Faculty Publications - Dawn Song

Books

• M. Christodorescu, S. Jha, D. Maughan, D. Song, and C. Wang, Eds., Malware Detection, Advances in Information Security, Vol. 27, New York, NY: Springer Science+Business Media, LLC, 2007.

Book chapters or sections

• D. Brumley, C. Hartwig, Z. Liang, J. Newsome, D. Song, and H. Yin, "Automatically Identifying Trigger-Based Behavior in Malware," in Botnet Detection: Countering the Largest Security Threat, W. Lee, C. Wang, and D. Dagon, Eds., Advances in Information Security, Vol. 36, New York, NY: Springer Science+Business Media, LLC, 2007, pp. 65-88.
• M. G. Kang, J. Caballero, and D. Song, "Distributed evasive scan techniques and countermeasures," in Detection of Intrusions and Malware, and Vulnerability Assessment: Proc. 4th Intl. Conf. (DIMVA 2007), B. M. Hammerli and R. Sommer, Eds., Lecture Notes in Computer Science, Vol. 4579, Berlin, Germany: Springer-Verlag, 2007, pp. 157-174.
• D. Brumley, J. Newsome, and D. Song, "Sting: An End-to-End Self-Healing System for Defending against Internet Worms," in Malware Detection, M. Christodorescu, S. Jha, D. Maughan, D. Song, and C. Wang, Eds., Advances in Information Security, Vol. 27, New York, NY: Springer Science+Business Media, LLC, 2006, pp. 147-170.
• D. Gao, M. K. Reiter, and D. Song, "Behavioral distance for intrusion detection," in Recent Advances in Intrusion Detection: Proc. 8th Intl. Symp. (RAID 2005). Revised Papers, A. Valdez and D. Zamboni, Eds., Lecture Notes on Computer Science, Vol. 3858, Berlin, Germany: Springer-Verlag, 2006, pp. 63-81.
• J. Newsome, B. Karp, and D. Song, "Paragraph: Thwarting signature learning by training maliciously," in Recent Advances in Intrusion Detection: Proc. 9th Intl. Symp. (RAID 2006), D. Zamboni and C. Kruegel, Eds., Lecture Notes in Computer Science, Vol. 4219, Berlin, Germany: Springer-Verlag, 2006, pp. 81-105.
• D. Gao, M. K. Reiter, and D. Song, "Behavioral distance measurement using hidden Markov models," in Recent Advances in Intrusion Detection: Proc. 9th Intl. Symp. (RAID 2006), D. Zamboni and C. Kruegel, Eds., Lecture Notes in Computer Science, Vol. 4219, Berlin, Germany: Springer-Verlag, 2006, pp. 19-40.
• L. Kissner and D. Song, "Privacy-preserving set operations," in Advances in Cryptology: Proc. 25th Annual Intl. Cryptology Conf. (CRYPTO 2005), V. Shoup, Ed., Lecture Notes in Computer Science, Vol. 3621, Berlin, Germany: Springer-Verlag, 2005, pp. 241-257.
• A. Blum, D. Song, and S. Venkataraman, "Detection of interactive stepping stones: Algorithms and confidence bounds," in Recent Advances in Intrusion Detection: Proc. 7th Intl. Symp. (RAID 2004), E. Jonsson, A. Valdes, and M. Almgren, Eds., Lecture Notes in Computer Science, Vol. 3224, Berlin, Germany: Springer-Verlag, 2004, pp. 258-277.
• L. Kissner, A. Oprea, M. K. Reiter, D. Song, and K. Yang, "Private keyword-based push and pull with applications to anonymous communication (Extended Abstract)," in pplied Cryptography and Network Security: Proc. 2nd Intl. Conf. (ACNS 2004), M. Jakobsson, M. Yung, and J. Zhou, Eds., Lecture Notes in Computer Science, Vol. 3089, Berlin, German y: Springer-Verlag, 2004, pp. 16-30.
• G. Ateniese, D. Song, and G. Tsudik, "Quasi-efficient revocation of group signatures," in Financial Cryptography: Proc. 6th Intl. Conf. (FC 2002). Revised Papers, M. Blaze, Ed., Lecture Notes in Computer Science, Vol. 2357, Berlin, Germany: Springer-Verlag, 2003, pp. 183-197.
• R. Johnson, D. Molnar, D. Song, and D. Wagner, "Homomorphic signature schemes," in Topics in Cryptography: The Cryptographer's Track at the RSA Conf. (CT-RSA 2002), B. Preneel, Ed., Lecture Notes in Computer Science, Vol. 2271, Berlin, Germany: Springer-Verlag, 2002, pp. 244-262.
• D. Song, A. Perrig, and D. Phan, "AGVI - Automatic Generation, Verification, and Implementation of security protocols," in Computer Aided Verification: Proc. 13th Intl. Conf. (CAV 2001), G. Berry, H. Comon, and A. Finkel, Eds., Lecture Notes in Computer Science, Vol. 2102, Berlin, Germany: Springer-Verlag, 2001, pp. 241-245.

