Jedidiah R. Crandall's full list of publications

Conference, workshop, and journal papers:

• Beau Kujath, Jeffrey Knockel, Paul Aguilar, Diego Morabito, Masashi Crete-Nishihata, Jedidiah R. Crandall. Analyzing Prominent Mobile Apps in Latin America. In the Proceedings of the Free and Open Communications on the Internet Workshop. (FOCI 2024). Bristol, UK. July 2024. pdf

• Benjamin Mixon-Baca, Jeffrey Knockel, Diwen Xue, Tarun Ayyagari, Deepak Kapur, Roya Ensafi, and Jedidiah R. Crandall. Attacking Connection Tracking Frameworks as used by Virtual Private Networks. To appear in the Proceedings on Privacy Enhancing Technologies and at the PETS Symposium. (PETS 2024). Bristol, United Kingdom. July, 2024. pdf

• Diwen Xue, Benjamin Mixon-Baca, ValdikSS, Beau Kujath, Jedidiah R. Crandall, and Roya Ensafi. TSPU: Russia's Decentralized Censorship System. In the Proceedings of the ACM Internet Measurement Conference, 2022. (IMC 2022). Nice, France. October, 2022. pdf

• Diwen Xue, Reethika Ramesh, Arham Jain, Michalis Kallitsis, J. Alex Halderman, Jedidiah R. Crandall, and Roya Ensafi. OpenVPN is Open to VPN Fingerprinting. In the Proceedings of the 31st USENIX Security Symposium.(USENIX Security 2022). Boston, Massachusetts. August, 2022. pdf Distinguished Paper Award and 2022 Internet Defense Prize Winner---1st place

• Christopher Brant, Prakash Shrestha, Benjamin Mixon-Baca, Kejun Chen, Said Varlioglu, Nelly Elsayed, Yier Jin, Jedidiah Crandall, and Daniela Oliveira. Challenges and Opportunities for Practical and Effective Dynamic Information Flow Tracking. In ACM Computing Surveys, Volume 55, Issue 1, Pages 1-33 (ACM CSUR). November, 2021.

• Deeksha Dangwal, Zhizhou Zhang, Jedidiah R Crandall, and Timothy Sherwood. Context-Aware Privacy-Optimizing Address Tracing. In the Proceedings of the 2021 International Symposium on Secure and Private Execution Environment Design (SEED 2021). September, 2021.

• William J. Tolley, Beau Kujath, Mohammad Taha Khan, Narseo Vallina-Rodriguez, and Jedidiah R. Crandall. Blind In/On-Path Attacks and Applications to VPNs.. In the Proceedings of the 30th USENIX Security Symposium.(USENIX Security 2021). Virtual event. August, 2021. pdf

• Nikolaos Sapountzis, Ruimin Sun, Xuetao Wei, Yier Jin, Jedidiah Crandall, and Daniela Oliveira. MITOS: Optimal Decisioning for the Indirect Flow Propagation Dilemma in Dynamic Information Flow Tracking Systems. In the Proceedings of the IEEE International Conference on Distributed Computing Systems (ICDCS 2020). Singapore. November, 2020. pdf

• Geoffrey Alexander, Antonio Espinoza, and Jedidiah R. Crandall. Detecting TCP/IP Connections via IPID Hash Collisions. In the Proceedings of the 2019 Privacy Enhancing Technologies Symposium (PETS 2019). Stockholm, Sweden. July 2019. pdf

• Kirtus G. Leyba, Benjamin Edwards, Cynthia Freeman, Jedidiah R. Crandall, and Stephanie Forrest. Borders and Gateways: Measuring and Analyzing National AS Chokepoints. In the Proceedings of the second annual ACM SIGCAS Conference on Computing and Sustainable Societies (COMPASS 2019). Accra, Ghana. July 2019.

