| [CS06] | Comparing Java and .NET Security: Lessons Learned and Missed |
| Nathanael Paul, David Evans. Computers & Security, Volume 25, Issue 5, July 2006. | |
| [MSST06] | Thermal Attacks on Storage Systems |
| Nathanael Paul, Sudhanva Gurumurthi, and David Evans. NASA/IEEE Conference on Mass Storage Systems and Technologies (MSST), May 2006. Although no disks were vulnerable to this attack at the time of this paper, disks now exist that implement request throttling as described in the paper (thus, may be vulnerable to this attack). |
|
| [COBASSA05] | Towards Disk-level Malware Detection |
| Nathanael Paul, Sudhanva Gurumurthi, and David Evans. Workshop on Code Based Software Security Assessments (CoBaSSA), November 2005. For more information, go to: http://www.cs.virginia.edu/malware |
|
| [USENIX05] | Where's the FEEB? The Effectiveness of Instruction Set Randomization (PDF, HTML) |
| Ana Sovarel, David Evans, Nathanael Paul. Fourteenth USENIX Security Conference. August 1-5, 2005, Baltimore, MD. | |
| [ACSAC04] | .NET Security: Lessons Learned and Missed from Java |
| Nathanael Paul, David Evans. Twentieth Annual Computer Security Applications Conference (ACSAC). December 6-10, 2004, Tucson, AZ. (slides: PPT) |
|
| [IEEESP04] | Election Security: Perception and Reality |
| David Evans, Nathanael Paul. IEEE Security and Privacy, January-February 2004. | |
| [HCI03] | Authentication for Remote Voting |
| Nathanael Paul, David Evans, Avi Rubin, Dan Wallach. Workshop on Human-Computer Interaction and Security Systems. April 6, 2003, Ft. Lauderdale, FL. |
 |
| The Rotunda From http://www.itc.virginia.edu/pubs/uva-images/ |