Articles in journals or magazines

• A. Barth, B. I. P. Rubinstein, M. Sundararajan, J. C. Mitchell, D. Song, and P. Bartlett, "A Learning-Based Approach to Reactive Security.," IEEE Transactions on Dependable and Secure Computing, vol. 9, no. 4, pp. 482-493, July 2012.
• J. Caballero and D. Song, "Automatic Protocol Reverse-Engineering: Message Format Extraction and Field Semantics Inference.," Computer Networks, June 2012.
• D. Babisa, D. Reynaud, and D. Song, "Recognizing malicious software behaviors with tree automata inference," Formal Methods in System Design, vol. 40, pp. 1-22, April 2012.
• Z. Gong, N. Matzke, B. Ermentrout, D. Song, J. E. Vendetti, M. Slatkin, and G. Oster, "The evolution of patterns on Conus shells," Proceedings of the National Academy of Sciences (PNAS), vol. 109, no. 5, Jan. 2012.
• D. Song, E. Shi, I. Fischer, and U. Shankar, "Cloud Data Protection for the Masses," Computer, vol. 45, pp. 39-45, Jan. 2012.
• G. Atenisesef, R. Burns, R. Curtmola, J. Herring, O. Khan, L. Kissner, Z. Peterson, and D. Song, "Remote Data Checking Using Provable Data Possession," ACM Transactions on Information and System Security (TISSEC), vol. 14, no. 1, May 2011.
• H. Chan, H. Hsiao, A. Perrig, and D. Song, "Secure Distributed Data Aggregation," Foundations and Trends in Databases, vol. 3, no. 3, pp. 149-201, March 2011.
• D. Zhu, J. Jung, D. Song, T. Kohno, and D. Wetherall, "TaintEraser: protecting sensitive data leaks using application-level taint tracking," SIGOPS Oper. Syst. Rev., vol. 45, no. 1, pp. 142--154, Feb. 2011.
• D. Gao, M. K. Reiter, and D. Song, "Beyond output voting: Detecting compromised replicas using HMM-based behavioral distance," IEEE Transactions on Dependable and Secure Computing, pp. 96--110, April 2009.
• J. Bethencourt, D. Song, and B. Waters, "New techniques for private stream searching," ACM Transactions on Information and System Security (TISSEC), vol. 12, no. 3, pp. 16, Jan. 2009.
• J. Tucek, J. Newsome, S. Lu, C. Huang, S. Xanthos, D. Brumley, Y. Zhou, and D. Song, "Sweeper: A lightweight end-to-end system for defending against fast worms," ACM SIGOPS Operating Systems Review, vol. 41, no. 3, pp. 115-128, June 2007.
• H. Chen, A. Perrig, B. Przydatek, and D. Song, "SIA: Secure Information Aggregation in sensor networks," J. Computer Security: Special Issue on Security of Ad Hoc and Sensor Networks, vol. 15, no. 1, pp. 69-102, Jan. 2007.
• A. Yaar, A. Perrig, and D. Song, "StackPi: New packet marking and filtering mechanisms for DDoS and IP spoofing defense," IEEE J. Selected Areas in Communications, vol. 24, no. 10, pp. 1853-1863, Oct. 2006.
• A. Perrig, R. Canetti, D. Tygar, and D. Song, "The TESLA broadcast authentication protocol," RSA Cryptobytes, vol. 5, no. 2, pp. 2-13, 2002.
• D. Song, S. Berezin, and A. Perrig, "Athena: A novel approach to efficient automatic security protocol analysis," J. Computer Security, vol. 9, no. 1/2, pp. 47-74, Jan. 2001.

