Difference between revisions of "Curriculum Vitae"
From Simson Garfinkel
Jump to navigationJump to search
(620 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
< | <span style="font-size: 200%;font-weight:bold;">Simson L. Garfinkel, Ph.D.</span> | ||
__NOTOC__ | |||
<br> | |||
==Research Interests== | ==Research Interests== | ||
Privacy, Cyber Security, Usable Security, Digital Forensics, Institutional Review Boards, and more.... | |||
==Education== | ==Education== | ||
Line 17: | Line 10: | ||
:Dissertation: [http://www.simson.net/thesis/ ''Design Principles and Patterns for Computer Systems that are Simultaneously Secure and Usable''] | :Dissertation: [http://www.simson.net/thesis/ ''Design Principles and Patterns for Computer Systems that are Simultaneously Secure and Usable''] | ||
:Supervised by [http://www.lcs.mit.edu/people/bioprint.php3?PeopleID=81 David D. Clark] and [http://people.csail.mit.edu/rcm/ Robert C. Miller] | :Supervised by [http://www.lcs.mit.edu/people/bioprint.php3?PeopleID=81 David D. Clark] and [http://people.csail.mit.edu/rcm/ Robert C. Miller] | ||
:Honorable mention for the 2005 George M. Sprowls award for the best doctoral | :Honorable mention for the 2005 George M. Sprowls award for the best doctoral thesis in computer science. | ||
;Columbia University School of Journalism, New York, 1988 | ;Columbia University School of Journalism, New York, NY. 1988 | ||
: | :[http://simson.net/ref/1988/diploma_columbia.jpg M.S. in Journalism with Honors] | ||
:Master's | :Master's Thesis: [http://simson.net/clips/academic/1988.Columbia.masters.html ''Tenant Screening Services in the United States''] | ||
:Supervised by Steven Ross | :Supervised by Steven Ross | ||
:Winner of the [http://simson.net/ | :Winner of the [http://simson.net/ref/awards/1988_Columbia_Elisabbeta_DiCagno_Award.pdf 1988 Elisabbeta DiCagno Award] "for the best investigative story on environmental protection or human rights." | ||
;Massachusetts Institute of Technology, Cambridge, MA, 1987 | ;Massachusetts Institute of Technology, Cambridge, MA, 1987 | ||
:S.B. Chemistry; S.B. Political Science; S.B. program in Science, Technology and Society | :[http://simson.net/ref/1987/diploma_mit5.jpg S.B. Chemistry]; [http://simson.net/ref/1987/diploma_mit17.jpg S.B. Political Science]; [http://simson.net/ref/1987/diploma_mit21.jpg S.B. program in Science, Technology and Society] | ||
:Bachelor's thesis: [http://simson.net/clips/academic/1987.pfl_thesis_scan.pdf ''Radio Research, McCarthyism and Paul F. Lazarsfeld''] <span class="web">[http://simson.net/clips/academic/1987.pfl_thesis_ocr.pdf (OCR)]</span> | :Bachelor's thesis: [http://simson.net/clips/academic/1987.pfl_thesis_scan.pdf ''Radio Research, McCarthyism and Paul F. Lazarsfeld''] <span class="web">[http://simson.net/clips/academic/1987.pfl_thesis_ocr.pdf (OCR)]</span> | ||
:Supervised by Peter Buck | :Supervised by Peter Buck | ||
== | ==Positions Held== | ||
===Full-Time Positions=== | |||
;BasisTech, LLC, Somerville, MA {{Date|Sept. 2023--}} | |||
;Chief Scientist | |||
; | ;Schmidt Futures, New York, NY {{Date|Aug 2022--Aug 2023}} | ||
:Program Scientist, [https://ai2050.schmidtfutures.com AI2050] | |||
;U.S. Department of Homeland Security, Washington, DC {{Date|April 2021--July 2022}} | |||
:Senior Data Scientist | |||
;U.S. Census Bureau, Suitland, MD {{Date|Jan 2017--April 2021}} | |||
:Senior Computer Scientist for Confidentiality and Data Access (Dec 2017--April 2021) | |||
:Chief, Center for Disclosure Avoidance Research (Jan 2017--Dec 2017) | |||
;National Institute of Standards and Technology, Gaithersburg, MD {{Date|Jan 2015--Jan 2017}} | |||
:Senior Advisor, Information Access Division. Research includes privacy and data de-identification. | |||
;[http://www.nps.edu Naval Postgraduate School], United States Navy {{Date|Sept. 2006 --Jan 2015}} | |||
;[http://www.nps.edu Naval Postgraduate School], United States Navy {{Date|Sept. 2006 --}} | :Associate Professor (tenured). Research on digital forensics; security and usability; cyberlaw. | ||
:Associate Professor. Research | |||
;[http://www.crcs.deas.harvard.edu/ Center for Research on Computation and Society], Harvard University {{Date|Sept. 2005 --- August 2008}} | ;[http://www.crcs.deas.harvard.edu/ Center for Research on Computation and Society], Harvard University {{Date|Sept. 2005 --- August 2008}} | ||
:Post-doctoral fellow. Research | :Post-doctoral fellow. Research on digital forensics; security and usability. | ||
;[http://www.cs.auckland.ac.nz/ Computer Science Department], University of Auckland, NZ {{Date|August 2005}} | ;[http://www.cs.auckland.ac.nz/ Computer Science Department], University of Auckland, NZ {{Date|August 2005}} | ||
Line 55: | Line 51: | ||
;[http://www.csail.mit.edu/ Computer Science and Artificial Intelligence Laboratory], MIT {{Date|Sept. 2002 --- June 2005}} | ;[http://www.csail.mit.edu/ Computer Science and Artificial Intelligence Laboratory], MIT {{Date|Sept. 2002 --- June 2005}} | ||
:Doctoral student. Research on security and usability; secure messaging; | :Doctoral student. Research on security and usability; secure messaging; and digital forensics. | ||
;[http://simson.net/ref/2000/bb2w/ Broadband2Wireless, Inc.] {{Date|May 2000 --- July 2001}} | ;[http://simson.net/ref/2000/bb2w/ Broadband2Wireless, Inc.] {{Date|May 2000 --- July 2001}} | ||
: | :Chief Scientist for a nation-wide wireless ISP startup. | ||
; | ;Daniel J. Evans School of Public Affairs, University of Washington, Seattle {{Date|January 1997 --- June 1997}} | ||
: | :Visiting Scholar. Completed Web Security, Privacy and Commerce and wrote Database Nation. | ||
;[http://www.sandstorm.net/ Sandstorm Enterprises, Inc.] | ;[http://www.sandstorm.net/ Sandstorm Enterprises, Inc.] | ||
:Founder (1998), CTO (1998-2001 | :Founder (1998), CTO (1998-2001) | ||
:Conceived and organized | :Conceived and organized software development firm specializing in digital forensic tools. Negotiated startup funding. Lead architect and developer of two products. | ||
;Vineyard.NET, Inc {{Date|July 1995 --- September 2002}} | ;Vineyard.NET, Inc {{Date|July 1995 --- September 2002}} | ||
:Co-Founder. Launched first Internet Service Provider on Martha's Vineyard with $5000 in personal investment. Grew company to 1500 subscribers with annual revenue of $500,000. Negotiated sale of company to Broadband2Wireless | :Co-Founder. Launched first Internet Service Provider on Martha's Vineyard with $5000 in personal investment. Grew company to 1500 subscribers with annual revenue of $500,000. Negotiated sale of company to Broadband2Wireless. | ||
;Simson Garfinkel & Associates, Inc. {{Date|May 1992 --- February 1993}} | ;Simson Garfinkel & Associates, Inc. {{Date|May 1992 --- February 1993}} | ||
:Founder. Conceived and organized company to develop and market [http://simson.net/ref/1992/SBook20.pdf SBook], an AI-based address book application for NeXTSTEP-based computers. Lead developer. Supervised two employees. Negotiated sale of company to Sarrus Software, Inc. | :Founder. Conceived and organized company to develop and market [http://simson.net/ref/1992/SBook20.pdf SBook], an AI-based address book application for NeXTSTEP-based computers. Lead developer. Supervised two employees. Negotiated sale of company to Sarrus Software, Inc. | ||
;NeXTWORLD Magazine {{Date|June 1991 --- Sept. 1993}} | |||
:Senior Editor. Wrote, Assigned, and Edited articles about NeXT Computers, Inc., object-oriented technology, and Unix. | |||
;NeXT Computer, Inc. {{Date|May 1990, August 1991}} | ;NeXT Computer, Inc. {{Date|May 1990, August 1991}} | ||
: | :Consultant. Created a kernel-resident CDROM subsystem (ISO 9660 with Rock Ridge extensions) for NeXTSTEP 2.0; updated for NeXTSTEP 3.0. | ||
;IRIS Project, Brown University, {{Date|June 1987 --- August 1987}} | |||
:System programmer. Designed and implemented a CDROM File system NFS Server. | |||
;Weizmann Institute of Science, Israel {{Date|June 1986 --- August 1986}} | |||
:Summer Researcher. Designed and implemented a multitasking laboratory data acquisition system. | |||
===Part-Time and Adjunct Positions=== | |||
;Harvard University, Cambridge, MA {{Date|2024--}} | |||
:Visiting Lecturer | |||
;George Washington University, Washington, DC {{Date|2019--2022}} | |||
:Part-time Faculty | |||
;George Mason University, Vienna, VA {{Date|Jan 2016--May 2019}} | |||
:Adjunct Faculty | |||
;Georgetown University, Washington, DC {{Date|Jan 2016--May 2017}} | |||
:Adjunct Lecturer | |||
;[http://www.basistech.com/ Basis Technology], Cambridge, MA{{Date|2005--2008}} | |||
:Consulting Scientist. | |||
;Northeastern University {{Date|Summer 2004}} | |||
:Instructor | |||
;CSO Magazine, Framingham, MA {{Date|2003--2008}} | |||
:Founding Editor at Large of IDG's magazine devoted to computer security. | |||
;Intellivid, Inc, Cambridge, MA{{Date|2003--2008}} | |||
:Member, Advisory Board. Intellivid developed intelligent video surveillance systems. | |||
;ePrivacy Group, Paoli, PA{{Date|2000-2004}} | |||
:Founder, Advisor of startup that developed server-side privacy and security solutions. | |||
;[http://www.ll.mit.edu/ MIT Lincoln Laboratory] {{Date|Spring 1998, Spring 1999}} | |||
:Consultant. Developed novel Internet attacks for [http://simson.net/clips/academic/1998.Evaluating_IDs_DARPA.pdf 1998 and 1999 DARPA Intrusion Detection Evaluations]. | |||
;[http://www.sandstorm.net/ Sandstorm Enterprises, Inc.] | |||
:Treasurer (2000-2008) | |||
;[http://technologyreview.com Technology Review Magazine], Cambridge, MA {{Date|1998 --- present}} | |||
:Contributing Editor | |||
;Privada, Menlo Park, CA {{Date|1998 --- 1999}} | |||
: Member, Advisory Board, | |||
;Hot Wired, San Francisco, CA{{Date|1996--1997}} | |||
:Columnist. Wrote weekly column on security, privacy and society. | |||
;The Boston Globe, Boston, MA{{Date|1996--2000}} | |||
:Columnist. Wrote weekly column on technology, privacy and society. | |||
;Internet Underground, Chicago, IL {{Date|1996}} | |||
:Editor at Large | |||
;SunExpert Magazine, Computer Publishing Group {{Date|1994 --- 1995}} | |||
:Senior Editor. | |||
;Wired Magazine, San Francisco, CA{{Date|1993--2001}} | |||
:Contributing Writer. | |||
;Christian Science Monitor {{Date|1988 --- 1989}} | |||
:Science Writer. | |||
;N/Hance Systems, Dedham, MA, {{Date|March 1988 --- June 1991}} | ;N/Hance Systems, Dedham, MA, {{Date|March 1988 --- June 1991}} | ||
:Chief Scientist. Developed and marketed Write Once File System. | :Chief Scientist. Developed and marketed Write Once File System. | ||
;Polaroid, Inc. {{Date|January 1987 --- September 1990}} | ;Polaroid, Inc. {{Date|January 1987 --- September 1990}} | ||
:Consultant. Designed and implemented a physician's medical imaging workstation. Novel technology included a write-once file system, custom-built window system, and DSP image processing code. Demonstrated workstation at trade shows and deployed within Polaroid for supporting research. Produced a [http://video.google.com/videoplay?docid=-425751018569475821&hl=en video] of the working system. | :Consultant. Designed and implemented a physician's medical imaging workstation. Novel technology included a write-once file system, custom-built window system, and DSP image processing code. Demonstrated workstation at trade shows and deployed within Polaroid for supporting research. Produced a [http://video.google.com/videoplay?docid=-425751018569475821&hl=en video] of the working system. | ||
; | ;The Jerusalem Post, Jerusalem, Israel{{Date|June 1986--Sept. 1986}} | ||
: | :Contributing Writer | ||
;MIT Media Laboratory {{Date|February 1985 --- June 1987}} | ;MIT Media Laboratory {{Date|February 1985 --- June 1987}} | ||
Line 100: | Line 157: | ||
:Undergraduate Researcher. Designed and implemented graphics libraries in APL and FORTRAN. Developed visualization software for the Physics department's molecular modeling package. | :Undergraduate Researcher. Designed and implemented graphics libraries in APL and FORTRAN. Developed visualization software for the Physics department's molecular modeling package. | ||
== | ==Sponsored Research== | ||
; Previous Sponsored Research, DHS: | |||
* | * Department of Homeland Security, NPS 13 RCFW6, "Detecting Threatening Insiders with Lightweight Media Forensics," FY13-16 | ||
* Department of Homeland Security, NPS 12 R6E5C, "Gaming Systems Monitoring and Analysis Project," FY12-13 | |||
* | |||
; Previous Sponsored Research, DoD: | |||
* | * Department of Defense, NPS 13 RCG53, "DEEP FY13-FY14 RDTE", FY13-14 | ||
* | * Department of Defense, NPS 13 RCG5K, "DEEP FY13 OM", FY13 | ||
* | * Department of Defense, NPS 12 RCF4F, "ADOMEX Research and Development", FY12-13 | ||
* | * Department of Defense, NPS 12 RCF4P, "ADOMEX Research Cat I", FY12-13 | ||
* Department of Defense, NPS 12 VC6CP4, "Automated Media Exploitation Research 3", Oct 2010-Sept. 2012 | |||
* Department of Defense, NPS 11 R6DY9, "Automated Media Exploitation Applied Engineering", Oct 2010-Sept. 2012 | |||
* Department of Defense, NPS 11 RCF6X, "Automated Media Exploitation Support", FY12 | |||
* Department of Defense, NPS 11 R6CU5, "Automated Media Exploitation Research 3", FY10-11 | |||
* Department of Defense, NPS 11 R6E1G, "Direct Staff Support", FY11 | |||
* Defense Manpower Data Center, NPS 11 R6PY1, "Identity and Database Challenges for Force Protection," Oct 2010-May 2011. | |||
* Department of Defense, NPS 11 R4ACU, "Automated Media Exploitation Research P&R," Oct 2010-Sept 2011. | |||
* Department of Defense, NPS 11 R61FP, "Automated Media Exploitation Research 2," April 2010-Sept 2011. | |||
* Department of Defense, NPS 10 RCSPP, "Automated Media Exploitation Research FY2010," July 2009--Sept 2010. | |||
* United States Marine Corps (USMC), NPS JON 10 RCSOE, "Media Exploitation, Evaluation and Development," Oct 2009--Sept 2010. | |||
* Department of Defense, NPS 10 R61IC, "Team Monterey," October 2009--Sept 2010. | |||
* Department of Defense, NPS 10 R617V, "Cyber Policy Review," December 2009--Sept 2010. | |||
* United States Marine Corps (USMC), NPS 09 RCSUP, "Media Exploitation, Evaluation and Development," June 2009--Sept 2009. | |||
* DARPA Sector Discrimination Seedling, NPS 09 RCS70, November 2008--Sept 2009. | |||
* Department of Defense, NPS 09 R9SKL, "Testing of Automated Media Exploitation Tools," December 2007--Sept 2008. | |||
* Department of Defense, NPS 08 R9FNL--106, "Detecting Network Membership with Cross-Drive Analysis," December 2007--September 2008. | |||
; Previous Sponsored Research, FBI: | |||
* | * Federal Bureau of Investigation, NPS 13 RCFQT, "Packet Carving and Visualization", FY12-13 | ||
* Federal Bureau of Investigation, NPS 12 RCF37, "Random Sampling and Small BLock Forensics Innovation", FY12-13 | |||
; Previous Sponsored Research, NIST: | |||
* | * NIST/NPS Interagency Agreement M92367, "Support of NIST Computer Forensics Testing Program," November 2008--January 2009. | ||
= | ;Previous Sponsored Research, NSF: | ||
* [http://www. | * [http://www.nsf.gov/awardsearch/showAward.do?AwardNumber=1140938 National Science Foundation, DUE-1140938], "Developing Materials to Teach Technical Privacy Auditing with Computer Forensic Tools and Realistic Computer Forensic Datasets," FY13-14 | ||
* [http://www.nsf.gov/awardsearch/showAward.do?AwardNumber=0919593 NSF Award DUE-0919593: "Creating Realistic Forensic Corpora for Undergraduate Education and Research,"] Simson L. Garfinkel and Dave Dittrich, PI. October 2009--Sept 2011. | |||
* [http://www.nsf.gov/awardsearch/showAward.do?AwardNumber=0730389 NSF Award 0730389, EXP-SA: Prediction and Detection of Network Membership through Automated Hard Drive Analysis], August 1, 2007--July 31, 2010. (Senior Research Staff; Patrick Wolfe, Principle Investigator.) | |||
; Previous Sponsored Research, NPS Internal Funds | |||
* | * NPS/ITACS, "S/MIME Research," October 2008--September 2009. | ||
=== | ==Academic Publications== | ||
== | ===Refereed Journal Articles=== | ||
== | # Garfinkel, Simson. [https://doi.org/10.2478/jos-2023-0018 "Comment to Mulalidhar and Domingo-Ferrer (2023) – Legacy Statistical Disclosure Limitation Techniques Were Not An Option for the 2020 US Census of Population And Housing"], Journal of Official Statistics, vol.39, no.3, 2023, pp.399-410. https://doi.org/10.2478/jos-2023-0018 | ||
#Garfinkel, S., and Migletz, J., [http://simson.net/clips/academic/2009.IEEE.DOCX.pdf | #Abowd, J., Ashmead, R., Cumings-Menon, R., Garfinkel, S., Heineck, M., Heiss, C., Johns, R., Kifer, D., Leclerc, P., Machanavajjhala, A., Moran, B., Sexton, W., Spence, M., & Zhuravlev, P. (2022). The 2020 Census Disclosure Avoidance System TopDown Algorithm. Harvard Data Science Review, (Special Issue 2). https://doi.org/10.1162/99608f92.529e3cb9 | ||
#Garfinkel, Simson and Claire McKay Bowen, [https://sloanreview.mit.edu/article/preserving-privacy-while-sharing-data/ Preserving Privacy While Sharing Data], MIT Sloan Management Review, April 26, 2022. | |||
#Garfinkel, Simson. [https://mit-serc.pubpub.org/pub/differential-privacy-2020-us-census/release/1 Differential Privacy and the 2020 Census], MIT Schwarzman College of Computing Case Studies in Social and Ethical Responsibilities of Computing, Winter 2022. | |||
#Bowen, Claire McKay and Simson Garfinkel, [https://www.ams.org/journals/notices/202110/rnoti-p1727.pdf The Philosophy of Differential Privacy], AMS Notices, November 2021. | |||
#Garfinkel, Simson, and Mary Theofanos, [https://techscience.org/a/2018100903/ Non-Breach Privacy Events], October 9, 2018, Technology Science. | |||
# Y. Acar, M. Backes, S. Fahl, S. Garfinkel, D. Kim, M. L. Mazurek, and C. Stransky. Comparing the Usability of Cryptographic APIs. In 2017 IEEE Symposium on Security and Privacy (SP), pages 154–171, 2017 | |||
#Theofanos, Mary, Simson Garfinkel, and Yee-Yin Choong, [https://simson.net/clips/academic/2016.IEEESP.Secure_And_Usable_Enterprise_Authentication.pdf Secure and Usable Enterprise Authentication: Lessons from the Field], IEEE Security and Privacy, September/October 2016. | |||
#Garfinkel, Simson, [http://simson.net/clips/academic/2014.JOFS.EncodedData.pdf The Prevalence Of Encoded Digital Trace Evidence in the Non-File Space of Computer Media], ''Journal of Forensic Sciences,'' Summer 2014 | |||
#Garfinkel, Simson, and Michael McCarrin, [http://simson.net/clips/academic/2014.SP.CanWeSniff.pdf "Can We Sniff Wi-Fi"], IEEE Security and Privacy, July/August 2014. | |||
#Garfinkel, Simson, [http://simson.net/clips/academic/2014.IEEE.leaking_pdfs.pdf "Leaking Sensitive Information in Complex Document Files---and How to Prevent It,"] ''IEEE Security and Privacy,'' January/February 2014. | |||
#Garfinkel, Simson, [http://simson.net/clips/academic/2013.COSE.bulk_extractor.pdf Digital media triage with bulk data analysis and bulk_extractor]. Computers and Security 32: 56-72 (2013) | |||
#Young J., Foster, K., Garfinkel, S., and Fairbanks, K., [http://simson.net/clips/academic/2012.IEEE.SectorHashing.pdf Distinct sector hashes for target file detection], IEEE Computer, December 2012 | |||
