In Proceedings of the CERT/SEI Business Case Workshop:
Making the Business Case for Software Assurance,
pages 77–86.
Pittsburgh, PA.
September 2008.
[paper (pdf, 120K)]
[appendix data (pdf, 530K)]
[BibTeX]
[software (xls/vba, 1.5M)]
Jens Grossklags,
Nicolas Christin, and
John Chuang.
Security and Insurance Management in Networks with Heterogeneous Agents.
In Proceedings of the 9th ACM Conference on Electronic Commerce
(EC'08),
pages 160–169.
Chicago, IL.
July 2008.
[paper (pdf, 208K)]
[BibTeX]
Jens Grossklags,
Nicolas Christin, and
John Chuang.
Security Investment (Failures) in Five Economic Environments:
A Comparison of Homogeneous and Heterogeneous User Agents.
In Proceedings (online) of the 7th Workshop on Economics of Information Security
(WEIS 2008).
Hannover, NH.
June 2008.
[paper (pdf, 287K)]
[BibTeX]
Jens Grossklags,
Nicolas Christin, and
John Chuang.
Secure or Insure? A Game-Theoretic Analysis of Information Security Games.
In Proceedings of the 17th International World Wide Web Conference
(WWW'08),
pages 209–218.
Beijing, China.
April 2008.
[paper (pdf, 223K)]
[BibTeX]
Jens Grossklags,
Nicolas Christin, and
John Chuang.
Predicted and Observed User Behavior in the Weakest-Link Security Game.
In Proceedings of the 2008 USENIX Workshop on Usability, Psychology, and Security
(UPSEC'08).
San Francisco, CA.
April 2008.
[paper (pdf, 128K)]
[paper (html)]
[BibTeX]
Alessandro Acquisti,
Nicolas Christin,
Adrian Perrig,
and Bryan Parno.
Countermeasures against Government-Scale Monetary Forgery.
In Proceedings of the Twelfth International Conference on Financial Cryptography and Data Security
(FC'08),
pages 262–266.
Cozumel, Mexico.
January 2008.
See also (extended version):
CMU CyLab
Technical Report
CMU-CyLab-07-016,
December 2007.
[paper (pdf, 40K)]
[BibTeX]
(Usable) User authentication
Carolina Carreira,
João F. Ferreira,
Alexandra Mendes,
and
Nicolas Christin.
Exploring Usable Security to Improve the Impact of Formal
Verification: A Research Agenda.
In Proceedings of the
First Workshop on Applicable Formal Methods
(αFM 2021),
pp. 77–84. Beijing, China (online). November 2021.
DOI: 10.4204/EPTCS.349.6
[paper (pdf, 124K)]
[BibTeX]
Joshua Tan,
Lujo Bauer,
Nicolas Christin, and
Lorrie Faith Cranor.
Practical recommendations for
stronger, more usable passwords
combining minimum-strength, minimum-length,
and blocklist requirements.
In
Proceedings of the 27th ACM Conference on Computer and Communication Security
(CCS'20), pages 1407–1426.
Virtual event. November 2020.
DOI: 10.1145/3372297.3417882
[paper (pdf, 1.5M)]
[BibTeX]
[video (mp4, 63M)]
Sarah Pearman,
Shikun Aerin Zhang,
Lujo Bauer,
Nicolas Christin,
and
Lorrie Faith Cranor.
Why people (don’t) use password managers effectively.
In
Proceedings of the 15th Symposium on Usable Privacy and Security
(SOUPS'19),
pages 319–338.
Santa Clara, CA. August 2019.
[paper (pdf, 188K)]
[BibTeX]
Hana Habib,
Pardis Emami Naeini,
Summer Devlin,
Maggie Oates,
Chelse Swoopes,
Lujo Bauer,
Nicolas Christin, and
Lorrie Faith Cranor.
User Behaviors and Attitudes Under Password Expiration Policies.
In
Proceedings of the 14th Symposium on Usable Privacy and Security
(SOUPS'18).
Baltimore, MD.
August 2018.
[paper (pdf, 548K)]
[BibTeX]
Jessica Colnago,
Summer Devlin,
Maggie Oates,
Chelse Swoopes,
Lujo Bauer,
Lorrie Faith Cranor,
and
Nicolas Christin.
