Fabian N. Monrose
`
`[A] UNIVERSITY OF NORTH CAROLINA, CHAPEL HILL
`Computer Science Department
`Sitterson Hall, Chapel Hill, NC, 27599
`
`Phone:
`Fax:
`E-mail:
`
`+919-962-1763
`+919-962-1799
`fabian@cs.unc.edu
`
`Last update: November 27, 2016
`
`[B] Education
`
`Ph. D., Computer Science,
`New York University, New York, USA
`Advisor: Prof. Zvi Kedem
`
`Courant Institute of Mathematical Sciences
`May, 1999
`
`M. Sc., Computer Science,
`New York University, New York, USA
`
`Courant Institute of Mathematical Sciences
`May, 1996
`
`B. Sc., Computer Science,
`Miami, Florida, USA
`
`Barry University
`May, 1993
`
`[C] Professional
`Experience
`
`DIRECTOR, Computer and Information Security, Renaissance Computing Institute
`(RENCI, joint appointment),
`January 2014 — present
`
`PROFESSOR,
`Computer Science Department,
`
`ASSOCIATE PROFESSOR,
`Computer Science Department,
`
`ASSOCIATE PROFESSOR,
`Computer Science Department,
`
`ASSISTANT PROFESSOR,
`Computer Science Department,
`
`RESEARCH SCIENTIST,
`Secure Systems Research,
`
`University of North Carolina, Chapel Hill
`January 2013 — present
`
`University of North Carolina, Chapel Hill
`July 2008 — December, 2012
`
`Johns Hopkins University
`July 2007 —June 2008
`
`Johns Hopkins University
`November 2002 — June 2007
`
`Bell Laboratories, Lucent Technologies
`July 1999 — October 2002
`
`RESEARCH INTERN,
`Secure Systems Research Department,
`
`AT&T Labs Research
`Summer 1998
`
`Bell Communications
`RESEARCH INTERN,
`High Availability and Distributed Computing Research Group,
`Summer 1997
`
`RESEARCH INTERN,
`Cryptography and Network Security Research Group,
`
`RESEARCH ASSISTANT,
`Computer Science Department,
`
`Bell Communications
`Summer 1996
`
`New York University
`August 1995 — 1998
`
`Page 1 of 18
`
`VirnetX Exhibit 2020
`Black Swamp IP, LLC v. VirnetX Inc.
`IPR2016-00693
`
`

`
`[D] Honors
`
`RESEARCH ASSISTANT,
`Distributed Systems Group,
`
`New York University
`Summer 1994
`
`• Undergraduate Students Teaching Award, Computer Science Dpt.
`• Best Student Paper Award, IEEE Symposium on Security & Privacy
`• Outstanding Research in Privacy Enhancing Technologies (PET),
`• AT&T Best Applied Security Paper Award, NYU-Poly CSAW,
`• Best Paper Award, IEEE Symposium on Security & Privacy,
`• Best Paper Award, Intl. Conf. on Internet Monitoring and Protection,
`• Faculty Research Award, Google
`• Faculty Research Award, Google
`• CAREER Award, National Science Foundation,
`• Best Student Paper Award, 8th USENIX Security Symposium
`• Best Overall Paper Award, 8th USENIX Security Symposium
`• USENIX Scholars Research Award
`• Bell Communications Research Scholarship
`
`May, 2015
`
`May, 2013
`
`July, 2012
`
`Nov, 2011
`
`May, 2011
`
`April, 2011
`
`May, 2011
`
`March, 2009
`
`February, 2006
`
`August, 1999
`
`August, 1999
`
`Fall 1998
`
`Fall 1997
`
`[E]: Funding
`
`Awarded Grants & Contracts
`
`[G1] Co-PI, DARPA, RHAMNOUSIA: ATTRIBUTING CYBER ACTORS THROUGH TENSOR DE-
`COMPOSITION AND NOVEL DATA ACQUISITION for $1.8M, Nov. 2016 — August
`2021.
`
`[G2] PI, Department of Defense University Research Instrumentation Program (DURIP),
`NEXT GENERATION DEFENSES AGAINST WEB-BASED EXPLOITS for $116, 500.00, April,
`2016 — May 2017.
`
`[G3] Co-PI (with Jan-Michel Frahm (lead)), Department of Defense University Research In-
`strumentation Program (DURIP), UNDERSTANDING PRIVACY RISKS OF UBIQUITOUS
`PERSONAL AUGMENTED REALITY HEAD-MOUNTED DISPLAYS for $95, 385.00, June,
`2014 — May 2015.
`
`[G4] PI (with A. Stavrou), NSF Secure and Trustworthy Computing, TWC: TTP OPTION:
`SMALL: SCALABLE TECHNIQUES FOR BETTER SITUATIONAL AWARENESS: ALGORITH-
`
`Fabian Monrose
`
`page 2
`
`Page 2 of 18
`
`

`
`MIC FRAMEWORKS AND LARGE SCALE EMPIRICAL ANALYSES for $667, 900.00, Sept.
`2014—August 2017.
`
`[G5] PI Department of Homeland Security Transition to Practice Program, SUPPLEMENT TO
`NSF SDCI SEC: NEW SOFTWARE PLATFORMS FOR SUPPORTING NETWORK-WIDE DE-
`TECTION OF CODE INJECTION ATTACKS for $350, 000.00, Sept. 2014—August 2015.