Articles in conference proceedings

• T. H. Chan, E. Shi, and D. Song, "Optimal Lower Bound for Differentially Private Multi-Party Aggregation," in Proceedings of the European Symposium on Algorithms, 2012.
• N. Z. Gong, A. Talkwakar, L. Huang, E. C. R. Shin, E. Stefanov, E. Shi, and D. Song, "Jointly Predicting Links and Inferring Attributes using a Social-Attribute Network (SAN)," in Proceedings of The 6th Social Network Mining and Analysis Workshop, 2012.
• D. Akhawe, P. Saxena, and D. Song, "Privilege Separation in HTML5 Applications," in Proceedings of 21st USENIX Security Symposium, 2012.
• M. Tiwari, P. Mohan, A. Osheroff, H. Alkaff, E. Love, E. Shi, D. Song, and K. Asanovic, "Context-centric Security," in Proceedings of the 7th USENIX Workshop on Hot Topics in Security, HotSec'12, Usenix, 2012.
• S. Hanna, L. Huang, E. Wu, S. Li, C. Chen, and D. Song, "Juxtapp: A Scalable System for Detecting Code Reuse Among Android Applications.," in Proceedings of the 9th Conference on Detection of Intrusions and Malware & Vulnerability Assessment, 2012.
• R. Biedert, M. Frank, I. Martinovic, and D. Song, "Stimuli for Gaze Based Intrusion Detection," in Proceedings of the 6th International Symposium on Digital Forensics and Information Security, 2012.
• G. Maganis, E. Shi, H. Chen, and D. Song, "Opaak: Using Mobile Phones to Limit Anonymous Identities Online," in Proceedings 10th International Conference on Mobile Systems, Applications and Services, 2012.
• L. Martignoni, P. Poosankam, M. Zaharia, J. Han, S. McCamant, D. Song, V. Paxson, A. Perrig, S. Shenker, and I. Stoica, "Cloud Terminal: Secure Access to Sensitive Applications from Untrusted Systems.," in Proceedings of USENIX Annual Technical Conference, 2012.
• E. Stefanov, E. Shi, and D. Song, "Policy-Enhanced Private Set Intersection: Sharing Information While Enforcing Privacy Policies," in Proceedings of the PKC 2012 The 15th IACR International Conference on Practice and Theory of Public-Key Cryptography, PKC 2012, Springer, 2012, pp. 413-430.
• P. Mohan, A. Thakurta, E. Shi, D. Song, and D. E. Culler, "GUPT: privacy preserving data analysis made easy," in Proceedings of the 2012 ACM SIGMOD International Conference on Management of Data, SIGMOD '12, New York, NY, USA: ACM, 2012, pp. 349--360.
• A. Narayanan, H. Spassimirov Paskov, Z. Gong, J. Bethencourt, E. C. R. Shin, E. Stefanov, and D. Song, "On the Feasibility of Internet-Scale Author Identification," in Proceedings of the IEEE Symposium on Security & Privacy, 2012.
• L. Martignoni,, S. McCamant, P. Poosankam, D. Song, and P. Maniatis, "Path-Exploration Lifting: Hi-Fi Tests for Lo-Fi Emulators," in Proceedings of Seventeenth International Conference on Architectural Support for Programming Languages and Operating Systems, 2012, pp. 337-348.
• D. Reynaud, D. Song, T. Magrino, E. Wu, and R. Shin, "FreeMarket: Shopping for free in Android applications," in Proceedings of the 19th Annual Network & Distributed System Security Symposium, 2012.
• E. Stefanov, E. Shi, and D. Song, "Towards Practical Oblivious RAM," in Proceedings of the 19th Annual Network & Distributed System Security Symposium, 2012.
• A. P. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner, "Android permissions demystified," in Proceedings of the 18th ACM conference on Computer and Communications Security, 2011, pp. 627-638.
• M. Samuel, P. Saxena, and D. Song, "Context-sensitive auto-sanitization in web templating languages using type qualifiers," in Proceedings of the 18th ACM conference on Computer and Communications Security, 2011, pp. 587-600.
• J. Weinberger, P. Saxena, D. Akhawe, M. Finifter, R. Shin, and D. Song, "A Systematic Analysis of XSS Sanitization in Web Application Frameworks," in Proceedings of the 16th European Symposium on Research in Computer Security, 2011.
• C. Y. Cho, D. Babi\'c, P. Poosankam, K. Z. Chen, E. X. Wu, and D. Song, "citeKey, {MACE}: Model-inference-Assisted Concolic Exploration for Protocol and Vulnerability Discovery," in Proceedings of the 20th USENIX Security Symposium, 2011.
• C. Y. Cho, D. Babi\'c, P. Poosankam, K. Z. Chen, E. X. Wu, and D. Song, "MACE: Model-inference-Assisted Concolic Exploration for Protocol and Vulnerability Discovery," in Proceedings of the 20th USENIX Security Symposium, 2011.
• J. Weinberger, A. Barth, and D. Song, "Towards client-side HTML security policies," in Proceedings of the 6th USENIX conference on Hot topics in security, HotSec'11, Berkeley, CA, USA: USENIX Association, 2011, pp. 8--8.
• C. Y. Cho, D. Babi\'{c}, P. Poosankam, K. Z. Chen, E. X. Wu, and D. Song, "MACE: model-inference-assisted concolic exploration for protocol and vulnerability discovery," in Proceedings of the 20th USENIX conference on Security, SEC'11, Berkeley, CA, USA: USENIX Association, 2011.
• S. Hanna, R. Rolles, A. Molina-Markham, P. Poosankam, K. Fu, and D. Song, "Take two software updates and see me in the morning: The case for software security evaluations of medical devices," in Proceedings of the USENIX Health Security (HealthSec), 2011.
• K. Thomas, C. Grier, D. Song, and V. Paxson, "Suspended accounts in retrospect: an analysis of Twitter spam," in Proceedings of the ACM Conference on Internet Measurement Conference, 2011, pp. 243-258.