"It’s not actually that horrible":
Exploring Adoption of Two-Factor Authentication at a University.
In
Proceedings of the 2018 ACM Conference on Human Factors in Computing Systems
(CHI 2018).
Montreal, QC.
April 2018.
[paper (pdf, 212K)]
[BibTeX]
Sarah Pearman,
Jeremy Thomas,
Pardis Emami Naeini,
Hana Habib,
Lujo Bauer,
Nicolas Christin,
Lorrie Faith Cranor,
Serge Egelman,
and
Alain Forget.
Let’s go in for a closer look: Observing passwords in their natural habitat.
In
Proceedings of the 24th ACM Conference on Computer and Communication Security
(CCS'17),
pages 295–310.
Dallas, TX.
October 2017.
[paper (pdf, 1M)]
[BibTeX]
Sean Segreti,
William Melicher,
Saranga Komanduri,
Darya Melicher,
Richard Shay,
Blase Ur,
Lujo Bauer,
Nicolas Christin,
Lorrie Faith Cranor,
and
Michelle Mazurek.
Diversify to Survive: Making Passwords Stronger with Adaptive Policies.
In Proceedings of the 13th Symposium on Usable Privacy and Security
(SOUPS'17).
San Jose, CA.
July 2017.
[paper (pdf, 512K)]
[BibTeX]
Blase Ur,
Felicia Alfieri,
Maung Aung,
Lujo Bauer,
Nicolas Christin,
Jessica Colnago,
Lorrie Faith Cranor,
Harold Dixon,
Pardis Emami Naeini,
Hana Habib,
Noah Johnson, and
William Melicher.
Design and Evaluation of a Data-Driven Password Meter.
In
Proceedings of the 2017 ACM Conference on Human Factors in Computing Systems
(CHI 2017),
pages 3775–3786.
Denver, CO.
May 2017.
Best paper award.
[paper (pdf, 656K)]
[supplemental material (pdf, 76K)]
[BibTeX]
[demo]
[code]
Hana Habib,
Jessica Colnago,
William Melicher,
Blase Ur,
Sean Segreti,
Lujo Bauer,
Nicolas Christin
and
Lorrie Faith Cranor.
Password Creation in the Presence of Blacklists.
In
Proceedings of the 2017 Workshop on Usable Security
(USEC'17).
San Diego, CA.
February 2017.
[paper (pdf, 276K)]
[BibTeX]
William Melicher,
Blase Ur,
Sean Segreti,
Saranga Komanduri,
Lujo Bauer,
Nicolas Christin, and
Lorrie Faith Cranor.
Fast, lean, and accurate: modeling password guessability using neural networks.
In
Proceedings of the 25th USENIX Security Symposium
(USENIX Security'16).
Austin, TX.
August 2016.
Best paper award.
[paper (pdf, 3.4M)]
[BibTeX]
[slides (pdf, 2M)]
[trailer (“lightning talk”) (mpeg, 14M)]
[trailer (“lightning talk”) (Vimeo)]
Richard Shay,
Saranga Komanduri,
Adam Durity,
Phillip Huh,
Michelle Mazurek,
Sean Segreti,
Blase Ur,
Lujo Bauer,
Nicolas Christin, and
Lorrie Faith Cranor.
Designing Password Policies for Strength and Usability.
In
ACM Transactions on Information Security,
Volume 18,
Number 4,
pages 13:1–13:34.
May 2016.
[paper (pdf, 968K)]
[BibTeX]
William Melicher,
Darya Kurilova,
Sean Segreti,
Pranshu Kalvani,
Richard Shay,
Blase Ur,
Lujo Bauer,
Nicolas Christin,
Lorrie Faith Cranor, and
Michelle Mazurek.
Usability and Security of Text Passwords on Mobile Devices.
In
Proceedings of the 2016 ACM Conference on Human Factors in Computing Systems
(CHI 2016),
pages 527–539.
San Jose, CA.
May 2016.
[paper (pdf, 204K)]
[BibTeX]
Blase Ur,
Jonathan Bees,
Sean Segreti,
Lujo Bauer,
Nicolas Christin,
Lorrie Faith Cranor, and
Amrith Deepak.
Do Users’ Perceptions of Password Security Match Reality?