`
`[G6] PI, Department of Defense University Research Instrumentation Program (DURIP),
`NEXT-GENERATION DEFENSES FOR SECURING VOIP COMMUNICATIONS for $114, 345.00,
`June, 2013 — May 2014.
`
`[G7] PI, NSF Secure and Trustworthy Computing, SUPPORT FOR THE 2014 USENIX SECURITY
`SYMPOSIUM; SAN DEIGO for $20, 000.00, July 30, 2014— October 2015.
`
`[G8] PI (with Elliott Moreton and Jennifer Smith), NSF Secure and Trustworthy Computing,
`TOWARD PRONOUNCEABLE AUTHENTICATION STRINGS for $499, 997.00, Aug. 2013—
`July 2016.
`
`[G9] PI, NSF Secure and Trustworthy Computing, SUPPORT FOR THE 2013 USENIX SECURITY
`SYMPOSIUM; WASHINGTON D.C. for $10, 000.00, July 30, 2013— October 2013.
`
`[G10] PI, Department of Homeland Security, EFFICIENT TRACKING, LOGGING, AND BLOCK-
`ING OF ACCESSES TO DIGITAL OBJECTS (with C. Schmitt and M. Bailey) for $1, 035, 590.
`September 2012 — August 2014.
`
`[G11] Co-PI (with Jan-Michel Frahm (lead)), NSF Division of Information & Intelligent Sys-
`tems, EAGER: AUTOMATIC RECONSTRUCTION OF TYPED INPUT FROM COMPROMIS-
`ING REFLECTIONS for $151, 749.00, August 2011—July 2013.
`
`[G12] PI, Verisign Labs Research Awards Program, ON EXPLORING APPLICATIONS OF PHO-
`NETIC EDIT DISTANCE for $65, 000.00, June 2011.
`
`[G13] PI, Google Faculty Research Awards Program, SHELLOS: AN EFFICIENT RUNTIME PLAT-
`FORM FOR DETECTING CODE INJECTION ATTACKS for $61, 635.00, May 2011.
`
`[G14] PI (with Montek Singh), NSF Office of Cyberinfrastructure, SDCI SEC: NEW SOFTWARE
`PLATFORMS FOR SUPPORTING NETWORK-WIDE DETECTION OF CODE INJECTION AT-
`TACKS for $800, 000.00, Aug. 2011—July 2014.
`
`[G15] PI, NSF Trustworthy Computing, SUPPORT FOR THE 2011 USENIX SECURITY SYMPO-
`SIUM; SAN FRANCISCO for $20, 000.00, July 30, 2011— October 2011.
`
`[G16] PI (with Kevin Jeffay), NSF Trustworthy Computing, TC: SMALL: EXPLORING PRIVACY
`BREACHES IN ENCRYPTED VOIP COMMUNICATIONS for $496, 482.00, Aug. 2010—July
`2013.
`
`[G17] PI, NSF Trustworthy Computing, SUPPORT FOR THE 2010 USENIX SECURITY SYMPO-
`SIUM; WASHINGTON D.C. for $20, 000.00, July 30, 2010— October 2010.
`
`[G18] Co-PI (with Angelos Stavrou (lead)), NSF Trustworthy Computing, COLLABORATIVE
`RESEARCH: SCALABLE MALWARE ANALYSIS USING LIGHTWEIGHT VIRTUALIZATION
`for $259, 264.00, Sept. 2009—August 2011.
`
`Fabian Monrose
`
`page 3
`
`Page 3 of 18
`
`

`
`[G19] PI (with Angelos Stavrou), DETECTING AND MONITORING MALFEASANCE ON THE
`NET, Google Faculty Research Awards Program for $90, 000.00, March 2009–Feb 2010.
`
`[G20] Co-PI, NSF Cyber Trust: CLEANSE:CROSS-LAYER LARGE-SCALE EFFICIENT ANALY-
`SIS OF NETWORK ACTIVITIES TO SECURE THE INTERNET (with W. Lee (lead), N. Feam-
`ster, J. Giffin, M.K. Reiter, F. Jahanian, P. Porras, P. Vixie, D. Dagon) for $1, 839, 297.00,
`July 2008 — June 2012.
`
`[G21] PI, Department of Homeland Security, NEW FRAMEWORKS FOR DETECTING AND
`MINIMIZING INFORMATION LEAKAGE IN ANONYMIZED NETWORK DATA (with M.
`K. Reiter and F. Jahanian) for $962, 609.00. April 2008—April 2011.
`
`[G22] Co-PI (with G. Masson (lead)), SECURITY THROUGH VIRTUALIZATION. Information
`Assurance Scholarship Program for $142, 948.00. DoD, ANNEX II, Feb, 2008.
`
`[G23] Co-PI, NSF Cyber Trust: THINKING AHEAD: A PROACTIVE APPROACH FOR COUN-
`TERING FUTURE INTERNET MALWARE (with A. Terzis (lead)) for $350, 000.00. Septem-
`ber 2006 — August 2009.
`
`[G24] PI, NSF Cyber Trust: CAREER:TOWARDS EFFECTIVE IDENTIFICATION OF APPLICA-
`TION BEHAVIORS IN ENCRYPTED TRAFFIC for $400, 000.00. September 2006 — August
`2011.