#Garfinkel, S. [http://simson.net/clips/academic/2012.DI.dfxml.pdf Digital Forensics XML and the DFXML toolset], Digital Investigation, 8 (2012), 161-174. | |||
#Garfinkel, S., and Dinolt, G. [http://simson.net/clips/academic/2011.IEEE.DegradedSecurity.pdf Operations with Degraded Security]. IEEE Security & Privacy, pages 18–23, November/December 2011 | |||
#Phillips, Kenneth N; Aaron Pickett; Simson Garfinkel, [http://simson.net/clips/academic/2011.CrossTalk.Facebook.pdf Embedded with Facebook: DoD Faces Risks from Social Media], CrossTalk, May/June 2011. | |||
#Garfinkel, S., Parker-Wood, A., Huynh, D., and Migletz, J., [http://simson.net/clips/academic/2010.TFIS.Ascription.pdf A Solution to the Multi-User Carved Data Ascription Problem], IEEE Transactions on Information Forensics & Security, December 2010, pages 868--882. | |||
#Garfinkel, S., and Migletz, J., [http://simson.net/clips/academic/2009.IEEE.DOCX.pdf New XML-Based Files: Implications for Forensics], IEEE Security & Privacy Magazine, March/April 2009 (Vol. 7, No. 2) | |||
#Garfinkel, S., [http://simson.net/clips/academic/2009.IJDCF.AFFLIB.pdf Providing Cryptographic Security and Evidentiary Chain-of-Custody with the Advanced Forensic Format, Library, and Tools], The International Journal of Digital Crime and Forensics, Volume 1, Issue 1, January-March 2009. | #Garfinkel, S., [http://simson.net/clips/academic/2009.IJDCF.AFFLIB.pdf Providing Cryptographic Security and Evidentiary Chain-of-Custody with the Advanced Forensic Format, Library, and Tools], The International Journal of Digital Crime and Forensics, Volume 1, Issue 1, January-March 2009. | ||
#Garfinkel, S. [http://simson.net/clips/academic/2007.p42-garfinkel.pdf "Complete Delete vs. Time Machine Computing,"] Operating Systems Review, ACM Special Interest Group on Operating Systems, January 2007. | #Garfinkel, S. [http://simson.net/clips/academic/2007.p42-garfinkel.pdf "Complete Delete vs. Time Machine Computing,"] Operating Systems Review, ACM Special Interest Group on Operating Systems, January 2007. | ||
#Garfinkel, S., [http://simson.net/clips/academic/2006.CACM.AFF.pdf "AFF: A New Format for Storing Hard Drive Images,"] Communications of the ACM, February, 2006. | #Garfinkel, S., [http://simson.net/clips/academic/2006.CACM.AFF.pdf "AFF: A New Format for Storing Hard Drive Images,"] Communications of the ACM, February, 2006. | ||
#The Common Evidence Format Working Group (Carrier, B., Casey, E., Garfinkel, S., Kornblum, J., Hosmer, C., Rogers., M., and Turner., P.,) [http://simson.net/clips/academic/2006.CACM.digital_evidence.pdf "Standardizing Digital Evidence Storage,"] Communications of the ACM, February, 2006. | #The Common Evidence Format Working Group (Carrier, B., Casey, E., Garfinkel, S., Kornblum, J., Hosmer, C., Rogers., M., and Turner., P.,) [http://simson.net/clips/academic/2006.CACM.digital_evidence.pdf "Standardizing Digital Evidence Storage,"] Communications of the ACM, February, 2006. | ||
#Garfinkel, S., Juels, A., Pappu, R., [http://simson.net/clips/academic/2005.IEEE.RFID.pdf "RFID Privacy: An Overview of Problems and Proposed Solutions,"] IEEE Security | #Garfinkel, S., Juels, A., Pappu, R., [http://simson.net/clips/academic/2005.IEEE.RFID.pdf "RFID Privacy: An Overview of Problems and Proposed Solutions,"] IEEE Security & Privacy, Volume 3, Issue 3, pp. 34-43, May-June 2005. | ||
#Garfinkel, S. [http://simson.net/clips/academic/2003.IEEE.EBAI.pdf Email-Based Identification and Authentication: An Alternative to PKI?,] IEEE Security | #Garfinkel, S. [http://simson.net/clips/academic/2003.IEEE.EBAI.pdf Email-Based Identification and Authentication: An Alternative to PKI?,] IEEE Security & Privacy, November/December 2003. | ||
#Garfinkel, S. [ | #Garfinkel, S. [https://firstmonday.org/ojs/index.php/fm/article/view/1040/961 "Leaderless Resistance Today",] First Monday, 8:3, March 3rd, 2003. | ||
#Garfinkel, S. and Shelat, A., [http://simson.net/clips/academic/2003.IEEE.DiskDriveForensics.pdf "Remembrance of Data Passed: A Study of Disk Sanitization Practices,"] IEEE Security | #Garfinkel, S. and Shelat, A., [http://simson.net/clips/academic/2003.IEEE.DiskDriveForensics.pdf "Remembrance of Data Passed: A Study of Disk Sanitization Practices,"] IEEE Security & Privacy, January/February 2003. | ||
#Garfinkel, S. L., [http://simson.net/clips/academic/1996.IEEE.PKI.pdf "Public Key Cryptography,"] IEEE Computer, Volume 29, Issue 6, June 1996. pages 101-104. | #Garfinkel, S. L., [http://simson.net/clips/academic/1996.IEEE.PKI.pdf "Public Key Cryptography,"] IEEE Computer, Volume 29, Issue 6, June 1996. pages 101-104. | ||
# | #Garfinkel, S. [http://simson.net/clips/academic/1995.CACM.Risks_of_SSNs.pdf "Risks of Social Security Numbers"], <i>Communications of the ACM</i>, p. 146, October 1995. | ||
# | #Garfinkel, Simson L. and Richard M. Stallman, and Mitchell Kapor. [http://simson.net/clips/1991/1991.IST.Patents.pdf Why Patents Are Bad for Software]. Issues in Science and Technology, Fall 1991. | ||
# Garfinkel, Simson L. Designing a Write-Once File System, Dr. Dobb's Journal, Jan 1991. | |||
# Garfinkel Simson L.. [http://simson.net/clips/1988/1988.IRB.Aids_and_Soundex.pdf AIDS and the Soundex Code]. IRB, 1988. | |||
===Papers in Proceedings of | ===Refereed Conference Papers=== | ||
# Garfinkel, Farrell, Roussev and Dinolt, [http://www.simson.net/clips/academic/2009.DFRWS.Corpora.pdf Bringing Science to Digital Forensics with Standardized Forensic Corpora], DFRWS 2009, Montreal, Canada. [http://simson.net/ref/2009/DFRWS-2009-best-paper.pdf BEST PAPER AWARD]. (Acceptance rate: 36%, 15/41) | # Abowd, J. M., Ashmead, R., Cumings-Menon, R., Garfinkel, S., Kifer, D., Leclerc, P., Sexton, W., Simpson, A., Task, C., & Zhuravlev, P. (2021). An uncertainty principle is a price of privacy-preserving microdata. In M. Ranzato, A. Beygelzimer, Y. Dauphin, P. Liang, & J. W. Vaughan (Eds.), Advances in neural information processing systems (pp. 11883– 11895). Curran Associates, Inc. https://proceedings.neurips.cc/paper/2021 | ||
# Simson L. Garfinkel and Philip Leclerc. 2020. [https://dl.acm.org/doi/10.1145/3411497.3420211 Randomness Concerns when Deploying Differential Privacy.] In Proceedings of the 19th Workshop on Privacy in the Electronic Society (WPES'20). Association for Computing Machinery, New York, NY, USA, 73–86. DOI:https://doi.org/10.1145/3411497.3420211 (Acceptance rate 44%) | |||
# Garfinkel, Simson, John Abowd, Sarah Powazek, [https://dl.acm.org/doi/10.1145/3267323.3268949 Issues Encountered Deploying Differential Privacy], Workshop on Privacy in the Electronic Society, Toronto, Canada - October 15, 2018 | |||
# Haney, Julie M., Simson L. Garfinkel, Mary F. Theofanos, [https://simson.net/clips/academic/2017.IEEE.CNS.pdf Organizational Practices in Cryptographic Development and Testing], 2017 IEEE Conference on Communications and Network Security (CNS). | |||
# Stransky, C., Acar, Y., Nguyen, D.C., Wermke, D., Redmiles, E.M., Kim, D., Garfinkel, S., Backes, M., Mazurek, M. L., and Fahl, S. [https://www.usenix.org/system/files/conference/cset17/cset17-paper-stransky.pdf Lessons Learned from Using an Online Platform to Conduct Large-Scale, Online Controlled Security Experiments with Software Developers], [https://www.usenix.org/conference/cset17 10th USENIX workshop on Cyber Security Experimentation and Test] (CSET '17), Vancouver, BC, Canada, August 16-18, 2017. | |||
# Yasemin Acar (CISPA, Saarland University), Michael Backes (CISPA, Saarland University & MPI-SWS), Sascha Fahl (CISPA, Saarland University), Simson Garfinkel (National Institute of Standards and Technology), Doowon Kim (University of Maryland), Michelle Mazurek (University of Maryland), Christian Stransky (CISPA, Saarland University), [https://www.ieee-security.org/TC/SP2017/papers/161.pdf Comparing the Usability of Cryptographic APIs], IEEE Security and Privacy 2017, San Jose, CA | |||
# Pridgen, Adam, Simson Garfinkel and Dan S. Wallach, [http://www.sciencedirect.com/science/article/pii/S1742287617300269 Picking up the trash: Exploiting generational GC for memory analysis], DFRWS 2017 Europe — Proceedings of the Fourth Annual DFRWS Europe, March 2017 | |||
# Mary Theofanos (NIST), Brian Stanton (NIST), Susanne Furman (NIST), Sandra Spickard Prettyman (NIST), Simson Garfinkel (NIST), [https://www.ndss-symposium.org/wp-content/uploads/2017/09/usec2017_03_1_Theofanos_paper.pdf Be Prepared: How US Government Experts Think About Cybersecurity], USEC 2017 Workshop (Co-located with NDSS 2017) | |||
# Pridgen, Adam, Simson Garfinkel and Dan Dan Wallach, [http://simson.net/clips/academic/2017.HICSS.Present_But_Unreachable.pdf Present but Unreachable], reducing persistent latent secrets in HotSpot JVM, Hawaii International Conference on System Sciences (HICSS-50), Jan 4-7, 2017, Hilton Waikoloa Village, Hawaii. [http://simson.net/clips/academic/2017.HICSS.Present_But_Unreachable_Slides.pdf slides] [http://simson.net/clips/academic/2017.HICSS.Present_But_Unreachable_Plaque.jpg BEST PAPER AWARD] | |||
# Hui Yang, Ian Soboroff, Li Xiong, Charles L.A. Clarke, and Simson L. Garfinkel. Privacy-Preserving IR 2016: Differential Privacy, Search, and Social Media. In Proceedings of the 39th International ACM SIGIR Conference on Research and Development in Information Retrieval, SIGIR ’16, page 1247–1248. Association for Computing Machinery, New York, NY, USA, 2016. | |||
# Garfinkel, Simson and Michael McCarrin, Hash-Based Carving: Searching media for complete files and file fragments with sector hashing and hashdb, DFRWS 2015, Aug 10-12, 2015, Philadelphia, PA | |||
# Zarate, Carolina, Simson Garfinkel, Aubin Hefferman, Scott Horras and Kyle Gorak, "A Survey of XOR as a Digital Obfuscation Technique in a Corpus of Real Data," the Tenth Annual IFIP WG 11.9 International Conference on Digital Forensics, 2014, Vienna, Austria. (Acceptance rate: 44%, 24/54) | |||
# Garfinkel, Simson, Nicole Beebe, Lishu Liu, and Michele Maasberg, [http://simson.net/clips/academic/2013.IEEE-HST.Insider.pdf Detecting Threatening Insiders with Lightweight Media Forensics], IEEE Technologies for Homeland Security (HST 2013), Nov 12-14, Waltham, MA. 2013 | |||
# Rowe, Neil, Schwamm, Riqui, Garfinkel, Simson. Language Translation for File Paths, DFRWS 2013, Aug 4-7, 2013. Monterey, CA. [https://simson.net/ref/2013/DFRWS_2013_Best_Paper_Award.pdf BEST PAPER AWARD]. | |||
# Garfinkel, S., Nelson, A., Young, J., [http://www.dfrws.org/2012/proceedings/DFRWS2012-6.pdf "A General Strategy for Differential Forensic Analysis"], DFRWS 2012, Aug. 6-8, 2012, Washington, DC. | |||
# Garfinkel, S., [http://www.dfrws.org/2012/proceedings/DFRWS2012-9.pdf "Lessons Learned Writing Computer Forensics Tools and Managing a Large Digital Evidence Corpus"], DFRWS 2012, Aug. 6-8, 2012, Washington, DC. | |||
# N. C. Rowe and S. L. Garfinkel, Finding suspicious activity on computer systems. Proc. 11th European Conf. on Information Warfare and Security, Laval, France, July 2012. | |||
# N. C. Rowe and S. L. Garfinkel, [http://simson.net/clips/academic/2012.IICDFCC.Anomalous.pdf Finding anomalous and suspicious files from directory metadata on a large corpus]. 3rd International ICST Conference on Digital Forensics and Cyber Crime, Dublin, Ireland, October 2011. In P. Gladyshev and M. K. Rogers (eds.), Lecture Notes in Computer Science LNICST 88, Springer-Verlag, 2012, pp. 115-130. | |||
# Beverly, Robert, Simson Garfinkel and Greg Cardwell, [http://simson.net/clips/academic/2011.DFRWS.ipcarving.pdf "Forensic Carving of Network Packets and Associated Data Structures"], DFRWS 2011, Aug. 1-3, 2011, New Orleans, LA. BEST PAPER AWARD (Acceptance rate: 23%, 14/62) | |||
# Rowe, Neil C., Simson L. Garfinkel, Robert Beverly, and Panayotis Yannakogeorgos, [http://simson.net/clips/academic/2011.ECIW.CyberArms.pdf Steps towards Monitoring Cyberarms Compliance], 10th European Conference on Information Warfare and Security ECIW-2011, The Institute of Cybernetics at the Tallinn University of Technology, Tallinn, Estonia, 7-8 July 2011 (Acceptance rate: 65%, 54/83) | |||
# Woods, Kam, Christoper Lee, Simson Garfinkel, [http://simson.net/clips/academic/2011.JCDL.DiskImages.pdf Extending Digital Repository Architectures to Support Disk Image Preservation and Access], JCDL 2011, June 13-17, 2011, Ottawa, Canada. (Acceptance rate: 28%, 28/99 ) | |||
# Woods, K., Christopher Lee, Simson Garfinkel, David Dittrich, Adam Russel, Kris Kearton, [http://simson.net/clips/academic/2011.ADFSL.Corpora.pdf Creating Realistic Corpora for Forensic and Security Education], 2011 ADFSL Conference on Digital Forensics, Security and Law (Acceptance rate: 50%, 32/16) | |||
# Garfinkel, Simson, Vassil Roussev, Alex Nelson and Douglas White, [http://simson.net/clips/academic/2010.DFRWS.SmallBlockForensics.pdf Using purpose-built functions and block hashes to enable small block and sub-file forensics], DFRWS 2010, Portland, OR (Acceptance rate: 40%, 16/39) | |||
# Garfinkel, Simson, [http://simson.net/clips/academic/2010.DFRWS.Next10Years.pdf Digital Forensics Research: The Next 10 Years], DFRWS 2010, Portland, OR, August 2010 (Acceptance rate: 40%, 16/39) | |||
# Garfinkel, Farrell, Roussev and Dinolt, [http://www.simson.net/clips/academic/2009.DFRWS.Corpora.pdf Bringing Science to Digital Forensics with Standardized Forensic Corpora], DFRWS 2009, Montreal, Canada. [http://simson.net/clips/academic/2009.DFRWS.Corpora.slides.pdf (slides)] [http://simson.net/ref/2009/DFRWS-2009-best-paper.pdf BEST PAPER AWARD]. (Acceptance rate: 36%, 15/41) | |||
# Rowe, Neil and Simson Garfinkel, [http://simson.net/clips/academic/2010.SADFE.FileTimes.pdf Global analysis of drive file times], Fifth International Workshop on Systematic Approaches to Digital Forensic Engineering, Oakland, CA, May 2010 | |||
# M. I. Cohen, Simson Garfinkel and Bradley Schatz, [http://simson.net/clips/academic/2009.DFRWS.AFF4.pdf Extending the Advanced Forensic Format to accommodate Multiple Data Sources, Logical Evidence, Arbitrary Information and Forensic Workflow], DFRWS 2009, Montreal, Canada. (Acceptance rate: 36%, 15/41) | # M. I. Cohen, Simson Garfinkel and Bradley Schatz, [http://simson.net/clips/academic/2009.DFRWS.AFF4.pdf Extending the Advanced Forensic Format to accommodate Multiple Data Sources, Logical Evidence, Arbitrary Information and Forensic Workflow], DFRWS 2009, Montreal, Canada. (Acceptance rate: 36%, 15/41) | ||
#Roussev, Vassil, and Garfinkel, Simson, [http://simson.net/clips/academic/2009.SADFE.Fragments.pdf File Classification | #Roussev, Vassil, and Garfinkel, Simson, [http://simson.net/clips/academic/2009.SADFE.Fragments.pdf File Fragment Classification---The Case for Specialized Approaches], Systematic Approaches to Digital Forensics Engineering (IEEE/SADFE 2009), Oakland, California. (Acceptance rate: 32%, 7/22) | ||
#Garfinkel, Simson., [http://simson.net/clips/academic/2009.SADFE.xml_forensics.pdf Automating Disk Forensic Processing with SleuthKit, XML and Python], Systematic Approaches to Digital Forensics Engineering (IEEE/SADFE 2009), Oakland, California. (Acceptance rate: 32%, 7/22) | #Garfinkel, Simson., [http://simson.net/clips/academic/2009.SADFE.xml_forensics.pdf Automating Disk Forensic Processing with SleuthKit, XML and Python], Systematic Approaches to Digital Forensics Engineering (IEEE/SADFE 2009), Oakland, California. (Acceptance rate: 32%, 7/22) | ||
#Farrell, P., Garfinkel, S., White, D. [http://simson.net/clips/academic/2008.ACSAC.Bloom.pdf Practical Applications of Bloom filters to the NIST RDS and hard drive triage], Annual Computer Security Applications Conference 2008, Anaheim, California, December 2008. (Acceptance rate: 24%, 42/173) | #Farrell, P., Garfinkel, S., White, D. [http://simson.net/clips/academic/2008.ACSAC.Bloom.pdf Practical Applications of Bloom filters to the NIST RDS and hard drive triage], Annual Computer Security Applications Conference 2008, Anaheim, California, December 2008. (Acceptance rate: 24%, 42/173) | ||
#Palankar, M., Iamnitchi, A., Ripeanu, M., and Garfinkel, S. [http://simson.net/clips/academic/2008.DADC.pdf "Amazon S3 for Science Grids: a Viable Solution?"], International Workshop on Data-Aware Distributed Computing (DADC'08), June 23-27, 2008, Boston, MA | |||
# Garfinkel, S., [http://simson.net/clips/academic/2008.UPS2008.pdf IRBs and Security Research: Myths, Facts and Mission Creep], Usability, Psychology and Security 2008 (Co-located with the 5th USENIX Symposium on Networked Systems Design & Implementation (NSDI '08)), San Francisco, CA. April 2008. <span class='web'>[http://simson.net/clips/academic/2008.UPS2008.slides.pdf" (slides)]</span> | # Garfinkel, S., [http://simson.net/clips/academic/2008.UPS2008.pdf IRBs and Security Research: Myths, Facts and Mission Creep], Usability, Psychology and Security 2008 (Co-located with the 5th USENIX Symposium on Networked Systems Design & Implementation (NSDI '08)), San Francisco, CA. April 2008. <span class='web'>[http://simson.net/clips/academic/2008.UPS2008.slides.pdf" (slides)]</span> | ||
#Garfinkel, S., [http://simson.net/clips/academic/2007.DFRWS.pdf "Carving Contiguous and Fragmented Files with Fast Object Validation"], Digital Forensics Workshop (DFRWS 2007), Pittsburgh, PA, August 2007. (Acceptance rate: 47%, 17/36) | #Garfinkel, S., [http://simson.net/clips/academic/2007.DFRWS.pdf "Carving Contiguous and Fragmented Files with Fast Object Validation"], Digital Forensics Workshop (DFRWS 2007), Pittsburgh, PA, August 2007. (Acceptance rate: 47%, 17/36) | ||
#Kristic, I., and Garfinkel S. [http://simson.net/clips/academic/2007.SOUPS.Bitfrost.pdf "The One Laptop per Child Security Model,"] Symposium on Usable Security and Privacy, Pittsburgh, PA, July 2007. ACM Press. (Acceptance rate: 32%, 13/41) | #Kristic, I., and Garfinkel S. [http://simson.net/clips/academic/2007.SOUPS.Bitfrost.pdf "The One Laptop per Child Security Model,"] Symposium on Usable Security and Privacy, Pittsburgh, PA, July 2007. ACM Press. (Acceptance rate: 32%, 13/41) | ||
#Garfinkel, S., [http://simson.net/clips/academic/2007.ICIW.AntiForensics.pdf "Anti-Forensics: Techniques, Detection and Countermeasures"], The 2nd International Conference on i-Warfare and Security (ICIW), Naval Postgraduate School, Monterey, CA, March 8-9, 2007. (Acceptance rate: 55%) | #Garfinkel, S., [http://simson.net/clips/academic/2007.ICIW.AntiForensics.pdf "Anti-Forensics: Techniques, Detection and Countermeasures"], The 2nd International Conference on i-Warfare and Security (ICIW), Naval Postgraduate School, Monterey, CA, March 8-9, 2007. (Acceptance rate: 55%) | ||
#Garfinkel, S., [http://simson.net/clips/academic/2006.DFRWS.pdf Forensic Feature Extraction and Cross-Drive Analysis,]The 6th Annual Digital Forensic Research Workshop Lafayette, Indiana, August 14-16, 2006. (Acceptance rate: 43%, 16/37) | |||
#Uri Braun, Simson Garfinkel, David A. Holland, Kiran-Kumar Muniswamy-Reddy, and Margo I. Seltzer, [http://simson.net/clips/academic/2006.IPAW.issues.pdf Issues in Automatic Provenance Collection] [http://www.ipaw.info/ipaw06/ International Provenance and Annotation Workshop (IPAW'06)], Chicago, IL. May 3-5, 2006. | #Uri Braun, Simson Garfinkel, David A. Holland, Kiran-Kumar Muniswamy-Reddy, and Margo I. Seltzer, [http://simson.net/clips/academic/2006.IPAW.issues.pdf Issues in Automatic Provenance Collection] [http://www.ipaw.info/ipaw06/ International Provenance and Annotation Workshop (IPAW'06)], Chicago, IL. May 3-5, 2006. | ||