In
Proceedings of the 2016 ACM Conference on Human Factors in Computing Systems
(CHI 2016),
pages 3748–3760.
San Jose, CA.
May 2016.
Honorable mention award.
[paper (pdf, 716K)]
[BibTeX]
Blase Ur,
Sean Segreti,
Lujo Bauer,
Nicolas Christin,
Lorrie Faith Cranor,
Saranga Komanduri,
Darya Kurilova,
Michelle Mazurek,
William Melicher
and
Richard Shay.
Measuring Real-World Accuracies and Biases in Modeling Password Guessability.
In Proceedings of the 24th USENIX Security Symposium
(USENIX Security'15),
pages 463–481.
Washington, DC.
August 2015.
[paper (pdf, 1.5M)]
[BibTeX]
[trailer (“lightning talk”) (Vimeo)]
Blase Ur,
Fumiko Noma,
Jonathan Bees,
Sean Segreti,
Richard Shay,
Lujo Bauer,
Nicolas Christin,
and Lorrie Faith Cranor.
"I Added ‘!’ At The End To Make It Secure":
Observing Password Creation in the Lab.
In Proceedings of the 11th Symposium on Usable Privacy and Security
(SOUPS'15).
Ottawa, Canada.
July 2015.
[paper (pdf, 480K)]
[BibTeX]
Luís Brandão,
Nicolas Christin,
George Danezis, and
Anonymous.
Toward Mending Two Nation-Scale Brokered Identification Systems.
In Proceedings of the Privacy Enhancing Technology Symposium
(PETS 2015).
Philadelphia, PA.
June 2015.
[paper (pdf, 474K)]
[BibTeX]
Richard Shay,
Lujo Bauer,
Nicolas Christin,
Lorrie Faith Cranor,
Alain Forget,
Saranga Komanduri,
Michelle Mazurek,
William Melicher,
Sean Segreti, and
Blase Ur.
A Spoonful of Sugar? The Impact of Guidance and Feedback on Password-Creation Behavior.
In
Proceedings of the 2015 ACM Conference on Human Factors in Computing Systems
(CHI 2015),
pages 2903–2912.
Seoul, Republic of Korea.
April 2015.
[paper (pdf, 1.4M)]
[BibTeX]
Richard Shay,
Saranga Komanduri,
Adam Durity,
Phillip Huh,
Michelle Mazurek,
Sean Segreti,
Blase Ur,
Lujo Bauer,
Nicolas Christin, and
Lorrie Faith Cranor.
Can Long Passwords Be Secure and Usable?
In Proceedings of the 2014 ACM Conference on Human Factors in Computing Systems
(CHI 2014).
Toronto, ON, Canada.
May 2014.
[paper (pdf, 250K)]
[BibTeX]
Michelle Mazurek,
Saranga Komanduri,
Timothy Vidas,
Lujo Bauer,
Nicolas Christin,
Lorrie Faith Cranor,
Patrick Gage Kelley,
Richard Shay,
and
Blase Ur.
Measuring Password Guessability for an Entire University.
In Proceedings of the 20th ACM Conference on Computer and Communications Security
(CCS 2013),
pages 173–186.
Berlin, Germany.
November 2013.
See also (longer version):
CMU CyLab
Technical Report
CMU-CyLab-13-013,
March 2013.
[paper (pdf, 3M)]
[BibTeX]
Patrick Gage Kelley,
Saranga Komanduri,
Michelle Mazurek,
Richard Shay,
Timothy Vidas,
Lujo Bauer,
Nicolas Christin, and
Lorrie Faith Cranor.
The impact of length and mathematical operators on the usability and
security of system-assigned one-time PINs.
In
Proceedings of the 2013 Workshop on Usable Security
(USEC'13),
pages 34–51.
Naha, Japan.
April 2013.
[paper (pdf, 900K)]
[BibTeX]
Blase Ur,
Patrick Gage Kelley,
Saranga Komanduri,
Joel Lee,
Michael Maass,
Michelle Mazurek,
Timothy Passaro,
Richard Shay,
Timothy Vidas,
Lujo Bauer,
Nicolas Christin,
Lorrie Faith Cranor,
Serge Egelman,
and
Julio Lopez.
Helping Users Create Better Passwords.