• D. citeKey Babi\'{c}, D. Reynaud, and D. Song, "Malware analysis with tree automata inference," in Proceedings of the 23rd international conference on Computer aided verification, CAV'11, Berlin, Heidelberg: Springer-Verlag, 2011, pp. 116--131.
• D. citeKey Babi\'{c}, L. Martignoni, S. McCamant, and D. Song, "Statically-directed dynamic automated test generation," in Proceedings of the 2011 International Symposium on Software Testing and Analysis, ISSTA '11, New York, NY, USA: ACM, 2011, pp. 12--22.
• P. Maniatis, D. Akhawe, K. Fall, E. Shi, S. McCamant, and D. Song, "Do you know where your data are?: secure data capsules for deployable data protection," in Proceedings of the 13th USENIX conference on Hot topics in operating systems, HotOS'13, Berkeley, CA, USA: USENIX Association, 2011, pp. 22--22.
• N. Johnson, J. Caballero, K. Z. Chen, S. McCamant, P. Poosankam, D. Reynaud, and D. Song, "Differential Slicing: Identifying Causal Execution Differences for Security Applications," in Proceedings of the 32nd IEEE Symposium on Security and Privacy, 2011.
• E. Shi, T. H. Chan, E. Rieffel, R. Chow, and D. Song, "Privacy-Preserving Aggregation of Time-Series Data," in Proceedings of 18th Annual Network and Distributed System Security Symposium, 2011. [abstract]
• M. G. Kang, S. McCamant, P. Poosankam, and D. Song, "DTA++: Dynamic Taint Analysis with Targeted Control-Flow Propagation," in Proceedings of the 18th Annual Network and Distributed System Security Symposium, 2011.
• C. Y. Cho, D. Babi\'c, R. Shin, and D. Song, "Inference and Analysis of Formal Models of Botnet Command and Control Protocols," in Proceedings of the 17th ACM Conference on Computer and Communication Security, 2010.
• J. Caballero, P. Poosankam, S. McCamant, D. Babi \'{c}, and D. Song, "Input generation via decomposition and re-stitching: finding bugs in Malware," in Proceedings of the 17th ACM conference on Computer and communications security, CCS '10, New York, NY, USA: ACM, 2010, pp. 413--425.
• C. Y. Cho, D. Babi \'{c}, E. C. R. Shin, and D. Song, "Inference and analysis of formal models of botnet command and control protocols," in Proceedings of the 17th ACM conference on Computer and communications security, CCS '10, New York, NY, USA: ACM, 2010, pp. 426--439.
• T. H. Chan, E. Shi, and D. Song, "Private and Continual Release of Statistics.," in Proceedings of the 37th international colloquium conference on Automata, languages and programming: Part II, ICALP'10, Berlin, Heidelberg: Springer-Verlag, 2010, pp. 405--417.
• H. Yin, P. Poosankam, S. Hanna, and D. Song, "HookScout: Proactive Binary-Centric Hook Detection.," in Seventh Conference on Detection of Intrusions and Malware & Vulnerability Assessment.( DIMVA 2010), 2010.
• D. Akhawe, A. Barth, P. Lam, J. C. Mitchell, and D. Song, "Towards a Formal Foundation of Web Security," in Proceedings of the Computer Security Foundations Symposium (CSF 2010), 2010.
• S. Hanna, R. Shin, D. Akhawe, A. Boehm, and D. Song, "The Emperor's New API: On the (In)Secure Usage of New Client Side Primitives," in W2SP 2010: WEB 2.0 SECURITY AND PRIVACY 2010, 2010.
• P. Saxena, D. Akhawe, S. Hanna, F. Mao, S. McCamant, and D. Song, "A symbolic execution framework for javascript," in Proceedings of the IEEE Symposium on Security and Privacy, 2010.
• C. Y. Cho, C. Juan, G. Chris, V. Paxson, and D. Song, "Insights from the Inside: A View of Botnet Management from Infiltration," in 3rd USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET), 2010.
• J. Caballero, N. Johnson, S. McCamant, and D. Song, "Binary code extraction and interface identification for security applications.," in 17th Annual Network and Distributed Systems Symposium (NDSS 2010), 2010.
• P. Saxena, S. Hanna, P. Poosankam, and D. Song, "FLAX: Systematic discovery of client-side validation vulnerabilities in rich web applications," in 17th Annual Network & Distributed System Security Symposium,(NDSS), 2010.
• J. Bethencourt, E. Shi, and D. Song, "Signatures of Reputation: Towards Trust Without Identity.," in Financial Cryptography and Data Security '10. Fourteenth International Conference, 2010.
• A. Barth, B. I. P. Rubinstein, M. Sundararajan, J. C. Mitchell, D. Song, and P. Bartlett, "A Learning-Based Approach to Reactive Security," in Financial Cryptography and Data Security '10. Fourteenth International Conference, 2010.
• S. Venkataraman, A. Blum, D. Song, S. Sen, and O. Spatscheck, "Tracking Dynamic Sources of Malicious Activity at Internet Scale," in Advances in Neural Information Processing Systems (NIPS 2009), 2009.
• M. G. Kang, H. Yin, S. McCamant, and D. Song, "Emulating Emulation-Resistant Malware.," in Proceedings of the 2nd Workshop on Virtual Machine Security, 2009.
• J. Caballero, P. Poosankam, C. Kreibich, and D. Song, "Dispatcher: Enabling Active Botnet Infiltration using Automatic Protocol Reverse-Engineering," in Proceedings of the 16th ACM Conference on Computer and Communication Security, 2009.