`
`[G25] PI, NSF Cyber Trust: GENERATIVE MODELS FOR IMPROVING BIOMETRICALLY EN-
`HANCED SYSTEMS (with D. Lopresti and M. K. Reiter) for $696, 553.00. December 2004
`— October 2007.
`
`[G26] Co-PI, NSF STI: TOWARDS MORE SECURE INTER-DOMAIN ROUTING (with A. Rubin
`(lead)) for $616, 923.00. November 2003 — June 2006.
`
`[F] Bib.
`
`Refereed
`Conference
`Publications
`
`[P1] Revisiting Browser Security in the Modern Era: New Data-only Attacks and Defenses. Roman
`Rogowski, Micah Morton, Forrest Li, Kevin Z. Snow, Fabian Monrose and Michalis
`Polychronakis. In Proceedings of the IEEE European Symposium on Security and Pri-
`vacy, March 2017. (Acceptance rate=17.5%).
`
`[P2] Virtual U: Defeating Face Liveness Detection by Building Virtual Models From Your Public
`Photos. Yi Xu, True Price, Jan-Michael Frahm and Fabian Monrose. In Proceedings of
`the USENIX Security Symposium, August 2016. (Acceptance rate=15.5%).
`
`[P3] Return to the Zombie Gadgets: Undermining Destructive Code Reads via Code-Inference At-
`tacks. Kevin Z. Snow, Roman Rogowski, Jan Werner, Hyungjoon Koo, Fabian Monrose
`and Michalis Polychronakis. In Proceedings of the IEEE Symposium on Security and
`Privacy, May, 2016. (Acceptance rate=14%).
`
`Fabian Monrose
`
`page 4
`
`Page 4 of 18
`
`

`
`[P4] No-Execute-Affter-Read: Preventing Code Disclosures in Commodity Software. Jan Werner,
`George Baltas, Rob Dallara, Nathan Otterness, Kevin Snow, Fabian Monrose and Michalis
`Polychronakis. In Proceedings of the ACM Asia Conference on Computer and Com-
`munication Security, May 2016. (Acceptance rate=21%).
`
`[P5] Detecting Malicious Exploit Kits using Tree-based Similarity Searches. Teryl Taylor, Xin
`Hu, Ting Wang, Jiyong Jang, Marc Stoeckin, Fabian Monrose and Reiner Sailer.
`In
`Proceedings of the ACM Conference on Data and Application Security and Privacy,
`pages 255-266, March, 2016.
`
`[P6] Cache, Trigger, Impersonate: Enabling Context-Sensitive Honeyclient Analysis On-the-Wire.
`Teryl Taylor, Kevin Snow, Nathan Otterness and Fabian Monrose. In Proceedings of
`the 23nd ISOC Network and Distributed Systems Security Symposium (NDSS), Feb.,
`2016. (Acceptance rate=15.4%).
`
`[P7] Isomeron: Code Randomization Resilient to (Just-in-Time) Return-Oriented Programming.
`Luca Davi, Christopher Liebchen, Ahmad-Reza Sadeghi, Kevin Z. Snow, and Fabian
`Monrose. In Proceedings of the 22nd ISOC Network and Distributed Systems Security
`Symposium (NDSS), Feb., 2015. (Acceptance rate=21%).
`
`[P8] Watching the Watchers: Inferring TV Content from Outdoor Light Effusions. Yi Xu, Jan-
`Michael Frahm and Fabian Monrose.
`In Proceedings of the 21st ACM Conference
`on Computer and Communications Security (CCS), November, 2014.
`(Acceptance
`rate=19%).
`
`[P9] Emergent Faithfulness to Morphological and Semantic Heads in Lexical Blends. Katherine
`Shaw, Elliott Moreton, Andrew White and Fabian Monrose.
`In Proceedings of the
`Annual Meeting on Phonology, February, 2014.
`
`[P10] Seeing Double: Reconstructing Obscured Typed Input from Repeated Compromising Reflec-
`tions. Yi Xu, Jared Heinly, Andrew M. White, Fabian Monrose and Jan-Michael Frahm.
`In Proceedings of the 20th ACM Conference on Computer and Communications Secu-
`rity (CCS), November, 2013. (Acceptance rate=20%)
`
`[P11] Check my profile: Leverage static analysis for fast and accurate detection of ROP gadgets.
`Blaine Stancill, Kevin Snow, Nathan Otterness, Fabian Monrose, Lucas Davi, and Ahmad-
`Reza Sadeghi.
`In Proceedings of the 16th International Symposium on Research in
`Attacks, Intrusions, and Defenses, October, 2013.
`
`[P12] Crossing the Threshold: Detecting Network Malfeasance via Sequential Hypothesis Testing.
`Srinivas Krishnan, Teryl Taylor, Fabian Monrose and John McHugh. In Proceedings
`of the 42nd Annual IEEE/IFIP International Conferences on Dependable Systems and
`Networks; Performance and Dependability Symposium, June, 2013.