USENIX ;login:,
Volume 37,
Number 6,
pages 51–57.
December 2012.
[paper (pdf, 1M)]
[BibTeX]
Blase Ur,
Patrick Gage Kelley,
Saranga Komanduri,
Joel Lee,
Michael Maass,
Michelle Mazurek,
Timothy Passaro,
Richard Shay,
Timothy Vidas,
Lujo Bauer,
Nicolas Christin and
Lorrie Faith Cranor.
How Does Your Password Measure Up? The Effect of Strength Meters on Password Creation.
In Proceedings of the 21st USENIX Security Symposium
(USENIX Security'12).
Bellevue, WA.
August 2012.
[paper (pdf, 1.2M)]
[BibTeX]
Richard Shay,
Patrick Gage Kelley,
Saranga Komanduri,
Michelle Mazurek,
Blase Ur,
Timothy Vidas,
Lujo Bauer,
Nicolas Christin and
Lorrie Faith Cranor.
Correct horse battery staple: Exploring the usability of system-assigned passphrases.
In Proceedings of the 8th Symposium on Usable Privacy and Security
(SOUPS'12).
Washington, DC.
July 2012.
[paper (pdf, 528K)]
[BibTeX]
Patrick Gage Kelley,
Saranga Komanduri,
Michelle Mazurek,
Richard Shay,
Timothy Vidas,
Lujo Bauer,
Nicolas Christin,
Lorrie Faith Cranor and
Julio Lopez.
Guess again (and again and again):
Measuring password strength by simulating password-cracking algorithms.
In Proceedings of the 33rd IEEE Symposium on Security and Privacy
(Oakland 2012),
pages 523–537.
San Francisco, CA.
May 2012.
2023 IEEE Symposium on Security and Privacy test-of-time award.
[paper (pdf, 2.9M)]
[BibTeX]
Saranga Komanduri,
Richard Shay,
Patrick Gage Kelley,
Michelle Mazurek,
Lujo Bauer,
Nicolas Christin,
Lorrie Faith Cranor and
Serge Egelman.
Of Passwords and People: Measuring the Effect of Password-Composition Policies.
In Proceedings of the 2011 ACM Conference on Human Factors in Computing Systems
(CHI 2011),
pages 2595–2604.
Vancouver, BC, Canada.
May 2011.
Honorable mention award.
[paper (pdf, 478K)]
[BibTeX]
Eiji Hayashi,
Jason Hong,
and
Nicolas Christin.
Security through a Different Kind of Obscurity:
Evaluating Distortion in Graphical Authentication Schemes.
In Proceedings of the 2011 ACM Conference on Human Factors in Computing Systems
(CHI 2011),
pages 2055–2064.
Vancouver, BC, Canada.
May 2011.
[paper (pdf, 396K)]
[BibTeX]
Ambarish Karole,
Nitesh Saxena,
and
Nicolas Christin.
A Comparative Usability Evaluation of Traditional Password Managers.
In Proceedings of the 13th International Conference on Information Security and Cryptology
(ICICS 2010).
Seoul, Republic of Korea.
December 2010.
[paper (pdf, 2.2M)]
[BibTeX]
Richard Shay,
Saranga Komanduri,
Patrick Gage Kelley,
Pedro Leon,
Michelle Mazurek,
Lujo Bauer,
Nicolas Christin and
Lorrie Faith Cranor.
Encountering Stronger Password Requirements:
User Attitudes and Behaviors.
In Proceedings of the Sixth Symposium on Usable Privacy and Security
(SOUPS'10).
Redmond, WA.
July 2010.
[paper (pdf, 684K)]
[BibTeX]
Madoka Hasegawa,
Nicolas Christin, and
Eiji Hayashi.
New Directions in Multisensory Authentication.
In Adjunct Proceedings of the Seventh International Conference on Pervasive Computing
(Pervasive 2009) - Late Breaking Results,
pages 103–106.
Nara, Japan.
May 2009.
[paper (pdf, 519K]
[BibTeX]
Eiji Hayashi,
Nicolas Christin,
Rachna Dhamija, and
Adrian Perrig.
Use Your Illusion: Secure Authentication Usable Anywhere.
In Proceedings of the Fourth Symposium on Usable Privacy and Security
(SOUPS'08),
pages 35–43.