• J. Caballero, Z. Liang, P. Poosankam, and D. Song, "Towards Generating High Coverage Vulnerability-Based Signatures with Protocol-Level Constraint-Guided Exploration.," in Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection, September 2009, 2009.
• A. Barth, J. Weinberger, and D. Song, "Cross-Origin JavaScript Capability Leaks: Detection, Exploitation, and Defense.," in Proceedings of USENIX Security Symposium, August 2009., 2009.
• P. Saxena, P. Poosankam, S. McCamant, and D. Song, "Loop-Extended Symbolic Execution on Binary Programs.," in Proceedings of the ACM/SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), July 2009., 2009.
• J. Newsome, S. McCamant, and D. Song, "Measuring Channel Capacity to Distinguish Undue Influence.," in Proceedings of the Fourth ACM SIGPLAN Workshop on Programming Languages and Analysis for Security (PLAS), June 2009, 2009.
• A. Barth, J. Caballero, and D. Song, "Secure Content Sniffing for Web Browsers or How to Stop Papers from Reviewing Themselves.," in Proceedings of the IEEE Symposium on Security and Privacy, May 2009., 2009.
• Y. Nadji, P. Saxena, and D. Song, "Document structure integrity: A robust basis for cross-site scripting defense.," in Proceedings of the Network and Distributed System Security Symposium, 2009.
• D. Gao, M. K. Reiter, and D. Song, "BinHunt: Automatically Finding Semantic Differences in Binary Programs.," in Proceedings of the 4th International Conference on Information Systems Security, December 2008., L. Chen, M. D. Ryan, and G. Wang, Eds., 2008.
• D. Song, D. Brumley, H. Yin, J. Caballero, I. Jager, M. Gyung Kang, Z. Liang, J. Newsome, P. Poosankam, and P. Saxena, "BitBlaze: A New Approach to Computer Security via Binary Analysis," in Proceedings of the 4th International Conference on Information Systems Security, 2008.
• D. Brumley, P. Poosankam, D. Song, and J. Zheng, "Automatic patch-based exploit generation is possible: Techniques and implications," in Proc. 2008 IEEE Symp. on Security and Privacy (S&P'08), Los Alamitos, CA: IEEE Computer Society, 2008, pp. 143-157.
• S. Venkataraman, A. Blum, and D. Song, "Limits of learning-based signature generation with adversaries," in Proc. 15th Annual Network and Distributed System Security Symp. (NDSS '08), Reston, VA: Internet Society, 2008, pp. 16 pg.
• H. Yin, Z. Liang, and D. Song, "HookFinder: Identifying and understanding malware hooking behaviors," in Proc. 15th Annual Network and Distributed System Security Symp. (NDSS '08), Reston, VA: Internet Society, 2008, pp. 16 pg.
• J. Caballero, T. Kampouris, D. Song, and J. Wang, "Would diversity really increase the robustness of the routing infrastructure against software defects?," in Proc. 15th Annual Network and Distributed System Security Symp. (NDSS '08), Reston, VA: Internet Society, 2008, pp. 15 pg.
• J. Bethencourt, D. Song, and B. Waters, "Analysis-resistant malware," in Proc. 15th Annual Network and Distributed System Security Symp. (NDSS '08), Reston, VA: Internet Society, 2008, pp. 13 pg.
• G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner, Z. Peterson, and D. Song, "Provable data possession at untrusted stores," in Proc. 14th ACM Conf. on Computer and Communications Security (CCS '07), P. Ning, Ed., New York, NY: The Association for Computing Machinery, Inc., 2007, pp. 598-609.
• J. Caballero, H. Yin, Z. Liang, and D. Song, "Polyglot: Automatic extraction of protocol message format using dynamic binary analysis," in Proc. 14th ACM Conf. on Computer and Communications Security (CCS '07), P. Ning, S. De Capitani di Vimercati, and P. Syverson, Eds., New York, NY: The Association for Computing Machinery, Inc., 2007, pp. 317-329.
• H. Yin, D. Song, M. Egele, C. Kruegel, and E. Kirda, "Panorama: Capturing system-wide information flow for malware detection and analysis," in Proc. 14th ACM Conf. on Computer and Communications Security (CCS '07), P. Ning, S. De Capitani di Vimercati, and P. F. Syverson, Eds., New York, NY: The Association for Computing Machinery, Inc., 2007, pp. 116-127.
• S. Venkataraman, S. Sen, O. Spatscheck, P. Haffner, and D. Song, "Exploiting network structure for proactive spam mitigation," in 16th USENIX Security Symp., Berkeley, CA: USENIX Association, 2007, pp. 149-166.
• D. Brumley, J. Caballero, Z. Liang, J. Newsome, and D. Song, "Towards automatic discovery of deviations in binary implementations with applications to error detection and fingerprint generation (Best Paper Award)," in Proc. 16th USENIX Security Symp. (Security '07), Berkeley, CA: USENIX Association, 2007, pp. 213-228.
• D. Brumley, H. Wang, S. Jha, and D. Song, "Creating vulnerability signatures using weakest preconditions," in Proc. 20th IEEE Computer Security Foundations Symp. (CSF '07), Los Alamitos, CA: IEEE Computer Society, 2007, pp. 311-325.
• M. Egele, C. Kruegel, E. Kirda, H. Yin, and D. Song, "Dynamic spyware analysis," in 2007 USENIX Annual Technical Conf. (USENIX '07), Berkeley, CA: USENIX Association, 2007, pp. 233-246.
• E. Shi, J. Bethencourt, T. H. Chan, D. Song, and A. Perrig, "Multi-dimensional range query over encrypted data," in Proc. 2007 IEEE Symp. on Security and Privacy (S&P '07), Los Alamitos, CA: IEEE Computer Society, 2007, pp. 350-364.