`
`[P13] Just-In-Time Code Reuse: On the Effectiveness of Fine-Grained Address Space Layout Ran-
`domization. Kevin Snow, Lucas Davi, Alexandra Dmitrienko, Christopher Liebchen,
`Fabian Monrose and Ahmad-Reza Sadeghi. In Proceedings of 34th IEEE Symposium
`on Security and Privacy, May, 2013. (Best Student Paper Award). (Acceptance rate=12%)
`
`Fabian Monrose
`
`page 5
`
`Page 5 of 18
`
`

`
`[P14] Clear and Present Data: Opaque Traffic and its Security Implications for the Future. An-
`drew White, Srinivas Krishnan, Michael Bailey, Fabian Monrose and Phil Porras. In
`Proceedings of the 20th ISOC Network and Distributed Systems Security Symposium,
`Feb., 2013. (Acceptance rate=18.8%)
`
`[P15] Security and Usability Challenges of Moving-Object CAPTCHAs: Decoding Codewords in
`Motion. Yi Xu, Gerardo Reynaga, Sonia Chiasson, Jan-Michael Frahm, Fabian Mon-
`rose and Paul van Oorschot. In Proceedings of the 21th USENIX Security Symposium,
`August, 2012. (Acceptance rate=19%)
`
`[P16] Toward Efficient Querying of Compressed Network Payloads. Teryl Taylor, Scott E. Coull,
`Fabian Monrose and John McHugh. In USENIX Annual Technical Conference, June,
`2012. (Acceptance rate=18%)
`
`[P17] iSpy: Automatic Reconstruction of Typed Input from Compromising Reflections. Rahul
`Raguram, Andrew White, Dibyendusekhar Goswami, Fabian Monrose and Jan-Michael
`Frahm. In Proceedings of the 18th ACM Conference on Computer and Communica-
`tions Security (CCS), November, 2011. (Acceptance rate=14%)
`
`[P18] ShellOS: Enabling Fast Detection and Forensic Analysis of Code Injection Attacks. Kevin
`Snow, Srinivas Krishnan, Fabian Monrose and Niels Provos. In Proceedings of the 20th
`USENIX Security Symposium, August, 2011. (Acceptance rate=17%)
`
`[P19] An Empirical Study of the Performance, Security and Privacy Implications of Domain Name
`Prefetching. Srinivas Krishnan and Fabian Monrose. In Proceedings of the 41st Annual
`IEEE/IFIP International Conferences on Dependable Systems and Networks; Depend-
`able Computing and Communications Symposium, June, 2011. (Acceptance rate=17.6%)
`
`[P20] Amplifying Limited Expert Input to Sanitize Large Network Traces. Xin Huang, Fabian
`Monrose, and Michael K. Reiter. In Proceedings of the 41st Annual IEEE/IFIP Interna-
`tional Conferences on Dependable Systems and Networks; Performance and Depend-
`ability Symposium, June, 2011.
`
`[P21] Phonotactic Reconstruction of Encrypted VoIP Conversations. Andrew White, Kevin Snow,
`Austin Matthews and Fabian Monrose. In Proceedings of 32nd IEEE Symposium on
`Security and Privacy, May, 2011. (Best Paper Award). (Acceptance rate=11.1%)
`
`[P22] Towards Optimized Probe Scheduling for Active Measurement Studies. Daniel Kumar, Fabian
`Monrose and Michael K. Reiter. In Proceedings of the 6th International Conference on
`Internet Monitoring and Protection (ICIMP), March, 2011 (Best Paper Award).
`
`[P23] On Measuring the Similarity of Network Hosts: Pitfalls, New Metrics, and Empirical Analy-
`ses. Scott Coull, Micheal Bailey and Fabian Monrose. In Proceedings of the 18th Annual
`Network and Distributed Systems Security Symposium, February, 2011. (Acceptance
`rate=20%)
`
`[P24] Trail of Bytes: Efficient Support for Forensic Analysis. Srinivas Krishnan, Kevin Snow,
`and Fabian Monrose. In Proceedings of the 17th ACM Conference on Computer and
`Communications Security (CCS), November, 2010. (Acceptance rate=17.2%)
`
`[P25] The Security of Modern Password Expiration: An Algorithmic Framework and Empirical
`Analysis. Yinqian Zhang, Fabian Monrose, and Michael K. Reiter. In Proceedings of the
`
`Fabian Monrose
`
`page 6
`
`Page 6 of 18
`
`

`
`17th ACM Conference on Computer and Communications Security (CCS), November,
`2010. (Acceptance rate=17.2%)
`
`[P26] Traffic Classification using Visual Motifs: An Empirical Evaluation. Wilson Lian, Fabian
`Monrose and John McHugh. In Proceedings of the 7th International Symposium on
`Visualization for Cyber Security (VizSec), September, 2010.
`
`[P27] Understanding Domain Registration Abuses. Scott Coull, Andrew White, Ting-Fang Yen,
`Fabian Monrose and Michael K. Reiter. In Proceedings of the International Information
`Security Conference, September, 2010.
`
`[P28] English Shellcode. Josh Mason, Sam Small, Greg McManus and Fabian Monrose. In
`Proceedings of the 16th ACM Conference on Computer and Communications Security
`(CCS), pages 524-533, November, 2009. (Acceptance rate=18.4%)
`
`[P29] Browser Fingerprinting from Coarse Traffic Summaries: Techniques and Implications. Ting-
`Fang Yen, Xin Huang, Fabian Monrose and Michael K. Reiter. In Proceedings of 6th
`Conference on Detection of Intrusions and Malware and Vulnerability Assessment,
`pages 157-175, July, 2009.
`
`[P30] Toward Resisting Forgery Attacks via Pseudo-Signatures.