#Garfinkel, S., Malan, D,. [http://simson.net/clips/academic/2006.PET.bigfile.pdf One Big File is Not Enough: A Critical Evaluation of the Dominant Free-Space Sanitization Technique], [http://petworkshop.org/2006/ The 6th Workshop on Privacy Enhancing Technologies], Robinson College, Cambridge, United Kingdom, June 28 - June 30, 2006. (Also in G. Danezis and P. Golle (Eds.): PET 2006, LNCS 4258, pp. 135--151, 2006, (c) Springer-Verlag Berlin Heidelberg 2006) (Acceptance rate: 26%, 24/91) | #Garfinkel, S., Malan, D,. [http://simson.net/clips/academic/2006.PET.bigfile.pdf One Big File is Not Enough: A Critical Evaluation of the Dominant Free-Space Sanitization Technique], [http://petworkshop.org/2006/ The 6th Workshop on Privacy Enhancing Technologies], Robinson College, Cambridge, United Kingdom, June 28 - June 30, 2006. (Also in G. Danezis and P. Golle (Eds.): PET 2006, LNCS 4258, pp. 135--151, 2006, (c) Springer-Verlag Berlin Heidelberg 2006) (Acceptance rate: 26%, 24/91) | ||
#Wu, M., Miller, R. C., Garfinkel, S., [http://simson.net/ref/2006/CHI-security-toolbar-final.pdf "Do Security Toolbars Actually Prevent Phishing Attacks?"] CHI 2006, April 22-28, 2006, Montreal, Quebec, Canada. Nominated for best conference paper. (Acceptance rate: 23%) | #Wu, M., Miller, R. C., Garfinkel, S., [http://simson.net/ref/2006/CHI-security-toolbar-final.pdf "Do Security Toolbars Actually Prevent Phishing Attacks?"] CHI 2006, April 22-28, 2006, Montreal, Quebec, Canada. Nominated for best conference paper. (Acceptance rate: 23%) | ||
Line 169: | Line 277: | ||
#Garfinkel, S., Miller, R., [http://simson.net/clips/academic/2005.SOUPS.johnny2.pdf Johnny 2: A User Test of Key Continuity Management with S/MIME and Outlook Express] presented at the [http://cups.cs.cmu.edu/soups/ Symposium on Usable Privacy and Security] (SOUPS 2005), July 6-8, 2005, Pittsburgh, PA. (Acceptance Rate: 26%) | #Garfinkel, S., Miller, R., [http://simson.net/clips/academic/2005.SOUPS.johnny2.pdf Johnny 2: A User Test of Key Continuity Management with S/MIME and Outlook Express] presented at the [http://cups.cs.cmu.edu/soups/ Symposium on Usable Privacy and Security] (SOUPS 2005), July 6-8, 2005, Pittsburgh, PA. (Acceptance Rate: 26%) | ||
#Garfinkel, S., Schiller, J., Nordlander, E., Margrave, D., and Miller, R., [http://www.simson.net/ref/2004/chi2005_smime_submitted.pdf "How To Make Secure Email Easier To Use"], CHI 2005: Technology,[http://www.chi2005.org/ Safety, Community], Portland, Oregon, April 2-7, 2005. (Acceptance rate: ~25%) | #Garfinkel, S., Schiller, J., Nordlander, E., Margrave, D., and Miller, R., [http://www.simson.net/ref/2004/chi2005_smime_submitted.pdf "How To Make Secure Email Easier To Use"], CHI 2005: Technology,[http://www.chi2005.org/ Safety, Community], Portland, Oregon, April 2-7, 2005. (Acceptance rate: ~25%) | ||
#Garfinkel, S., Schiller, J., Nordlander, E., Margrave, D., and Miller, R., [http://www.simson.net/ref/2004/fc2005_smime_submitted.pdf "Views, Reactions and Impact of Digitally-Signed Mail in e-Commerce"], | #Garfinkel, S., Schiller, J., Nordlander, E., Margrave, D., and Miller, R., [http://www.simson.net/ref/2004/fc2005_smime_submitted.pdf "Views, Reactions and Impact of Digitally-Signed Mail in e-Commerce"], [http://fc05.ifca.ai/ Ninth International Financial Cryptography and Data Security Conference], February 28-March 3, 2005, Roseau, The Commonwealth of Dominica. (Acceptance rate: 26%, 24/90) | ||
#Garfinkel, S. [http://dimacs.rutgers.edu/Workshops/Tools/abstract-garfinkel-label.pdf "Best Practices for Usable Security In Desktop Software"], [http://dimacs.rutgers.edu/Workshops/Tools/ DIMACS Workshop on Usable Privacy and Security Software], July 7 - 8, 2004. DIMACS Center, CoRE Building, Rutgers University, Piscataway, NJ. <span class='web'> [http://simson.net/ref/2004/2004-07-DIMACS3.ppt (slides)]</span> | #Garfinkel, S. [http://dimacs.rutgers.edu/Workshops/Tools/abstract-garfinkel-label.pdf "Best Practices for Usable Security In Desktop Software"], [http://dimacs.rutgers.edu/Workshops/Tools/ DIMACS Workshop on Usable Privacy and Security Software], July 7 - 8, 2004. DIMACS Center, CoRE Building, Rutgers University, Piscataway, NJ. <span class='web'> [http://simson.net/ref/2004/2004-07-DIMACS3.ppt (slides)]</span> | ||
#Wu, M., Garfinkel, S., Miller, R., [http://dimacs.rutgers.edu/Workshops/Tools/abstract-wu-garfinkel-miller.pdf "Secure Web Authentication with Mobile Phones"], [http://dimacs.rutgers.edu/Workshops/Tools/ DIMACS Workshop on Usable Privacy and Security Software], July 7 - 8, 2004. DIMACS Center, CoRE Building, Rutgers University, Piscataway, NJ. | #Wu, M., Garfinkel, S., Miller, R., [http://dimacs.rutgers.edu/Workshops/Tools/abstract-wu-garfinkel-miller.pdf "Secure Web Authentication with Mobile Phones"], [http://dimacs.rutgers.edu/Workshops/Tools/ DIMACS Workshop on Usable Privacy and Security Software], July 7 - 8, 2004. DIMACS Center, CoRE Building, Rutgers University, Piscataway, NJ. | ||
#Garfinkel, S. [http://simson.net/clips/academic/2003.DGO.GarfinkelCrypto.pdf Enabling Email Confidentiality through the use of Opportunistic Encryption"], presented at the [http://www.dgrc.org/dgo2003 2003 National Conference on Digital Government Research], May 2003, Boston, MA. <span class='web'> [http://www.simson.net/ref/2003/2003_May_DGO.ppt (slides)]</span> | #Garfinkel, S. [http://simson.net/clips/academic/2003.DGO.GarfinkelCrypto.pdf Enabling Email Confidentiality through the use of Opportunistic Encryption"], presented at the [http://www.dgrc.org/dgo2003 2003 National Conference on Digital Government Research], May 2003, Boston, MA. <span class='web'> [http://www.simson.net/ref/2003/2003_May_DGO.ppt (slides)]</span> | ||
#Garfinkel, S. [http://simson.net/clips/academic/2002.Ubicomp_RFID.pdf "Adopting Fair Information Practices to Low Cost RFID Systems"], paper presented at Privacy in Ubicomp'2002 workshop, Gotenborg, Sweden, September 29th, 2002. | #Garfinkel, S. [http://simson.net/clips/academic/2002.Ubicomp_RFID.pdf "Adopting Fair Information Practices to Low Cost RFID Systems"], paper presented at Privacy in Ubicomp'2002 workshop, Gotenborg, Sweden, September 29th, 2002. | ||
#Cunningham, Robert K., Richard P. Lippmann, David J. Fried, Simson L. Garfinkel, Isaac Graf, Kris R. Kendall, Seth E. Webster, Dan Wyschogrod, and Marc A. Zissman, [http://simson.net/clips/academic/1998.Evaluating_IDs_DARPA.pdf Evaluating Intrusion Detection Systems without Attacking your Friends: The 1998 DARPA Intrusion Detection Evaluation], in Proceedings ID'99, Third Conference and Workshop on Intrusion Detection and Response, San Diego, CA: SANS Institute, 1999. <span class='web'> [http://www.ll.mit.edu/IST/pubs/1999-rkc-eval.html (abstract)] [http://www.ll.mit.edu/IST/ideval/pubs/1999/Evaluating_IDs_DARPA_1998.pdf' (PDF)] </span> | #Cunningham, Robert K., Richard P. Lippmann, David J. Fried, Simson L. Garfinkel, Isaac Graf, Kris R. Kendall, Seth E. Webster, Dan Wyschogrod, and Marc A. Zissman, [http://simson.net/clips/academic/1998.Evaluating_IDs_DARPA.pdf Evaluating Intrusion Detection Systems without Attacking your Friends: The 1998 DARPA Intrusion Detection Evaluation], in Proceedings ID'99, Third Conference and Workshop on Intrusion Detection and Response, San Diego, CA: SANS Institute, 1999. <span class='web'> [http://www.ll.mit.edu/IST/pubs/1999-rkc-eval.html (abstract)] [http://www.ll.mit.edu/IST/ideval/pubs/1999/Evaluating_IDs_DARPA_1998.pdf' (PDF)] </span> | ||
Line 180: | Line 286: | ||
===Refereed Book Chapters=== | ===Refereed Book Chapters=== | ||
# Garfinkel, Simson L. "Encryption and Related Technologies," in Introduction to IT Privacy: A Handbook for Technologists, Travis Breaux, Executive Editor, International Association of Privacy Professionals, 2020 edition | |||
# [http://journals.sagepub.com/doi/full/10.1177/0002716217737267 Privacy and Security Concerns When Social Scientists Work with Administrative and Operational Data], Simson L. Garfinkel, The ANNALS of the American Academy of Political and Social Science, Vol 675, Issue 1, pp. 83 - 101, First Published December 21, 2017, https://doi.org/10.1177/0002716217737267 | |||
# Garfinkel, Simson L. "Encryption and Related Technologies," in Introduction to IT Privacy: A Handbook for Technologists, Travis Breaux, Executive Editor, International Association of Privacy Professionals, 2014 | |||
# Rowe, Neil, Garfinkel, Simson L, Beverly, Robert, and Yannakogeorgos, Panayotis, "Challenges in Monitoring Cyberarms Compliance," in Conflict and Cooperation in Cyberspace: The Challenge to National Security, edited by Panayotis A. Yannakogeorgos and Adam B. Lowther, Taylor & Francis Group, 2010, pp. 81-100 | |||
# Poe, Mya & Simson Garfinkel. "Security and Privacy in the Wireless Composition Classroom," in [http://www.u.arizona.edu/~kimmehea/going/goingwireless.htm Going Wireless; A Critical Exploration of Wireless and Mobile Technologies for Composition Teachers and Scholars]. Ed. Amy C. Kimme Hae. Hampton Press. 2009. | |||
#Garfinkel, S. "Using S/MIME," in [http://phishing-and-countermeasures.info/ Phishing and Countermeasures : Understanding the Increasing Problem of Electronic Identity Theft], Ed. Markus Jakobsson and Steven Myers. Wiley. 2006 | #Garfinkel, S. "Using S/MIME," in [http://phishing-and-countermeasures.info/ Phishing and Countermeasures : Understanding the Increasing Problem of Electronic Identity Theft], Ed. Markus Jakobsson and Steven Myers. Wiley. 2006 | ||
#Garfinkel, S. "RFID in Ubiquitious Commerce," in [http://www.amazon.com/exec/obidos/ASIN/1846280354/simsonlgarfinkel Ubiquitous and Pervasive Commerce], Ed. George Roussos, Springer SMB, November 2005. | #Garfinkel, S. "RFID in Ubiquitious Commerce," in [http://www.amazon.com/exec/obidos/ASIN/1846280354/simsonlgarfinkel Ubiquitous and Pervasive Commerce], Ed. George Roussos, Springer SMB, November 2005. | ||
#Garfinkel, S. "Sanitization and Usability," in Usability and Security, Ed. Lorrie Cranor and Simson Garfinkel, O'Reilly, 2005. | #Garfinkel, S. "Sanitization and Usability," in Usability and Security, Ed. Lorrie Cranor and Simson Garfinkel, O'Reilly, 2005. | ||
=== | === CACM In Memoriam === | ||
# Simson Garfinkel and Eugene H. Spafford. 2023. In Memoriam: Frederick P. Brooks, Jr. 1931-2022, Commun. ACM 65, 10 (Jan 2023), https://doi.org/10.1145/3572995 | |||
# Simson Garfinkel and Eugene H. Spafford. 2022. In Memoriam: Juris Hartmanis 1928-2022, Commun. ACM 65, 10 (Oct 2022), https://doi.org/10.1145/3559705 | |||
# Simson Garfinkel and Eugene H. Spafford. 2021. In Memoriam: Ronald E. Anderson, 1941-2020, Commun. ACM Feb. 22, 2021. https://cacm.acm.org/news/252987-in-memoriam-ronald-e-anderson-1941-2020/fulltext | |||
# Simson Garfinkel and Eugene H. Spafford. 2021. In Memoriam: Jack Minker (1927---2021). Commun. ACM 64, 6 (June 2021), 17. https://doi.org/10.1145/3462465 | |||
# Simson Garfinkel and Eugene H. Spafford. 2021. In Memoriam: Charles M. Geschke (1939--2021). Commun. ACM 64, 7 (July 2021), 22. https://doi.org/10.1145/3467481 | |||
# Simson Garfinkel and Eugene H. Spafford. 2021. In Memoriam: Edmund M. Clarke (1945---2020). Commun. ACM 64, 3 (March 2021), 23–24. https://doi.org/10.1145/3447810 | |||
# Simson Garfinkel and Eugene H. Spafford. 2020. In Memoriam: Fran Allen: 1932--2020. Commun. ACM 63, 10 (October 2020), 18–19. https://doi.org/10.1145/3418560 | |||
=== Other Academic Publications === | |||
# Larry Medsker, Philip Koopman, Homa Alemzadeh, Simson Garfinkel, Andrew Grosso, Carl Landwehr, Sam Liles, John Murray, Cristina Nita-Rotaru, William Widen, and Alec Yasinsac. 2024. [https://dl.acm.org/doi/10.1145/3654812 ACM TechBrief: Automated Vehicles]. Association for Computing Machinery, New York, NY, USA. | |||
# Simson Garfinkel, [https://iapp.org/news/a/privacy-professionals-need-to-be-aware-of-tech-abuse/ Why privacy professionals should be aware of tech abuse], October 6, 2023, IAPP Privacy Perspectives | |||
# Simson Garfinkel , Jon Stewart, [https://cacm.acm.org/magazines/2023/8/274937-sharpening-your-tools/fulltext Sharpening Your Tools: Updating bulk_extractor for the 2020s], Communications of the ACM, August 2023 | |||
# Simson Garfinkel , Jon Stewart, [https://queue.acm.org/detail.cfm?id=3587827 Sharpening Your Tools: Updating bulk_extractor for the 2020s], ACM Queue, March 28, 2023 | |||
# Simson Garfinkel. [https://wikiedu.org/blog/2022/11/08/teaching-with-wikipedia/ Teaching with Wikipedia] In: WikiEdu Blog (Nov. 2022) | |||
# Simson L. Garfinkel and Chris J. Hoofnagle. 2022. [https://dl.acm.org/doi/abs/10.1145/3551664 ACM TechBrief: Quantum Computing and Simulation]. Association for Computing Machinery, New York, NY, USA. | |||
# Simson Garfinkel. The Beauty of Static Types (SIGINFO). ;login:, 2021-04-28, Usenix | |||
#Garfinkel, Simson, John M. Abowd, and Christian Martindale, [https://dl.acm.org/citation.cfm?id=3287287 Understanding Database Reconstruction Attacks on Public Data], Communications of the ACM, February 2019. | |||
#Garfinkel, Simson, John M. Abowd, and Christian Martindale, [https://queue.acm.org/detail.cfm?id=3295691 Understanding Database Reconstruction Attacks on Public Data], ACM Queue, November 28, 2018. | |||
# Garfinkel, Simson. [https://bigdata.fpf.org/papers/beyond-irbs-designing-ethical-review-processes-for-big-data-research/ "Beyond IRBs: Designing Ethical Review Processes for Big Data Research"] Future of Privacy Forum, January 25, 2017 [https://fpf.org/wp-content/uploads/2017/01/Beyond-IRBs-Conference-Proceedings_12-20-16.pdf (conference proceedings)] | |||
# Garfinkel, Simson L. [https://www.usenix.org/publications/login/dec15/garfinkel The Expanding World of Digital Forensics], ;login:, December 2015, pp. 12-16 | |||
# Garfinkel, Simson L., [http://www.simson.net/clips/academic/2013.AmericanScientist.pdf Digital Forensics], American Scientist, September-October 2013 | |||
# Fairbanks, Kevin, and Simson Garfinkel, "Factors Affecting Data Decay", Journal of Digital Forensics, Security and Law, Vol. 7(2), 2012 | |||
# Garfinkel, S. [http://simson.net/clips/academic/2012.CACM.Cybersecurity.pdf The Cybersecurity Risk], Communications of the ACM, June 2012 | |||
# Garfinkel, Simson L. [http://www.simson.net/clips/academic/2012.Login.Unicode.pdf Programming Unicode]. ;Login:, April 2012. | |||
# Garfinkel, S. File Cabinet Forensics, Journal of Digital Forensics, Security and Law, Vol 6(4)., Dec. 2011 | |||
# Garfinkel, S. Every Last Byte. J. of Digital Forensics, Security and Law, 6(2):7–8. 2011 | |||
# Garfinkel, S., and Cranor, L., [http://simson.net/clips/academic/2010.CACM.IRB.pdf Institutional Review Boards and Your Research], Communications of the ACM, June 2010. | |||
# Garfinkel, S., and Cox, D., [http://simson.net/clips/academic/2009.BL.InternetFootprint.pdf "Finding and Archiving the Internet Footprint,"] invited paper, British Library's Digital Lives Conference, London, England, February 2009. | |||
# Garfinkel, S. [http://simson.net/clips/academic/2008.SciAm.DataFusion.Full.pdf "Information of the World Unite! (Data Fusion),"] <i>Scientific American</i>, September 2008. | |||
# Garfinkel, S. [http://simson.net/clips/academic/2007.ACM.Domex.pdf "Document and Media Exploitation,"] <i>ACM Queue</i>, November/December 2007. | |||
# Garfinkel, S. [http://simson.net/clips/academic/2007.login.aws.pdf "Commodity Grid and Computing with Amazon's S3 and EC2,"] ;LOGIN:, February 2007, pp. 7-13, Usenix. | |||
# Garfinkel, S., and Smith, M., [http://www.simson.net/clips/academic/2006.data-surveillance.pdf "Data Surveillance"] (Guest Editor's Introduction), IEEE Security & Privacy, November/December 2006 | |||
# Lorrie Faith Cranor and Simson Garfinkel. Guest Editor’s Introduction: Secure or Usable? 2(5), IEEE Security & Privacy, September/October 2004 | |||
# Simson Garfinkel. [http://simson.net/clips/2002/2002.Password.Interception.pdf The Ethics of Interception]. Password, ISSA. 2004 | |||
# Simson L. Garfinkel. [http://simson.net/clips/2000/2000.ICSA.PrivacyPlease.htm Privacy, Please: Online services need to realize that possession of customer information does not imply permission to do with it what they want]. Information Security, 2000. | |||
# Stallman, R., and Garfinkel, S. [http://simson.net/clips/1992.ACM.AgainstSoftwarePatents.pdf "Against Software Patents"], Communications of the ACM, Volume 35, Issue 1 (January 1992), pages 17-22, 121. | |||
# Stallman, R., and Garfinkel, S. [http://simson.net/clips/1990.ACM.AgainstUserInterfaceCopyright.pdf "Against User Interface Copyright"], Communications of the ACM, Volume 33, Issue 11 (November 1990), pages 15-18. | |||
# Garfinkel, S. [https://simson.net/clips/1989/1989.PracticalLawyer.Email.pdf Use Email for Efficiency], The Practical Lawyer Volume 35, Number 1, January 1989 | |||
# Garfinkel, S. [http://simson.net//clips/1987/1987.PracticalLawyer.IntroToComputerSecurity.pdf An Introduction to Computer Security (part 2)], The Practical Lawyer, Volume 33, Number 7, October 1987. | |||
# Garfinkel, S. [http://simson.net//clips/1987/1987.PracticalLawyer.IntroToComputerSecurity.pdf An Introduction to Computer Security (part 1)], The Practical Lawyer, Volume 33, Number 6, September 1987. | |||
# Garfinkel, S.[http://simson.net/clips/1983/ddj_life.pdf "Game of LIFE on the IBM PC,"] Dr. Dobb's Journal, Volume 8, Issue 6, June 1983. | |||
=== US Government Publications=== | |||