• J. Tucek, J. Newsome, S. Lu, C. Huang, S. Xanthos, D. Brumley, Y. Zhou, and D. Song, "Sweeper: A lightweight end-to-end system for defending against fast worms," in Proc. 2nd European Conf. on Computer Systems (EuroSys '07), New York, NY: The Association for Computing Machinery, Inc., 2007, pp. 115-128.
• D. Brumley, T. Chiueh, R. Johnson, H. Lin, and D. Song, "RICH: Automatically protecting against integer-based vulnerabilities," in Proc. 14th Annual Network & Distributed System Security Symp. (NDSS '07), Reston, VA: Internet Society, 2007, pp. 13 pg.
• S. Venkataraman, J. Caballero, P. Poosankam, M. G. Kang, and D. Song, "FiG: Automatic FIngerprint Generation," in Proc. 14th Annual Network & Distributed System Security Symp. (NDSS '07), Reston, VA: Internet Society, 2007, pp. 16 pg.
• S. Venkataraman, J. Caballero, D. Song, A. Blum, and J. Yates, "Black box anomaly detection: Is it Utopian?," in Proc. 5th Workshop on Hot Topics in Networks (HotNets-V), New York, NY: The Association for Computing Machinery, Inc., 2006, pp. 127-132.
• J. Newsome, D. Brumley, J. Franklin, and D. Song, "Replayer: Automatic protocol replay by binary analysis," in Proc. 13th ACM Conf. on Computer and Communications Security (CCS '06), A. Juels, R. N. Wright, and S. De Capitani di Vimercati, Eds., New York, NY: The Association for Computing Machinery, Inc., 2006, pp. 311-321.
• H. Chan, A. Perrig, and D. Song, "Secure hierarchical in-network aggregation in sensor networks," in Proc. 13th ACM Conf. on Computer and Communications Security (CCS '06), A. Juels, R. N. Wright, and S. De Capitani di Vimercati, Eds., New York, NY: The Association for Computing Machinery, Inc., 2006, pp. 278-287.
• D. Brumley and D. Song, "Towards attack-agnostic defenses," in Proc. 1st USENIX Workshop on Hot Topics in Security (HotSec '06), Berkeley, CA: USENIX Association, 2006, pp. 57-62.
• D. Brumley, J. Newsome, D. Song, H. Wang, and S. Jha, "Towards automatic generation of vulnerability-based signatures," in Proc. 2006 IEEE Symp. on Security and Privacy (S&P '06), Los Alamitos, CA: IEEE Computer Society, 2006, pp. 2-16.
• J. Bethencourt, D. Song, and B. Waters, "New constructions and practical applications for private stream searching (Extended Abstract)," in Proc. 2006 IEEE Symp. on Security and Privacy (S&P '06), Los Alamitos, CA: IEEE Computer Society, 2006, pp. 132-139.
• D. Brumley, L. H. Liu, P. Poosankam, and D. Song, "Design space and analysis of worm defense strategies," in Proc. 2006 ACM Symp. on Information, Computer and Communications Security (ASIACCS '06), F. C. Lin, D. T. Lee, B. S. Lin, S. Shieh, and S. Jajodia, Eds., New York, NY: The Association for Computing Machinery, Inc., 2006, pp. 125-137.
• J. Newsome, D. Brumley, and D. Song, "Vulnerability-specific execution filtering for exploit prevention on commodity software," in Proc. 13th Annual Network and Distributed Systems Security Symp. (NDSS '06), Reston, VA: Internet Society, 2006, pp. 14 pp..
• M. Christodorescu, S. Jha, S. A. Seshia, D. Song, and R. E. Bryant, "Semantics-aware malware detection," in Proc. 2005 IEEE Symp. on Security and Privacy (S&P '05), Los Alamitos, CA: IEEE Computer Society, 2005, pp. 32-46.
• M. Christodorescu, S. Jha, S. Seshia, D. Song, and R. E. Bryant, "Semantics-aware malware detection," in Proc. 2005 IEEE Symp. on Security and Privacy (S&P '05), Los Alamitos, CA: IEEE Computer Society, 2005, pp. 32-46.
• J. Newsome, B. Karp, and D. Song, "Polygraph: Automatically generating signatures for polymorphic worms," in Proc. 2005 IEEE Symp. on Security and Privacy (S&P '05), Los Alamitos, CA: IEEE Computer Society, 2005, pp. 226-241.
• A. Yaar, A. Perrig, and D. Song, "FIT: Fast Internet Traceback," in Proc. 24th Annual Joint Conf. of the IEEE Computer and Communications Societies (INFOCOM 2005), K. Makki and E. Knightly, Eds., Vol. 2, Piscataway, NJ: IEEE Press, 2005, pp. 1395-1406.
• J. Newsome and D. Song, "Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software," in Proc. 12th Annual Network and Distributed System Security Symp. (NDSS '05), Reston, VA: Internet Society, 2005, pp. 18 pp..
• S. Venkataraman, D. Song, P. B. Gibbons, and A. Blum, "New streaming algorithms for fast detection of superspreaders," in Proc. 12th Annual Network and Distributed System Security Symp. (NDSS '05), Reston, VA: Internet Society, 2005, pp. 18 pg.
• D. Gao, M. K. Reiter, and D. Song, "Gray-box extraction of execution graphs for anomaly detection," in Proc. 11th ACM Conf. on computer and Communications Security (CCS '04), New York, NY: The Association for Computing Machinery, Inc., 2004, pp. 318-329.
• D. Gao, M. K. Reiter, and D. Song, "On gray-box program tracking for anomaly detection," in Proc. 13th USENIX Security Symp., Berkeley, CA: USENIX Association, 2004, pp. 103-118.
• D. Brumley and D. Song, "Privtrans: Automatically partitioning programs for privilege separation," in Proc. 13th USENIX Security Symp., Vol. 13, Berkeley, CA: USENIX Association, 2004, pp. 57-71.
• C. Wong, C. Wang, D. Song, S. Bielski, and G. R. Ganger, "Dynamic quarantine of Internet worms," in Proc. 2004 IEEE Intl. Conf. on Dependable Systems and Networks (DSN 2004), Los Alamitos, CA: IEEE Computer Society, 2004, pp. 73-82.