`Jin Chen, Dan Lopresti and
`Fabian Monrose. In Proceedings of 10th International Conference on Document Anaal-
`ysis and Recognition (ICDAR), July, 2009.
`
`[P31] The Challenges of Effectively Anonymizing Network Data. Scott Coull, Fabian Monrose,
`Michael K. Reiter and Michael Bailey. In Proceedings of the DHS Cybersecurity Appli-
`cations and Technology Conference for Homeland Security (CATCH), pages 230-236,
`2009.
`
`[P32] Efficient Defenses Against Statistical Traffic Analysis. Charles Wright, Scott Coull and
`Fabian Monrose. In Proceedings of Network and Distributed Systems Security, pages
`237-250 Feb, 2009. (Acceptance rate=11.7%).
`
`[P33] Towards Practical Biometric Key Generation with Randomized Biometric Templates. Lucas
`Ballard, Seny Kamara, Fabian Monrose, and Michael K. Reiter. In Proceedings of the
`15th ACM Conference on Computer and Communications Security, pages 235-244.
`Oct, 2008. (Acceptance rate=18.2%).
`
`[P34] All Your iFrames point to us: Characterizing the new malware frontier. Niels Provos,
`Panayiotis Mavrommatis, Moheeb Rajab, and Fabian Monrose. In Proceedings of the
`17th USENIX Security Symposium, pages 1-15, July, 2008. (Acceptance rate=15.9%).
`
`[P35] To Catch a Predator: A Natural Language Approach for Eliciting Protocol Interaction. Sam
`Small, Josh Mason, Fabian Monrose, Niels Provos and Adam Stubblefield. In Proceed-
`ings of the 17th USENIX Security Symposium, pages 171-183, July, 2008. (Acceptance
`rate=15.9%).
`
`[P36] Peeking Through the Cloud: DNS-based client estimation techniques and its applications.
`Moheeb Rajab, Niels Provos, Fabian Monrose and Andreas Terzis. In Proceedings of
`the 6th Applied Cryptography and Network Security conference (ACNS), pages 21-38,
`June, 2008.
`
`Fabian Monrose
`
`page 7
`
`Page 7 of 18
`
`

`
`[P37] Spot Me If You Can: recovering spoken phrases in encrypted VOIP conversations. Charles
`Wright, Lucas Ballard, Scout Coull and Fabian Monrose. In Proceedings of 29th IEEE
`Symposium on Security and Privacy, May, 2008 (17 pages).(Acceptance rate=11.2%).
`
`[P38] Taming the Devil: Techniques for Evaluating Anonymized Network Data. Scott Coull,
`Charles Wright, Angelos Keromytis, Fabian Monrose, and Michael Reiter. In Proceed-
`ings of the 15th Annual Network and Distributed Systems Security Symposium, pages
`125-146, Feb., 2008 (Acceptance rate=18%).
`
`[P39] On Web Browsing Privacy in Anonymized NetFlows. Scott Coull, Michael Collins, Charles
`Wright, Fabian Monrose, and Michael Reiter. In Proceedings of the 16th USENIX Secu-
`rity Symposium, pages 339-352, August, 2007. (Acceptance rate=12.29%).
`
`[P40] Language Identification of Encrypted VoIP Traffic: Alejandra y Roberto or Alice and Bob?
`Charles Wright, Lucas Ballard, Fabian Monrose and Gerald Masson. In Proceedings
`of the 16th USENIX Security Symposium, pages 43-54, August, 2007.
`(Acceptance
`rate=12.29%).
`
`[P41] Towards Valley-free Inter-domain Routing. Sophie Qiu, Patrick McDaniel and Fabian
`Monrose. In Proceedings of the IEEE International Conference on Communications,
`June, 2007. (8 pages)
`
`[P42] Playing Devil’s Advocate: Inferring Sensitive Information from Anonymized Traces. Scott
`Coull, Charles Wright, Fabian Monrose, Michael Collins and Michael Reiter. In Pro-
`ceedings of the 14th Annual Network and Distributed Systems Security Symposium
`(NDSS), pages 35-47, February 2007. (Acceptance rate=15%).
`
`[P43] A Multifaceted Approach to Understanding the Botnet Phenomenon. Jay Zarfoss, Moheeb
`Rajab, Fabian Monrose, and Andreas Terzis. In Proceedings of the ACM SIGCOMM/-
`USENIX Internet Measurement Conference (IMC), pages 41-52, October, 2006. (Accep-
`tance rate=15.25%).
`
`[P44] Fast and Evasive Attacks: Highlighting the Challenges Ahead. Moheeb Rajab, Fabian Mon-
`rose, and Andreas Terzis. In Proceedings of the 9th International Symposium on Recent
`Advances in Intrusion Detection (RAID), pages 206-225, September, 2006 (Acceptance
`rate=17.2%).
`
`[P45] Biometric Authentication Revisited: Understanding the Impact of Wolves in Sheep’s Clothing.
`Lucas Ballard, Fabian Monrose, and Daniel Lopresti. In Proceedings of the USENIX
`Security Symposium, pages 29-41, August 2006 (Acceptance rate=12.3%).
`
`[P46] On Origin Stability in Inter-Domain Routing. Sophie Qui, Patrick McDaniel, Fabian
`Monrose and Aviel D. Rubin.
`In Proceedings of IEEE International Symposium on
`Computers and Communications (ISCC), pages 489-496, July, 2006.
