David Evans — Publications

Peer-Reviewed Papers · Invited Papers · Proposals · Technical Reports and Theses

Google Scholar Page


Dori-Mic and the Universal Machine!
A Tragicomic Tale of Combinatorics and Computability for Curious Children of All Ages (With Illustrations by Kim Dylla), 2014.

Introduction to Computing:
Explorations in Language, Logic, and Machines
Introductory computer science coursebook, 2007-2012.

Peer-Reviewed Research Papers

Efficient Dynamic Searchable Encryption with Forward Privacy
Mohammad Etemad, Alptekin Küpçü Charalampos Papamanthou, and David Evans. In Privacy Enhancing Technologies Symposium (PETS). Barcelona, Spain. 24 – 27 July 2018. [PDF]
Misery Digraphs: Delaying Intrusion Attacks in Obscure Clouds
Hussain Almohri, Layne T. Watson, and David Evans. IEEE Transactions on Information Forensics and Security. Volume 13, Number 6. June 2018. [PDF]
Fidelius Charm: Isolating Unsafe Rust Code
Hussain M. J. Almohri and David Evans. 8th ACM Conference on Data and Application Security and Privacy. Tempe, Arizona. March 2018. [PDF]
Feature Squeezing: Detecting Adversarial Examples in Deep Neural Networks
Weilin Xu, David Evans, and Yanjun Qi. In 2018 Network and Distributed System Security Symposium. 18-21 February, San Diego, California. [PDF] [Project]
Privacy-Preserving Distributed Linear Regression on High-Dimensional Data
Adrià Gascón and Phillipp Schoppmann and Borja Balle and Mariana Raykova and Jack Doerner and Samee Zahur and David Evans. In Privacy Enhancing Technologies Symposium (PETS). Minneapolis, Minnesota, 18 – 21 July 2017. [PDF]
Aggregating Private Sparse Learning Models Using Multi-Party Computation
Lu Tian, Bargav Jayaraman, Quanquan Gu, and David Evans. Private Multi-Party Machine Learning (NIPS 2016 Workshop). Barcelona, 9 December 2016. [PDF, 6 pages] [Project]
Secure Stable Matching at Scale
Jack Doerner, David Evans, abhi shelat. 23rd ACM Conference on Computer and Communications Security (CCS). Vienna, Austria. 24-28 October 2016. [PDF, 12 pages] [Project]
Revisiting Square-Root ORAM Efficient Random Access in Multi-Party Computation
Samee Zahur, Xiao Wang, Mariana Raykova, Adrià Gascón, Jack Doerner, David Evans, Jonathan Katz. 37th IEEE Symposium on Security and Privacy (“Oakland”). San Jose, CA. 23-25 May 2016. [PDF, 17 pages] [Project]
Automatically Evading Classifiers: A Case Study on PDF Malware Classifiers
Weilin Xu, Yanjun Qi, and David Evans. Network and Distributed System Security Symposium (NDSS). San Diego, CA. 21-24 February 2016. [PDF, 15 pages] [EvadeML.org]
Understanding and Monitoring Embedded Web Scripts
Yuchen Zhou and David Evans. 36th IEEE Symposium on Security and Privacy ("Oakland"). San Jose, CA. 18-20 May 2015. [PDF, 16 pages] [ScriptInspector.org]
Two Halves Make a Whole: Reducing Data Transfer in Garbled Circuits using Half Gates
Samee Zahur, Mike Rosulek, and David Evans. EuroCrypt 2015. Sofia, Bulgaria. 26-30 April 2015. [PDF, 28 pages] [Code]
SSOScan: Automated Testing of Web Applications for Single Sign-On Vulnerabilities