# Simson Garfinkel, Joseph Near, Aref N. Dajani, Phyllis Singer, Barbara Guttman, [https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-188.pdf NIST Special Publication NIST SP 800-188: De-Identifying Government Datasets: Techniques and Governance], National Institute of Standards and Technology, September 2023 | |||
# John Abowd, Mark Fleischer, Simson Garfinkel, Philip Leclerc, Michele Hedrick, Matthew Haubach, Michael Hawes, Teresa Sabol, Robert Sienkiewicz, and Lars Vilhuber, [https://www2.census.gov/adrm/CED/Papers/CY21/2021-01-ADRM-Census_Formal_Privacy_Controlled_Vocabulary.pdf Census Bureau Formal Privacy Controlled Vocabulary and Style Guide], Version 1.1, 2021, A2021-01-ADRM | |||
# John M. Abowd, Gary L. Benedetto, Simson L. Garfinkel, Scot A. Dahl, Aref N. Dajani, Matthew Graham, Michael B. Hawes, Vishesh Karwa, Daniel Kifer, Hang Kim, Philip Leclerc, Ashwin Machanavajjhala, Jerome P. Reiter, Rolando Rodriguez, Ian M. Schmutte, William N. Sexton, Phyllis E. Singer, And Lars Vilhuber, [https://www.census.gov/library/working-papers/2020/adrm/CED-WP-2020-009.html The Modernization of Statistical Disclosure Limitation at the U.S. Census Bureau], August 2020 | |||
# John M. Abowd and Simson Garfinkel, [https://www.census.gov/newsroom/blogs/research-matters/2019/06/disclosure_avoidance.html Disclosure Avoidance and the 2018 Census Test: Release of the Source Code], June 6, 2019 | |||
# Simson Garfinkel and William Yates, [https://www.census.gov/content/census/en/library/working-papers/2019/adrm/App_Level_Crypto.html Application Level Cryptography for Securing Online Survey Responses], US Census Bureau, February 20, 2019 | |||
# Garofolo, John, John Contestabile, John Powell, Jason Corso, Gerald Friedland, Peter Tu, Sharath Pankanti, Lauren Brush, Steve Surfaro, Anthony Hoggs, John Audia, Simson Garfinkel, Reva Schwartz, Andrew Weinert, al, [https://www.nist.gov/sites/default/files/documents/2017/01/19/ir_8164.pdf NISTIR 8164, First Workshop on Video Analytics in Public Safety] June 6, 2016, San Diego, CA, National Institute of Standards and Technology, Gaithersburg, MD, Published January 19, 2017. | |||
# Simson Garfinkel. [http://dx.doi.org/10.6028/NIST.IR.8150 Government Data De-Identification Stakeholder’s Meeting June 29, 2016 Meeting Report]. Technical Report NISTIR 8150, National Institute of Science and Technology, September 2016 | |||
# [https://www.nitrd.gov/pubs/NationalPrivacyResearchStrategy.pdf National Privacy Research Strategy], National Science and Technology Council, Networking and Information Technology, Research and Development Program, June 2016 | |||
# Simson Garfinkel. De-Identifying Government Data. Technical Report SP 800-188, National Institute of Science and Technology, 2016. DRAFT | |||
# Ramaswamy Chandramouli, Simson Garfinkel, Stephen Nightingale, and Scott Rose. [http://dx.doi.org/10.6028/NIST.SP.800-177 Trustworthy Email. Technical Report SP 800-177], National Institute of Science and Technology, 2015 | |||
# Simson Garfinkel. [http://dx.doi.org/10.6028/NIST.IR.8053 De-Identification of Personally Identifiable Information. Technical Report NIST IR 8053], National Institute of Science and Technology, November 2015 | |||
# Zarate, Carolina M., Simson L. Garfinkel, Aubin Heffernan, Scott Horras and Kyle Gorak, [http://calhoun.nps.edu/public/handle/10945/38680 A Survey of XOR as a Digital Obfuscation Technique in a Corpus of Real Data]. Technical Report NPS-CS-13-005, Naval Postgraduate School, January 2014 | |||
# Garfinkel, Simson and Michael Shick, [http://calhoun.nps.edu/public/handle/10945/36026 Passive TCP Reconstruction and Forensic Analysis with tcpflow], Technical Report NPS-CS-13-003, Naval Postgraduate School, September 2013 | |||
# Bradley, Jessica and Simson Garfinkel, [http://calhoun.nps.edu/public/handle/10945/36027 Bulk Extractor 1.4 Programmers Manual for Developing Scanner Plug-Ins], Technical Report NPS-CS-13-007, Naval Postgraduate School, August 2013. | |||
# Bradley, Jessica and Simson Garfinkel, [http://calhoun.nps.edu/public/handle/10945/36027 Bulk Extractor 1.4 User's Manual], Technical Report NPS-CS-13-006, Naval Postgraduate School, August 2013. | |||
# Courrejou, Timothy and Simson Garfinkel. [http://edocs.nps.edu/npspubs/scholarly/TR/2011/NPS-CS-11-006.pdf A comparative analysis of file carving software]. Technical Report NPS-CS-11-006, Naval Postgraduate School, September 2011. | |||
# Dinolt, George, Bruce Allen, David Canright, and Simson Garfinkel. [http://simson.net/clips/academic/NPS-CS-10-011_FINAL_Signed.pdf Parallelizing SHA-256, SHA-1, MD5 and AES on the Cell Broadband Engine]. Technical Report NPS-CS-10-11, Naval Postgraduate School, September 2010 | |||
# Courrejou, Timothy and Simson Garfinkel. A comparative analysis of file carving software. Technical Report NPS-CS-10-010, Naval Postgraduate School, September 2010. | |||
# Garfinkel, Simson. Counter intelligence risks posed by information stored in DOD411—the DISA global directory service. Technical Report NPS-CS-10-004, Naval Postgraduate School, September 2010. | |||
# Garfinkel, Simson. Residual data found on guardian edge-protected removable storage media. Technical Report NPS-CS-10-003, Naval Postgraduate School, September 2010 | |||
# Pietso, Loren E., and Garfinkel, Simson L., [http://simson.net/clips/academic/2009.NPS-CS-09-003_Signed.pdf Methods for Creating Realistic Disk Images for Forensic Tool Testing and Education], Technical Report NPS-CS-09-003, Naval Postgraduate School, Monterey, CA March 2009. | # Pietso, Loren E., and Garfinkel, Simson L., [http://simson.net/clips/academic/2009.NPS-CS-09-003_Signed.pdf Methods for Creating Realistic Disk Images for Forensic Tool Testing and Education], Technical Report NPS-CS-09-003, Naval Postgraduate School, Monterey, CA March 2009. | ||
# David Canright, George Dinolt, Simson Garfinkel, Jonathan Herzog, Bruce Allen, [http://simson.net/clips/academic/2009.NPS-MA-09-001.pdf Implementing AES on the CellBE], Technical Report NPS-MA-09-001, Naval Postgraduate School, Monterey, CA January 2009. | # David Canright, George Dinolt, Simson Garfinkel, Jonathan Herzog, Bruce Allen, [http://simson.net/clips/academic/2009.NPS-MA-09-001.pdf Implementing AES on the CellBE], Technical Report NPS-MA-09-001, Naval Postgraduate School, Monterey, CA January 2009. | ||
# McLaren, S., and Garfinkel, S., [http://simson.net/clips/academic/2008.NPS-CS-08-008.pdf A Field Study of an Iris Identification System] Technical Report NPS-CS-08-008, Naval Postgraduate School, Monterey, CA, May 2008. | # McLaren, S., and Garfinkel, S., [http://simson.net/clips/academic/2008.NPS-CS-08-008.pdf A Field Study of an Iris Identification System] Technical Report NPS-CS-08-008, Naval Postgraduate School, Monterey, CA, May 2008. | ||
# Garfinkel, Simson L. [http://edocs.nps.edu/npspubs/scholarly/TR/2008/NPS-CS-08-014.pdf Providing cryptographic security and evidentiary chain-of-custody with the advanced forensic format, library, and tools]. Technical report, Technical Report NPS-CS-08-014, 2008 | |||
===Technical Reports and Working Papers=== | |||
# Garfinkel, Simson L. [http://www.simson.net/clips/academic/2007.Harvard.S3.pdf An evaluation of amazon’s grid computing services: EC2, S3 and SQS]. Technical Report TR-08-07, School for Engineering and Applied Sciences, Harvard University, July 2007. | |||
# Garfinkel, S., [http://www.simson.net/clips/academic/2003.MIT.MMOPG8.pdf Massively Multiplayer Games As a Source of Terrorist Simulant Data], August 2003. | # Garfinkel, S., [http://www.simson.net/clips/academic/2003.MIT.MMOPG8.pdf Massively Multiplayer Games As a Source of Terrorist Simulant Data], August 2003. | ||
# Garfinkel, S., [http://www.simson.net/clips/academic/2003.15_972.FinalPaper.pdf A Web Service for File Fingerprints: The Goods, the Bads, and the Unknowns], January 2003. | # Garfinkel, S., [http://www.simson.net/clips/academic/2003.15_972.FinalPaper.pdf A Web Service for File Fingerprints: The Goods, the Bads, and the Unknowns], January 2003. | ||
# Garfinkel, S., Robertson, H., Elledge, C., Levine, J., [http://www.simson.net/clips/academic/2002.6824.syncframe-long.pdf Syncframe: a Multi-Peer Synchronization Framework] December 2002. | # Garfinkel, S., Robertson, H., Elledge, C., Levine, J., [http://www.simson.net/clips/academic/2002.6824.syncframe-long.pdf Syncframe: a Multi-Peer Synchronization Framework] December 2002. | ||
# Shipley, P., Garfinkel, S., [http://simson.net/clips/academic/2001.Wardial.pdf An Analysis of Dial-Up Modems and Vulnerabilities ], Spring 2001. | # Shipley, P., Garfinkel, S., [http://simson.net/clips/academic/2001.Wardial.pdf An Analysis of Dial-Up Modems and Vulnerabilities ], Spring 2001. | ||
# Garfinkel, S. [http://simson.net//clips/academic/1987.Brown.WOFS.pdf "The Story of the Write Once File System,"] IRIS Project, Brown University, August 1st, 1987 | # Garfinkel, S. [http://simson.net//clips/academic/1987.Brown.WOFS.pdf "The Story of the Write Once File System,"] IRIS Project, Brown University, August 1st, 1987 | ||
# | # Garfinkel, Simson L. and J. Spencer Love. [http://simson.net/clips/academic/1986.CDFS.pdf A File System for Write-Once Media], MIT Media Lab Technical Report, September 1986 | ||
==Other Publications== | |||
===Books=== | ===Books=== | ||
# Differential Privacy, Simson Garfinkel, (to appear) 2025 (MIT Press) | |||
# [https://www.cambridge.org/us/academic/subjects/law/e-commerce-law/law-and-policy-quantum-age?format=PB&isbn=9781108793179 Law and Policy for the Quantum Age], Chris Jay Hoofnagle and Simson L. Garfinkel, 2021 (Cambridge) | |||
# [http://www.amazon.com/exec/obidos/ASIN/145492621X/simsonlgarfinkel The Computer Book: From the Abacus to Artificial Intelligence, 250 Milestones in the History of Computer Science (Sterling Milestones)], by Simson L. Garfinkel and Rachel H. Grunspan. 2018 (Sterling) | |||
# [http://www.amazon.com/exec/obidos/ASIN//1627055290/simsonlgarfinkel Usable Security: History, Themes, and Challenges], by Simson Garfinkel and Heather Lipford, 2014. (Morgan & Claypool, part of the Synthesis Lectures on Information Security, Privacy and Trust series.) | |||
# [http://www.amazon.com/exec/obidos/ASIN//0596008279/simsonlgarfinkel Security and Usability], edited by Lorrie Cranor and Simson Garfinkel. 2005. (O'Reilly & Associates, Inc.) | # [http://www.amazon.com/exec/obidos/ASIN//0596008279/simsonlgarfinkel Security and Usability], edited by Lorrie Cranor and Simson Garfinkel. 2005. (O'Reilly & Associates, Inc.) | ||
# [http://www.amazon.com/exec/obidos/ASIN/0321290968/simsonlgarfinkel RFID : Applications, Security, and Privacy], edited by Simson Garfinkel and Beth Rosenberg. 2005. (Addison-Wesley Professional) | # [http://www.amazon.com/exec/obidos/ASIN/0321290968/simsonlgarfinkel RFID : Applications, Security, and Privacy], edited by Simson Garfinkel and Beth Rosenberg. 2005. (Addison-Wesley Professional) | ||
Line 227: | Line 393: | ||
# [http://www.amazon.com/exec/obidos/ASIN/0387978844/simsonlgarfinkel NeXTSTEP Programming], with Michael Mahoney. 1992 (Springer-Verlag) | # [http://www.amazon.com/exec/obidos/ASIN/0387978844/simsonlgarfinkel NeXTSTEP Programming], with Michael Mahoney. 1992 (Springer-Verlag) | ||
# [http://www.amazon.com/exec/obidos/ASIN/0937175722/simsonlgarfinkel Practical UNIX Security], with Gene Spafford. 1991 (O'Reilly & Associates, Inc.) | # [http://www.amazon.com/exec/obidos/ASIN/0937175722/simsonlgarfinkel Practical UNIX Security], with Gene Spafford. 1991 (O'Reilly & Associates, Inc.) | ||
===Data Publications=== | |||
# Digital Corpora Scenarios (2008-), forensic data from working systems but created by investigators according to scripts so that the images do not contain identifiable private information from actual persons. As such, IRB approval is not required. These images can be freely downloaded from https://digitalcorpora.org/. Teachers guides are available. | |||
# The Real Data Corpus (2005-2015), a collection of raw data extracted from data-carrying devices that were purchased on the secondary market around the world. Many studies have shown that hard drives, cell phones, USB memory sticks, and other data-carrying devices are frequently discarded by their original users without the data first being cleared or purged. By purchasing these devices and extracting their data, we have created a data set that closely mimics data as it is found in the real world. | |||
# GOVDOCS1 (2009), a collection of roughly 1 million files that have been characterized and are available for download and open use. By collecting documents already made publicly available by the US Government, this corpus avoids copyright and privacy issues. | |||
===Open Source Software=== | |||
# [http://github.com/uscensusbureau/census2020-das-2010ddp Disclosure Avoidance System for the 2020 Demonstration Data Products] | |||
# [http://www.forensicswiki.org/wiki/bulk_extractor bulk_extractor], a program for exporting email addresses, date stamps, and other information from disk images. Winner of a 2011 DOD Value Engineering Award. 2008-- | |||
# [https://www.github.com/simsong/tcpflow tcpflow], a TCP/IP session reassembler, 2006- | |||
# [http://www.forensicswiki.org/wiki/fiwalk fiwalk], a program for creating Digital Forensics XML files from disk images. Now included in The Sleuth Kit. 2008--2011 | |||
# md5deep. Performs hihg-speed hashing. Originally developed by Jesse Kornblum, original contributions include bringing the program up-to-date and making it multi-threaded. Released Sept. 2011 | |||
# [http://www.forensicswiki.org/wiki/Frag_find frag_find], a program for performing hash-based file carving. 2009-- | |||
# [http://www.forensicswiki.org/wiki/ATA%Raw ATA Raw], a user-level implementation of the ATA command set, for Linux. 2008 | |||
# [http://www.forensicswiki.org/wiki/AFFLIBv3 AFFLIB], the Advanced Forensics Format Library and toolset. 2005-- | |||
# [http://www.forensicswiki.org/wiki/aimage aimage], the advanced disk imager. 2005-- | |||
# [http://www.forensicswiki.org/wiki/NPSBloom NPSBloom], the NPS Bloom Filter implementation. 2007--2010 | |||
# [http://simson.net/ref/sbook5/ SBook5], Simson Garfinkel's Address Book 1989-2005 | |||
# CDFS, the Compact Disk File System. 1985 | |||
===History of Computing, Technology and MIT (selected) === | |||
# Garfinkel, S. [https://www.technologyreview.com/2024/01/04/1084227/how-technology-review-got-its-start/ How Technology Review got its start], Technology Review, January 4, 2024 | |||
# Garfinkel, S. [https://www.technologyreview.com/2023/06/27/1073782/mits-first-divorce/ MIT's First Divorce] (how MITRE was created and got its name), Technology Review, June 27, 2023 | |||
# Garfinkel, S. [https://www.technologyreview.com/2022/12/19/1063973/cold-trick-indeed/ Cold Trick Indeed] (dorm room set up on the Charles, 1985), Technology Review, December 19, 2022 | |||
# Garfinkel, S. [https://www.technologyreview.com/2022/06/29/1053203/how-an-mit-marxist-weathered-the-red-scare/ How an MIT Marxist weathered the Red Scare (Dirk Struik)], Technology Review, June 29, 2022 | |||
# Garfinkel, S. [https://www.technologyreview.com/2022/04/27/1048456/in-praise-of-the-feistel-network/ In praise of the Feistel network (Horst Feistel '37)], Technology Review, April 27, 2022 | |||
# Garfinkel, S. [https://www.technologyreview.com/2022/02/23/1044223/the-man-no-one-knows-who-changed-boston/ The man no one knows who changed Boston (Charles Hayden)], Technology Review, February 23, 2022 | |||
# Garfinkel, S. [https://www.technologyreview.com/2022/02/23/1044184/5-mit-patents-that-changed-computing/ 5 MIT patents that changed computing], Technology Review, February 23, 2022 | |||
# Garfinkel, S. [https://www.technologyreview.com/2021/08/24/1030428/walker-and-the-indian-question/ Walker and the “Indian Question:” Before arriving at MIT, Francis Amasa Walker had twice led the US Census—and helped justify the troubling US policy of containing Native Americans on reservations.] Technology Review, August 24, 2021 | |||
# Garfinkel, S. [https://www.technologyreview.com/2021/04/27/1021714/tomorrows-computer-yesterday/ Tomorrow’s computer, yesterday. Four decades ago at Endicott House, an MIT professor convened a conference that launched quantum computing.] Technology Review, April 27, 2021 | |||
# Garfinkel, S. [https://www.technologyreview.com/2020/08/18/1006227/punching-in/ Punching In: Bored teaching at MIT, Herman Hollerith left to launch the information age for the US Census.] Technology Review, August 18, 2020 | |||
# Garfinkel, S. [https://www.usenix.org/system/files/login/articles/login_fall20_15_garfinkel.pdf Everything is a Punch Card.] ;login:, Fall 2020 | |||
# Garfinkel, S. [https://www.usenix.org/system/files/login/articles/login_winter20_15_garfinkel-simson.pdf The Tricky Cryptographic Hash Function.] ;login:, Winter 2020 | |||
# Garfinkel, S. [https://www.technologyreview.com/2019/08/21/238665/shafi-goldwasser/ Shafi Goldwasser], Technology Review, August 21, 2019 | |||
# Garfinkel, S. [https://www.technologyreview.com/2019/08/21/133561/radia-perlman-73-sm-76-phd-88/ Radia Perlman '73, SM '76, PhD '88], Technology Review, August 21, 2019 | |||
# Garfinkel, S. [https://www.technologyreview.com/2019/04/24/135828/the-geek/ The Geek (Chris Schmandt)], Technology Review, April 24, 2019 | |||
===Other Publications (selected) === | |||
# Garfinkel, Simson and Jody Westby, [https://www.acm.org/binaries/content/assets/public-policy/final-ustpc-ostp-ai-comments.pdf Response to Request for Information on National AI Priorities by the White House Office of Science and Technology Policy], Association for Computing Machinery US Technology Policy Committee, July 7, 2023. | |||
# Christopher Kang, Jeremy Epstein, Cory Doctorow, Simson Garfinkel and Jeanna Matthews, [https://www.acm.org/binaries/content/assets/public-policy/ustpc-ostp-comments-automated-worker-surveillance.pdf Statement on Principles for the Development and Deployment of Equitable, Private, and Secure Remote Proctoring Systems], ACM US Technology Policy Committee, December 16, 2022. | |||
# Vijay Chidambaram, Simson Garfinkel, Carlos E. Jimenez-Gomez, Bran Knowles, Arnon Rosenthal, Ben Schneiderman, Stuart Shapiro, and Alejandro Saucedo, [https://www.acm.org/binaries/content/assets/public-policy/final-joint-ai-statement-update.pdf Statement on Principles for Responsible Algorithmic Systems], Association for Computing Machinery US Technology Policy Committee, October 26, 2022. | |||
# Hoofnagle, Chris Jay and Simson Garfinkel, [https://www.lawfareblog.com/quantum-cryptanalysis-hype-and-reality Quantum Cryptanalysis: Hype and Reality], Lawfare, Feb. 16, 2022 | |||
# Hoofnagle, Chris Jay and Simson Garfinkel, [https://www.defenseone.com/ideas/2022/06/quantum-sensorsunlike-quantum-computersare-already-here/368634/ Quantum Sensors—Unlike Quantum Computers—Are Already Here], Defense One, June 27, 2022 | |||
# Hoofnagle, Charis Jay and Simson Garfinkel, [https://slate.com/technology/2022/01/quantum-computing-winter-scenario.html What if Quantum Computing Is a Bust?], Slate Future Tense, Jan 26, 2022 | |||
# Garfinkel, S. [http://www.technologyreview.com/news/428477/the-iphone-has-passed-a-key-security-threshold/ "The iPhone Has Passed a Key Security Threshold"], Technology Review, August 13, 2012 | |||
# Garfinkel, S. [http://www.technologyreview.com/communications/26905/?a=f Track Me Not: "Do not track" legislation could simply accelerate the monopolization of Internet advertising], Technology Review, December 14, 2010 | |||
# Garfinkel, S., [http://www.technologyreview.com/computing/22831/ Privacy Requires Security, Not Abstinence; Protecting an inalienable right in the age of Facebook], ''Technology Review Magazine'', July/August 2009 | |||
# Garfinkel, S. [http://www.csoonline.com/article/print/482304 Right on Time? The Security Implications of the Humble Computer Clock], CSO Magazine, March 2, 2009 | |||
# Garfinkel, S., and Rosenberg., B., [http://www.technologyreview.com/computing/22234/ "Face Recognition: Clever or Creepy?"], Technology Review, February 27, 2009. | |||
# Garfinkel, S., [http://www.oreillynet.com/pub/a/network/2002/04/26/nettap.html Network Forensics: Tapping the Internet], The O'Reilly Network, April 26, 2002. | |||
# Garfinkel, S. [http://simson.net/clips/1994/94.Wired.PatentlyAbsurd.pdf "Patently Absurd: How could the Patent Office ever grant a patent to Compton's on its claim to have invented multimedia?"] <i>Wired Magazine</i>, July 1994. | |||
===Presentations and Tutorials (selected)=== | |||
====2022==== | |||
* C14 Keeping Forensic Tools Sharp: A Case Study of Updating Bulk_Extractor 1.6 to 2.0, American Academy of Forensic Sciences, Annual Meeting, Seattle, 2022 | |||