• Daniel Riofrio, Anacaren Ruiz, Erin Sosebee, Qasim Raza, Adnan Bashir, Jed Crandall, and Ramrio Sandoval. Presidential Elections in Ecuador: Bot Presence in Twitter. In the Proceedings of the Sixth International Conference on eDemocracy and eGovernment (ICEDEG 2019). Quito, Ecuador. April 2019. pdf

• Meisam Navaki Arefi, Geoffrey Alexander, Hooman Rokham, Aokun Chen, Daniela Oliveira, Xuetao Wei, Michalis Faloutsos, and Jedidiah R. Crandall. FAROS: Illuminating In-Memory Injection Attacks via Provenance-based Whole System Dynamic Information Flow Tracking. Accepted (pending shepherd approval) to the IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2018). Luxembourg City, Luxembourg. June 2018. pdf

• Meisam Navaki Arefi, Geoffrey Alexander, and Jedidiah R. Crandall. PIITracker: Automatic Tracking of Personally Identifiable Information in Windows. In the Proceedings of 11th European Workshop on Systems Security (EUROSEC 2018). Porto, Portugal. April 2018. pdf

• Xu Zhang, Jeffrey Knockel, and Jedidiah R. Crandall. ONIS: Inferring TCP/IP-based Trust Relationships Completely Off-Path. In the Proceedings of IEEE INFOCOM 2018 (INFOCOM 2018). Honolulu, Hawaii. April 2018. pdf

• Mahdi Zamani, Jared Saia, and Jedidiah R. Crandall. TorBricks: Blocking-Resistant Tor Bridge Distribution. In the Proceedings of the 19th International Symposium on Stabilization, Safety, and Security of Distributed Systems (SSS 2017). Boston, Massachusetts. November 2017. pdf

• Antonio M. Espinoza, William J. Tolley, Jedidiah R. Crandall, Masashi Crete-Nishihata, and Andrew Hilts. Alice and Bob, who the FOCI are they?: Analysis of end-to-end encryption in the LINE messaging application. In the Proceedings of the 7th USENIX Workshop on Free and Open Communications on the Internet. (FOCI 2017). Vancouver, Canada. August 2017. pdf

• Xu Zhang, Jeffrey Knockel, and Jedidiah R. Crandall. High Fidelity Off-Path Round-Trip Time Measurement via TCP/IP Side Channels with Duplicate SYNs. In the Proceedings of IEEE GLOBECOM (GLOBECOM 2016). Washington, D.C. December 2016.

• Aokun Chen, Pratik Brahma, Dapeng Oliver Wu, Natalie Ebner, Brandon Matthews, Jedidiah Crandall, Xuetao Wei, Michalis Faloutsos, and Daniela Oliveira. Cross-Layer Personalization as a First Class Citizen for Situation Awareness and Computer Infrastructure Security. In the Proceedings of the New Security Paradigms Workshop (NSPW 2016). C Lazy U Ranch, Colorado. September 2016.

• Antonio Espinoza, Jeffrey Knockel, Jedidiah R. Crandall, and Pedro Comesaña. V-DIFT: Vector-Based Dynamic Information Flow Tracking with Application to Locating Cryptographic Keys for Reverse Engineering. In the Proceedings of the International Conference on Availability, Reliability and Security (ARES 2016). Salzburg, Austria. August/September 2016. pdf

• Daniela Oliveira, Jedidiah Crandall, Harry Kalodner, Nicole Morin, Megan Maher, Jesus Navarro and, Felix Emiliano. An Information Flow-based Taxonomy to Understand the Nature of Software Vulnerabilities. In the Proceedings of the 31st International Conference on ICT Systems Security and Privacy Protection - Springer. (IFIP SEC 2016). Ghent, Belgium, May 2016. pdf

• Jeffrey Knockel, Masashi Crete-Nishihata, Jason Q. Ng, Adam Senft, and Jedidiah R. Crandall. Every Rose Has Its Thorn: Censorship and Surveillance on Social Video Platforms in China. In the Proceedings of the 5th USENIX Workshop on Free and Open Communications on the Internet. (FOCI 2015). Washington, D.C. August 2015. pdf

• Jedidiah R. Crandall, Masashi Crete-Nishihata, and Jeffrey Knockel. Forgive Us Our SYN’s: Technical and Ethical Considerations for Measuring Internet Censorship Workshop on Ethics in Networked Systems Research (co-located with ACM SIGCOMM'15). London, United Kingdom. August 2015. pdf

• Roya Ensafi, Philipp Winter, Abdullah Mueen, Jedidiah R. Crandall. Analyzing the Great Firewall of China Over Space and Time. Proceedings on Privacy Enhancing Technologies (PoPETs). 1 (1), 61. DOI: 10.1515/popets-2015-0005. Will be presented at PETS 2015 in Philadelphia, Pennsylvania. pdf