Yuchen Zhou and David Evans. 23rd USENIX Security Symposium, San Diego, CA 20-22 August 2014. [PDF, 16 pages]
Explicating SDKs: Uncovering Assumptions Underlying Secure Authentication and Authorization
Rui Wang, Yuchen Zhou, Shuo Chen, Shaz Qadeer, David Evans, and Yuri Gurevich. 22nd USENIX Security Symposium, Washington DC, 14-16 August 2013. [PDF, 16 pages]
Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose
Yan Huang, Jonathan Katz, and David Evans. 33rd International Cryptology Conference (CRYPTO 2013), Santa Barbara, CA, 18-22 August 2013. [PDF, 16 pages]
GuarDroid: A Trusted Path for Password Entry
Tianhao Tong and David Evans. Moble Security Technologies (MoST), San Francisco, CA, 23 May 2013. [PDF, 10 pages]
Circuit Structures for Improving Efficiency of Security and Privacy Tools
Samee Zahur and David Evans. 34th IEEE Symposium on Security and Privacy ("Oakland"), San Francisco, CA, 19-22 May 2013. [PDF, 15 pages]
Quid Pro Quo-tocols: Strengthening Semi-Honest Protocols with Dual Execution
Yan Huang, Jonathan Katz, and David Evans. In 33rd IEEE Symposium on Security and Privacy ("Oakland" 2012), San Francisco, CA. 20-23 May 2012. [PDF, 13 pages]
Private Set Intersection: Are Garbled Circuits Better than Custom Protocols?
Yan Huang, David Evans, and Jonathan Katz. In 19th Network and Distributed Security Symposium (NDSS 2012), San Diego, CA. 5-8 February 2012. [PDF, 15 pages]
Automated Black-Box Detection of Side-Channel Vulnerabilities in Web Applications
Peter Chapman and David Evans. In 18th ACM Conference on Computer and Communications Security (CCS 2011), Chicago, IL. 17-21 October 2011. [PDF, 12 pages]
Auditing Information Leakage for Distance Metrics
Yikan Chen and David Evans. In Third IEEE Conference on Privacy, Security, Risk and Trust, Boston, MA, 9-11 October 2011. [PDF, 10 pages]
Protecting Private Web Content from Embedded Scripts
Yuchen Zhou and David Evans. To appear in European Symposium on Research in Computer Security (ESORICS 2011), Lueven, Belguim. 12-14 September 2011. [PDF, 20 pages]
Privacy-Preserving Applications on Smartphones
Yan Huang, Peter Chapman, and David Evans. To appear in 6th USENIX Workshop on Hot Topics in Security (HotSec 2011), San Francisco. 9 August 2011. [PDF, 6 pages]
Faster Secure Two-Party Computation Using Garbled Circuits
Yan Huang, David Evans, Jonathan Katz, and Lior Malka. 20th USENIX Security Symposium, San Francisco, CA. 8-12 August 2011. (PDF, 16 pages)
Private Editing Using Untrusted Cloud Services
Yan Huang and David Evans. Second International Workshop on Security and Privacy in Cloud Computing. Minneapolis, Minnesota. 24 June 2011. (PDF, 10 pages)
GuardRails: A Data-Centric Web Application Security Framework
Jonathan Burket, Patrick Mutchler, Michael Weaver, Muzzammil Zaveri, and David Evans. 2nd USENIX Conference on Web Application Development  (WebApps 2011). Portland, Oregon. 15-16 June 2011. (PDF, 12 pages)
A Sub-0.5V Lattice-Based Public-Key Encryption Scheme for RFID Platforms in 130nm CMOS
