DOUG TYGAR
`
`Personal Information:
`
`Full name: Justin Douglas Tygar
`US Citizen
`
`
`
`
`Address:
`
`University of California.
`739 Soda Hall #1776
`
`Berkeley, CA 94720-1776
`(510) 643-7855
`
`tygar@cs.berkeley.edu
`
`Education:
`
`A.B., 1982
`
`
`
`Ph.D., 1986 Harvard University, Computer Science
`Thesis: An Integrated Toolkit for Operating System Security
`
`
`
`
`Advisor: Michael Rabin
`
`
`NSF Graduate Fellow (1982 – 1985), IBM Graduate Fellow (1985 – 1986)
`
`Academic Appointments:
`
`University of California, Berkeley
`Department of Electrical Engineering and Computer Science
`& School of Information
`Professor (tenured, joint appointment)
`1998 – Present
`
`Carnegie Mellon University
`Computer Science Department
`Adjunct Professor
`2000 – Present
`Associate Professor (tenured 1995, on leave 1998 – 2000)
`1992 – 2000
`
`Assistant Professor
`1986 – 1992
`
`
`Major Awards:
`
`
`NSF Presidential Young Investigator, 1988
`Outstanding Professor Award, Carnegie Magazine, 1989
`Chair, Defense Information Science and Technology Study Group on Security with Privacy
`Member, National Research Council Committee on Information Trustworthiness
`Member, INFOSEC Science and Technology Study Group
`Okawa Foundation Fellow, 2003-4
`Wide consulting for both industry and government
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`University of California, Berkeley, Math/Computer Science
`Bell Labs University Relations Student (1981)
`
`PETITIONERS Ex. 1009 Page 1
`
`

`
`
`
`
`Major speeches:
`
`Keynote addresses:
`
`PODC (1995), ASIAN-96 (1996), NGITS (1997), VLDB (1998), CRYPTEC (1999),
`CAV (2000), Human Authentication (2001), PDSN (2002), ISM (2005), ISC (2005), ASIACCS (2006),
`Croucher ASI (2004, 2006), ISC (2008), AISEC (2010), ISRCS (2013)
`
`Invited addresses:
`
`Harvard Graduate School of Arts and Science 100th Anniversary,
`CMU Computer Science Department 25th Anniversary
`More than 260 talks & 20 professional seminars since 1985
`
`External review activities:
`
`Electronic Commerce Program, City University of Hong Kong
`Information Systems Management Program, Singapore Management University
`Information Technology Program, United Arab Emirates University
`Computer Science Program, University of California, Davis
`
`
`
`PETITIONERS Ex. 1009 Page 2
`
`

`
`
`Publications
`
`
`Books
`1. Adversarial Machine Learning: Computer Security and Statistical Machine Learning.
`A. Joseph, B. Nelson, B. Rubinstein, J. D. Tygar. Cambridge University Press, 2013. (To
`appear).
`
`2. Computer Security in the 21st Century. Eds. D. Lee, S. Shieh, and J. D. Tygar. Springer,
`2005. (This book includes item 10 below as well as a technical introduction by me and the
`other editors.)
`
`3.
`
`Secure Broadcast Communication in Wired and Wireless Networks. A. Perrig and J. D.
`Tygar. Springer (Kluwer), 2003. Also, a Japanese translation with additional material
`appeared as Waiyādo/Waiyaresu Nettowōku ni Okeru Burōdokyasuto Tsūshin no
`Sekyuriti (ワイヤード/ワイヤレスネットワークにおけるブロードキャスト通信の
`セキュリティ). Translated by Fumio Mizoguchi and the Science University of Tokyo
`Information Media Science Research Group. Kyoritsu Shuppan, 2004.
`
`4. Trust in Cyberspace. National Research Council Committee on Information Systems
`Trustworthiness (S. Bellovin, W. E. Boebert, M. Branstad, J. R. Catoe, S. Crocker, C.
`Kaufman, S. Kent, J. Knight, S. McGeady, R. Nelson, A. Schiffman, F. Schneider [ed.], G.
`Spix, and J. D. Tygar). National Academy Press, 1999.
`
`
`
`Book Chapters (does not include items listed above)
`5. “Classifier evasion: Models and open problems.” B. Nelson, B. Rubinstein, L. Huang, A.
`Joseph, and J. D. Tygar. In Privacy and Security Issues in Data Mining and Machine
`Learning, eds. C. Dimitrakakis, et al. Springer, 2011, pp. 92-98.
`
`6. “Misleading learners: Co-opting your spam filter.” B. Nelson, M. Barreno, F. Chi, A. Joseph,
`B. Rubinstein, U. Saini, C. Sutton, J. D. Tygar, and K. Xia. In Machine Learning in Cyber
`Trust: Security, Privacy, Reliability, eds. J. Tsai and P.Yu. Springer, 2009, pp. 17-51.