Pittsburgh, PA.
July 2008.
See also (preliminary version, very different!):
CMU CyLab
Technical Report
CMU-CyLab-07-011,
August 2007.
[paper (pdf, 412K)]
[BibTeX]
[demo site]
Hirokazu Sasamoto,
Nicolas Christin, and
Eiji Hayashi.
Undercover: Authentication Usable in Front of Prying Eyes.
In
Proceedings of the 2008 ACM Conference on Human Factors in Computing Systems
(CHI 2008),
pages 183–192.
Florence, Italy.
April 2008.
[paper (pdf, 618K)]
[BibTeX]
Security, usability, and psychology
Dominic Deuber,
Michael Keuchen,
and
Nicolas Christin.
Assessing anonymity techniques employed in German court decisions: A de-anonymization experiment.
In
Proceedings of the 32nd USENIX Security Symposium
(USENIX Security'23), pages 5199-5216.
Anaheim, CA.
August 2023.
[paper (pdf, 376K)]
[BibTeX]
Akira Yamada,
Kyle Crichton,
Yukiko Sawaya,
Jin-Dong Dong,
Sarah Pearman,
Ayumu Kubota, and
Nicolas Christin.
On recruiting and retaining users for security-sensitive longitudinal measurement panels.
In
Proceedings of the 18th Symposium on Usable Privacy and Security
(SOUPS'22).
Boston, MA.
August 2022.
[paper (pdf, 1.1M)]
[BibTeX]
Kyle Crichton,
Nicolas Christin,
and
Lorrie Faith Cranor.
How Do Home Computer Users Browse The Web?
In
ACM Transactions on the Web,
Vol. 16, No. 1, Article 3. September 2021.
DOI: https://doi.org/10.1145/3473343.
[paper (pdf, 3M)]
[paper (html)]
[BibTeX]
Mahmood Sharif,
Kevin Roundy,
Matteo Dell’Amico,
Christopher Gates,
Daniel Kats,
Lujo Bauer,
and
Nicolas Christin.
A Field Study of Computer-Security Perceptions Using Anti-Virus Customer-Support Chats.
In Proceedings of the 2019 ACM Conference on Human Factors in Computing Systems
(CHI 2019).
Glasgow, Scotland, UK. May 2019.
[paper (pdf, 204K)]
[BibTeX]
Hana Habib,
Jessica Colnago,
Vidya Gopalakrishnan,
Sarah Pearman,
Jeremy Thomas,
Alessandro Acquisti,
Nicolas Christin, and
Lorrie Faith Cranor.
Away From Prying Eyes: Analyzing Usage and Understanding of Private Browsing.
In Proceedings of the 14th Symposium on Usable Privacy and Security
(SOUPS'18).
Baltimore, MD.
August 2018.
[paper (pdf, 336K)]
[BibTeX]
Yukiko Sawaya,
Mahmood Sharif,
Nicolas Christin,
Ayumu Kubota,
Akihiro Nakarai, and
Akira Yamada.
Self-Confidence Trumps Knowledge: A Cross-Cultural Study of Security Behavior.
In
Proceedings of the 2017 ACM Conference on Human Factors in Computing Systems
(CHI 2017),
pages 2202–2214.
Denver, CO.
May 2017.
[paper (pdf, 204K)]
[BibTeX]
Alain Forget,
Sarah Pearman,
Jeremy Thomas,
Alessandro Acquisti,
Nicolas Christin,
Lorrie Faith Cranor,
Serge Egelman,
Marian Harbach, and
Rahul Telang.
Do or do not, there is no try:
User engagement may not improve security outcomes.
In Proceedings of the 12th Symposium on Usable Privacy and Security
(SOUPS'16).
Denver, CO.
July 2016.
[paper (pdf, 320K)]
[BibTeX]
Alain Forget,
Saranga Komanduri,
Alessandro Acquisti,
Nicolas Christin,
Lorrie Faith Cranor, and
Rahul Telang.
Security Behavior Observatory: Infrastructure for Long-term Monitoring of Client Machines.
CMU CyLab
Technical Report
CMU-CyLab-14-009,
July 2014.
[paper (pdf, 484K)]
[BibTeX]
Nicolas Christin,
Serge Egelman,
Timothy Vidas, and
Jens Grossklags.