• A. Yaar, A. Perrig, and D. Song, "SIFF: A Stateless Internet Flow Filter to mitigate DDoS flooding attacks," in Proc. 2004 IEEE Symp. on Security and Privacy (SP '04), Los Alamitos, CA: IEEE Computer Society, 2004, pp. 130-143.
• J. Newsome, E. Shi, D. Song, and A. Perrig, "The Sybil attack in sensor networks: Analysis & defenses," in Proc. 3rd Intl. Symp. on Information Processing in Sensor Networks (IPSN 2004), New York, NY: The Association for Computing Machinery, Inc., 2004, pp. 259-268.
• J. Newsome and D. Song, "GEM: Graph EMbedding for routing and data-centric storage in sensor networks without geographic information," in Proc. 1st Intl. Conf. on Embedded Networked Sensor Systems (SynSys '03), New York, NY: The Association for Computing Machinery, Inc., 2003, pp. 76-88.
• B. Przydatek, D. Song, and A. Perrig, "SIA: Secure Information Aggregation in sensor networks," in Proc. 1st Intl. Conf. on Embedded Networked Sensor Systems, New York, NY: The Association for Computing Machinery, Inc., 2003, pp. 255-265.
• A. Yaar, A. Perrig, and D. Song, "Pi: A path identification mechanism to defend against DDoS attacks," in Proc. 2003 IEEE Symp. on Security and Privacy (S&P '03), Los Alamitos, CA: IEEE Computer Society, 2003, pp. 93-107.
• H. Chan, A. Perrig, and D. Song, "Random key predistribution schemes for sensor networks," in Proc. 2003 Symp. on Security and Privacy (SP '03), Los Alamitos,CA: IEEE Computer Society, 2003, pp. 197-213.
• S. Crosby, I. Goldberg, R. Johnson, D. Song, and D. Wagner, "A cryptanalysis of the High-Bandwidth Digital Content Protection system," in Security and Privacy in Digital Right Management: Proc. 2001 Workshop on Security and Privacy in Digital Rights Management. Revised Papers, T. Sander, Ed., Lecture Notes in Computer Science, Vol. 2320, Berlin, Germany: Springer-Verlag, 2002, pp. 159-182.
• D. Song, D. Zuckerman, and D. Tygar, "Expander graphs for digital stream authentication and robust overlay networks," in Proc. 2002 IEEE Symp. on Security and Privacy (SP '02), Los Alamitos, CA: IEEE Computer Society, 2002, pp. 258-270.
• D. Song, "Practical forward secure group signature schemes," in Proc. 8th ACM Conf. on Computer and Communications Security (CCS '01), P. Samarati, Ed., New York, NY: The Association for Computing Machinery, Inc., 2001, pp. 225-234.
• D. Song, D. Wagner, and X. Tian, "Timing analysis of keystrokes and timing attacks on SSH," in Proc. 10th USENIX Security Symp., Berkeley, CA: USENIX Association, 2001, pp. 16 pg.
• A. Perrig, D. Song, and D. Tygar, "ELK, a new protocol for Efficient Large-group Key distribution," in Proc. 2001 IEEE Symp. on Security and Privacy (SP '01), Los Alamitos, CA: IEEE Computer Society, 2001, pp. 247-262.
• A. Perrig, S. Smith, D. Song, and D. Tygar, "SAM: A flexible and secure auction architecture using trusted hardware," in Proc. 15th Intl. Parallel and Distributed Processing Symp. (IPDPS 2001), Los Alamitos, CA: IEEE Computer Society, 2001, pp. 1764-1773.
• D. Song and A. Perrig, "Advanced and authenticated marking schemes for IP traceback," in Proc. 20th Annual Joint Conf. of the IEEE Computer and Communications Societies (INFOCOM 2001), Vol. 2, Piscataway, NJ: IEEE Press, 2001, pp. 878-886.
• A. Perrig, R. Canetti, D. Song, and D. Tygar, "Efficient and secure source authentication for multicast," in Proc. 8th Annual Symp. on Network and Distributed System Security (NDSS '01), Reston, VA: Internet Society, 2001, pp. 12 pg.
• A. Perrig and D. Song, "Looking for diamonds in the desert -- Extending automatic protocol generation to three-party authentication and key agreement protocols," in Proc. 13th IEEE Workshop on Computer Security Foundations (CSFW-13), Los Alamitos, CA: IEEE Computer Society, 2000, pp. 64-76.
• D. Song, D. Wagner, and A. Perrig, "Practical techniques for searches on encrypted data," in Proc. 2000 IEEE Symp. on Security and Privacy (SP '00), Los Alamitos, CA: IEEE Computer Society, 2000, pp. 44-55.
• A. Perrig, R. Canetti, D. Tygar, and D. Song, "Efficient authentication and signing of multicast streams over lossy channels," in Proc. 2000 IEEE Symp. on Security and Privacy (SP '00), Los Alamitos, CA: IEEE Computer Society, 2000, pp. 56-73.
• A. Perrig and D. Song, "A first step towards the automatic generation of security protocols," in Proc. 2000 Symp. on Network and Distributed System Security (NDSS '00), Reston, VA: Internet Society, 2000, pp. 11 pg.
• A. Perrig and D. Song, "On a first step to the automatic generation of security protocols," in Proc. 7th Annual Network and Distributed System Security Symp. (NDSS '00), Vol. I, Reston, VA: Internet Society, 2000, pp. 73-83.
• A. Perrig and D. Song, "Hash visualization: A new technique to improve real-world security," in Proc. Intl. (CrypTEC '99), M. Blum and C. H. Lee, Eds., Hong Kong: City University of Hong Kong Press, 1999, pp. 8 pg.
• D. Song, "Athena: A new efficient automatic checker for security protocol analysis," in Proc. 12th IEEE Computer Society Foundations Workshop (CSFW-12), Los Alamitos, CA: IEEE Computer Society, 1999, pp. 192-202.