====2020==== | |||
* [http://simson.net/ref/2020/2020-01-27%20Garfinkel%20Differential%20Privacy%20Status%20Report%20(APPROVED).pptx 2020-01-27 Differential Privacy Status Report] | |||
* [http://simson.net/ref/2020/2020-01-27%20Garfinkel%20Special%20Topics%20in%20Privacy%20and%20Public%20Audibaility%20(APPROVED).pptx 2020-01-27 Special Topics in Privacy and Public Auditability] | |||
* [http://simson.net/ref/2020/2020-03-04%20Garfinkel%20Google%20v2%20(APPROVED).pdf 2020-03-04 Presentation on Differential Privacy at Google] | |||
* [http://simson.net/ref/2020/2020-06-08%20Garfinkel%20Spark+AI%20Summit.pptx 2020-06-08 Spark+AI Summit] | |||
* [http://simson.net/ref/2020/2020-06-10%20Responsible%20Data%20Summit.pptx 2020-06-10 Responsible Data Summit] | |||
====2019==== | |||
* [http://simson.net/ref/2019/2019-12-10%20Garfinkel%20Cloud%20Forensics.pdf 2019-12-10 Cloud Forensics] | |||
* [https://simson.net/ref/2019/2019-11-19%20The%20Computer%20Book%20talk%20at%20NSF.pdf 2019-11-19 Observing the impact of research by writing The Computer Book (Talk at the National Science Foundation)] | |||
* [https://simson.net/ref/2019/2019-10-19-pmr-disclosure-avoidance.pdf 2019-10-19-pmr-disclosure-avoidance] | |||
* [https://simson.net/ref/2019/2019-10-16%20OSDFCON%20Digital%20Corpora.key 2019-10-16 Digital Corpora for Research and Education (Presented at OSDFCON 2019)] | |||
* [https://simson.net/ref/2019/2019-09-25%20Garfinkel%20Leclerc%20SECDEV%20Slides.pptx 2019-09-25 Differential Privacy Tutorial (SECDEV 2019)] | |||
* [https://simson.net/ref/2019/2019-07-20%20Deploying%20Differential%20Privacy%20for%20the%202020%20Census%20Cambridge.pptx 2019-07-20 Deploying Differential Privacy for the 2020 Census (Presented to Microsoft Research New England)] | |||
* [https://simson.net/ref/2019/2019-07-16%20Deploying%20Differential%20Privacy%20for%20the%202020%20Census.pdf 2019-07-16 Deploying Differential Privacy for the 2020 Census] | |||
* [https://simson.net/ref/2019/2019-06-27%20Differential%20Privacy%20and%20the%202020%20Census%20v3.pptx 2019-06-27 Differential Privacy and the 2020] | |||
* [https://simson.net/ref/2019/2019-06-24%20Understanding%20Differential%20Priavcy%20(expanded).pptx 2019-06-24 Understanding Differential Priavcy (Presented to the National Advisory Committee on Racial, Ethnic and Other Populations Spring 2019 Meeting)] | |||
* [https://simson.net/ref/2019/2019-06-18%20Mac%20Forensics%20In%2090%20Minutes.pdf 2019-06-18 Macintosh Forensics In 90 Minutes (Presented to ACM (Presented to ISSA-DC)] | |||
* [https://simson.net/ref/2019/2019-06-18%20Census%20Presentation%20for%20HECTOR%20(APPROVED).pptx 2019-06-18 Differential Privacy and the US Census (Presented to the IARPA HECTOR PI meeting)] | |||
* [https://simson.net/ref/2019/2019-05-15%20Census%20Brandeis%20Presentation%20(APPROVED).pptx 2019-05-15 Differential Privacy and the US Census (Presented to the DARPA Brandeis PI meeting)] | |||
* [https://www.census.gov/about/cac/nac/meetings/2019-05-meeting.html 2019-05-2 National Advisory Committee on Racial, Ethnic and Other Populations (NAC) Spring Meeting: May 2-3, 2019], Privacy and Confidentiality Protection Overview | |||
* [https://simson.net/ref/2019/2019-05-02%20Garfinkel%20Differential%20Privacy%20Concepts%20(APPROVED).pptx 2019-05-02 Differential Privacy: Basic] | |||
* [https://simson.net/ref/2019/2019-04-26%20Garfinkel%20Attacking%20Public%20Data.pptx 2019-04-26 Attacking Public Data] | |||
* [https://simson.net/ref/2019/2019-04-22%20Garfinkel%20Differential%20Privacy%20Concepts%20(APPROVED).pdf 2019-04-22 Differential Privacy: Basic Concepts] | |||
* [https://simson.net/ref/2019/2019-04-02%20Garfinkel%20Attacking%20Public%20Data.pptx 2019-04-02 Garfinkel Attacking Public Data] | |||
* [https://simson.net/ref/2019/2019-03-26%20Garfinkel%20Attacking%20Data%20V4%20(APPROVED).pptx 2019-03-26 Garfinkel Attacking Public and Protected Data] | |||
* [https://simson.net/ref/2019/2019-03-14%20Garfinkel%20IQT%20Issues%20(APPROVED).pptx 2019-03-14 Issues Encountered Deploying Differential Privacy (IQT Technology Focus Day)] | |||
* [https://simson.net/ref/2019/2019-02-28%20Garfinkel%20CaCCC.pptx 2019-02-28 Protecting the Confidentilaity of the 2020 Census, Presented to the Trust and Confidential Working Group, California Complete Count] | |||
* [https://simson.net/ref/2019/2019-01-28a%20Garfinkel%20Rice%20Privacy%20and%20the%202020%20Census%20(APPROVED).pptx 2019-01-28a Privacy and the 2020 Census (Rice University)] | |||
====2018==== | |||
* [https://www.simson.net/ref/2018/2018-10-31%20Cybersecurity%20Research.pdf 2018-10-31 Cybersecurity research
is not making us more secure (University of Pennsylvania)] | |||
* [https://www.census.gov/programs-surveys/decennial-census/decade/2020/planning-management/plan/pmrs/2018-10-19-pmr.html 2018-10-19 2020 Census Program Management Review — October 19, 2018], 2020 Census Disclosure Avoidance. | |||
* [https://www.simson.net/ref/2018/2018-10-15%20Garfinkel%20WPES%20Toronto%20Canadav2.pdf 2018-10-15 Issues Encountered Deploying Differential Privacy (Workshop on Privacy in the Electronic Society, Toronto Canadav)] | |||
* [https://www.simson.net/ref/2018/2018-09-26%20UMass%20Issues%20Encountered%20(APPROVED).pdf 2018-09-26 Issues Encountered Deploying Differential Privacy (University of Massachusetts)] | |||
* [https://www.simson.net/ref/2018/2018-03-08%20Challenges%20and%20Experiences%20Adapting%20Differentially%20Private%20Mechanisms%20to%20the%202020%20Census%20(APPROVED).pptx 2018-03-08 Challenges and Experiences Adapting Differentially Private Mechanisms to the 2020 Census] | |||
* [https://www.simson.net/ref/2018/2018-02-20%20Garfinkel%20Protecting%20Data%20Sources.pdf 2018-02-20 Protecting Data Sources] | |||
* [https://www.simson.net/ref/2018/2018-02-14%20Garfinkel%20Gerogetown%20Modernizing%20the%20DAS%20for%20the%202020%20Census.pdf 2018-02-14 Garfinkel Georgetown Modernizing the DAS for the 2020 Census (Georgetown)] | |||
* [https://www.simson.net/ref/2018/2018-01-31%20Differential%20Privacy.pptx 2018-01-31 Differential Privacy] | |||
====2017==== | |||
* [https://www.census.gov/about/cac/sac/meetings/2017-09-meeting.html 2017-09-14 Modernizing Disclosure Avoidance: Report on the 2020 Disclosure Avoidance System as Implemented for the 2018 End-to-End Test] | |||
====2012==== | |||
* [http://simson.net/ref/2012/2012-08-08%20bulk_extractor%20Tutorial.pdf Using bulk_extractor for digital forensics triage and cross-drive analysis], DFRWS 2012 | |||
* [http://middleware.internet2.edu/idtrust/2011/slides/07-digital-signatures-current-barriers-garfinkel.pdf Digital Signatures: Current Barriers], Invited Talk, [http://middleware.internet2.edu/idtrust/2011/program.html 10th Symposium on Identity and Trust on the Internet], Gaithersburg, MD, 2011. | |||
* [http://www.nps.edu/video/portal/Video.aspx?enc=wLa1mgB42%2B9ulhJnCg%2BaIJggtkFBEowWOLyMY74PdyI%3D Cyber Security], presented for Cyber Security Awareness Month at NPS. | |||
* Digital Forensics 1: Technology, Policy and Countermeasures, 2009 Annual Computer Security Applications Conference, Honolulu, Hawaii, December 2009. | |||
* [[2009-08-20 Talk|Automated Digital Forensics]], [http://csail.mit.edu MIT CSAIL], in [http://whereis.mit.edu/map-jpg?mapterms=32-G449&mapsearch=go 32-G449 (CSAIL Kiva)] [http://simson.net/ref/2009/2009-08-20%20MIT.pdf (slides)], August 20, 2009 | |||
* [http://simson.net/ref/2008/PRIMR.IRBs.pdf "IRBs and Computer Science Research"], presented at the Public Responsibility in Medicine and Research (PRIM&R) 2008 Advancing Ethical Research Conference, November 17--19, 2008, Orlando, FL. | |||
* [http://simson.net/ref/2005/drives-msi.pdf "Common-Mode Failures: What can you do with 236 used hard drives?"], presented at FINSEC 2005, sponsored by the MSI Training Institute, New York, New York. December 7, 2005 | |||
* [http://simson.net/ref/2005/drives-retail.pdf "Ensure Proper Data Management with Discarded IT Assets"], presented to the Retail Data Systems Forum, November 3, 2005. | |||
* [http://www.cisr.us/videos.html#2005 Sanitization and Cross Drive Analysis], Naval Postgraduate School, Fall 2005. | |||
* [http://simson.net/ref/2004/FCC_SPAM.pdf "Technology vs. Spam"], presentation to the FCC Technological Advisory Council, February 23, 2004. | |||
* [http://simson.net/ref/2003/Network_Threats4.ppt "Speculating about Tomorrows's Threats,"] Workshop on Network Threats, Washington, DC. November 2003 | |||
* "Privacy in the Post-9/11 world", John Marshall Law School, January 2002. | |||
* "Web Security: Is our Time Running out?" ISSA NE Annual Meeting, November 2001. | |||
* "Privacy in the 21st Century," Pop!Tech, Camden, Maine, October 2001. | |||
* "Wireless Threats to Privacy and Security," July 2001, | |||
* "A Survey of Broadband ISP Privacy Policies," May 2001 | |||
* "Introduction to Online Privacy," New Orleans, December 2000. | |||
* "Wireless Communication Security," Computer Security Day, Celebremos Juntos el D'ia Internacional de la Seguridad en C'omputo, Mexico City, Mexico, November 2000. | |||
* "An Introduction to Privacy and Data Protection," October 2000. | |||
* "Linux Security," O'Reilly Open Source Conference, June 2000. | |||
* "Data Protection," May 2000. | |||
* "Thirty Years of Spam," Brightlight Spam Summit, Washington, DC, May 2000 | |||
* "Biometrics and Privacy," April 2000. | |||
* "Extending the Privacy Bubble," The Internet Security Conference, Boston, MA, October 1999. | |||
* "Technical Solutions to Minimize Security Exposures," Information Systems Security Association, 14th Annual Meeting, California, September 27, 1999. | |||
* "Linux Security", O'Reilly OpenSource Conference, Monterey, California, August 1999. | |||
* "How to build a website that really sucks," VERIO/Hiway Webhosting Conference, June 1999. | |||
* "Web Security and Privacy," Smart Card Forum, June 1999. | |||
* "Information Warfare in the 21st Century," GartnerGroup Information Security Conference, April 12-14, 1999, Chicago. | |||
* "What's Next for SPAM?" SPAM Roundtable, March 1999, California. | |||
* "Combating Telephone Intrusions," SANS Intrusion Detection 99, February 1999, San Diego, California. | |||
* "Introduction to Information Warfare," presented at the TTI Vanguard conference on Risk, Security and Trust, May 14-15, 1998, Trianon Palace Versailles, France. | |||
* "Web Technology: Usability, Security, Reliability & Commerce," Thursday, November 20, 1997, Brown University Department of Computer Science, Industrial Partners Program. | |||
* "Privacy In the Next Century", October 21, 1997, University of Oswego, featured speaker at the Digital Age conference at SUNY Oswego. | |||
* "Computer Security Workshop", October 17, 1997, SUNY Oswego, day-long conference on computer security. | |||
* "Berkeley Roundtable on Software Innovation", April 26, 1996, speaking about software patents. | |||
* "Internet Service Providers", Sixth Conference on Computers, Freedom & Privacy, March 29, 1996. | |||
* "Online Communities" and "Privacy", New York Macintosh User's Fair, March 23, 1996. | |||
* "Information at Whose fingertips?" PC Expo 95, speaking on cryptography. | |||
* "Managing Internet Security." I/S Analyzer Case Studies, June 8th, 1995. Chicago. | |||
* "Roadmap to the Big 1995 Cyberstories," Telecommunication Policy Roundtable--Northeast, January 18, 1995. | |||
* "The Future of Object-Oriented Programming," Object Oriented Computing for the Natural Sciences, EMBL, Germany, November 1994. | |||
* "The Software Patent Crisis," Connecticut Patent Law Association, October 5, 1994. | |||
* "Electronic Publishing Problems," MIT, December 1993. | |||
==Patents== | ==Patents== | ||
# [http://simson.net/ref/patents/US7023854.pdf United States Patent 7,023,854], (Granted April 4, 2006), Garfinkel,Packet interception system including arrangement facilitating authentication of intercepted packets. Filed November 17, 1999 (Continuation of Patent 6,678,270). | # United States Patent 8,433,959, (Granted April 30, 2013), Garfinkel and Nelson, Method for Determining Hard Drive Contents through Statistical Drive Sampling. Filed Sep. 7, 2010. | ||
# [http://simson.net/ref/patents/US779032.pdf United States Patent 7,779,032], (Granted August 17, 2010), Garfinkel, Forensic feature extraction and cross drive analysis. Filed September 6, 2006. | |||
# [http://simson.net/ref/patents/US7023854.pdf United States Patent 7,023,854], (Granted April 4, 2006), Garfinkel, Packet interception system including arrangement facilitating authentication of intercepted packets. Filed November 17, 1999 (Continuation of Patent 6,678,270). | |||
# [http://simson.net/ref/patents/US6993661.pdf United States Patent 6,993,661], (Granted January 31, 2006), Garfinkel, System and method that provides for the efficient and effective sanitizing of disk storage units and the like Filed August 9, 2001. | # [http://simson.net/ref/patents/US6993661.pdf United States Patent 6,993,661], (Granted January 31, 2006), Garfinkel, System and method that provides for the efficient and effective sanitizing of disk storage units and the like Filed August 9, 2001. | ||
# [http://simson.net/ref/patents/US6744864.pdf United States Patent 6,744,864], (Granted June 1, 2004), Garfinkel, Adaptive Dialing System and Method. Filed May 18, 2000. | # [http://simson.net/ref/patents/US6744864.pdf United States Patent 6,744,864], (Granted June 1, 2004), Garfinkel, Adaptive Dialing System and Method. Filed May 18, 2000. | ||
# [http://simson.net/ref/patents/US6678270.pdf United States Patent 6,678,270], (Granted January 13, 2004), Garfinkel, Packet interception system including arrangement facilitating authentication of intercepted packets. Filed March 12, 1999. | # [http://simson.net/ref/patents/US6678270.pdf United States Patent 6,678,270], (Granted January 13, 2004), Garfinkel, Packet interception system including arrangement facilitating authentication of intercepted packets. Filed March 12, 1999. | ||
# [http://simson.net/ref/patents/US6490349.pdf United States Patent 6,490,349], (Granted December 3, 2002), Garfinkel et al., System and Method for Scan-Dialing Telephone Numbers and Classifying Equipment Connected to Telephone Lines Associated therewith. Filed December 19, 1998. | # [http://simson.net/ref/patents/US6490349.pdf United States Patent 6,490,349], (Granted December 3, 2002), Garfinkel et al., System and Method for Scan-Dialing Telephone Numbers and Classifying Equipment Connected to Telephone Lines Associated therewith. Filed December 19, 1998. | ||
==Teaching Experience, Academic== | |||
===George Washington University, 2019--=== | |||
* [[DATS 6450]]: Data Science Ethics ★ (Fall 2019, Fall 2020, Fall 2021) | |||
===George Mason University, 2016--=== | |||
* [[CFRS 510]]: Digital Forensics Analysis ★ (Spring 2016) | |||
* [[CFRS 765]]: Macintosh Forensics ★ (Spring 2019) | |||
* [[CFRS 780]]: Cloud Forensics ★ (Spring 2018) | |||
===Georgetown University, 2016--2017=== | |||
* [[ANLY 502]]: Massive Data Analytics ★ (Spring 2016; Spring 2017) | |||
* [[COSC 531]]: Data Privacy ★ (Fall 2016) | |||
===Naval Postgraduate School, Fall 2007--2014=== | |||
* [[CS3610]]: Information Crime, Law and Ethics ★ (Fall 2007; Fall 2008) | |||
* [[CS3636]]: Data Fusion with Online Information Systems ★ (Summer 2009) | |||
* [[CS3690]]: Network Security (Fall 2012) | |||
* [[CS3773]]: Java as a Second Language (Winter 2008; Winter 2009) | |||
* [[CS4614]]: Special topics in computer security ★ (Summer 2014) | |||
* [[CS4922]]: Advanced Computer Architecture (Spring 2009) | |||
* [[CS4920]]: Automated Document and Media Exploitation ★ (Fall 2008; Fall 2009; Winter 2010) | |||
===Harvard University Extension School (Fall 2004--Spring 2006)=== | |||
* CSCI E-170: Security, Privacy and Usability ★ (Fall 2004, Fall 2005) | |||
* CSCI E-180: Building Programs with Graphical Interfaces ★ (Spring 2006) | |||
===Northeastern University School of Computer Science and Information Science (Summer 2004)=== | |||
* [[CSG 357]]: Computer Security, Privacy and Usability ★ (Summer 2004) | |||
★ Indicates an original course that was developed and taught | |||
==Teaching Experience, Tutorials== | |||
===[http://www.bitss.org/ Berkeley Initiative for Transparency in the Social Sciences]=== | |||
* [https://osf.io/qh2nr/ Summer Institute 2016], tutorial on de-identification. | |||
===Computers, Freedom and Privacy=== | |||
* [http://simson.net/ref/2007/CFP07-forensics.pdf Computer Forensics: Technology, Policy and Countermeasures], CFP 2007 | |||
===Annual Computer Security Applications Conference (ACSAC)=== | |||
* [http://simson.net/ref/2009/ACSAC%202009%20forensics.pdf Digital Forensics and Media Exploitation: Technology, Policy and Countermeasures], ACSAC 2009 | |||
===Usenix Association, Spring 2006--=== | |||
* Network Forensics & Disk Forensics, LISA 2008, San Diego, CA | |||
* Computer Forensics & Forensics Lab, USENIX Security 2008, San Jose, CA | |||
* Computer Forensics, USENIX 2007, San Jose, CA | |||
* Computer Forensics, LISA 2007, Dallas, TX | |||
===Symposium on Usable Security and Privacy (Summer 2005)=== | |||
* Computer Security Tutorial, SOUPS 2005, Pittsburgh, PA | |||
===University of Aizu, Japan (December 1993)=== | |||
* Created and taught a one-week course on NeXTSTEP Programming | |||
==Fellowships, Honors and Awards== | ==Fellowships, Honors and Awards== | ||