It’s All About the Benjamins:
An Empirical Study on Incentivizing Users to Ignore Security Advice.
In Proceedings of the 15th International Conference on Financial Cryptography and Data Security
(FC'11),
pages 16–30.
St Lucia.
February 2011.
[paper (pdf, 437K)]
[BibTeX]
Security and policy
Nicolas Christin.
On Critical Infrastructure Protection and International Agreements.
Center for International and Security Studies at Maryland
Working Paper.
March 2011.
[paper (pdf, 255K)]
Mobile device security
Timothy Vidas,
Jiaqi Tan,
Jay Nahata,
Chaur Lih Tan,
Nicolas Christin,
and Patrick Tague.
A5: Automated Analysis of Adversarial Android Applications.
In Proceedings of the 4th Annual ACM CCS
Workshop on Security and Privacy in Smartphones and Mobile Devices
(SPSM 2014).
Scottsdale, AZ.
November 2014.
See also (preliminary version):
CMU CyLab
Technical Report
CMU-CyLab-13-009.
February 2013
(revised: July 2014).
[paper (pdf, 305K)]
[BibTeX]
Timothy Vidas and
Nicolas Christin.
Evading Android Runtime Analysis via Sandbox Detection.
In Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security
(ASIACCS'14).
Kyoto, Japan.
June 2014.
[paper (pdf, 220K)]
[BibTeX]
Daniel Votipka,
Timothy Vidas, and
Nicolas Christin.
Passe-Partout: A General Collection Methodology for Android Devices.
In
IEEE Transactions on Information Forensics and Security,
Volume 8,
Number 12,
pages 1937–1946.
December 2013.
[paper (pdf, 3.2M)]
[BibTeX]
Timothy Vidas,
Emmanuel Owusu,
Shuai Wang,
Cheng Zeng,
Lorrie Faith Cranor,
and
Nicolas Christin.
QRishing: The Susceptibility of Smartphone Users to QR Code Phishing Attacks.
In Proceedings of the 2013 Workshop on Usable Security
(USEC'13),
pages 52–69.
Naha, Japan.
April 2013.
[paper (pdf, 704K)]
[BibTeX]
Timothy Vidas
and
Nicolas Christin.
Sweetening Android Lemon Markets:
Measuring and Combating Malware in Application Marketplaces.
In Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy
(CODASPY ‘13),
pages 197–208.
San Antonio, TX.
February 2013.
[paper (pdf, 244K)]
[BibTeX]
Timothy Vidas,
Daniel Votipka, and
Nicolas Christin.
All Your Droid Are Belong to Us: A Survey of Current Android Attacks.
In Proceedings of the 5th USENIX Workshop on Offensive Technologies
(WOOT ‘11). San Francisco, CA. August 2011.
[paper (pdf, 133K)]
[BibTeX]
Timothy Vidas,
Chengye Zhang, and
Nicolas Christin.
Towards a General Collection Methodology for Android Devices.
In Proceedings of the 11th Digital Forensics Research Workshop
(DFRWS 2011).
New Orleans, LA.
August 2011.
[paper (pdf, 6.9M)]
[BibTeX]
Timothy Vidas,
Nicolas Christin, and
Lorrie Faith Cranor.
Curbing Android Permission Creep.
In Proceedings of the 2011 Web 2.0 Security and Privacy Workshop
(W2SP 2011).
Oakland, CA.
May 2011.
[paper (pdf, 418K)]
[BibTeX]
Rajesh Balan,
Narayan Ramasubbu,
Komsit Prakobphol,
Nicolas Christin,
and Jason Hong.
mFerio: The Design and Evaluation of a Peer-to-Peer Mobile Payment System.
In Proceedings of the Seventh ACM/USENIX Annual International Conference on Mobile Systems,
Applications and Services (MobiSys ‘09),
pages 291–304.
Krakow, Poland.
June 2009.
[paper (pdf, 908K]
[BibTeX]
Economics-informed design and analysis of networked systems
Nicolas Christin,
John Chuang,
and Jens Grossklags.
Economics-Informed Design of Content Delivery Networks.
Invited chapter in R. Buyya, A.-M. Khan Pathan, A. Vakali (editors),
Content Delivery Networks: Principles and Paradigms,
chapter 7.