Yu Yao, Jiawei Huang, Sudhanshu Khanna, abhi shelat, Benton Highsmith Calhoun, John Lach, and David Evans. 2011 Workshop on RFID Security (RFIDsec'11 Asia), Wuxi, China, 6-8 April 2011. (PDF, 19 pages)
Efficient Privacy-Preserving Biometric Identification
Yan Huang, Lior Malka, David Evans, and Jonathan Katz. 18th Network and Distributed System Security Symposium (NDSS 2011), San Diego, 6-9 February 2011. (PDF, 14 pages)
Why Aren't HTTP-only Cookies More Widely Deployed?
Yuchen Zhou and David Evans. Web 2.0 Security and Privacy (W2SP), Oakland, CA, 20 May 2010. (Paper: PDF, 5 pages)
Privacy through Noise: A Design Space for Private Identification
Karsten Nohl and David Evans. 2009 Annual Computer Security Applications Conference (ACSAC), Honolulu, Hawaii, 7-11 December 2009. (Paper: PDF, 10 pages)
The User is Not the Enemy: Fighting Malware by Tracking User Intentions
Jeff Shirley and David Evans. New Security Paradigms Workshop (NSPW 2008), Lake Tahoe, California, 22-25 September 2008. (Paper: PDF, 13 pages)
Hiding in Groups: On the Expressiveness of Privacy Distributions
Karsten Nohl and David Evans. 23rd International Information Security Conference (SEC 2008). Co-located with IFIP World Computer Congress 2008. Milan, Italy. 8-10 September 2008. (Paper: PDF, 15 pages; Extended technical report: PDF, 18 pages)
Reverse-Engineering a Cryptographic RFID Tag
Karsten Nohl, David Evans, Starbug, and Henryk Plötz. USENIX Security 2008. San Jose, CA. July 2008. (PDF, 9 pages; HTML)
Privacy Protection for Social Networking Platforms
Adrienne Felt and David Evans. Web 2.0 Security and Privacy 2008 (in conjunction with 2008 IEEE Symposium on Security and Privacy). Oakland, CA. 22 May 2008. (PDF, 8 pages) (Talk slides: PDF)
Security through Redundant Data Diversity
Anh Nguyen-Tuong, David Evans, John C. Knight, Benjamin Cox, Jack W. Davidson. 38th IEEE/IFPF International Conference on Dependable Systems and Networks, Anchorage, Alaska, June 2008. (PDF, 10 pages)
Talking to Strangers Without Taking Their Candy: Isolating Proxied Content
Adrienne Felt, Pieter Hooimeijer, David Evans, Westley Weimer. First International Workshop on Social Network Systems, Glasgow, Scotland, April 2008. (PDF, 6 pages)
Quantifying Information Leakage in Tree-Based Hash Protocols (short paper)
Karsten Nohl and David Evans. Eighth International Conference on Information and Communications Security (ICICS). Raleigh, North Carolina, December 2006. (Paper: PDF, 10 pages; Technical Report (UVA-CS-2006-20): PDF, 12 pages)
N-Variant Systems: A Secretless Framework for Security through Diversity
Benjamin Cox, David Evans, Adrian Filipi, Jonathan Rowanhill, Wei Hu, Jack Davidson, John Knight, Anh Nguyen-Tuong, and Jason Hiser. 15th USENIX Security Symposium, Vancouver, BC, August 2006. (PDF, 16 pages; HTML)
Comparing Java and .NET security: Lessons Learned and Missed
Nathanael Paul and David Evans. Computers & Security, Volume 25, Issue 5, July 2006. (PDF, HTML, 13 pages)