`
`[P47] Memory Bound Puzzles: A Heuristic Approach. Sujata Doshi, Fabian Monrose and Aviel
`D. Rubin. In Proceedings of the International Conference on Applied Cryptography
`and Network Security (ACNS), pages 98-113, June 2006 (Acceptance rate=15.13%).
`
`[P48] Achieving Efficient Conjunctive Searches on Encrypted Data. Lucas Ballard, Seny Kamara
`and Fabian Monrose. In Proceedings of 7th International Conference on Information
`and Communications Security (ICICS), pages 414-426, December, 2005. (Acceptance
`rate=18%)
`
`Fabian Monrose
`
`page 8
`
`Page 8 of 18
`
`

`
`[P49] On the Effectiveness of Distributed Worm Monitoring. Moheeb Rajab, Fabian Monrose
`and Andreas Terzis. In Proceedings of 14th USENIX Security Symposium, pages 225-
`237, August, 2005. (Acceptance rate=14.8%)
`
`[P50] Scalable VPNs for the Global Information Grid. Bharat Doshi, Antonio De Simone, Fabian
`Monrose, Samuel Small, and Andreas Terzis. In Proceedings of IEEE MILCOM, May,
`2005. (7 pages)
`
`[P51] An Extensible Platform for Evaluating Security Protocols. Seny Kamara, Darren Davis,
`Ryan Caudy and Fabian Monrose. In Proceedings of the 38th Annual IEEE Simulation
`Symposium (ANSS), pages 204-213, April, 2005.
`
`[P52] Efficient Time Scoped Searches on Encrypted Audit Logs. Darren Davis, Fabian Monrose,
`In Proceedings of the 5th International Conference on Informa-
`and Michael Reiter.
`tion and Communications Security (ICICS), pages 532-545, October, 2004. (Acceptance
`rate=17%)
`
`[P53] On User-Choice in Graphical Password Systems. Darren Davis, Fabian Monrose, and
`Michael Reiter. In Proceedings of the 13th USENIX Security Symposium, pages 151-
`164, August, 2004. (Acceptance rate=12%)
`
`[P54] Toward Speech-Generated Cryptographic Keys on Resource Constrained Devices. Fabian
`Monrose, Micheal Reiter, Daniel Lopresti, Chilin Shih, and Peter Li. In Proceedings
`of the 11th USENIX Security Symposium, pages 283–296, August, 2002. (Acceptance
`rate=16%)
`
`[P55] Using Voice to Generate Cryptographic Keys: A Position Paper. Fabian Monrose, Michael
`Reiter, Peter Li and Susanne Wetzel. In Proceedings of the 2001: A Speaker Odyssey
`workshop, pages 237-242, 2001.
`
`[P56] Cryptographic Key Generation from Voice. Fabian Monrose, Michael Reiter, Peter Li and
`Susanne Wetzel. In Proceedings of the 21st Annual IEEE Symposium on Security &
`Privacy, pages 202-212, May 2001. (Acceptance rate=17.75%)
`
`[P57] Privacy-Preserving Global Customization. Bob Arlein, Ben Jai, Markus Jakobsson, Fabian
`Monrose, and Michael Reiter. In Proceedings of the 2nd ACM Conference on Electronic
`Commerce, pages 176-184. April 2000. (Acceptance rate=18%)
`
`[P58] Password Hardening using Keystroke Dynamics. Fabian Monrose, Michael K. Reiter and
`Susanne Wetzel. In Proceedings of the 6th ACM Conference on Computer and Com-
`munications Security, pages 73-82, November 1999. (Acceptance rate=19.3%)
`
`[P59] The Design and Analysis of Graphical Passwords. Ian Jermyn, Alain Mayer, Fabian Mon-
`rose, Michael K. Reiter and Aviel D. Rubin. In Proceedings for the 8th USENIX Security
`Symposium, pages 1-14, August 1999. (Best Paper Award). (Acceptance rate=26%)
`
`[P60] Distributed Execution with Remote Audit. Fabian Monrose, Peter Wyckoff and Aviel D.
`Rubin. In Proceedings of the ISOC Network and Distributed Systems Security Sympo-
`sium (NDSS), pages 103-113, February 1999. (Acceptance rate=24%)
`
`[P61] Third Party Validation for Java Applications.
`Ian Jermyn, Fabian Monrose, and Peter
`Wyckoff. In Proceedings of the International Conference on Computers and their Ap-
`plications, March 1998.
`
`Fabian Monrose
`
`page 9
`
`Page 9 of 18
`
`

`
`[P62] Authentication via Keystroke Dynamics. Fabian Monrose and Aviel D. Rubin. In Proceed-
`ings of the 4th ACM Conference on Computer and Communications Security, pages
`48-56, April 1997. (Acceptance rate=26.6%)
`
`Refereed
`Journal
`Publications
`
`[P63] Security and Usability Challenges of Moving-Object CAPTCHAs: Decoding Codewords in
`Motion. Yi Xu, Gerardo Reynaga, Sonia Chiasson, Jan-Michael Frahm and Fabian Mon-
`rose. IEEE Transactions on Dependable and Secure Computing, February, 2014.