`
`7. “Case study: Acoustic keyboard emanations.” L. Zhuang, F. Zhou, and J. D. Tygar. In
`Phishing and Countermeasures: Understanding the Increasing Problem of Electronic
`Identity Theft, eds. M. Jakobsson and S. Myers. Wiley-Interscience, 2007, pp. 221-240.
`(This is a popularized version of item 27.)
`
`8.
`
`“Dynamic security skins.” R. Dhamija and J. D. Tygar.. In Phishing and
`Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft,
`eds. M. Jakobsson and S. Myers. Wiley-Interscience, 2007, pp. 339-351. (This is a
`popularized version of item 67.)
`
`PETITIONERS Ex. 1009 Page 3
`
`

`
`9.
`
`10.
`
`11.
`
`12.
`
`13.
`
`14.
`
`15.
`
`16.
`
`17.
`
`18.
`
`“Why Johnny can’t encrypt: A usability evaluation of PGP 5.0.” A. Whitten and J. D.
`Tygar. In Security and Usability: Designing Secure Systems that People Can Use, eds.
`L. Cranor and G. Simson. O'Reilly, 2005, pp. 679-702. (An earlier version of the paper was
`published in Proceedings of the 8th USENIX Security Symposium, August 1999, pp. 169-
`183. See also item 113.)
`
`“Private matching.” Y. Li, J. D. Tygar, J. Hellerstein. In Computer Security in the 21st
`Century, eds. D. Lee, S. Shieh, and J. D. Tygar. Springer, 2005, pp. 25-50. (See item 2.)
`(An early version of this paper appeared as Intel Research Laboratory Berkeley technical
`report IRB-TR-04-005, February 2004.)
`
`“Digital cash.” J. D. Tygar. In Berkshire Encyclopedia of Human Computer Interaction,
`ed. W. Bainbridge. Berkshire Publishing, 2004, pp. 167-170.
`
`“Spamming.” J. D. Tygar. In Berkshire Encyclopedia of Human Computer Interaction,
`ed. W. Bainbridge. Berkshire Publishing, 2004, pp. 673-675.
`
`“Viruses.” J. D. Tygar. In Berkshire Encyclopedia of Human Computer Interaction, ed.
`W. Bainbridge. Berkshire Publishing, 2004, pp. 788-791.
`
`“Privacy in sensor webs and distributed information systems.” J. D. Tygar. In Software
`Security, eds. M. Okada, B. Pierce, A. Scedrov, H. Tokuda, and A. Yonezawa. Springer,
`2003, pp. 84-95.
`
`“Atomicity in electronic commerce.” J. D. Tygar. In Internet Besieged, eds. D. Denning
`and P. Denning. ACM Press and Addison-Wesley, 1997, pp. 389-405. (An expanded earlier
`version of this paper was published in Proceedings of the Fifteenth Annual ACM
`Symposium on Principles of Distributed Computing, Keynote paper, May 1996, pp. 8-26;
`and as Carnegie Mellon University Computer Science technical report CMU-CS-96-112,
`January 1996. See also item 37.)
`
`“Cryptographic postage indicia.” J. D. Tygar, B. Yee, and N. Heintze. In Concurrency and
`Parallelism, Programming, Networking, and Security, eds. J. Jaffar and R. Yap. Springer,
`1996, pp. 378-391. (Preprint also available. Early versions appeared as Carnegie Mellon
`University Computer Science technical reports CMU-CS-96-113, January 1996, UC San
`Diego Computer Science technical report UCSD-TR-CS96-485, and in the 1996 Securicom
`Proceedings, Paris, 1996. See also item 115.)
`
`“Dyad: A system for using physically secure coprocessors.” J. D. Tygar and B. Yee. In
`Technological Strategies for the Protection of Intellectual Property in the Networked
`Multimedia Environment. Interactive Multimedia Association, 1994, pp. 121-152. (An
`early version appeared as Carnegie Mellon University Computer Science technical report
`CMU-CS-91-140R, May 1991.)
`
`“A system for self-securing programs.” J. D. Tygar and B. Yee. In Carnegie Mellon
`Computer Science: A 25-Year Commemorative, ed. R. Rashid. ACM Press and Addison-
`Wesley, 1991, pp. 163-197. (Note: The first printing of this volume had incorrect text due to
`a production error.)
`
`19.
`
`“Implementing capabilities without a trusted kernel.” M. Herlihy and J. D. Tygar. In
`Dependable Computing for Critical Applications, eds. A. Avizienis and J. Laprie.
`
`PETITIONERS Ex. 1009 Page 4
`
`

`
`20.
`
`21.
`
`22.
`
`Springer, 1991, pp. 283-300. (Note: An early version appeared in the (IFIP) Proceedings of
`the International Working Conference on Dependable Computing for Critical
`Applications, August 1989.)