Technical Reports

• D. Akhawe, F. Li, W. He, P. Saxena, and D. Song, "Data-Confined HTML5 Applications," EECS Department, University of California, Berkeley, Tech. Rep. UCB/EECS-2013-20, March 2013.
• D. Babic, M. Botincan, and D. Song, "Symbolic Grey-Box Learning of Input-Output Relations," EECS Department, University of California, Berkeley, Tech. Rep. UCB/EECS-2012-59, May 2012. [abstract]
• M. Zaharia, S. Katti, C. Grier, V. Paxson, S. Shenker, I. Stoica, and D. Song, "Hypervisors as a Foothold for Personal Computer Security: An Agenda for the Research Community," EECS Department, University of California, Berkeley, Tech. Rep. UCB/EECS-2012-12, Jan. 2012. [abstract]
• A. Barth, S. Li, B. I. P. Rubinstein, and D. Song, "How Open Should Open Source Be?," EECS Department, University of California, Berkeley, Tech. Rep. UCB/EECS-2011-98, Aug. 2011. [abstract]
• J. Weinberger, P. Saxena, D. Akhawe, M. Finifter, R. Shin, and D. Song, "An Empirical Analysis of XSS Sanitization in Web Application Frameworks," EECS Department, University of California, Berkeley, Tech. Rep. UCB/EECS-2011-11, Feb. 2011. [abstract]
• P. Saxena, D. Akhawe, S. Hanna, F. Mao, S. McCamant, and D. Song, "A Symbolic Execution Framework for JavaScript," EECS Department, University of California, Berkeley, Tech. Rep. UCB/EECS-2010-26, March 2010. [abstract]
• H. Yin and D. Song, "TEMU: Binary Code Analysis via Whole-System Layered Annotative Execution," EECS Department, University of California, Berkeley, Tech. Rep. UCB/EECS-2010-3, Jan. 2010. [abstract]
• Y. Zhu, J. Jung, D. Song, T. Kohno, and D. Wetherall, "Privacy Scope: A Precise Information Flow Tracking System For Finding Application Leaks," EECS Department, University of California, Berkeley, Tech. Rep. UCB/EECS-2009-145, Oct. 2009. [abstract]
• J. Caballero, N. M. Johnson, S. McCamant, and D. Song, "Binary Code Extraction and Interface Identification for Security Applications," EECS Department, University of California, Berkeley, Tech. Rep. UCB/EECS-2009-133, Oct. 2009. [abstract]
• M. G. Kang, H. Yin, S. Hanna, S. McCamant, and D. Song, "Emulating Emulation-Resistant Malware," EECS Department, University of California, Berkeley, Tech. Rep. UCB/EECS-2009-58, May 2009. [abstract]
• J. Newsome, S. McCamant, and D. Song, "Measuring Channel Capacity to Distinguish Undue Influence," EECS Department, University of California, Berkeley, Tech. Rep. UCB/EECS-2009-47, April 2009. [abstract]
• P. Saxena, P. Poosankam, S. McCamant, and D. Song, "Loop-Extended Symbolic Execution on Binary Programs," EECS Department, University of California, Berkeley, Tech. Rep. UCB/EECS-2009-34, March 2009. [abstract]
• D. Brumley, Z. Liang, J. Newsome, and D. Song, "Towards Practical Automatic Generation of Multipath Vulnerability Signatures," Carnegie Mellon University, School of Computer Science, Tech. Rep. CMU-CS-07-150, April 2007.
• J. Bethencourt, T. H. Chan, A. Perrig, E. Shi, and D. Song, "Anonymous Multi-Attributed Encryption with Range Query and Conditional Decryption," Carnegie Mellon University, School of Computer Science, Tech. Rep. CMU-CS-06-135, May 2006.
• D. Brumley, D. Song, and J. Slember, "Towards Automatically Eliminating Integer-Based Vulnerabilities," Carnegie Mellon University, School of Computer Science, Tech. Rep. CMU-CS-06-136, March 2006.
• D. Brumley, J. Newsome, D. Song, H. Wang, and S. Jha, "Theory and Techniques for Automatic Generation of Vulnerability-Based Signatures," Carnegie Mellon University, School of Computer Science, Tech. Rep. CMU-CS-06-108, Feb. 2006.
• J. Bethencourt, D. Song, and B. Waters, "New Techniques for Private Stream Searching," Carnegie Mellon University, School of Computer Science, Tech. Rep. CMU-CS-06-106, Feb. 2006.
• J. Newsome, D. Brumley, and D. Song, "Sting: An End-to-End Self-healing System for Defending against Zero-day Worm Attacks on Commodity Software," Carnegie Mellon University, School of Computer Science, Tech. Rep. CMU-CS-05-191, Nov. 2005.
• J. Newsome, D. Brumley, and D. Song, "Vulnerability-Specific Execution Filtering for Exploit Prevention on Commodity Software," Carnegie Mellon University, School of Computer Science, Tech. Rep. CMU-CS-05-169, Nov. 2005.
• D. Brumley, L. Liu, P. Poosankam, and D. Song, "Taxonomy and Effectiveness of Worm Defense Strategies," Carnegie Mellon University, School of Computer Science, Tech. Rep. CMU-CS-05-156, June 2005.
• L. Kissner and D. Song, "Privacy-Preserving Set Operations," Carnegie Mellon University, School of Computer Science, Tech. Rep. CMU-CS-05-113, June 2005.
• L. Kissner and D. Song, "Private and Threshold Set-Intersection," Carnegie Mellon University, School of Computer Science, Tech. Rep. CMU-CS-04-181, Nov. 2004.
• H. Burck and D. Song, "A Security Study of the Internet: An Analysis of Firewall Behavior and Anonymous DNS," Carnegie Mellon University, School of Computer Science, Tech. Rep. CMU-CS-04-141, July 2004.
• S. Venkataraman, D. Song, P. B. Gibbons, and A. Blum, "New Streaming Algorithms for Fast Detection of Superspreaders," Carnegie Mellon University, School of Computer Science, Tech. Rep. CMU-CS-04-142, May 2004.
• J. Newsome and D. Song, "Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software," Carnegie Mellon University, School of Computer Science, Tech. Rep. CMU-CS-04-140, May 2004.
• D. Brumley and D. Song, "Privtrans: Automatically Partitioning Programs for Privilege Separation," Carnegie Mellon University, School of Computer Science, Tech. Rep. CMU-CS-04-113, Feb. 2004.
• J. Newsome and D. Song, "GEM: Graph EMbedding for Routing and Data-Centric Storage in Sensor Networks without Geographic Information," Carnegie Mellon University, School of Computer Science, Tech. Rep. CMU-CS-03-112, March 2003.
• A. Perrig, D. Song, and A. Yaar, "StackPi: A New Defense Mechanism Against IP Spoofing and DDoS Attacks," Carnegie Mellon University, School of Computer Science, Tech. Rep. CMU-CS-02-208, Dec. 2002.
• H. Chan, A. Perrig, and D. Song, "Random Key Predistribution Schemes for Sensor Networks," Carnegie Mellon University, School of Computer Science, Tech. Rep. CMS-CS-02-207, Dec. 2002.
• M. Chew and D. Song, "Mitigating Buffer Overflows by Operating System Randomization," Carnegie Mellon University, School of Computer Science, Tech. Rep. CMU-CS-02-197, Dec. 2002.

Talks or presentations

• D. Song, "Towards Automatic Generation of Vulnerability Signatures (Invited)," Austin, TX, Nov. 2006.
• D. Song, "Privacy-Preserving Distributed Information Sharing (Invited)," Cambridge, MA, Nov. 2005.
• D. Song, "Sting: A Self-Healing Automatic Defense System Against Zero-Day Exploit Attacks (Invited)," presented at Security Lecture Series, Amherst, MA, Nov. 2005.
• D. Song, "Sting: Automatic Defense System Against Zero-Day Exploit Attacks (Invited Lecture)," Beijing,China, May 2005.
• D. Song, "Sting: An Automatic Defense System Against Zero-Day Exploits (Invited)," presented at Stanford Security Seminar, Stanford University, March 2005.
• D. Song, "Defending Against Large Scale Internet Worm Attacks (Invited)," Mountain View, CA, Oct. 2004.
• D. Song, "RISE: Randomization Techniques for Software Security," presented at How Should We Make Software Secure?, Seattle, WA, June 2003.

Ph.D. Theses

• D. Song, "An Automatic Approach to Building Secure Systems," University of California at Berkeley, Department of EECS, 2002.

Masters Reports

• A. Segars, "REGIS: A Tool for Building and Distributing Personalized Practice Problems," D. Garcia and D. Song, Eds., EECS Department, University of California, Berkeley, Tech. Rep. UCB/EECS-2012-101, May 2012. [abstract]

Miscellaneous

• S. M. Bellovin, D. D. Clark, A. Perrig, and D. Song, "A Clean-Slate Design for the Next-Generation Secure Internet," July 2005.
• A. Perrig, R. Canetti, B. Briscoe, D. Song, and D. Tygar, "TESLA: Multicast Source Authentication Transform (Draft)," Dec. 2004.