`
`[P64] On the Privacy Risks of Virtual Keyboards: Automatic Reconstruction of Typed Input from
`Compromising Reflections. Rahul Raguram, Andrew White, Yi Xu, Jan-Michel Frahm,
`Pierre Georgel, and Fabian Monrose. IEEE Transactions on Dependable and Secure
`Computing, Volume 10, Issue 3, pages 154-167, May-June, 2013.
`
`[P65] Trail of Bytes: New Techniques for Supporting Data Provenance and Limiting Privacy Breaches.
`Srinivas Krishnan, Kevin Snow, and Fabian Monrose. IEEE Transactions on Informa-
`tion Forensics and Security, pages 1876-1889, Issue 6, Volume 7, 2012.
`
`[P66] Understanding Domain Registration Abuses (Invited Paper). Scott Coull, Andrew White,
`Ting-Fang Yen, Fabian Monrose and Michael K. Reiter. Special Issue of Computers &
`Security (COSE), pages 806-815, Volume 31, Number 7, October, 2012.
`
`[P67] Uncovering Spoken Phrases in Encrypted Conversations. Charles Wright, Lucas Ballard,
`Scott Coull, Fabian Monrose, and Gerald Masson. ACM Transactions on Information
`and Systems Security (TISSEC), Volume 13, Number 4, pages 1 - 30, December, 2010.
`
`[P68] Peeking Through the Cloud: Client Density Estimation via DNS Cache Probing. Moheeb
`Abu Rajab, Fabian Monrose and Niels Provos. ACM Transactions on Internet Tech-
`nologies (TOIT), Volume 10, Number 3, October, 2010.
`
`[P69] Forgery Quality for Behavioral Biometric Security. Lucas Ballard, Daniel Lopresti and
`Fabian Monrose. IEEE Transactions on System, Man and Cybernetics, (Special Issue
`on Biometric Security), pages 1107-1118, December, 2006. (Acceptance rate=18.75%).
`
`[P70] On Inferring Application Protocol Behaviors in Encrypted Network Traffic. Charles Wright,
`Fabian Monrose, and Gerald Masson. Journal of Machine Learning Research (Special
`Issue on Machine Learning for Computer Security), Volume 7, pages 2745-2769, De-
`cember, 2006. (Acceptance rate=20%)
`
`[P71] Password Hardening using Keystroke Dynamics. Fabian Monrose, Micheal Reiter, and
`Susanne Wetzel. In Journal of Information Security (IJCS), Volume 1, Number 2, pages
`69-83, February 2002.
`
`[P72] Keystroke Dynamics as a Biometric for Authentication. Fabian Monrose and Aviel D. Ru-
`bin. Future Generation Computing Systems Journal: Security on the Web (Special Is-
`sue), pages 351-359, volume 16, March 2000.
`
`Fabian Monrose
`
`page 10
`
`Page 10 of 18
`
`

`
`Refereed
`Workshop
`Publications
`
`[P73] Isn’t that Fantabulous: Security, Linguistic and Usability Challenges of Pronounceable To-
`kens. Andrew White, Katherine Shaw, Fabian Monrose and Elliott Moreton. In Pro-
`ceedings of the New Security Paradigms Workshop (NSPW), September, 2014. (Ac-
`ceptance rate=32%).
`
`[P74] Automatic Hooking for Forensic Analysis of Document-based Code Injection Attacks: Tech-
`niques and Empirical Analyses. Kevin Snow and Fabian Monrose. In Proceedings of the
`European Workshop on System Security (EuroSec), April, 2012. (6 pages).
`
`[P75] DNS Prefetching and Its Privacy Implications. Srinivas Krishnan and Fabian Monrose.
`In Proceedings of the 3rd USENIX Workshop on Large-Scale Exploits and Emergent
`Threats, April, 2010. (9 pages)
`
`[P76] Secure Recording of Accesses to a Protected Datastore. Srinivas Krishnan and Fabian Mon-
`rose. In Proceedings of the 2nd ACM Workshop on Virtual Machine Security (VMSec),
`pages 23-32, November, 2009.
`
`[P77] My Botnet is Bigger than Yours (Maybe, Better than Yours): Why size estimates remain chal-
`lenging. Moheeb Rajab, Jay Zarfoss, Fabian Monrose and Andreas Terzis. In Proceed-
`ings of USENIX Workshop on Hot Topics in Understanding Botnets, April, 2007 (Ac-
`ceptance rate=32.4%) (8 pages).
`
`[P78] Using Visual Motifs to Classify Encrypted Traffic. Charles Wright, Fabian Monrose and
`Gerald Masson. In Proceedings of the ACM Workshop of Visualization for Computer
`Security (VizSEC), November, 2006 (Acceptance rate=34%) (8 pages).
`
`[P79] On the Impact of Dynamic Addressing on Malware Propagation. Moheeb Rajab, Fabian
`Monrose, and Andreas Terzis. In Proceedings of the 4th ACM Workshop of Recurring
`Malcode (WORM), November, 2006 (Acceptance rate=29%) (8 pages)
`
`[P80] Efficient Techniques for Detecting False Origin Advertisements in Inter-domain Routing. So-
`phie Qui, Patrick McDaniel, Fabian Monrose, and Andreas Terzis. In Proceedings of
`the 2nd Workshop on Secure Network Protocols, pages 12-19, November 2006. (Accep-
`tance rate=40%).