• Geoffrey Alexander and Jedidiah R. Crandall. Off-Path Round Trip Time Measurement via TCP/IP Side Channels. In the Proceedings of IEEE INFOCOM 2015 (INFOCOM 2015). Hong Kong. April 2015. pdf

• Xu Zhang, Jeffrey Knockel, and Jedidiah R. Crandall. Original SYN: Finding Machines Hidden Behind Firewalls. In the Proceedings of IEEE INFOCOM 2015 (INFOCOM 2015). Hong Kong. April 2015. pdf

• Jeffrey Knockel and Jedidiah R. Crandall. Counting Packets Sent Between Arbitrary Internet Hosts. In the Proceedings of the 4th USENIX Workshop on Free and Open Communications on the Internet. (FOCI 2014). San Diego, California. August 2014. pdf

• Roya Ensafi, Mike Jacobi, and Jedidiah R. Crandall. A Case Study in Helping Students to Covertly Eat Their Classmates. In the Proceedings of the USENIX Summit on Gaming, Games and Gamification in Security Education. (3GSE 2014). San Diego, California. August 2014. pdf

• Roya Ensafi, Jeffrey Knockel, Geoffrey Alexander, and Jedidiah R. Crandall. Detecting Intentional Packet Drops on the Internet via TCP/IP Side Channels. In the Proceedings of the 2014 Passive and Active Measurements conference. (PAM 2014). Los Angeles, California. March 2014. An extended version is available here.

• Tao Zhu, David Phipps, Adam Pridgen, Jedidiah R. Crandall, and Dan S. Wallach. The Velocity of Censorship: High-Fidelity Detection of Microblog Post Deletions. In the Proceedings of the 22nd USENIX Security Symposium. (USENIX Security 2013). Washington D.C. August 2013. pdf

• Jedidiah R. Crandall, Masashi Crete-Nishihata, Jeffrey Knockel, Sarah McKune, Adam Senft, Diana Tseng, and Greg Wiseman. Chat program censorship and surveillance in China: Tracking TOM-Skype and Sina UC. First Monday Volume 18, Number 7, 1 July 2013. paper and supplementary materials with visualizations

• Bilal Shebaro, Fernando Perez-Gonzalez, and Jedidiah R. Crandall. Exploiting Geometrical Structure for Forensic Applications of Timing Inference Channels. International Journal of Digital Crime and Forensics (IJDCF). Vol. 5, no. 1, DOI: 10.4018/jdcf.2013010104 (2013).

• Mohammed Ibrahim Al-Saleh, Antonio M. Espinosa, and Jedidiah R. Crandall. Antivirus performance characterisation: system-wide view. IET Information Security, Volume 7, Issue 2, June 2013, p. 126 - 133, DOI: 10.1049/iet-ifs.2012.0192.

• Peiyou Song, Anhei Shu, David Phipps, Dan Wallach, Mohit Tiwari, Jedidiah Crandall, and George Luger. Language Without Words: A Pointillist Model for Natural Language Processing In the Proceedings of the 6th International Conference on Soft Computing and Intelligent Systems. (SCIS-ISIS 2012). Kobe, Japan. November 2012. pdf

• Peiyou Song, Anhei Shu, Anyu Zhou, Dan Wallach, and Jedidiah R. Crandall. A Pointillism Approach for Natural Language Processing of Social Media. In the Proceedings of the 2012 International Conference on Natural Language Processing and Knowledge Engineering. (NLP-KE'12). Hefei, China. September 2012. pdf

• Jeffrey Knockel and Jedidiah R. Crandall. Protecting Free and Open Communications on the Internet Against Man-in-the-Middle Attacks on Third-Party Software: We're FOCI'd. In the Proceedings of the 2nd USENIX Workshop on Free and Open Communications on the Internet. (FOCI 2012). Bellevue, Washington. August 2012. pdf