`
`“Strongbox.” J. D. Tygar and B. Yee. In Camelot and Avalon: A Distributed Transaction
`Facility, eds. J. Eppinger, L. Mummert, and A. Spector. Morgan-Kaufmann, 1991, pp. 381-
`400.
`
`“ITOSS: An Integrated Toolkit for Operating System Security.” M. Rabin and J. D. Tygar.
` In Foundations of Data Organization, eds. W. Litwin and H.-J. Shek. Springer, 1990, pp.
`2-15. (Preprint also available.) (Note: Earlier, longer versions appeared as Harvard
`University Aiken Computation Laboratory technical report TR-05-87R and my Ph.D.
`dissertation.)
`
`“Formal semantics for visual specification of security.” M. Maimone, J. D. Tygar, and J.
`Wing. In Visual Languages and Visual Programming, ed. S. K. Chang. Plenum, 1990,
`pp. 97-116. (An early version was published in Proceedings of the 1988 IEEE Workshop
`on Visual Programming, pp. 45-51, and as Carnegie Mellon University Computer Science
`technical report CMU-CS-88-173r, December 1988.)
`
`
`
`Journal Articles (does not include items listed above)
`“Query strategies for evading convex-inducing classifiers.” B. Nelson, B. Rubinstein, L.
`23.
`Huang, A. Joseph, S. Lee, S. Rao, and J. D. Tygar. Journal of Machine Learning Research,
`2012 (volume 13) pp. 1293-1332. (Also available as arXiv report 1007.0484v1.)
`
`24. “The security of machine learning.” M. Barreno, B. Nelson, A. Joseph, and J. D. Tygar.
`Machine Learning, 81:2, November 2010, pp. 121-148. (An earlier version appeared as UC
`Berkeley EECS technical report UCB/EECS-2008-43, April 2008.)
`
`25. “Secure encrypted-data aggregation for wireless sensor networks.” S. Huang, S. Shieh and J.
`D. Tygar. Wireless Networks, 16:4, May 2010, pp. 915-927.
`
`26. “Keyboard acoustic emanations revisited.” L. Zhuang, F. Zhou, and J. D. Tygar. ACM
`Transactions on Information and Systems Security, 13:1, October 2009. (An earlier version
`appeared in Proceedings of the 12th ACM Conference on Computer and
`Communications Security, November 2005, pp. 373-382.) (See also item 7.)
`
`27. “Stealthy poisoning attacks on PCA-based anomaly detectors.” B. Rubinstein, B. Nelson, L.
`Huang, A. Joseph, S. Lau, S. Rao, N. Taft, and J. D. Tygar. In ACM SIGMETRICS
`Performance Evaluation Review, 37:2, October 2009, pp. 73-74.
`
`28. “Injecting heterogeneity through protocol randomization.” L. Zhuang, J. D. Tygar, R.
`Dhamija. In International Journal of Network Security, 4:1, January 2007, pp. 45-58.
`
`29.
`
`“Cyber defense technology networking and evaluation.” Members of the DETER and
`EMIST Projects (R. Bajcsy, T. Benzel, M. Bishop, B. Braden, C. Brodley, S. Fahmy, S.
`Floyd, W. Hardaker, A. Joseph, G. Kesidis, K. Levitt, B. Lindell, P. Liu, D. Miller, R.
`
`PETITIONERS Ex. 1009 Page 5
`
`

`
`30.
`
`31.
`
`32.
`
`33.
`
`34.
`
`35.
`
`36.
`
`37.
`
`38.
`
`39.
`
`Mundy, C. Neuman, R. Ostrenga, V. Paxson, P. Porras, C. Rosenberg, S. Sastry, D. Sterne, J.
`D. Tygar, and S. Wu). In Communications of the ACM, 47:3, March 2004, pp. 58-61.
`
`“Technological dimensions of privacy in Asia.” J. D. Tygar. In Asia-Pacific Review, 10:2,
`November 2003, pp. 120-145.
`
`“SPINS: Security protocols for sensor networks.” A. Perrig, R. Szewczyk, J. D. Tygar, V.
`Wen, and D. Culler. In [ACM Journal of] Wireless Networks, 8:5, September 2002, pp. 521-
`534. (An early version of this paper appears in Proceedings of the 7th Annual
`International Conference on Mobile Computing and Networks (MOBICOM), July 2001,
`pp. 189-199.)
`
`“The TESLA broadcast authentication protocol.” A. Perrig, R. Canneti, J. D. Tygar, and D.
`Song. In CryptoBytes, 5:2, Summer/Fall 2002, pp. 2-13.
`
`“SAM: A flexible and secure auction architecture using trusted hardware.” A. Perrig, S.