# [https://secdev.ieee.org/2023/awardees 2023 IEEE Cybersecurity Awards for Practice/], awarded to John Abowd and Simson Garfinkel for Contributions to Privacy-Preserving Distribution of U.S. Census Data | |||
# 2023 Department of Commerce US Census Bureau Gold Medal for Scientific/Engineering Achievement awarded to Victoria A. Velkoff, Ryan R. Cumings, Michael B. Hawes, Philip Daniel Leclerc, Pavel Zhuravlev, Matthew Spence, Cynthia Davis Hollingsworth, James C A Whitehorne, John M. Abowd, Simson L. Garfinkel. "This group is honored for the practical design, testing, and implementation of a cutting-edge disclosure avoidance system for the legally mandated 2020 Census P.L. 94-171 Redistricting Data Summary File, thereby guaranteeing the quality and availability of Census data for critical societal purposes, including the redrawing of Federal and state legislative voting districts, while providing mathematically provable guarantees of the confidentiality of census respondents' information." | |||
# [https://petsymposium.org/award/winners.php 2023 PET Award], awarded to John M. Abowd, Robert Ashmead, Ryan Cumings-Menon, Simson Garfinkel, Micah Heineck, Christine Heiss, Robert Johns, Daniel Kifer, Philip Leclerc, Ashwin Machanavajjhala, Brett Moran, William Sexton, Matthew Spence, Pavel Zhuravlev. "The 2020 Census Disclosure Avoidance System TopDown Algorithm". Harvard Data Science Review Special Issue 2: Differential Privacy for the 2020 U.S. Census. | |||
# 2023 Department of Commerce US Census Bureau Bronze Medal awarded to the Harvard Data Science Review Symposium Disclosure Avoidance Team, "for its contributions to the field of data science through its role in organizing the Harvard Data Science Review symposium on differential privacy and the 2020 Census. This marked the first major public engagement of the data science and privacy communities in the design and implementation of formal privacy solutions for large-scale statistical data releases." | |||
# 2021 Fellow, American Association for the Advancement of Science [https://www.aaas.org/page/2021-fellows (AAAS)] | |||
# 2019 Fellow, Institute for Electrical and Electronics Engineers [https://simson.net/ref/2019/IEEE_Fellow.jpg (certificate)] | |||
# 2019 Department of Commerce US Census Bureau Bronze Medal Award awarded to the 2018 End-to-End Test Disclosure Avoidance Team "For successful execution of the 2018 End-to- End Test Disclosure Avoidance System that generated microdata in a formerly private manner, while satisfying complex requirements, thus demonstrating the feasibility of utilizing high-quality and rigorous disclosure avoidance protection to be applied to the 2020 Decennial Census." [https://simson.net/ref/2019/BronzeMedalProgram.pdf#page=8 (program)] | |||
# 2017 NIST Information Technology Laboratory Outstanding Standards Document Award for NIST SP 800-188, Trustworthy Email | |||
# 2013 Best Paper Award, "Language Translation for File Paths," DFRWS, Aug 4-7, Monterey | |||
# 2013 [http://fellows.acm.org/fellow_citation.cfm?id=2595445&srt=alpha&alpha=G Fellow, Association for Computing Machinery] [https://simson.net/ref/2013/ACM_FELLOW.pdf (certificate)] | |||
# 2011 Best Paper Award, "Forensic Carving of Network Packets and Associated Data Structures," Aug 1-3, New Orleans, LA | |||
# 2011 [https://www.issa.org/issa-international-awards-winners/ Information Systems Security Association] Hall of Fame | |||
# 2011 [https://web.archive.org/web/20141009002844/http://www.defense.gov/releases/release.aspx?releaseid=14427 Department of Defense Value Engineering Achievement Award], Bulk Extractor Program. | |||
# 2010 IEEE, elevated to "IEEE Senior Member." | |||
# 2010 Best Paper Award, "Bringing Science to Digital Forensics with Standardized Forensic Corpora," Aug, Monterey, Canada. | |||
# 2010 Letter of appreciation from NPS CIO for developing and deploying three “USB Transfer Stations” to allow NPS employees to safely transfer information from USB memory devices to the NPS network in accordance with DoD guidelines. | |||
# 2009 [http://simson.net/ref/2009/ITACS%20Letter%20of%20Recognition.pdf Letter of Recognition], Naval Postgraduate School staff of Information Technology and Communications Services, for completing DoD Computer Tasking Order 08-008 | |||
# 2005 George M. Sprowls Award for the best doctoral theses in computer science, Honorable Mention, awarded for "Design Principles and Patterns for Computer Systems That Are Simultaneously Secure and Usable" supervised by Robert Miller and David Clark. | # 2005 George M. Sprowls Award for the best doctoral theses in computer science, Honorable Mention, awarded for "Design Principles and Patterns for Computer Systems That Are Simultaneously Secure and Usable" supervised by Robert Miller and David Clark. | ||
# [http://www.asbpe.org/contest/2005/win05ne.htm 2005 Best Regular Column, Contributed] (Gold) (Northeast Region, Under 80,000 circulation), awarded by the American Society of Business Publication Editors (ASBPE), for the "Machine shop" series in [http://www.csoonline.com/ CSO Magazine]. (Award granted for the July and September 2004 columns.) | # [http://www.asbpe.org/contest/2005/win05ne.htm 2005 Best Regular Column, Contributed] (Gold) (Northeast Region, Under 80,000 circulation), awarded by the American Society of Business Publication Editors (ASBPE), for the "Machine shop" series in [http://www.csoonline.com/ CSO Magazine]. (Award granted for the July and September 2004 columns.) | ||
# | # 2005 Jesse H. Neal National Business Journalism Award, for Best Regularly Featured Department or Column, awarded to [http://www.csoonline.com CSO Magazine's] "Machine Shop" column, by Simson Garfinkel (edited by Elaine Cummings, designed by Chandra Tallman with Steve Traynor). | ||
# [http://www.asbpe.org/contest/2004/2004_ASBPE_Awards_Booklet.pdf 2004 Best Regular Column, Contributed] (Gold) (National, Under 80,000), awarded by the [http://www.asbpe.org American Association of Business Publishers and Editors] (ASBPE), for the "Machine shop" series in [http://www.csoonline.com/ CSO Magazine]. (Award granted for the April and May 2003 columns.) | # [http://www.asbpe.org/contest/2004/2004_ASBPE_Awards_Booklet.pdf 2004 Best Regular Column, Contributed] (Gold) (National, Under 80,000), awarded by the [http://www.asbpe.org American Association of Business Publishers and Editors] (ASBPE), for the "Machine shop" series in [http://www.csoonline.com/ CSO Magazine]. (Award granted for the April and May 2003 columns.) | ||
# [http://www.asbpe.org/contest/2004/con04east.htm 2004 Best Regular Column, Contributed] (Gold) (East Coast Region, Under 80,000 circulation), awarded by the American Society of Business Publication Editors] (ASBPE), East Coast Region, for the "Machine Shop" series in [http://www.csoonline.com/ CSO Magazine]. | # [http://www.asbpe.org/contest/2004/con04east.htm 2004 Best Regular Column, Contributed] (Gold) (East Coast Region, Under 80,000 circulation), awarded by the American Society of Business Publication Editors] (ASBPE), East Coast Region, for the "Machine Shop" series in [http://www.csoonline.com/ CSO Magazine]. | ||
# [http://www.americanbusinessmedia.com/events/pdfs/2004_neal_winners.pdf 2004 Jesse H. Neal National Business Journalism Award,] for Best Regularly Featured Department or Column, awarded to [http://www.csoonline.com CSO Magazine's] "Machine Shop" column, by Simson Garfinkel (edited by Elaine Cummings, designed by Chandra Tallman with Steve Traynor). <span class='web'> [http://simson.net/ | # [http://www.americanbusinessmedia.com/events/pdfs/2004_neal_winners.pdf 2004 Jesse H. Neal National Business Journalism Award,] for Best Regularly Featured Department or Column, awarded to [http://www.csoonline.com CSO Magazine's] "Machine Shop" column, by Simson Garfinkel (edited by Elaine Cummings, designed by Chandra Tallman with Steve Traynor). <span class='web'> [http://simson.net/ref/awards/2004_neal_award.jpg (front)][http://simson.net/ref/awards/2004_neal_award_back.jpg (back)]</span> | ||
# [http://www.americanbusinessmedia.com/events/pdfs/2004_neal.pdf 2004 Jesse H. Neal National Business Journalism Award,] Grand Neal Runner-up, 2nd place, [http://www.csoonline.com CSO Magazine], "Machine Shop." | # [http://www.americanbusinessmedia.com/events/pdfs/2004_neal.pdf 2004 Jesse H. Neal National Business Journalism Award,] Grand Neal Runner-up, 2nd place, [http://www.csoonline.com CSO Magazine], "Machine Shop." | ||
# [http://www.asbpe.org/contest/2003/con03east.htm 2003 Best Regular Column, Contributed] (Silver) (East Coast Region, Under 80,000 circulation), awarded by the American Society of Business Publication Editors], (ASBPE) for the "Machine Shop" series in [http://www.csoonline.com/ CSO Magazine]. | # [http://www.asbpe.org/contest/2003/con03east.htm 2003 Best Regular Column, Contributed] (Silver) (East Coast Region, Under 80,000 circulation), awarded by the American Society of Business Publication Editors], (ASBPE) for the "Machine Shop" series in [http://www.csoonline.com/ CSO Magazine]. | ||
Line 247: | Line 628: | ||
# 2000 Best COMPUTERS IN SOCIETY book, Third Annual BookBytes Awards, awarded for [http://www.databasenation.com Database Nation: The Death of Privacy in the 21st Century]. | # 2000 Best COMPUTERS IN SOCIETY book, Third Annual BookBytes Awards, awarded for [http://www.databasenation.com Database Nation: The Death of Privacy in the 21st Century]. | ||
# [http://www.asbpe.org/contest/1999/con99wc.htm 1999 Best Feature Series] (West Coast Region, Circulation over 80,000), awarded by the awarded by the American Society of Business Publication Editors], for the "Privacy in the Internet Age" feature series appearing in PC World Magazine. | # [http://www.asbpe.org/contest/1999/con99wc.htm 1999 Best Feature Series] (West Coast Region, Circulation over 80,000), awarded by the awarded by the American Society of Business Publication Editors], for the "Privacy in the Internet Age" feature series appearing in PC World Magazine. | ||
# [http://simson.net/ | # [http://simson.net/ref/awards/1997_STC_PUIS2.pdf 1997 Award of Merit] for Practical UNIX and Internet Security, International Technical Publications Competition, awarded by the Society for Technical Communication. | ||
# [http://simson.net/ | # [http://simson.net/ref/awards/1996_STC_PUIS2.pdf 1996 Award of Distinguished Technical Communication] (highest award) for Practical UNIX and Internet Security, STC Boston/NNE Technical Publications Competition, awarded by the Society for Technical Communication | ||
# 1988 Winner of the [http://simson.net/ref/awards/1988_Columbia_Elisabbeta_DiCagno_Award.pdf Elisabbeta DiCagno Award] "for the best investigative story on environmental protection or human rights," Columbia University Graduate School of Journalism. | |||
# 1983 The Senior Scholarship Award, The Shipley School, ``for the highest academic average in both junior and senior year.'' | |||
==Service== | |||
===US Government Inter-Agency Committees=== | |||
* Vice-chair, FCSM Confidentiality and Data Access Committee (2017-2020) | |||
* [https://www.nitrd.gov/ NITRD] PrivacyRD (2015-2022), member | |||
===University Committees and Volunteer Service=== | |||
# NPS Institutional Review Board (IRB), 2007-2015 | |||
# NPS Learning Management System Ad-Hoc Committee (2008-2009) | |||
# NPS IT Task Force (2007--2010) | |||
# Ad-Hoc Committee regarding NPS course scheduling software (2007-2009) | |||
# Institute Security Advisory Committee, MIT (2004---2005) | |||
# [http://web.mit.edu/admissions/www/educoun/ MIT Educational Council], Cambridge, MA., Educational Counselor (2003---2005), 2014-- | |||
===Professional Organizations=== | |||
* [https://www.acm.org/publications/publications-board-committees ACM Ethics & Plagiarism Committee] 2018- | |||
* [https://www.acm.org/public-policy/ustpc ACM US Technology Privacy Committee] (formerly US ACM Public Policy Council), 2013-- (Secretariat member-at-large 2016-2021; co-chair, Digital Government subcommittee, 2021-) | |||
== | ===Editorial Boards, Conference Chairs, and Award Committees=== | ||
;Current | |||
;Past | |||
# [https://www.usenix.org/conference/soups2016/call-nominations 2016 and 2017 John Karat Usable Privacy and Security Student Research Award] | |||
# [http://www.elsevier.com/wps/find/journaleditorialboard.cws_home/405877/editorialboard Computers and Security], [http://simson.net/ref/2013/COSE_Appreciation_2013.pdf editorial board] (2010--2018) | |||
# [http://www.dfrws.org/ DFRWS] (Formerly Digital Forensics Research Workshop) PC Co-Chair 2014--2015; Organizing Committee, 2014-2017 | |||
# Symposium on Usable Privacy and Security (SOUPS), Program Committee Co-Chair, 2008--2009, 2014--2015; Steering Committee, 2009--2017 | |||
# [http://crcs.deas.harvard.edu/workshop/2006/ Workshop on Data Surveillance and Privacy Protection] (2006), Program Chair | |||
# Workshop on User Studies, Symposium on Usable Privacy and Security, Workshop Coordinator (at SOUPS 2006) | |||
# IEEE Computer Society Fellow Evaluation Committee 2019, 2022 | |||
# IEEE Security and Privacy Magazine, Co-editor, Special issue on Data Surveillance, 2006 | |||
# IEEE Security and Privacy Magazine, Co-editor, Special issue on Security and Usability, 2004. | |||
# [http://simson.net/ref/2004/rfidprivacy.us/2003/agenda.php RFID Privacy Workshop], November 2003, Conference Chair | |||
===Program Committees=== | ===Program Committees=== | ||
; Current and Recent | |||
# AAAI/ACM Conference on AI, Ethics, and Society ([https://www.aies-conference.com/ AIES]) [https://www.aies-conference.com/] 2020--2024 | |||
# [http://www.dfrws.org/ DFRWS] (formerly Digital Forensics Research Workshop) 2007-2016, 2018, 2020-2022 | |||
# IEEE EuroS&P conference (Euro S&P 2019, 2020, 2022) | |||
# Privacy Enhancing Technologies Symposium (PETS 2007, 2008, 2011, 2012, 2020-2023, 2025) | |||
# [http://www.tprcweb.com/ The Research Conference on Communications, Information and Internet Policy (TPRC)] 2023 | |||
* | # USENIX Security 14, 23 | ||
# Workshop on Privacy in the Electronic Society (WPES 2018, 2019, 2020, 2023) | |||
# Workshop on Usable Security and Privacy USEC 2019, [https://cispa.de/en/USEC2022 2022] | |||
; Past | |||
# ACM Northeast Forensics Exchange (NeFX 2010) | |||
# Cyber-security Research Ethics Dialogue & Strategy (CREDS) [http://www.caida.org/workshops/creds/1305/ 2013] | |||
# DFRWS EU (2017) | |||
# European Workshop on Usable Security (EuroUSEC) 2016, 2017, 2018 | |||
# IEEE International Workshop on Security and Forensics in Communication Systems (SFCS 2012) | |||
# IFIP WG 11.9 International Conference on Digital Forensics (IFIP WG11.9 2006) | |||
# [https://ieeexplore.ieee.org/xpl/conhome/6679357/proceeding IEEE International Conference on Big Data], Santa Carla, CA, October 6-9, 2013 | |||
# [http://www.swinflow.org/confs/bdds2013/ IEEE International Conference on Big Data Science and Engineering] (BDSE), Sydney, Australia, Dec. 3-5, 2013 | |||
# International Conference on Digital Forensics and Cyber Crime (ICDF2C) (2014, 2015, 2018) | |||
# International Workshop on Computational Forensics (IWCF 2010, 2012) | |||
# National Academies Committee on the Usability, Security and Privacy of Computer Systems (A Workshop project) (2009) | |||
# National Academies Press, [http://www.nap.edu/catalog.php?record_id=12998 Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop], 2010. Member Steering Committee. | |||
# PASSWORDS [https://passwords2016.rub.de/ 2016] | |||
# Symposium on Identity and Trust on the Internet (IDTRUST 2009, 2010) | |||
# Symposium on Usable Security and Privacy (SOUPS 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2014, 2015, 2016) | |||
# Systematic Approaches to Digital Forensic Engineering (SADFE 2009, 2010, 2011, 2012, 2013, 2015) | |||
# Usability, Psychology, and Security (USEC07; UPSEC 2008) | |||
# USENIX Workshop on Cyber Security Experimentation and Test (CSET [https://www.usenix.org/conference/cset18 2018] 2019, 2020, 2021) | |||
# Web 2.0 Security and Privacy Workshop, held with IEEE S&P (W2SP 2014) | |||
# World Wide Web Conference Security and Privacy Research Track (WWW 2016) | |||
# The Web Conference [http://www2019.thewebconf.org/call-for-papers 2019] (WWW 2019) | |||
# Workshop on Cloud Security and Forensics ([https://forensicsandsecurity.com/wcsf2018.php WCSF 2018]) | |||
# Workshop on Digital Forensics (WSDF 2013) held with [http://www.ares-conference.eu/conf/ ARES 2013] | |||
# Workshop on Security and Forensics in Communication Systems ([http://sites.google.com/site/sfcs2012/program IEEE-SFCS 2012], [https://sites.google.com/site/sfcs14/ ASIACCS-SFCS 2014], [https://sites.google.com/site/iscc15sfcs/ 2015]) | |||
===Journal and Panel Reviewer=== | |||
* IEEE Security and Privacy Magazine, 2003- | |||
* Digital Investigation, 2005- | |||
* NSF Panels: IED 2007, CISE 2011, SaTC 2014 | |||
=== | ===Non-Academic Volunteer=== | ||
* | * Arlington Public School System, Superintendent's Information Technology Advisory Committee, 2015--; Chair, 2017-- | ||
* ACM Public Policy Council (USACM), (2013--) | |||
* | |||
* [http://www.lsc.org Liberty Science Center], Jersey City, NJ., Member, Advisory Board, Communication Exhibition (2003---2006) | * [http://www.lsc.org Liberty Science Center], Jersey City, NJ., Member, Advisory Board, Communication Exhibition (2003---2006) | ||
* Information Technology Advisory Committee, Belmont, MA. (2002--2006), Secretary, appointed by Town Selectmen. | |||
* Information Technology Advisory Committee, Belmont, MA. (2002-- | * The Computer Museum, Boston, MA. Volunteer (1992---1995), Volunteer archivist | ||
* The Computer Museum, Boston, MA. Volunteer (1992---1995), Volunteer | * First Ballston Commons, Arlington, VA. (2016--) Board Member; (2022--) President | ||
==Professional Societies== | ==Professional Societies== | ||
I am a member of: | |||
# [https://www.aaas.org American Association for the Advancement of Science (AAAS)], Fellow, 2022- | |||
# [https://aafs.org American Association of Forensic Sciences], Member, 2009- | |||
# [https://www.amstat.org/ American Statistical Association], 2023- | |||
# [http://www.acm.org Association of Computing Machinery (ACM)], [https://awards.acm.org/award-winners/GARFINKEL_2595445 Fellow][http://simson.net/ref/2013/ACM_FELLOW.jpg (certificate)], Lifetime Member, 1984- | |||
# [https://authorsguild.org Author's Guild], 2022- | |||
# [https://www.dama.org DAMA International] (the Global Data Management Community), [https://api.accredible.com/v1/auth/invite?code=f0ea4eac248a873eefda&credential_id=5e7e8f20-1b5e-47de-bcf7-2a1117257de4&url=https%3A%2F%2Fwww.credential.net%2F5e7e8f20-1b5e-47de-bcf7-2a1117257de4%3Fkey%3D19b049e2a633b247b32e2d74326745982ee9c17a9f44d992b6a1e4244dc6bed1&ident=0f88a5fa05d9b68d6fb9280a103fbd5d2318823d/ Member], 2021- | |||
# [http://www.ieee.org Institute of Electrical and Electronic Engineers (IEEE)], Fellow, 2002- | |||
== | # [http://iapp.org International Association of Privacy Professionals (IAPP)], Member, 2015- | ||
# [http://www.issa.org Information Systems Security Association (ISSA)], Lifetime Member, 2001- | |||
# [http://www.nasw.org National Association of Science Writers (NASW)], Member, 1988- | |||
# [https://rda-foundation.org The Research Data Alliance] | |||
# [http://www.sigmaxi.org/ Sigma XI, The Scientific Research Society], [http://simson.net/ref/2004/SigmaXi.pdf Lifetime Member, 2003]- | |||
# [https://4sonline.org/ Society for the Social Studies of Science (4s)], Member, 2022- | |||
==Industry Certifications (Active)== | |||
* [https://webportal.isc2.org/custom/CertificationVerificationResults.aspx?FN=&LN=Garfinkel&CN=4757 CISSP® #4757] | |||
* [https://api.accredible.com/v1/auth/invite?code=f0ea4eac248a873eefda&credential_id=5e7e8f20-1b5e-47de-bcf7-2a1117257de4&url=https%3A%2F%2Fwww.credential.net%2F5e7e8f20-1b5e-47de-bcf7-2a1117257de4%3Fkey%3D19b049e2a633b247b32e2d74326745982ee9c17a9f44d992b6a1e4244dc6bed1&ident=0f88a5fa05d9b68d6fb9280a103fbd5d2318823d/ CIPP/US #000203703I] |
Revision as of 22:17, 15 May 2024
Simson L. Garfinkel, Ph.D.
Research Interests
Privacy, Cyber Security, Usable Security, Digital Forensics, Institutional Review Boards, and more....
Education
- Massachusetts Institute of Technology, Cambridge, MA, 2005
- Ph.D. in Computer Science and Engineering
- Dissertation: Design Principles and Patterns for Computer Systems that are Simultaneously Secure and Usable
- Supervised by David D. Clark and Robert C. Miller
- Honorable mention for the 2005 George M. Sprowls award for the best doctoral thesis in computer science.
- Columbia University School of Journalism, New York, NY. 1988
- M.S. in Journalism with Honors
- Master's Thesis: Tenant Screening Services in the United States
- Supervised by Steven Ross
- Winner of the 1988 Elisabbeta DiCagno Award "for the best investigative story on environmental protection or human rights."