• Nicholas Aase, Jedidiah R. Crandall, Alvaro Diaz, Jeffrey Knockel, Jorge Ocana Molinero, Jared Saia, Dan Wallach, and Tao Zhu. Whiskey, Weed, and Wukan on the World Wide Web: On Measuring Censors' Resources and Motivations. In the Proceedings of the 2nd USENIX Workshop on Free and Open Communications on the Internet. (FOCI 2012). Bellevue, Washington. August 2012. pdf

• Daniela Oliveira and Jedidiah R. Crandall. Holographic Vulnerability Studies: Vulnerabilities as Fractures in Interpretation as Information Flows Across Abstraction Boundaries. In the Proceedings of the New Security Paradigms Workshop (NSPW 2012). Bertinoro, Italy. pdf

• Roya Ensafi, Mike Jacobi, and Jedidiah R. Crandall. Students Who Don't Understand Information Flow Should be Eaten: An Experience Paper. In the Proceedings of the 5th USENIX Workshop on Cyber Security Experimentation and Test. (CSET 2012). Bellvue, Washington. August 2012. pdf

• Antonio M. Espinoza and Jedidiah R. Crandall. Work-in-Progress: Automated Named Entity Extraction for Tracking Censorship of Current Events. In the Proceedings of the USENIX Workshop on Free and Open Communications on the Internet. (FOCI 2011). San Francisco, California. August 2011. pdf

• Jeffrey Knockel, Jedidiah R. Crandall, and Jared Saia. Three Researchers, Five Conjectures: An Empirical Analysis of TOM-Skype Censorship and Surveillance. In the Proceedings of the USENIX Workshop on Free and Open Communications on the Internet. (FOCI 2011). San Francisco, California. August 2011. pdf

• Bilal Shebaro and Jedidiah R. Crandall. Privacy-Preserving Network Flow Recording. In the Proceedings of the DFRWS 2011 Annual Conference (DFRWS 2011). New Orleans, Louisiana. August 2011. pdf

• Mohammed I. Al-Saleh and Jedidiah R. Crandall. Application-Level Reconnaissance: Timing Channel Attacks Against Antivirus Software. In the Proceedings of the 4th USENIX Workshop on Large-Scale Exploits and Emergent Threats. (LEET 2011). Boston, Massachusetts. March 2011. pdf

• Mohammed I. Al-Saleh and Jedidiah R. Crandall. On Information Flow for Intrusion Detection: What if Accurate Full-system Dynamic Information Flow Tracking Was Possible? In the Proceedings of the New Security Paradigms Workshop (NSPW 2010). Concord, Massachusetts. September 2010. pdf

• Roya Ensafi, Jong Chun Park, Deepak Kapur, and Jedidiah R. Crandall. Idle Port Scanning and Non-interference Analysis of Network Protocol Stacks Using Model Checking. In the Proceedings of the 19th USENIX Security Symposium (USENIX Security 2010). Washington, D.C. August 2010. pdf

• Bilal Shebaro, Fernando Perez-Gonzalez, and Jedidiah R. Crandall. Leaving Timing Channel Fingerprints in Hidden Service Log Files. At the DFRWS 2010 Annual Conference (DFRWS 2010). Portland, Oregon. August 2010. pdf

• Jong Chun Park and Jedidiah R. Crandall. Empirical Study of a National-Scale Distributed Intrusion Detection System: Backbone-Level Filtering of HTML Responses in China. In the Proceedings of the 30th International Conference on Distributed Computing Systems (ICDCS 2010). Genoa, Italy. June 2010. pdf

• Mohammed I. Al-Saleh, Patrick Bridges, and Jedidiah R. Crandall. Architectural Support for Securing Sensor Networks Against Remote Attacks. In the Proceedings of the ISCA First International Conference on Sensor Networks and Applications (SNA-2009). San Francisco, CA. November 2009. pdf

• Jedidiah R. Crandall, John Brevik, Shaozhi Ye, Gary Wassermann, Daniela A.S. de Oliveira, Zhendong Su, S. Felix Wu, and Frederic T. Chong. Putting Trojans on the Horns of a Dilemma: Redundancy for Information Theft Detection. In the Special Issue on Security in Computing of the Transactions on Computational Sciences Journal (Springer LNCS), pages 244-262. pdf

• Jedidiah R. Crandall, Roya Ensafi, Stephanie Forrest, Joshua Ladau, and Bilal Shebaro. The Ecology of Malware. In the Proceedings of the New Security Paradigms Workshop (NSPW 2008). Olympic Valley, California. September 2008. pdf

• Ryan Iwahashi, Daniela Oliveira, S. Felix Wu, Jedidiah Crandall, Young-Jun Heo, Jin-Tae Oh, and Jong-Soo Jang. Toward Automatically Generating Double-Free Vulnerability Signatures Using Petri Nets. In the Proceedings of the 11th Information Security Conference (ISC 2008). Taipei, Taiwan. September 2008.