`Smith, D. Song, and J. D. Tygar. In Electronic Journal on E-commerce Tools and
`Applications, 1:1, January 2002 (online journal). (An early version of this paper appeared in
`Proceedings of the 1st IEEE International Workshop on Internet Computing and
`Electronic Commerce, April 2001, pp. 1764-1773.)
`
`“Why isn’t the Internet secure yet?” J. D. Tygar and A. Whitten. In ASLIB Proceedings,
`52:3, March 2000, pp. 93-97.
`
`“Multi-round anonymous auction protocols.” H. Kikuchi, M. Harkavy, and J. D. Tygar. In
`Institute of Electronics, Information, and Communication Engineers Transactions on
`Information and Systems, E82-D:4, April 1999, pp. 769-777. (An early version appeared in
`Proceedings of of the First IEEE Workshop on Dependable and Real-Time E-
`Commerce Systems (DARE ’98), June 1998, pp. 62-69. )
`
`“Atomicity in electronic commerce.” J. D. Tygar. In ACM NetWorker, 2:2, April/May 1998,
`pp. 32-43. (Note: this is a revision of item 15 published together with a new article: “An
`update on electronic commerce.” In ACM NetWorker, Volume 2, Number 2, April/May
`1998, pp. 40-41.)
`
`“A model for secure protocols and their compositions.” N. Heintze and J. D. Tygar. In IEEE
`Transactions on Software Engineering, 22:1, January 1996, pp. 16-30. (An extended abstract
`appeared in Proceedings of the 1994 IEEE Symposium on Security and Privacy, May
`1994, pp. 2-13. Another early version appeared as Carnegie Mellon University Computer
`Science technical report CMU-CS-92-100, January 1992.)
`
`“NetBill: An Internet commerce system optimized for network-delivered services.” M.
`Sirbu and J. D. Tygar. In IEEE Personal Communications, 2:4, August 1995, pp. 34-39. (An
`early version appeared in Proceedings of Uniforum ’96, February 1996, pp. 203-226.
`Another early version appeared in Proceedings of the 40th IEEE Computer Society
`International Conference, Spring 1995, pp. 20-25.)
`
`“Optimal sampling strategies for quicksort.” C. C. McGeoch and J. D. Tygar. In Random
`Structures and Algorithms, 7:4, 1995, pp. 287-300. (An early version appeared in
`Proceedings of the 28th Annual Allerton Conference on Communication, Control, and
`Computing, October 1990, pp. 62-71.)
`
`PETITIONERS Ex. 1009 Page 6
`
`

`
`40.
`
`41.
`
`42.
`
`43.
`
`44.
`
`45.
`
`“Geometric characterization of series-parallel variable resistor networks.” R. Bryant, J. D.
`Tygar, and L. Huang. In IEEE Transactions on Circuits and Systems 1: Fundamental Theory
`and Applications, 41:11, November 1994, pp. 686-698. (Preprint also available.) (An early
`version appeared in Proceedings of the 1993 IEEE International Symposium on Circuits
`and Systems, May 1993, pp. 2678-2681.)
`
`“Computability and complexity of ray tracing.” J. Reif, J. D. Tygar, and A. Yoshida. In
`Discrete and Computational Geometry, 11:3, April 1994, pp. 265-287. (An early version
`appeared in Proceedings of the 31st Annual IEEE Symposium on Foundations of
`Computer Science, October 1990, pp. 106-114.)
`
`“Specifying and checking Unix security constraints.” A. Heydon and J. D. Tygar. In
`Computing Systems, 7:1, Winter 1994, pp. 91-112. (An early version appeared in
`Proceedings of the 3rd USENIX Security Symposium, September 1992, pp. 211-226,
`preprint also available.)
`
`“Protecting privacy while preserving access to data.” L. J. Camp and J. D. Tygar. In The
`Information Society, 10:1, January 1994, pp. 59-71.
`
`“Miro: visual specification of security.” A. Heydon, M. Maimone, J. D. Tygar, J. Wing, and
`A. Zaremski. In IEEE Transactions on Software Engineering, 16:10, October 1990, pp.
`1185-1197. (An early version appeared as Carnegie Mellon University Computer Science
`Department technical report CMU-CS-89-199, December 1989.)
`
`“Efficient parallel pseudo-random number generation.” J. Reif and J. D. Tygar. In SIAM
`Journal of Computation, 17:2, April 1988, pp. 404-411. (An early version appeared in
`Proceedings of CRYPTO-85, eds. E. Brickell and H. Williams, Springer, 1986, pp. 433-
`446.)
`
`46.
`
`“Review of Abstraction and Specification in Program Development.” J. D. Tygar. In
`ACM Computing Reviews, 28:9, September 1987, pp. 454-455.
`
`
`
` Refereed Conference Papers (does not include items listed above)
`47. “Systematic Analysis and Evaluation of Web Privacy Policies and Implementations.” B.