`
`[P81] Evaluating the Security of Handwriting Biometrics. Lucas Ballard, Daniel Lopresti and
`Fabian Monrose. In Proceedings of the 10th International Workshop on Frontiers in
`Handwriting Recognition, pages 461-466, October, 2006 (Acceptance rate=28.5%).
`
`[P82] Worm Evolution Tracking via Timing Analysis. Moheeb Rajab, Fabian Monrose and
`In Proceedings of the 3rd ACM Workshop on Recurring Malware
`Andreas Terzis.
`(WORM), pages 52-59, November, 2005 (Acceptance rate=25%).
`
`[P83] HMM Profiles for Network Traffic Classification (extended Abstract). Charles Wright, Fabian
`Monrose and Gerald Masson. In Proceedings of ACM Workshop on Visualization and
`Data Mining for Computer Security (VizSEC/DMSEC), pages 9-15, October, 2004.
`
`Fabian Monrose
`
`page 11
`
`Page 11 of 18
`
`

`
`Book Chapters
`
`[B1] Graphical Passwords (revisited). Fabian Monrose and Micheal Reiter. Security and Usabil-
`ity: Designing Security Systems That People Can Use. Editors: Lorrie Cranor and Simson
`Garfinkel. OReilly & Associates, 2005.
`
`Manuscripts
`in Progress
`
`[U84] Caught Red Handed: Video-based subsequence matching under real-world transfor-
`mations. Y. Xu, J-M. Frahm, and Fabian Monrose. Submitted for peer review, 2016.
`
`[U85] Winter is Coming: Keeping Zombie Gadget at Bay by Rerandomizing after Disclo-
`sure. Micah Morton, Forrest Li, Kevin Snow. Submitted for peer review, 2016.
`
`[U86] The Rise of Rampant Misconfigurations, Vulnerabilities and Privacy Leakages in the
`Internet of Things Era. C. Lever, A. Hall, O Alrawi, Y. Nadji, K. Flansburg, J. Werner,
`M. Antonakakis and F. Monrose. Submitted for peer review, 2016.
`
`[U87] Tackling the Fear of the Unknown in Network Security: New methods and large-scale
`empirical analyses. C. Lever, Y. Nadji, F. Monrose, D. Dagon and M. Antonakakis.
`Submitted for peer review, 2016.
`
`Other
`Manuscripts
`
`[M88] Towards Stronger User Authentication, Ph.D. Thesis. Fabian Monrose. Courant Institute
`of Mathematical Sciences, New York University, May 1999.
`
`[M89] Correlation Resistant Storage. Lucas Ballard, Mathew Green, Breno de Medeiros and
`Fabian Monrose. Cryptology ePrint Archive Report 2005/417.
`
`[M90] Evaluating Biometric Security (Invited Paper). Daniel Lopresti, Lucas Ballard and Fabian
`In Proceedings of the 1st Korea-Japan Workshop on Pattern Recognition,
`Monrose.
`November 2006. (6 pages)
`
`[M91] Biometric Key Generation using Pseudo-Signatures (Poster Presentation). Lucas Ballard,
`Jin Chen, Daniel Lopresti and Fabian Monrose. In International Conference on Fron-
`tiers of Handwriting Recognition, Feb. 2008 (8 pages).
`
`[M92] Masquerade: Simulating a Thousand Victims Sam Small, Josh Mason, Ryan MacArthur.
`In ;login: The USENIX Magazine, December 2008.
`
`[G]: Teaching
`Activities
`• Introduction to Computer Security, Spring 2016, 43 students.
`• Introduction to Computer Security, Spring 2015, 30 students.
`
`Fabian Monrose
`
`page 12
`
`Page 12 of 18
`
`

`
`• Introduction to Computer Security, Spring 2012, 26 students.
`• Network Security, Fall 2008, 21 students.
`• Special Topics in Computer Science, Spring 2009, 7 students.
`• Network Security, Fall 2009, 16 students.
`• Introduction to Computer Security, Spring 2010, 17 students.
`• Network Security, Fall 2010, 11 students.
`• Introduction to Computer Security, Spring 2012, 25 students.
`
`Past & Current
`Students
`• Sophie Qui (co-advised with G. Mason), Ph.D., Spring 2007, (Cisco Systems)
`• Charles Wright, Spring 2008, Ph.D., (Portland State University)
`• Seny Kamara, Spring 2008, Ph.D., (Microsoft Research)
`• Moheeb Abu Rajab (co-advised with A. Terzis), Ph.D., Spring 2008, (Google Inc.)
`• Lucas Ballard, Spring 2008, Ph.D., (Google Inc.)
`• Scott Coull, Fall 2009, Ph.D., (RedJack)
`• Josh Mason, Fall 2009, Ph.D., (Independent Consultant)
`• Kevin Snow, Spring 2014, Ph.D., UNC Chapel Hill
`• Andrew White, Fall 2015, Ph.D., Netflix
`• Teryl Taylor (current), Ph.D. candidate, UNC Chapel Hill
`• Srinivas Krishnan (co-advised with K. Jeffay; deferred), Ph.D. candidate, Google
`• Yi Xu (co-advised with Jan-Michael Frahm), Snapchat
`• Micah Moreton (current), Ph.D. candidate, UNC Chapel Hill
`
`Doctoral
`Committees
`• (Reader) Breno de Medeiros, New Cryptographic Primitives and Applications, Ph.D., Johns
`Hopkins University, May 2004
`• (Reader) Kendall Giles, Know