• Daniela A.S. de Oliveira, Jedidiah R. Crandall, Gary Wassermann, Shaozhi Ye, Felix Wu, Zhendong Su, and Frederic T. Chong. Bezoar: Automated Virtual Machine-based Full-System Recovery from Control-Flow Hijacking Attacks. In the Proceedings of the 2008 IEEE/IFIP Network Operations and Management Symposium (NOMS 2008). Salvador-Bahia, Brazil. April 2008. link

• Jedidiah R. Crandall, Daniel Zinn, Michael Byrd, Earl Barr, and Rich East. ConceptDoppler: A Weather Tracker for Internet Censorship. In the Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS 2007). Alexandria, Virginia. October 2007. pdf

• Jedidiah R. Crandall, Frederic T. Chong, and S. Felix Wu. Minos: Architectural Support for Protecting Control Data. Transactions on Architecture and Code Optimization (TACO). Volume 3, Issue 4 (December 2006). pdf

• Jedidiah R. Crandall, Gary Wassermann, Daniela A. S. de Oliveira, Zhendong Su, S. Felix Wu, and Frederic T. Chong. Temporal Search: Detecting Hidden Malware Timebombs with Virtual Machines. In the Proceedings of the Twelfth International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS XII). San Jose, CA. October 2006. pdf

• Daniela A. S. de Oliveira, Jedidiah R. Crandall, Gary M. Wassermann, S. Felix Wu, Zhendong Su, and Frederic T. Chong. ExecRecorder: VM-Based Full-System Replay for Attack Analysis and System Recovery. Workshop on Architectural and System Support for Improving Software Dependability (ASID). San Jose, California. October 2006. link

• Jedidiah R. Crandall, Zhendong Su, S. Felix Wu, and Frederic T. Chong. On Deriving Unknown Vulnerabilities from Zero-Day Polymorphic and Metamorphic Worm Exploits. In the proceedings of the 12th ACM Conference on Computer and Communications Security (CCS 2005). Alexandria, Virginia. November 2005. pdf

• Jedidiah R. Crandall, S. Felix Wu, and Frederic T. Chong. Experiences Using Minos as A Tool for Capturing and Analyzing Novel Worms for Unknown Vulnerabilities. GI/IEEE SIG SIDAR Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA 2005). Vienna, Austria. July 2005. Springer Lecture Notes in Computer Science. pdf, slides

• Jedidiah R. Crandall, Frederic T. Chong. Minos: Control Data Attack Prevention Orthogonal to Memory Model. In the Proceedings of the 37th International Symposium on Microarchitecture (MICRO-37). Portland, Oregon. December 2004. pdf

• Jedidiah R. Crandall and Frederic T. Chong. A Security Assessment of the Minos Architecture. Workshop on Architectural Support for Security and Anti-virus (WASSA). Boston, Massachusetts. October 2004. pdf

• John Oliver, Ravishankar Rao, Paul Sultana, Jedidiah Crandall, Erik Czernikowski, Leslie Jones IV, Diana Franklin, Venkatesh Akella, and Frederic T. Chong. Synchroscalar: A Multiple Clock Domain, Power-Aware, Tile-Based Embedded Processor. In the Proceedings of the International Symposium on Computer Architecture (ISCA 2004). Munich, Germany. June 2004. link
• Ravishankar Rao, John Oliver, Paul Sultana, Jedidiah Crandall, Erik Czernikowski, Leslie W. Jones IV, Dean Copsey, Diana Keen, Venkatesh Akella, and Frederic T. Chong. Synchroscalar: Initial Lessons in Power-Aware Design of a Tile-Based Embedded Architecture. Workshop on Power-Aware Computer Systems (PACS) in conjunction with MICRO-36. San Diego, California. December 2003. link

My dissertation