`Miller, K. Buck, and J. D. Tygar. To appear in Proceedings of the 7th International
`Conference for Internet Technology and Secure Transactions, 2012
`
`48. “Robust Detection of Comment Spam Using Entropy Rate.” A. Kantchelian, J. Ma, L.
`Huang, S. Afroz, A. Jospeh, and J. D. Tygar. In Proceedings of 5th ACM Workshop on
`Artificial Intelligence and Security, 2012.
`
`49. “Adversarial Machine Learning.” L. Huang, A. Joseph, B. Nelson, B. Rubenstein, and J.
`D. Tygar. In Proceedings of 4th ACM Workshop on Artificial Intelligence and Security,
`2011.
`
`50. “CAPTCHA: Using strangeness in machine translation.” T. Yamamoto, J. D. Tygar, and M.
`Nishigaki. In Proceedings of the 2010 24th IEEE International Conference on Advanced
`Information Networking and Applications, April 2010, pp.430-437.
`
`PETITIONERS Ex. 1009 Page 7
`
`

`
`51. “Near-optimal evasion of convex-inducing classifiers.” B. Nelson, B. Rubinstein, L. Huang,
`A. Joseph, S. Lau, S. Lee, S. Rao, A. Tran, and J. D. Tygar. In Proceedings of the
`Thirteenth International Conference on Artificial Intelligence and Statistics, May 2010,
`pp. 549-556.
`
`52. “ANTIDOTE: Understanding and defending against poisoning of anomaly detectors.” B.
`Rubinstein, B. Nelson, L. Huang, A. Joseph, S. Lau, S. Rao, N. Taft, and J. D. Tygar. In
`Proceedings of the 9th ACM SIGCOMM Conference on Internet Measurement,
`November 2009, pp. 1-14.
`53. “Conditioned-safe ceremonies and a user study of an application to web authentication.” C.
`Karlof, J. D. Tygar, and D. Wagner. In Proceedings of the 5th Symposium on Usable
`Privacy and Security, July 2009.
`
`
`54. “Evading anomaly detection through variance injection attacks on PCA.” (Extended abstract).
`B. Rubinstein, B. Nelson, L. Huang, A. Joseph, S. Lau, N. Taft, and J. D. Tygar. In
`Proceedings of the 11th International Symposium on Recent Advances in Intrusion
`Detection, 2008, pp. 394-395.
`
`55. “A power-preserving broadcast protocol for WSNs with DoS resistance.” C. Ni, T. Hsiang, J.
`D. Tygar. In Proceedings of 17th International IEEE Conference on Computer
`Communications and Networks. August 2008, pp. 1 – 6.
`
`56. “CITRIC: A low-bandwidth wireless camera network platform.” P. Chen, P. Ahammad, C.
`Boyer, S. Huang, L. Lin, E. Lobaton, M. Meingast, S. Oh, S. Wang, P. Yan, A. Yang, C. Yeo,
`L. Chang, J. D. Tygar, and S. Sastry. In Proceedings of the 2nd ACM/IEEE International
`Conference on Distributed Smart Cameras (ICDSC-08). September 2008.
`
`
`
`
`
`
`57.
`
`“Open problems in the security of learning.” M. Barreno, P. Bartlett, F. Chi, A. Joseph, B.
`Nelson, B. Rubinstein, U. Saini, and J. D. Tygar. In Proceedings of the First ACM
`Workshop on AISec. 2008, pp. 19-26.
`
`58. “SWOON: A testbed for secure wireless overlay networks.” Y. Huang, J. D. Tygar, H. Lin,
`L. Yeh, H. Tsai, K. Sklower, S. Shieh, C. Wu, P. Lu, S. Chien, Z. Lin, L. Hsu, C. Hsu, C.
`Hsu, Y. Wu, and M. Leong. In Proceedings USENIX Workshop on Cyber Security and
`Test, July 2008.
`“Characterizing botnets from email spam records.” L. Zhuang, J. Dunagan, D. Simon, H.
`Wang, I. Osipkov, G. Hulten and J. D. Tygar. In Proceedings of First USENIX Workshop
`on Large Scale Exploits and Emergent Threats (LEET 2008). April 2008.
`
`“Exploiting machine learning to subvert your spam filter. “ B. Nelson, M. Barreno, F. Chi,
`A. D. Joseph, B. Rubinstein, U. Saini, C. Sutton, J. D. Tygar, and . Xia. In Proceedings of
`the First USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET
`2008). April 2008.
`
`“Optimal ROC curve for a combination of classifiers.” M. Barreno, A. Cardenas and J.D.
`Tygar. In Advances in Neural Information Processing Systems (NIPS), 2008.
`
`
`59.
`
`60.
`
`61.
`
`PETITIONERS Ex. 1009 Page 8
`
`

`
`62. “Dynamic pharming attacks and locked same-origin policies for web browsers.” C. Karlof,
`U. Shankar, J.D. Tygar, and D. Wagner. In Proceedings of the Fourteenth ACM
`Conference on Computer and Communications Security (CCS 2007), November 2007.