- Massachusetts Institute of Technology, Cambridge, MA, 1987
- S.B. Chemistry; S.B. Political Science; S.B. program in Science, Technology and Society
- Bachelor's thesis: Radio Research, McCarthyism and Paul F. Lazarsfeld (OCR)
- Supervised by Peter Buck
Positions Held
Full-Time Positions
- BasisTech, LLC, Somerville, MA Sept. 2023--
- Chief Scientist
- Schmidt Futures, New York, NY Aug 2022--Aug 2023
- Program Scientist, AI2050
- U.S. Department of Homeland Security, Washington, DC April 2021--July 2022
- Senior Data Scientist
- U.S. Census Bureau, Suitland, MD Jan 2017--April 2021
- Senior Computer Scientist for Confidentiality and Data Access (Dec 2017--April 2021)
- Chief, Center for Disclosure Avoidance Research (Jan 2017--Dec 2017)
- National Institute of Standards and Technology, Gaithersburg, MD Jan 2015--Jan 2017
- Senior Advisor, Information Access Division. Research includes privacy and data de-identification.
- Naval Postgraduate School, United States Navy Sept. 2006 --Jan 2015
- Associate Professor (tenured). Research on digital forensics; security and usability; cyberlaw.
- Center for Research on Computation and Society, Harvard University Sept. 2005 --- August 2008
- Post-doctoral fellow. Research on digital forensics; security and usability.
- Computer Science Department, University of Auckland, NZ August 2005
- Honorary Research Scholar. Research on cross-drive forensics.
- Computer Science and Artificial Intelligence Laboratory, MIT Sept. 2002 --- June 2005
- Doctoral student. Research on security and usability; secure messaging; and digital forensics.
- Broadband2Wireless, Inc. May 2000 --- July 2001
- Chief Scientist for a nation-wide wireless ISP startup.
- Daniel J. Evans School of Public Affairs, University of Washington, Seattle January 1997 --- June 1997
- Visiting Scholar. Completed Web Security, Privacy and Commerce and wrote Database Nation.
- Sandstorm Enterprises, Inc.
- Founder (1998), CTO (1998-2001)
- Conceived and organized software development firm specializing in digital forensic tools. Negotiated startup funding. Lead architect and developer of two products.
- Vineyard.NET, Inc July 1995 --- September 2002
- Co-Founder. Launched first Internet Service Provider on Martha's Vineyard with $5000 in personal investment. Grew company to 1500 subscribers with annual revenue of $500,000. Negotiated sale of company to Broadband2Wireless.
- Simson Garfinkel & Associates, Inc. May 1992 --- February 1993
- Founder. Conceived and organized company to develop and market SBook, an AI-based address book application for NeXTSTEP-based computers. Lead developer. Supervised two employees. Negotiated sale of company to Sarrus Software, Inc.
- NeXTWORLD Magazine June 1991 --- Sept. 1993
- Senior Editor. Wrote, Assigned, and Edited articles about NeXT Computers, Inc., object-oriented technology, and Unix.
- NeXT Computer, Inc. May 1990, August 1991
- Consultant. Created a kernel-resident CDROM subsystem (ISO 9660 with Rock Ridge extensions) for NeXTSTEP 2.0; updated for NeXTSTEP 3.0.
- IRIS Project, Brown University, June 1987 --- August 1987
- System programmer. Designed and implemented a CDROM File system NFS Server.
- Weizmann Institute of Science, Israel June 1986 --- August 1986
- Summer Researcher. Designed and implemented a multitasking laboratory data acquisition system.
Part-Time and Adjunct Positions
- Harvard University, Cambridge, MA 2024--
- Visiting Lecturer
- George Washington University, Washington, DC 2019--2022
- Part-time Faculty
- George Mason University, Vienna, VA Jan 2016--May 2019
- Adjunct Faculty
- Georgetown University, Washington, DC Jan 2016--May 2017
- Adjunct Lecturer
- Basis Technology, Cambridge, MA 2005--2008
- Consulting Scientist.
- Northeastern University Summer 2004
- Instructor
- CSO Magazine, Framingham, MA 2003--2008
- Founding Editor at Large of IDG's magazine devoted to computer security.
- Intellivid, Inc, Cambridge, MA 2003--2008
- Member, Advisory Board. Intellivid developed intelligent video surveillance systems.
- ePrivacy Group, Paoli, PA 2000-2004
- Founder, Advisor of startup that developed server-side privacy and security solutions.
- MIT Lincoln Laboratory Spring 1998, Spring 1999
- Consultant. Developed novel Internet attacks for 1998 and 1999 DARPA Intrusion Detection Evaluations.
- Sandstorm Enterprises, Inc.
- Treasurer (2000-2008)
- Technology Review Magazine, Cambridge, MA 1998 --- present
- Contributing Editor
- Privada, Menlo Park, CA 1998 --- 1999
- Member, Advisory Board,
- Hot Wired, San Francisco, CA 1996--1997
- Columnist. Wrote weekly column on security, privacy and society.
- The Boston Globe, Boston, MA 1996--2000
- Columnist. Wrote weekly column on technology, privacy and society.
- Internet Underground, Chicago, IL 1996
- Editor at Large
- SunExpert Magazine, Computer Publishing Group 1994 --- 1995
- Senior Editor.
- Wired Magazine, San Francisco, CA 1993--2001
- Contributing Writer.
- Christian Science Monitor 1988 --- 1989
- Science Writer.
- N/Hance Systems, Dedham, MA, March 1988 --- June 1991
- Chief Scientist. Developed and marketed Write Once File System.
- Polaroid, Inc. January 1987 --- September 1990
- Consultant. Designed and implemented a physician's medical imaging workstation. Novel technology included a write-once file system, custom-built window system, and DSP image processing code. Demonstrated workstation at trade shows and deployed within Polaroid for supporting research. Produced a video of the working system.
- The Jerusalem Post, Jerusalem, Israel June 1986--Sept. 1986
- Contributing Writer
- MIT Media Laboratory February 1985 --- June 1987
- Undergraduate Researcher. Designed and a implemented file system for CDROM and WORM.
- Chemistry Department, MIT April 1984 --- August 1984
- Undergraduate Researcher. Designed and developed software for controlling an ultraviolet spectroscope and assisting in the analysis of experimental results for the Department's third-year undergraduate laboratory.
- Office of Computing Services, Bryn Mawr College September 1981 --- June 1982
- Undergraduate Researcher. Designed and implemented graphics libraries in APL and FORTRAN. Developed visualization software for the Physics department's molecular modeling package.
Sponsored Research
- Previous Sponsored Research, DHS
- Department of Homeland Security, NPS 13 RCFW6, "Detecting Threatening Insiders with Lightweight Media Forensics," FY13-16
- Department of Homeland Security, NPS 12 R6E5C, "Gaming Systems Monitoring and Analysis Project," FY12-13
- Previous Sponsored Research, DoD
- Department of Defense, NPS 13 RCG53, "DEEP FY13-FY14 RDTE", FY13-14
- Department of Defense, NPS 13 RCG5K, "DEEP FY13 OM", FY13
- Department of Defense, NPS 12 RCF4F, "ADOMEX Research and Development", FY12-13
- Department of Defense, NPS 12 RCF4P, "ADOMEX Research Cat I", FY12-13
- Department of Defense, NPS 12 VC6CP4, "Automated Media Exploitation Research 3", Oct 2010-Sept. 2012
- Department of Defense, NPS 11 R6DY9, "Automated Media Exploitation Applied Engineering", Oct 2010-Sept. 2012
- Department of Defense, NPS 11 RCF6X, "Automated Media Exploitation Support", FY12
- Department of Defense, NPS 11 R6CU5, "Automated Media Exploitation Research 3", FY10-11
- Department of Defense, NPS 11 R6E1G, "Direct Staff Support", FY11
- Defense Manpower Data Center, NPS 11 R6PY1, "Identity and Database Challenges for Force Protection," Oct 2010-May 2011.
- Department of Defense, NPS 11 R4ACU, "Automated Media Exploitation Research P&R," Oct 2010-Sept 2011.
- Department of Defense, NPS 11 R61FP, "Automated Media Exploitation Research 2," April 2010-Sept 2011.
- Department of Defense, NPS 10 RCSPP, "Automated Media Exploitation Research FY2010," July 2009--Sept 2010.
- United States Marine Corps (USMC), NPS JON 10 RCSOE, "Media Exploitation, Evaluation and Development," Oct 2009--Sept 2010.
- Department of Defense, NPS 10 R61IC, "Team Monterey," October 2009--Sept 2010.
- Department of Defense, NPS 10 R617V, "Cyber Policy Review," December 2009--Sept 2010.
- United States Marine Corps (USMC), NPS 09 RCSUP, "Media Exploitation, Evaluation and Development," June 2009--Sept 2009.
- DARPA Sector Discrimination Seedling, NPS 09 RCS70, November 2008--Sept 2009.
- Department of Defense, NPS 09 R9SKL, "Testing of Automated Media Exploitation Tools," December 2007--Sept 2008.
- Department of Defense, NPS 08 R9FNL--106, "Detecting Network Membership with Cross-Drive Analysis," December 2007--September 2008.
- Previous Sponsored Research, FBI
- Federal Bureau of Investigation, NPS 13 RCFQT, "Packet Carving and Visualization", FY12-13
- Federal Bureau of Investigation, NPS 12 RCF37, "Random Sampling and Small BLock Forensics Innovation", FY12-13
- Previous Sponsored Research, NIST
- NIST/NPS Interagency Agreement M92367, "Support of NIST Computer Forensics Testing Program," November 2008--January 2009.
- Previous Sponsored Research, NSF
- National Science Foundation, DUE-1140938, "Developing Materials to Teach Technical Privacy Auditing with Computer Forensic Tools and Realistic Computer Forensic Datasets," FY13-14
- NSF Award DUE-0919593: "Creating Realistic Forensic Corpora for Undergraduate Education and Research," Simson L. Garfinkel and Dave Dittrich, PI. October 2009--Sept 2011.
- NSF Award 0730389, EXP-SA: Prediction and Detection of Network Membership through Automated Hard Drive Analysis, August 1, 2007--July 31, 2010. (Senior Research Staff; Patrick Wolfe, Principle Investigator.)
- Previous Sponsored Research, NPS Internal Funds
- NPS/ITACS, "S/MIME Research," October 2008--September 2009.
Academic Publications
Refereed Journal Articles
- Garfinkel, Simson. "Comment to Mulalidhar and Domingo-Ferrer (2023) – Legacy Statistical Disclosure Limitation Techniques Were Not An Option for the 2020 US Census of Population And Housing", Journal of Official Statistics, vol.39, no.3, 2023, pp.399-410. https://doi.org/10.2478/jos-2023-0018
- Abowd, J., Ashmead, R., Cumings-Menon, R., Garfinkel, S., Heineck, M., Heiss, C., Johns, R., Kifer, D., Leclerc, P., Machanavajjhala, A., Moran, B., Sexton, W., Spence, M., & Zhuravlev, P. (2022). The 2020 Census Disclosure Avoidance System TopDown Algorithm. Harvard Data Science Review, (Special Issue 2). https://doi.org/10.1162/99608f92.529e3cb9
- Garfinkel, Simson and Claire McKay Bowen, Preserving Privacy While Sharing Data, MIT Sloan Management Review, April 26, 2022.
- Garfinkel, Simson. Differential Privacy and the 2020 Census, MIT Schwarzman College of Computing Case Studies in Social and Ethical Responsibilities of Computing, Winter 2022.
- Bowen, Claire McKay and Simson Garfinkel, The Philosophy of Differential Privacy, AMS Notices, November 2021.
- Garfinkel, Simson, and Mary Theofanos, Non-Breach Privacy Events, October 9, 2018, Technology Science.
- Y. Acar, M. Backes, S. Fahl, S. Garfinkel, D. Kim, M. L. Mazurek, and C. Stransky. Comparing the Usability of Cryptographic APIs. In 2017 IEEE Symposium on Security and Privacy (SP), pages 154–171, 2017
- Theofanos, Mary, Simson Garfinkel, and Yee-Yin Choong, Secure and Usable Enterprise Authentication: Lessons from the Field, IEEE Security and Privacy, September/October 2016.
- Garfinkel, Simson, The Prevalence Of Encoded Digital Trace Evidence in the Non-File Space of Computer Media, Journal of Forensic Sciences, Summer 2014
- Garfinkel, Simson, and Michael McCarrin, "Can We Sniff Wi-Fi", IEEE Security and Privacy, July/August 2014.
- Garfinkel, Simson, "Leaking Sensitive Information in Complex Document Files---and How to Prevent It," IEEE Security and Privacy, January/February 2014.
- Garfinkel, Simson, Digital media triage with bulk data analysis and bulk_extractor. Computers and Security 32: 56-72 (2013)
- Young J., Foster, K., Garfinkel, S., and Fairbanks, K., Distinct sector hashes for target file detection, IEEE Computer, December 2012
- Garfinkel, S. Digital Forensics XML and the DFXML toolset, Digital Investigation, 8 (2012), 161-174.
- Garfinkel, S., and Dinolt, G. Operations with Degraded Security. IEEE Security & Privacy, pages 18–23, November/December 2011
- Phillips, Kenneth N; Aaron Pickett; Simson Garfinkel, Embedded with Facebook: DoD Faces Risks from Social Media, CrossTalk, May/June 2011.
- Garfinkel, S., Parker-Wood, A., Huynh, D., and Migletz, J., A Solution to the Multi-User Carved Data Ascription Problem, IEEE Transactions on Information Forensics & Security, December 2010, pages 868--882.
- Garfinkel, S., and Migletz, J., New XML-Based Files: Implications for Forensics, IEEE Security & Privacy Magazine, March/April 2009 (Vol. 7, No. 2)
- Garfinkel, S., Providing Cryptographic Security and Evidentiary Chain-of-Custody with the Advanced Forensic Format, Library, and Tools, The International Journal of Digital Crime and Forensics, Volume 1, Issue 1, January-March 2009.
- Garfinkel, S. "Complete Delete vs. Time Machine Computing," Operating Systems Review, ACM Special Interest Group on Operating Systems, January 2007.
- Garfinkel, S., "AFF: A New Format for Storing Hard Drive Images," Communications of the ACM, February, 2006.
- The Common Evidence Format Working Group (Carrier, B., Casey, E., Garfinkel, S., Kornblum, J., Hosmer, C., Rogers., M., and Turner., P.,) "Standardizing Digital Evidence Storage," Communications of the ACM, February, 2006.
- Garfinkel, S., Juels, A., Pappu, R., "RFID Privacy: An Overview of Problems and Proposed Solutions," IEEE Security & Privacy, Volume 3, Issue 3, pp. 34-43, May-June 2005.
- Garfinkel, S. Email-Based Identification and Authentication: An Alternative to PKI?, IEEE Security & Privacy, November/December 2003.
- Garfinkel, S. "Leaderless Resistance Today", First Monday, 8:3, March 3rd, 2003.
- Garfinkel, S. and Shelat, A., "Remembrance of Data Passed: A Study of Disk Sanitization Practices," IEEE Security & Privacy, January/February 2003.
- Garfinkel, S. L., "Public Key Cryptography," IEEE Computer, Volume 29, Issue 6, June 1996. pages 101-104.
- Garfinkel, S. "Risks of Social Security Numbers", Communications of the ACM, p. 146, October 1995.
- Garfinkel, Simson L. and Richard M. Stallman, and Mitchell Kapor. Why Patents Are Bad for Software. Issues in Science and Technology, Fall 1991.
- Garfinkel, Simson L. Designing a Write-Once File System, Dr. Dobb's Journal, Jan 1991.
- Garfinkel Simson L.. AIDS and the Soundex Code. IRB, 1988.
Refereed Conference Papers
- Abowd, J. M., Ashmead, R., Cumings-Menon, R., Garfinkel, S., Kifer, D., Leclerc, P., Sexton, W., Simpson, A., Task, C., & Zhuravlev, P. (2021). An uncertainty principle is a price of privacy-preserving microdata. In M. Ranzato, A. Beygelzimer, Y. Dauphin, P. Liang, & J. W. Vaughan (Eds.), Advances in neural information processing systems (pp. 11883– 11895). Curran Associates, Inc. https://proceedings.neurips.cc/paper/2021
- Simson L. Garfinkel and Philip Leclerc. 2020. Randomness Concerns when Deploying Differential Privacy. In Proceedings of the 19th Workshop on Privacy in the Electronic Society (WPES'20). Association for Computing Machinery, New York, NY, USA, 73–86. DOI:https://doi.org/10.1145/3411497.3420211 (Acceptance rate 44%)
- Garfinkel, Simson, John Abowd, Sarah Powazek, Issues Encountered Deploying Differential Privacy, Workshop on Privacy in the Electronic Society, Toronto, Canada - October 15, 2018
- Haney, Julie M., Simson L. Garfinkel, Mary F. Theofanos, Organizational Practices in Cryptographic Development and Testing, 2017 IEEE Conference on Communications and Network Security (CNS).
- Stransky, C., Acar, Y., Nguyen, D.C., Wermke, D., Redmiles, E.M., Kim, D., Garfinkel, S., Backes, M., Mazurek, M. L., and Fahl, S. Lessons Learned from Using an Online Platform to Conduct Large-Scale, Online Controlled Security Experiments with Software Developers, 10th USENIX workshop on Cyber Security Experimentation and Test (CSET '17), Vancouver, BC, Canada, August 16-18, 2017.
- Yasemin Acar (CISPA, Saarland University), Michael Backes (CISPA, Saarland University & MPI-SWS), Sascha Fahl (CISPA, Saarland University), Simson Garfinkel (National Institute of Standards and Technology), Doowon Kim (University of Maryland), Michelle Mazurek (University of Maryland), Christian Stransky (CISPA, Saarland University), Comparing the Usability of Cryptographic APIs, IEEE Security and Privacy 2017, San Jose, CA
- Pridgen, Adam, Simson Garfinkel and Dan S. Wallach, Picking up the trash: Exploiting generational GC for memory analysis, DFRWS 2017 Europe — Proceedings of the Fourth Annual DFRWS Europe, March 2017
- Mary Theofanos (NIST), Brian Stanton (NIST), Susanne Furman (NIST), Sandra Spickard Prettyman (NIST), Simson Garfinkel (NIST), Be Prepared: How US Government Experts Think About Cybersecurity, USEC 2017 Workshop (Co-located with NDSS 2017)
- Pridgen, Adam, Simson Garfinkel and Dan Dan Wallach, Present but Unreachable, reducing persistent latent secrets in HotSpot JVM, Hawaii International Conference on System Sciences (HICSS-50), Jan 4-7, 2017, Hilton Waikoloa Village, Hawaii. slides BEST PAPER AWARD
- Hui Yang, Ian Soboroff, Li Xiong, Charles L.A. Clarke, and Simson L. Garfinkel. Privacy-Preserving IR 2016: Differential Privacy, Search, and Social Media. In Proceedings of the 39th International ACM SIGIR Conference on Research and Development in Information Retrieval, SIGIR ’16, page 1247–1248. Association for Computing Machinery, New York, NY, USA, 2016.
- Garfinkel, Simson and Michael McCarrin, Hash-Based Carving: Searching media for complete files and file fragments with sector hashing and hashdb, DFRWS 2015, Aug 10-12, 2015, Philadelphia, PA
- Zarate, Carolina, Simson Garfinkel, Aubin Hefferman, Scott Horras and Kyle Gorak, "A Survey of XOR as a Digital Obfuscation Technique in a Corpus of Real Data," the Tenth Annual IFIP WG 11.9 International Conference on Digital Forensics, 2014, Vienna, Austria. (Acceptance rate: 44%, 24/54)
- Garfinkel, Simson, Nicole Beebe, Lishu Liu, and Michele Maasberg, Detecting Threatening Insiders with Lightweight Media Forensics, IEEE Technologies for Homeland Security (HST 2013), Nov 12-14, Waltham, MA. 2013
- Rowe, Neil, Schwamm, Riqui, Garfinkel, Simson. Language Translation for File Paths, DFRWS 2013, Aug 4-7, 2013. Monterey, CA. BEST PAPER AWARD.
- Garfinkel, S., Nelson, A., Young, J., "A General Strategy for Differential Forensic Analysis", DFRWS 2012, Aug. 6-8, 2012, Washington, DC.
- Garfinkel, S., "Lessons Learned Writing Computer Forensics Tools and Managing a Large Digital Evidence Corpus", DFRWS 2012, Aug. 6-8, 2012, Washington, DC.
- N. C. Rowe and S. L. Garfinkel, Finding suspicious activity on computer systems. Proc. 11th European Conf. on Information Warfare and Security, Laval, France, July 2012.
- N. C. Rowe and S. L. Garfinkel, Finding anomalous and suspicious files from directory metadata on a large corpus. 3rd International ICST Conference on Digital Forensics and Cyber Crime, Dublin, Ireland, October 2011. In P. Gladyshev and M. K. Rogers (eds.), Lecture Notes in Computer Science LNICST 88, Springer-Verlag, 2012, pp. 115-130.