Springer Verlag,
Germany, July 2008.
[BibTeX]
Soon Hin Khor,
Nicolas Christin,
Tina Wong, and
Akihiro Nakao.
Power to the People:
Securing the Internet One Edge at a Time.
In Proceedings of the ACM SIGCOMM'07
Workshop on
Large-Scale Attack Defense (LSAD),
pages 89–96.
Kyoto, Japan.
August 2007.
[paper (pdf, 163K)]
[BibTeX]
Nicolas Christin and
John Chuang.
A Cost-Based Analysis of Overlay Routing Geometries.
In
Proceedings of IEEE INFOCOM'05,
vol. 4,
pages 2566–2577.
Miami, FL.
March 2005.
[paper (pdf, 498K)]
[slides (pdf, 916K)]
[BibTeX]
Nicolas Christin,
Jens Grossklags, and
John Chuang.
Near Rationality and Competitive Equilibria in Networked Systems.
In Proceedings of the ACM SIGCOMM'04
Workshop on
Practice & Theory of Incentives in Networked Systems (PINS),
pages 213–219.
Portland, OR.
August 2004.
A preliminary version known as
University of California, Berkeley,
Technical Report
p2pecon TR-2004-04-CGC
(also arXiv:cs.GT/0404040)
is available,
but we prefer you citation the PINS paper.
[paper (pdf, 105K)]
[slides (pdf, 151K)]
[BibTeX]
Nicolas Christin and
John Chuang.
On the Cost of Participating in a Peer-to-Peer Network.
In Proceedings of the Third International Workshop on Peer-to-Peer Systems
(IPTPS'04).
Lecture Notes in Computer Science vol. 3279,
pages 22–32.
San Diego, CA.
February 2004.
See also (preliminary version, quite different!):
University of California, Berkeley,
Technical Report
p2pecon TR-2003-12-CC
(also arXiv:cs.NI/0401010).
[LNCS paper]
[workshop paper (pdf, 181K)]
[slides (pdf, 448K)]
[BibTeX]
Peer-to-peer & digital rights management
Nicolas Christin.
Peer-to-Peer Networks:
Interdisciplinary Challenges for Interconnected Systems.
In M. Dark (editor),
Information Assurance and Security Ethics in Complex Systems:
Interdisciplinary Perspectives.
IGI Global,
United States,
2010.
[paper (pdf, 553K)]
[slides (pdf, 3104K)]
[BibTeX]
(Copyright 2010, IGI Global, www.igi-global.com. Posted by permission of the publisher.)
Keiji Takeda,
Nicolas Christin,
and Davar Pishva.
情報セキュリティに関する取り組みについての最新動向
(Recent trends in information security challenges, in Japanese).
Invited paper in
Journal of Japan Society for Fuzzy Theory and Intelligent Informatics
19(3),
Special Issue on Security and Trust,
pages 200–208.
June 2007.
[Abstract in English]
[BibTeX]
Nicolas Christin,
Andreas S. Weigend,
and John Chuang.
Content Availability, Pollution and Poisoning in Peer-to-Peer File Sharing Networks.
In Proceedings of the Sixth ACM Conference on Electronic Commerce
(EC'05),
pages 68–77.
Vancouver, BC, Canada.
June 2005.
[paper (pdf, 654K)]
[slides (pdf, 2M)]
[BibTeX]
Service differentiation in packet networks
Nicolas Christin,
Jörg Liebeherr,
and Tarek F. Abdelzaher.
Enhancing Class-Based Service Architectures with
Adaptive Rate Allocation and Dropping Mechanisms.
In IEEE/ACM Transactions on Networking
15(3),
pages 669–682.
June 2007.
See also (older version):
University of Virginia,
Technical Report
CS-2004-09.
[BibTeX]
Ahsan Habib,
Nicolas Christin,
and John Chuang.
On the Feasibility of Switching ISPs in Residential Multihoming.
In
Proceedings of the Fifteenth IEEE International Workshop on Quality-of-Service
(IWQoS 2007),
pages 91–99.
Chicago, IL.
June 2007.
[paper (pdf, 276K)]
[BibTeX]
Nicolas Christin and
Jörg Liebeherr.
The QoSbox: Quantitative Service Differentiation in BSD Routers.