`
`63. “Coexistence proof using chain of timestamps for multiple RFID tags.” C. Lin, Y. Lai, J. D.
`Tygar, C. Yang, and C. Chiang. In Proceedings of Advances in Web and Network
`Technologies and Information Management, 2007, pp. 634-643.
`
`64.
`
`65.
`
`“Why phishing works.” R. Dhamija, J. D. Tygar, and M. Hearst. In Proceedings of CHI-
`2006: Conference on Human Factors in Computing Systems, April 2006.
`
`“Can machine learning be secure?” M. Barreno, B. Nelson, R. Sears, A. Joseph, and J. D.
`Tygar. Invited paper. In Proceedings of the ACM Symposium on Information,
`Computer, and Communication Security, March 2006.
`
`66. “The battle against phishing: Dynamic security skins.” R. Dhamija and J. D. Tygar. In
`SOUPS 2005: Proceedings of the 2005 ACM Symposium on Usable Security and
`Privacy, ACM International Conference Proceedings Series, ACM Press, July 2005, pp. 77-
`88. (See also item 8.)
`
`67.
`
`68.
`
`69.
`
`70.
`
`71.
`
`72.
`
`73.
`
`“Collaborative filtering CAPTCHAs.” M. Chew and J. D. Tygar. In Human Interactive
`Proofs: Second International Workshop (HIP 2005), eds. H. Baird and D. Lopresti,
`Springer, May 2005, pp. 66-81.
`
`“Phish and HIPs: Human interactive proofs to detect phishing attacks.” R. Dhamija and J. D.
`Tygar. In Human Interactive Proofs: Second International Workshop (HIP 2005), eds.
`H. Baird and D. Lopresti, Springer, May 2005, pp. 127-141.
`
`“Image recognition CAPTCHAs.” M. Chew and J. D. Tygar. In Proceedings of the 7th
`International Information Security Conference (ISC 2004), Springer, September 2004, pp.
`268-279. (A longer version appeared as UC Berkeley Computer Science Division technical
`report UCB/CSD-04-1333, June 2004.)
`
`“Side effects are not sufficient to authenticate software.” U. Shankar, M. Chew, and J. D.
`Tygar. In Proceedings of the 13th USENIX Security Symposium, August 2004, pp. 89-
`101. (A version with an additional appendix appeared as UC Berkeley Computer Science
`Division technical report UCB/CSD-04-1363, September 2004.)
`
`“Statistical monitoring + predictable recovery = Self-*.” A Fox, E. Kiciman, D. Patterson, R.
`Katz, M. Jordan, I. Stoica and J. D. Tygar. In Proceedings of the 2nd Bertinoro Workshop
`on Future Directions in Distributed Computing (FuDiCo II), June 2004 (online
`proceedings).
`
`“Distillation codes and their application to DoS resistant multicast authentication.” C. Karlof,
`N. Sastry, Y. Li, A. Perrig, and J. D. Tygar. In Proceedings of the Network and
`Distributed System Security Conference (NDSS 2004), February 2004, pp. 37-56.
`
`“Privacy and security in the location-enhanced World Wide Web.” J. Hong, G. Boriello, J.
`Landay, D. McDonald, B. Schilit, and J. D. Tygar. In Proceedings of the Workshop on
`Privacy at Ubicomp 2003, October 2003 (online proceedings).
`
`PETITIONERS Ex. 1009 Page 9
`
`

`
`74.
`
`75.
`
`76.
`
`77.
`
`78.
`
`79.
`
`80.
`
`81.
`
`82.
`
`83.
`
`84.
`
`85.
`
`“The problem with privacy.” J. D. Tygar. Keynote paper. In Proceedings of the 2003
`IEEE Workshop on Internet Applications, June 2003, pp. 2-8.
`
`“Safe staging for computer security.” A. Whitten and J. D. Tygar. In Proceedings of the
`2003 Workshop on Human-Computer Interaction and Security Systems, April 2003
`(online proceedings).
`
`“Expander graphs for digital stream authentication and robust overlay networks.” D. Song,
`D. Zuckerman, and J. D. Tygar. In Proceedings of the 2002 IEEE Symposium on Security
`and Privacy, May 2002, pp. 258-270.
`
`“ELK: A new protocol for efficient large-group key distribution.” A. Perrig, D. Song, and J.
`D. Tygar. In Proceedings of the 2001 IEEE Symposium on Security and Privacy, May
`2001, pp. 247-262.
`
`“Efficient and secure source authentication for multicast.” A. Perrig, R. Canetti, D. Song,
`and J. D. Tygar. In Proceedings of the Internet Society Network and Distributed System
`Security Symposium (NDSS 2001), February 2001, pp. 35-46.