Secure and Practical Defense Against Code-injection Attacks Using Software Dynamic Translation

Wei Hu, Jason Hiser, Dan Williams, Adrian Filipi, Jack W. Davidson, David Evans, John C. Knight, Anh Nguyen-Tuong, and Jonathan Rowanhill. Second International Conference on Virtual Execution Environments. Ottawa, Canada, June 14-16, 2006. (PDF, 11 pages)
Perracotta: Mining Temporal API Rules From Imperfect Traces
Jinlin Yang, David Evans, Deepali Bhardwaj, Thirumalesh Bhat, Manuvir Das. 28th International Conference in Software Engineering, Research Track, Shanghai, China, May 2006. (PDF, 10 pages; Perracotta web site)
Inculcating Invariants in Introductory Courses
David Evans and Michael Peck. 28th International Conference in Software Engineering, Education Track, Shanghai, China, May 2006. (PDF, 6 pages; Talk [PPT])
Thermal Attacks on Storage Systems
Nathanael Paul, Sudhanva Gurumurthi, David Evans. 14th NASA Goddard, 23rd IEEE Conference on Mass Storage Systems and Technologies, College Park, Maryland, May 2006. (PDF, 9 pages)
Towards Disk-Level Malware Detection
Nathanael Paul, Sudhanva Gurumurthi, David Evans. Workshop on Code Based Software Security Assessments. Pittsburgh, Pennsylvania, USA, 7 November 2005.
Toasters, Seat Belts, and Inferring Program Properties
David Evans. IFIP Working Conference on Verified Software: Theories, Tools, Experiments. Zürich, Switzerland. 10-13 October 2005. (PDF, 8 pages)
Where's the FEEB?: The Effectiveness of Instruction Set Randomization
Ana Nora Sovarel, David Evans and Nathanael Paul. 14th USENIX Security Symposium. Baltimore, MD. August 2005. (PDF, HTML, 16 pages)
Automatically Hardening Web Applications Using Precise Tainting
Anh Nguyen-Tuong, Salvatore Guarnieri, Doug Greene, Jeff Shirley, and David Evans. IFIP TC11 20th International Conference on Information Security, June 2005. (PDF, 12 pages)
.NET Security: Lessons Learned and Missed from Java
Nathanael Paul and David Evans. Twentieth Annual Computer Security Applications Conference (ACSAC 2004). December 6-10, 2004, Tucson, Arizona. (PDF, 10 pages) (Extended version published in Computers & Security.)
Automatically Inferring Temporal Properties for Program Evolution
Jinlin Yang and David Evans. Fifteenth IEEE International Symposium on Software Reliability Engineering (ISSRE 2004). 2-5 November 2004, Saint-Malo, France. (PDF, 12 pages)
Localization for Mobile Sensor Networks
Lingxuan Hu and David Evans. Tenth Annual International Conference on Mobile Computing and Networking (ACM MobiCom 2004). 26 September - 1 October 2004. (PDF, 13 pages)
Dynamically Inferring Temporal Properties
Jinlin Yang and David Evans. ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering (PASTE 2004). Washington, DC 7-8 June 2004. (PDF, 6 pages) [ACM DL Page]
Election Security: Perception and Reality
David Evans and Nathanael Paul. IEEE Security and Privacy, January-February 2004. (PDF, 8 pages)
Using Directional Antennas to Prevent Wormhole Attacks
Lingxuan Hu and David Evans. Network and Distributed System Security Symposium, San Diego, 5-6 February 2004. (PDF, 11 pages)