In Computer Networks
50(17),
pages 3353–3374.
December 2006.
See also (very preliminary version, quite different):
University of Virginia,
Technical Report
CS-2001-28.
[BibTeX]
Victor Firoiu,
Xiaohui Zhang,
Emre Gündüzhan,
and Nicolas Christin.
Providing Service Guarantees in High-Speed Switching Systems with Feedback Output Queuing.
In IEEE Transactions on Parallel and Distributed Systems
17(5),
pages 434–447,
May 2006.
See also (older version):
Nortel Networks,
Technical Report
arXiv:cs.NI/0406019.
[paper (pdf, 312K)]
[BibTeX]
Ahsan Habib,
Nicolas Christin, and
John Chuang.
Taking Advantage of Multihoming with Session Layer Striping.
In Proceedings of the 9th IEEE Global Internet Symposium
(Global Internet 2006),
pages 102–107.
Barcelona, Spain.
April 2006.
[paper (pdf, 122K)]
[slides (pdf, 388K)]
[BibTeX]
Nicolas Christin and
Jörg Liebeherr.
Marking Algorithms for Service Differentiation of TCP Traffic.
In Computer Communications
28(18),
Special Issue on End-to-End Quality of Service Differentiation,
pages 2058–2069.
November 2005.
See also:
University of Virginia,
Technical Report CS-2003-04,
February 2003.
[paper (pdf, 962K)]
[BibTeX]
Nicolas Christin.
Quantifiable Service Differentiation for Packet Networks,
Ph.D. Dissertation,
University of Virginia,
August 2003.
[dissertation (pdf, 3.3M)
[slides (pdf, 2.4M)
[BibTeX
Nicolas Christin and
Jörg Liebeherr.
A QoS Architecture for Quantitative Service Differentiation.
In
IEEE Communications Magazine
41(6),
Special Issue on Scalability in IP-Oriented Networks,
pages 38–45.
June 2003.
[paper (pdf, 100K)]
[BibTeX]
Jörg Liebeherr and
Nicolas Christin.
Rate Allocation and Buffer Management for Differentiated Services.
In
Computer Networks
40(1),
Special Issue on the New Internet Architecture,
pages 89–110.
September 2002.
[paper (pdf, 1M)]
[BibTeX]
Nicolas Christin and
Jörg Liebeherr.
A Scalable Service Architecture for Providing Strong Service Guarantees.
In
Scalability and Traffic Control in IP Networks II
(ITCOM'02),
Proceedings of SPIE,
vol. 4868,
pages 31–42 (Invited paper).
Boston, MA.
July 2002.
[paper (pdf, 261K)]
[slides (pdf, 2M)]
[BibTeX]
Nicolas Christin,
Jörg Liebeherr,
and Tarek F. Abdelzaher.
A Quantitative Assured Forwarding Service.
In Proceedings of IEEE INFOCOM'02,
vol. 2,
pages 864–873,
New York, NY.
June 2002.
See also (long version):
University of Virginia,
Technical Report
CS-2001-21,
August 2001.
[paper (pdf, 338K)]
[slides (pdf, 2M)]
[BibTeX]
Jörg Liebeherr and
Nicolas Christin.
JoBS: Joint Buffer Management and Scheduling for Differentiated Services.
In Proceedings of the Ninth IEEE/IFIP International Workshop on Quality-of-Service (IWQoS 2001),
pages 404–418,
Karlsruhe, Germany.
June 2001.
[paper (ps.gz, 212K)]
[paper (pdf, 291K)]
[slides (pdf, 2.4M)]
[BibTeX]
Jörg Liebeherr and
Nicolas Christin.
Buffer Management and Scheduling for Enhanced Differentiated Services.
University of Virginia,
Technical Report
CS-2000-24,
August 2000.
[paper (pdf, 1.2M)]
[BibTeX]
Other
Diana Vieira Fernandes,
Nicolas Christin,
and
Soummya Kar.
Peer-to-Peer (P2P) Electricity Markets for Low Voltage Networks.
To appear in
Proceedings of the 2024 IEEE International Conference on
Communications, Control, and Computing Technologies for Smart Grids
(SmartGridComm'24).
Oslo, Norway.
September 2024.
[BibTeX]