`
`“Efficient authentication and signing of multicast streams over lossy channels.” A. Perrig, R.
`Canetti, J. D. Tygar, and D. Song. In Proceedings of the 2000 IEEE Symposium on
`Security and Privacy, May 2000, pp. 56-73..
`
`“Flexible and scalable credential structures: NetBill implementation and experience.” Y.
`Kawakura, M. Sirbu., I. Simpson, and J. D. Tygar. In Proceedings of the International
`Workshop on Cryptographic Techniques and E-Commerce, July 1999, pp. 231-245.
`
`“Open problems in electronic commerce.” J. D. Tygar. Invited address. In Proceedings of
`the 18th ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database
`Systems (PODS 1999), May 1999, p. 101.
`
`“Electronic auctions with private bids.” M. Harkavy, J. D. Tygar, and H. Kikuchi. In
`Proceedings of the 3rd USENIX Workshop on Electronic Commerce, September 1998,
`pp. 61-73.
`
`“Atomicity versus anonymity: Distributed transactions for electronic commerce.” J. D.
`Tygar. In Proceedings of the 24th International Conference on Very Large Data Bases,
`August 1998, pp. 1-12.
`
`“Smart cards in hostile environments.” H. Gobioff, S. Smith, J. D. Tygar, and B. Yee. In
`Proceedings of the 2nd USENIX Workshop on Electronic Commerce, November 1996,
`pp. 23-28. (An early version appeared as Carnegie Mellon University Computer Science
`technical report CMU-CS-95-188, September 1995.)
`
`“Anonymous atomic transactions.” L. J. Camp, M. Harkavy, and B. Yee. In Proceedings of
`the 2nd USENIX Workshop on Electronic Commerce, November 1996, pp. 123-133.
`(Preprint also available.) (An early version appeared as Carnegie Mellon University
`Computer Science technical report CMU-CS-96-156, July 1996.)
`
`PETITIONERS Ex. 1009 Page 10
`
`

`
`86.
`
`87.
`
`88.
`
`89.
`
`90.
`
`91.
`
`92.
`
`93.
`
`94.
`
`95.
`
`96.
`
`97.
`
`“Model checking electronic commerce protocols.” N. Heintze, J. D. Tygar, J. Wing, and H.
`Wong. In Proceedings of the 2nd USENIX Workshop on Electronic Commerce,
`November 1996, pp. 147-164.
`
`“WWW electronic commerce and Java Trojan horses.” J. D. Tygar and A. Whitten. In
`Proceedings of the 2nd USENIX Workshop on Electronic Commerce, November 1996,
`pp. 243-250.
`
`“Building blocks for atomicity in electronic commerce.” J. Su and J. D. Tygar. In
`Proceedings of the 6th USENIX Security Symposium, July 1996, pp. 97-102.
`
`“Token and notational money in electronic commerce.” L. J. Camp, M. Sirbu, and J. D.
`Tygar. In Proceedings of the 1st USENIX Workshop on Electronic Commerce, July
`1995, pp. 1-12. (An early version was presented at the Telecommunications Policy Research
`Conference, October 1994.)
`
`“NetBill security and transaction protocol.” B. Cox, J. D. Tygar, and M. Sirbu. In
`Proceedings of the 1st USENIX Workshop on Electronic Commerce, July 1995, pp. 77-
`88.
`
`“Secure coprocessors in electronic commerce applications.” B. Yee and J. D. Tygar. In
`Proceedings of the 1st USENIX Workshop on Electronic Commerce, July 1995, pp. 155-
`170.
`
`“Completely asynchronous optimistic recovery with minimal rollbacks.” S. Smith, D.
`Johnson, and J. D. Tygar. In Proceedings of the 25th IEEE Symposium on Fault-Tolerant
`Computing, June 1995, pp. 361-370. (An early version appears as Carnegie Mellon
`University Computer Science technical report CMU-CS-94-130, March 1994.)
`
`“A fast off-line electronic currency protocol.” L. Tang and J. D. Tygar. In CARDIS 94:
`Proceedings of the First IFIP Smart Card Research and Advanced Application
`Conference, October 1994, pp. 89-100.
`
`“Security and privacy for partial order time.” S. Smith and J. D. Tygar. In Proceedings
`1994 Parallel and Distributed Computing Systems Conference, October 1994, pp. 70-79.
`(Early versions appeared as Carnegie Mellon University Computer Science technical reports
`CMU-CS-93-116, October 1991 and February 1993, and CMU-CS-94-135, April 1994.)
`
`“Certified electronic mail.” A. Bahreman and J. D. Tygar. In Proceedings of the 1994
`Network and Distributed Systems Security Conference, February 1994, pp. 3-19.