EnviroTrack: Towards an Environmental Computing Paradigm for Distributed Sensor Networks
T. Abdelzaher, B. Blum B, Q. Cao, Y. Chen, D. Evans, J. George, S. George, L. Gu, T. He, S. Krishnamurthy, L. Luo, S. Son, J. Stankovic, R. Stoleru and A. Wood. The 24th International Conference on Distributed Computing Systems. Tokyo, Japan. March 23-26, 2004. (PDF, 8 pages)
A Biological Programming Model for Self-Healing
Selvin George, David Evans and Steven Marchette. First ACM Workshop on Survivable and Self-Regenerative Systems, October 31, 2003. (PDF, 10 pages)
Power-Efficient Adaptable Wireless Sensor Networks
John Lach, David Evans, Jon McCune, Jason Brandon. Military and Aerospace Programmable Logic Devices (MAPLD) International Conference 2003. September 9-11, 2003. (PDF, 2 page abstract; PDF, full paper, 8 pages)
Towards Differential Program Analysis
Joel Winstead and David Evans. Workshop on Dynamic Analysis. 9 May 2003. (PDF, 4 pages)
Authentication for Remote Voting
Nathanael Paul, David Evans, Avi Rubin and Dan Wallach. Workshop on Human-Computer Interaction and Security Systems. 6 April 2003. (PDF, 4 pages)
Secure Aggregation for Wireless Networks.
Lingxuan Hu and David Evans. Workshop on Security and Assurance in Ad hoc Networks. January, 2003. (PDF, PS, 8 pages)
A Biologically Inspired Programming Model for Self-Healing Systems.
Selvin George, David Evans and Lance Davidson. Workshop on Self-Healing Systems (WOSS'02). November, 2002. (PDF, PS, 3 pages) [ACM DL Page]
Improving Security Using Extensible Lightweight Static Analysis.
David Evans and David Larochelle. IEEE Software, Jan/Feb 2002. (PDF, 10 pages)
Security Issues and Requirements for Internet-Scale Publish-Subscribe Systems.
Chenxi Wang, Antonio Carzaniga, David Evans, Alexander L. Wolf. In Hawaii International Conference on System Sciences, January 7-10, 2002. (PDF, 8 pages)
Structured Exception Semantics for Concurrent Loops.
Joel Winstead and David Evans. In Fourth Workshop on Parallel/High-Performance Object-Oriented Scientific Computing 14-18 October 2001, Tampa Bay. (PS, 20 pages)
Statically Detecting Likely Buffer Overflow Vulnerabilities.
David Larochelle and David Evans. In Proceedings of the 2001 USENIX Security Symposium, Washington, D. C., August 13-17, 2001. (PDF, HTML, 13 pages)
Annotation-Assisted Lightweight Static Checking
David Evans. The First International Workshop on Automated Program Analysis, Testing and Verification (ICSE 2000). Feb 25, 2000.
Separation of Concerns for Security
John Viega and David Evans. Workshop on Multi-Dimensional Separation of Concerns in Software Engineering (ICSE 2000). Feb 25, 2000.
Policy-Directed Code Safety
David Evans and Andrew Twyman. In Proceedings of the 1999 IEEE Symposium on Security and Privacy, Oakland, California, May 9-12, 1999. (PDF, PS, 14 pages)
Static Detection of Dynamic Memory Errors
David Evans. In SIGPLAN Conference on Programming Language Design and Implementation (PLDI '96), Philadelphia, PA, May 1996. (PS, PDF, 10 pages)