`
`“Miro tools.” A. Heydon, M. Maimone, A. Moormann, J. D. Tygar and J. Wing. In
`Proceedings of the 3rd IEEE Workshop on Visual Languages, October 1989, pp. 86-91.
`(A preprint appeared as Carnegie Mellon University Computer Science technical report
`CMU-CS-89-159, July 1989.)
`
`“Constraining pictures with pictures.” A. Heydon, M. Maimone, A. Moormann, J. D. Tygar,
`and J. Wing. In Information Processing 89: Proceedings of the 11th World Computer
`Congress, August 1989, pp. 157-162. (An early version appeared as Carnegie Mellon
`University Computer Science technical report CMU-CS-88-185, November 1988.)
`
`PETITIONERS Ex. 1009 Page 11
`
`

`
`98.
`
`“How to make replicated data secure.” M. Herlihy and J. D. Tygar. In Proceedings of
`CRYPTO-87, ed. C. Pomerance, 1988, pp. 379-391. (An early version appeared as Carnegie
`Mellon University Computer Science Technical Report CMU-CS-87-143, August 1987.)
`
`99. “Visual specification of security constraints.” J. D. Tygar and J. Wing. In Proceedings of the
`1987 (First IEEE) Workshop on Visual Languages, August 1987, pp. 288-301. (A
`preprint appeared as Carnegie Mellon University Computer Science Technical Report CMU-
`CS-87-122, May 1987.)
`
`100.
`
` “Efficient netlist comparison using hierarchy and randomization.” J. D. Tygar and R.
`Ellickson. In Proceedings of the 22nd ACM/IEEE Design Automation Conference, Las
`Vegas, NV, July 1985, pp. 702-708.
`
`101.
`
` “Hierarchical logic comparison.” R. Ellickson and J. D. Tygar. In Proceedings of MIDCON
`’84, 1984.
`
`
`
` Other Conference Publications (does not include items listed above)
`“Panel: authentication in constrained environments.” M. Burmester, V. Gligor, E. Kranakis, J.
`102.
`D. Tygar and Y. Zheng . Transcribed by B. de Medeiros. In Proceedings First International
`Workshop, MADNES 2005, Singapore, September 20-22, 2005, Revised Selected
`Papers, 2006, pp. 186-191.
`
`103.
`
`104.
`
`105.
`
`106.
`
`107.
`
`“When computer security crashes with multimedia.” [Abstract] J. D. Tygar. In Proceedings
`of the 7th International IEEE Symposium on Multimedia, December 2005, p. 2.
`
` “Notes from the Second USENIX Workshop on Electronic Commerce.” M. Harkavy, A.
`Meyers, J. D. Tygar, A. Whitten, and H. Wong. In Proceedings of the 3rd USENIX
`Workshop on Electronic Commerce, September 1998, pp. 225-242.
`
` “How are we going to pay for this? Fee-for-service in distributed systems -- research and
`policy issues.” C. Clifton, P. Gemmel, E. Means, M. Merges, J. D. Tygar. In Proceedings of
`the 15th International Conference on Distributed Computing Systems, May 1995, pp.
`344-348.
`
` “Miro: A visual language for specifying security.” [Abstract] M. Maimone, A. Moorman, J.
`D. Tygar, J. Wing. In Proceedings of the (First) USENIX UNIX Security Workshop,
`August 1988, p. 49.
`
` “StrongBox: support for self-securing programs.” [Abstract] J. D. Tygar, B. Yee, and A.
`Spector. In Proceedings of the (First) USENIX UNIX Security Workshop, August 1988,
`p. 50.
`
`
`
`Standards Documents (does not include items listed above)
`108. TESLA: Multicast Source Authentication Transform Introduction. A. Perrig, D. Song,
`R. Canetti, J. D. Tygar, B. Briscoe. IETF RFC 4082. June 2005. (Early drafts of this RFC
`were published in October 2002, and in May, August, and December 2004.)
`
`PETITIONERS Ex. 1009 Page 12
`
`

`
`109. Performance Criteria for Information-Based Indicia and Security Architecture for
`Closed IBI Postage Metering Systems (PCIBI-C) (Draft). United States Postal Service.
`January 1999. (Note: I was a major contributor to this document.)
`
`110. Performance Criteria for Information-Based Indicia and Security Architecture for
`Open IBI Postage Evidence Systems (PCIBI-O) (Draft). United States Postal Service.
`February 2000. (Note: I was a major contributor to this document.)
`
`111. Production, Distribution, and Use of Postal Security Devices and Information Based
`Indicia.” United States Postal Service. Federal Register 65:191, October 2, 2000, pp.
`58682-58698. (Note: I was a major contributor to this document.)
`
`
`
`Technical Reports (does not include items listed above)
`112. Usability of Security: A Case Study. A. Whitten and J. D. Tygar. Carnegie Mellon
`University Computer Science technical report CMU-CS-98-155, December 1998. (Note:
`this report partly ove