LCLint: A Tool for Using Specifications to Check Code

David Evans, John Guttag, Jim Horning and Yang Meng Tan, SIGSOFT Symposium on the Foundations of Software Engineering, December 1994. (PDF, PS; 10 pages)

Invited (and Uninvited) Publications

Keynote: Truth, Social Justice (and the American Way?)
David Evans. Invited paper for keynote talk at First ACM Workshop for Women in Cybersecurity, 30 October 2017. (PDF, 2 pages)
On the Impossibility of Virus Detection
David Evans. 12 February 2017. (PDF, 6 pages)
On the Non-Equivalence of the Kleene-* and Kleene-X Operators
(with Dorina M. Evans). First International Conference on Hygenic Computing, Gesundheit Institute, 12 March 2013.
Efficient Secure Computation with Garbled Circuits
Yan Huang, Chih-hao Shen, David Evans, Jonathan Katz, and abhi shelat. Invited paper for Seventh International Conference on Information Systems Security (ICISS 2011). 15-19 December 2011, Jadavpur University, Kolkata. [PDF (21 pages)]
Science of Security
Special Issue of IEEE Security and Privacy Magazine, May/June 2011. Co-edited by David Evans and Sal Stolfo.


Effectiveness of Moving Target Defenses
David Evans, Anh Nguyen-Tuong, and John Knight. Chapter in Moving Target Defense: An Asymmetric Approach to Cyber Security, edited by Sushil Jajodia. Springer. Planned for 2011. (20 pages)
Automatic Inference and Effective Application of Temporal Specifications
Jinlin Yang and David Evans. Chapter in Mining Software Specifications: Methodologies and Applications. Edited by David Lo, Siau-Cheng Khoo, Chao Liu, and Jiawei Han. CRC Press. 2011. [PDF, 74 pages]
How Computing Changes Thinking
David Evans. Essay in What Should I Read Next?: 70 University of Virginia Professors Recommend Readings in History, Politics, Literature, Math, Science, Technology, the Arts, and More edited by Jessica Feldman and Robert Stilling, University of Virginia Press, 2008. [HTML, PDF, 4 pages]
Creating a Computer Science Major for Arts & Sciences Students
David Evans and J. McGrath Cohoon. Computing Research News, Computing Research Association, January 2008. (PDF, 3 pages)
Hostile Java Applets
David Evans. Article in The Handbook of Information Security. September 2005. [PDF, 10 pages]
Pancakes, Puzzles, and Polynomials: Cracking the Cracker Barrel
Christopher Frost, Michael Peck, David Evans. SIGACT News, March 2004. [PDF, 4 pages]
Finding Security Vulnerabilities Before Evildoers Do
David Evans. Invited paper for Conferencia Internacional de Software Libre, Malaga, Spain, 20 February 2004. [PDF, 6 pages]

LCLint User's Guide

David Evans, February 1996 - 2001. (Obsoleted by Splint.)
Splint User's Guide
Secure Programming Group, 2002.

Selected Proposals

NSF CAREER: Programming the Swarm
David Evans. Submitted July 2000. Grant awarded 1 March 2001 - 28 Feb 2006. (PDF, PS, NSF Page) [Cited in Jane McGonigal's PhD (Performance Studies) Thesis, This Might Be a Game: Ubiquitous Play and Performance at the Turn of the Twenty-First Century!]

University of Virginia Teaching Fellowship: Teaching Introductory Computer Science as a Liberal Art

David Evans. Submitted February 2001. Awarded 2001-2002. (PDF, Course)

NSF CCLI: Teaching Software Engineering Using Lightweight Analysis

David Evans. Submitted June 2001. Grant awarded 1 January 2002 - 31 December 2003. (PDF, PS)
NSF ITR: A Framework for Environment-Aware, Massively Distributed Computing
David Evans (PI), Tarek Abdelzaher and David Brogan. Submitted 13 Nov 2001. Grant awarded September 2002 - August 2005. (PDF)

Technical Reports

Christopher Frost, Michael Peck, David Evans.
Pancakes, Puzzles, and Polynomials: Cracking the Cracker Barrel. University of Virginia Computer Science Technical Report, CS-2004-04. March 2004. [PDF]

David Evans and Michael Peck. Simulating Critical Software Engineering. University of Virginia Computer Science Technical Report, CS-2004-03. February 2004. [PDF]

Weilin Zhong and David Evans. When Ants Attack: Security Issues for Stigmergic Systems. University of Virginia Computer Science Technical Report, CS-2002-23. April 2002. [PDF]


Policy-Directed Code Safety
David Evans. MIT PhD Thesis. October 19, 1999. (abstract; PDF, PS, 137 pages).

Using Specifications to Check Source Code

David Evans. MIT SM Thesis. MIT/LCS/TR-628, June 1994. (PDF, PS, 96 pages)


On the Non-Equivalence of the Kleene-* and Kleene-X Operators

David Evans and Dorina Evans. Zeroth International Conference on Hygenic Computing. 12 March 2013.
On The Run
Marc Raibert, Jessica Hodgins, Robert Playter, Lance Borvansky, Lee Campbell, David Evans, Adam Crane and Marie Lamb, SIGGRAPH `91 Electronic Theater Las Vegas. Also shown at Los Angeles International Animation Celebration, October 1991; London Computer Animation Festival, October 1991; and Imagina, Monte Carlo, January 1992. (Video)

CS 655 David Evans - Publications
University of Virginia
Department of Computer Science
David Evans