- Beverly, Robert, Simson Garfinkel and Greg Cardwell, "Forensic Carving of Network Packets and Associated Data Structures", DFRWS 2011, Aug. 1-3, 2011, New Orleans, LA. BEST PAPER AWARD (Acceptance rate: 23%, 14/62)
- Rowe, Neil C., Simson L. Garfinkel, Robert Beverly, and Panayotis Yannakogeorgos, Steps towards Monitoring Cyberarms Compliance, 10th European Conference on Information Warfare and Security ECIW-2011, The Institute of Cybernetics at the Tallinn University of Technology, Tallinn, Estonia, 7-8 July 2011 (Acceptance rate: 65%, 54/83)
- Woods, Kam, Christoper Lee, Simson Garfinkel, Extending Digital Repository Architectures to Support Disk Image Preservation and Access, JCDL 2011, June 13-17, 2011, Ottawa, Canada. (Acceptance rate: 28%, 28/99 )
- Woods, K., Christopher Lee, Simson Garfinkel, David Dittrich, Adam Russel, Kris Kearton, Creating Realistic Corpora for Forensic and Security Education, 2011 ADFSL Conference on Digital Forensics, Security and Law (Acceptance rate: 50%, 32/16)
- Garfinkel, Simson, Vassil Roussev, Alex Nelson and Douglas White, Using purpose-built functions and block hashes to enable small block and sub-file forensics, DFRWS 2010, Portland, OR (Acceptance rate: 40%, 16/39)
- Garfinkel, Simson, Digital Forensics Research: The Next 10 Years, DFRWS 2010, Portland, OR, August 2010 (Acceptance rate: 40%, 16/39)
- Garfinkel, Farrell, Roussev and Dinolt, Bringing Science to Digital Forensics with Standardized Forensic Corpora, DFRWS 2009, Montreal, Canada. (slides) BEST PAPER AWARD. (Acceptance rate: 36%, 15/41)
- Rowe, Neil and Simson Garfinkel, Global analysis of drive file times, Fifth International Workshop on Systematic Approaches to Digital Forensic Engineering, Oakland, CA, May 2010
- M. I. Cohen, Simson Garfinkel and Bradley Schatz, Extending the Advanced Forensic Format to accommodate Multiple Data Sources, Logical Evidence, Arbitrary Information and Forensic Workflow, DFRWS 2009, Montreal, Canada. (Acceptance rate: 36%, 15/41)
- Roussev, Vassil, and Garfinkel, Simson, File Fragment Classification---The Case for Specialized Approaches, Systematic Approaches to Digital Forensics Engineering (IEEE/SADFE 2009), Oakland, California. (Acceptance rate: 32%, 7/22)
- Garfinkel, Simson., Automating Disk Forensic Processing with SleuthKit, XML and Python, Systematic Approaches to Digital Forensics Engineering (IEEE/SADFE 2009), Oakland, California. (Acceptance rate: 32%, 7/22)
- Farrell, P., Garfinkel, S., White, D. Practical Applications of Bloom filters to the NIST RDS and hard drive triage, Annual Computer Security Applications Conference 2008, Anaheim, California, December 2008. (Acceptance rate: 24%, 42/173)
- Palankar, M., Iamnitchi, A., Ripeanu, M., and Garfinkel, S. "Amazon S3 for Science Grids: a Viable Solution?", International Workshop on Data-Aware Distributed Computing (DADC'08), June 23-27, 2008, Boston, MA
- Garfinkel, S., IRBs and Security Research: Myths, Facts and Mission Creep, Usability, Psychology and Security 2008 (Co-located with the 5th USENIX Symposium on Networked Systems Design & Implementation (NSDI '08)), San Francisco, CA. April 2008. " (slides)
- Garfinkel, S., "Carving Contiguous and Fragmented Files with Fast Object Validation", Digital Forensics Workshop (DFRWS 2007), Pittsburgh, PA, August 2007. (Acceptance rate: 47%, 17/36)
- Kristic, I., and Garfinkel S. "The One Laptop per Child Security Model," Symposium on Usable Security and Privacy, Pittsburgh, PA, July 2007. ACM Press. (Acceptance rate: 32%, 13/41)
- Garfinkel, S., "Anti-Forensics: Techniques, Detection and Countermeasures", The 2nd International Conference on i-Warfare and Security (ICIW), Naval Postgraduate School, Monterey, CA, March 8-9, 2007. (Acceptance rate: 55%)
- Garfinkel, S., Forensic Feature Extraction and Cross-Drive Analysis,The 6th Annual Digital Forensic Research Workshop Lafayette, Indiana, August 14-16, 2006. (Acceptance rate: 43%, 16/37)
- Uri Braun, Simson Garfinkel, David A. Holland, Kiran-Kumar Muniswamy-Reddy, and Margo I. Seltzer, Issues in Automatic Provenance Collection International Provenance and Annotation Workshop (IPAW'06), Chicago, IL. May 3-5, 2006.
- Garfinkel, S., Malan, D,. One Big File is Not Enough: A Critical Evaluation of the Dominant Free-Space Sanitization Technique, The 6th Workshop on Privacy Enhancing Technologies, Robinson College, Cambridge, United Kingdom, June 28 - June 30, 2006. (Also in G. Danezis and P. Golle (Eds.): PET 2006, LNCS 4258, pp. 135--151, 2006, (c) Springer-Verlag Berlin Heidelberg 2006) (Acceptance rate: 26%, 24/91)
- Wu, M., Miller, R. C., Garfinkel, S., "Do Security Toolbars Actually Prevent Phishing Attacks?" CHI 2006, April 22-28, 2006, Montreal, Quebec, Canada. Nominated for best conference paper. (Acceptance rate: 23%)
- Garfinkel, S., Malan, D., Dubec, K., Stevens, C, Pham, C., Disk Imaging with the Advanced Forensics Format, Library and Tools The Second Annual IFIP WG 11.9 International Conference on Digital Forensics, National Center for Forensic Science, Orlando, Florida, USA January 29 - February 1 2006. (Acceptance rate: 54%, 27/50)
- Garfinkel, S., Miller, R., Johnny 2: A User Test of Key Continuity Management with S/MIME and Outlook Express presented at the Symposium on Usable Privacy and Security (SOUPS 2005), July 6-8, 2005, Pittsburgh, PA. (Acceptance Rate: 26%)
- Garfinkel, S., Schiller, J., Nordlander, E., Margrave, D., and Miller, R., "How To Make Secure Email Easier To Use", CHI 2005: Technology,Safety, Community, Portland, Oregon, April 2-7, 2005. (Acceptance rate: ~25%)
- Garfinkel, S., Schiller, J., Nordlander, E., Margrave, D., and Miller, R., "Views, Reactions and Impact of Digitally-Signed Mail in e-Commerce", Ninth International Financial Cryptography and Data Security Conference, February 28-March 3, 2005, Roseau, The Commonwealth of Dominica. (Acceptance rate: 26%, 24/90)
- Garfinkel, S. "Best Practices for Usable Security In Desktop Software", DIMACS Workshop on Usable Privacy and Security Software, July 7 - 8, 2004. DIMACS Center, CoRE Building, Rutgers University, Piscataway, NJ. (slides)
- Wu, M., Garfinkel, S., Miller, R., "Secure Web Authentication with Mobile Phones", DIMACS Workshop on Usable Privacy and Security Software, July 7 - 8, 2004. DIMACS Center, CoRE Building, Rutgers University, Piscataway, NJ.
- Garfinkel, S. Enabling Email Confidentiality through the use of Opportunistic Encryption", presented at the 2003 National Conference on Digital Government Research, May 2003, Boston, MA. (slides)
- Garfinkel, S. "Adopting Fair Information Practices to Low Cost RFID Systems", paper presented at Privacy in Ubicomp'2002 workshop, Gotenborg, Sweden, September 29th, 2002.
- Cunningham, Robert K., Richard P. Lippmann, David J. Fried, Simson L. Garfinkel, Isaac Graf, Kris R. Kendall, Seth E. Webster, Dan Wyschogrod, and Marc A. Zissman, Evaluating Intrusion Detection Systems without Attacking your Friends: The 1998 DARPA Intrusion Detection Evaluation, in Proceedings ID'99, Third Conference and Workshop on Intrusion Detection and Response, San Diego, CA: SANS Institute, 1999. (abstract) (PDF)
- Lippmann, R. P., R. K. Cunningham, D. J. Fried, S. L. Garfinkel, A. S. Gorton, I. Graf, K. R. Kendall, D. J. McClung, D. J. Weber, S. E. Webster, D. Wyschogrod, M. A. Zissman, "The 1998 DARPA/AFRL Off-Line Intrusion Detection Evaluation," First International Workshop on Recent Advances in Intrusion Detection, Louvain-la-Neuve, Belgium, 1998. , (abstract)
Refereed Book Chapters
- Garfinkel, Simson L. "Encryption and Related Technologies," in Introduction to IT Privacy: A Handbook for Technologists, Travis Breaux, Executive Editor, International Association of Privacy Professionals, 2020 edition
- Privacy and Security Concerns When Social Scientists Work with Administrative and Operational Data, Simson L. Garfinkel, The ANNALS of the American Academy of Political and Social Science, Vol 675, Issue 1, pp. 83 - 101, First Published December 21, 2017, https://doi.org/10.1177/0002716217737267
- Garfinkel, Simson L. "Encryption and Related Technologies," in Introduction to IT Privacy: A Handbook for Technologists, Travis Breaux, Executive Editor, International Association of Privacy Professionals, 2014
- Rowe, Neil, Garfinkel, Simson L, Beverly, Robert, and Yannakogeorgos, Panayotis, "Challenges in Monitoring Cyberarms Compliance," in Conflict and Cooperation in Cyberspace: The Challenge to National Security, edited by Panayotis A. Yannakogeorgos and Adam B. Lowther, Taylor & Francis Group, 2010, pp. 81-100
- Poe, Mya & Simson Garfinkel. "Security and Privacy in the Wireless Composition Classroom," in Going Wireless; A Critical Exploration of Wireless and Mobile Technologies for Composition Teachers and Scholars. Ed. Amy C. Kimme Hae. Hampton Press. 2009.
- Garfinkel, S. "Using S/MIME," in Phishing and Countermeasures : Understanding the Increasing Problem of Electronic Identity Theft, Ed. Markus Jakobsson and Steven Myers. Wiley. 2006
- Garfinkel, S. "RFID in Ubiquitious Commerce," in Ubiquitous and Pervasive Commerce, Ed. George Roussos, Springer SMB, November 2005.
- Garfinkel, S. "Sanitization and Usability," in Usability and Security, Ed. Lorrie Cranor and Simson Garfinkel, O'Reilly, 2005.
CACM In Memoriam
- Simson Garfinkel and Eugene H. Spafford. 2023. In Memoriam: Frederick P. Brooks, Jr. 1931-2022, Commun. ACM 65, 10 (Jan 2023), https://doi.org/10.1145/3572995
- Simson Garfinkel and Eugene H. Spafford. 2022. In Memoriam: Juris Hartmanis 1928-2022, Commun. ACM 65, 10 (Oct 2022), https://doi.org/10.1145/3559705
- Simson Garfinkel and Eugene H. Spafford. 2021. In Memoriam: Ronald E. Anderson, 1941-2020, Commun. ACM Feb. 22, 2021. https://cacm.acm.org/news/252987-in-memoriam-ronald-e-anderson-1941-2020/fulltext
- Simson Garfinkel and Eugene H. Spafford. 2021. In Memoriam: Jack Minker (1927---2021). Commun. ACM 64, 6 (June 2021), 17. https://doi.org/10.1145/3462465
- Simson Garfinkel and Eugene H. Spafford. 2021. In Memoriam: Charles M. Geschke (1939--2021). Commun. ACM 64, 7 (July 2021), 22. https://doi.org/10.1145/3467481
- Simson Garfinkel and Eugene H. Spafford. 2021. In Memoriam: Edmund M. Clarke (1945---2020). Commun. ACM 64, 3 (March 2021), 23–24. https://doi.org/10.1145/3447810
- Simson Garfinkel and Eugene H. Spafford. 2020. In Memoriam: Fran Allen: 1932--2020. Commun. ACM 63, 10 (October 2020), 18–19. https://doi.org/10.1145/3418560
Other Academic Publications
- Larry Medsker, Philip Koopman, Homa Alemzadeh, Simson Garfinkel, Andrew Grosso, Carl Landwehr, Sam Liles, John Murray, Cristina Nita-Rotaru, William Widen, and Alec Yasinsac. 2024. ACM TechBrief: Automated Vehicles. Association for Computing Machinery, New York, NY, USA.
- Simson Garfinkel, Why privacy professionals should be aware of tech abuse, October 6, 2023, IAPP Privacy Perspectives
- Simson Garfinkel , Jon Stewart, Sharpening Your Tools: Updating bulk_extractor for the 2020s, Communications of the ACM, August 2023
- Simson Garfinkel , Jon Stewart, Sharpening Your Tools: Updating bulk_extractor for the 2020s, ACM Queue, March 28, 2023
- Simson Garfinkel. Teaching with Wikipedia In: WikiEdu Blog (Nov. 2022)
- Simson L. Garfinkel and Chris J. Hoofnagle. 2022. ACM TechBrief: Quantum Computing and Simulation. Association for Computing Machinery, New York, NY, USA.
- Simson Garfinkel. The Beauty of Static Types (SIGINFO). ;login:, 2021-04-28, Usenix
- Garfinkel, Simson, John M. Abowd, and Christian Martindale, Understanding Database Reconstruction Attacks on Public Data, Communications of the ACM, February 2019.
- Garfinkel, Simson, John M. Abowd, and Christian Martindale, Understanding Database Reconstruction Attacks on Public Data, ACM Queue, November 28, 2018.
- Garfinkel, Simson. "Beyond IRBs: Designing Ethical Review Processes for Big Data Research" Future of Privacy Forum, January 25, 2017 (conference proceedings)
- Garfinkel, Simson L. The Expanding World of Digital Forensics, ;login:, December 2015, pp. 12-16
- Garfinkel, Simson L., Digital Forensics, American Scientist, September-October 2013
- Fairbanks, Kevin, and Simson Garfinkel, "Factors Affecting Data Decay", Journal of Digital Forensics, Security and Law, Vol. 7(2), 2012
- Garfinkel, S. The Cybersecurity Risk, Communications of the ACM, June 2012
- Garfinkel, Simson L. Programming Unicode. ;Login:, April 2012.
- Garfinkel, S. File Cabinet Forensics, Journal of Digital Forensics, Security and Law, Vol 6(4)., Dec. 2011
- Garfinkel, S. Every Last Byte. J. of Digital Forensics, Security and Law, 6(2):7–8. 2011
- Garfinkel, S., and Cranor, L., Institutional Review Boards and Your Research, Communications of the ACM, June 2010.
- Garfinkel, S., and Cox, D., "Finding and Archiving the Internet Footprint," invited paper, British Library's Digital Lives Conference, London, England, February 2009.
- Garfinkel, S. "Information of the World Unite! (Data Fusion)," Scientific American, September 2008.
- Garfinkel, S. "Document and Media Exploitation," ACM Queue, November/December 2007.
- Garfinkel, S. "Commodity Grid and Computing with Amazon's S3 and EC2," ;LOGIN:, February 2007, pp. 7-13, Usenix.
- Garfinkel, S., and Smith, M., "Data Surveillance" (Guest Editor's Introduction), IEEE Security & Privacy, November/December 2006
- Lorrie Faith Cranor and Simson Garfinkel. Guest Editor’s Introduction: Secure or Usable? 2(5), IEEE Security & Privacy, September/October 2004
- Simson Garfinkel. The Ethics of Interception. Password, ISSA. 2004
- Simson L. Garfinkel. Privacy, Please: Online services need to realize that possession of customer information does not imply permission to do with it what they want. Information Security, 2000.
- Stallman, R., and Garfinkel, S. "Against Software Patents", Communications of the ACM, Volume 35, Issue 1 (January 1992), pages 17-22, 121.
- Stallman, R., and Garfinkel, S. "Against User Interface Copyright", Communications of the ACM, Volume 33, Issue 11 (November 1990), pages 15-18.
- Garfinkel, S. Use Email for Efficiency, The Practical Lawyer Volume 35, Number 1, January 1989
- Garfinkel, S. An Introduction to Computer Security (part 2), The Practical Lawyer, Volume 33, Number 7, October 1987.
- Garfinkel, S. An Introduction to Computer Security (part 1), The Practical Lawyer, Volume 33, Number 6, September 1987.
- Garfinkel, S."Game of LIFE on the IBM PC," Dr. Dobb's Journal, Volume 8, Issue 6, June 1983.
US Government Publications
- Simson Garfinkel, Joseph Near, Aref N. Dajani, Phyllis Singer, Barbara Guttman, NIST Special Publication NIST SP 800-188: De-Identifying Government Datasets: Techniques and Governance, National Institute of Standards and Technology, September 2023
- John Abowd, Mark Fleischer, Simson Garfinkel, Philip Leclerc, Michele Hedrick, Matthew Haubach, Michael Hawes, Teresa Sabol, Robert Sienkiewicz, and Lars Vilhuber, Census Bureau Formal Privacy Controlled Vocabulary and Style Guide, Version 1.1, 2021, A2021-01-ADRM
- John M. Abowd, Gary L. Benedetto, Simson L. Garfinkel, Scot A. Dahl, Aref N. Dajani, Matthew Graham, Michael B. Hawes, Vishesh Karwa, Daniel Kifer, Hang Kim, Philip Leclerc, Ashwin Machanavajjhala, Jerome P. Reiter, Rolando Rodriguez, Ian M. Schmutte, William N. Sexton, Phyllis E. Singer, And Lars Vilhuber, The Modernization of Statistical Disclosure Limitation at the U.S. Census Bureau, August 2020
- John M. Abowd and Simson Garfinkel, Disclosure Avoidance and the 2018 Census Test: Release of the Source Code, June 6, 2019
- Simson Garfinkel and William Yates, Application Level Cryptography for Securing Online Survey Responses, US Census Bureau, February 20, 2019
- Garofolo, John, John Contestabile, John Powell, Jason Corso, Gerald Friedland, Peter Tu, Sharath Pankanti, Lauren Brush, Steve Surfaro, Anthony Hoggs, John Audia, Simson Garfinkel, Reva Schwartz, Andrew Weinert, al, NISTIR 8164, First Workshop on Video Analytics in Public Safety June 6, 2016, San Diego, CA, National Institute of Standards and Technology, Gaithersburg, MD, Published January 19, 2017.
- Simson Garfinkel. Government Data De-Identification Stakeholder’s Meeting June 29, 2016 Meeting Report. Technical Report NISTIR 8150, National Institute of Science and Technology, September 2016
- National Privacy Research Strategy, National Science and Technology Council, Networking and Information Technology, Research and Development Program, June 2016
- Simson Garfinkel. De-Identifying Government Data. Technical Report SP 800-188, National Institute of Science and Technology, 2016. DRAFT
- Ramaswamy Chandramouli, Simson Garfinkel, Stephen Nightingale, and Scott Rose. Trustworthy Email. Technical Report SP 800-177, National Institute of Science and Technology, 2015
- Simson Garfinkel. De-Identification of Personally Identifiable Information. Technical Report NIST IR 8053, National Institute of Science and Technology, November 2015
- Zarate, Carolina M., Simson L. Garfinkel, Aubin Heffernan, Scott Horras and Kyle Gorak, A Survey of XOR as a Digital Obfuscation Technique in a Corpus of Real Data. Technical Report NPS-CS-13-005, Naval Postgraduate School, January 2014
- Garfinkel, Simson and Michael Shick, Passive TCP Reconstruction and Forensic Analysis with tcpflow, Technical Report NPS-CS-13-003, Naval Postgraduate School, September 2013
- Bradley, Jessica and Simson Garfinkel, Bulk Extractor 1.4 Programmers Manual for Developing Scanner Plug-Ins, Technical Report NPS-CS-13-007, Naval Postgraduate School, August 2013.
- Bradley, Jessica and Simson Garfinkel, Bulk Extractor 1.4 User's Manual, Technical Report NPS-CS-13-006, Naval Postgraduate School, August 2013.
- Courrejou, Timothy and Simson Garfinkel. A comparative analysis of file carving software. Technical Report NPS-CS-11-006, Naval Postgraduate School, September 2011.
- Dinolt, George, Bruce Allen, David Canright, and Simson Garfinkel. Parallelizing SHA-256, SHA-1, MD5 and AES on the Cell Broadband Engine. Technical Report NPS-CS-10-11, Naval Postgraduate School, September 2010
- Courrejou, Timothy and Simson Garfinkel. A comparative analysis of file carving software. Technical Report NPS-CS-10-010, Naval Postgraduate School, September 2010.
- Garfinkel, Simson. Counter intelligence risks posed by information stored in DOD411—the DISA global directory service. Technical Report NPS-CS-10-004, Naval Postgraduate School, September 2010.
- Garfinkel, Simson. Residual data found on guardian edge-protected removable storage media. Technical Report NPS-CS-10-003, Naval Postgraduate School, September 2010
- Pietso, Loren E., and Garfinkel, Simson L., Methods for Creating Realistic Disk Images for Forensic Tool Testing and Education, Technical Report NPS-CS-09-003, Naval Postgraduate School, Monterey, CA March 2009.
- David Canright, George Dinolt, Simson Garfinkel, Jonathan Herzog, Bruce Allen, Implementing AES on the CellBE, Technical Report NPS-MA-09-001, Naval Postgraduate School, Monterey, CA January 2009.
- McLaren, S., and Garfinkel, S., A Field Study of an Iris Identification System Technical Report NPS-CS-08-008, Naval Postgraduate School, Monterey, CA, May 2008.
- Garfinkel, Simson L. Providing cryptographic security and evidentiary chain-of-custody with the advanced forensic format, library, and tools. Technical report, Technical Report NPS-CS-08-014, 2008
Technical Reports and Working Papers
- Garfinkel, Simson L. An evaluation of amazon’s grid computing services: EC2, S3 and SQS. Technical Report TR-08-07, School for Engineering and Applied Sciences, Harvard University, July 2007.
- Garfinkel, S., Massively Multiplayer Games As a Source of Terrorist Simulant Data, August 2003.
- Garfinkel, S., A Web Service for File Fingerprints: The Goods, the Bads, and the Unknowns, January 2003.
- Garfinkel, S., Robertson, H., Elledge, C., Levine, J., Syncframe: a Multi-Peer Synchronization Framework December 2002.
- Shipley, P., Garfinkel, S., An Analysis of Dial-Up Modems and Vulnerabilities , Spring 2001.
- Garfinkel, S. "The Story of the Write Once File System," IRIS Project, Brown University, August 1st, 1987
- Garfinkel, Simson L. and J. Spencer Love. A File System for Write-Once Media, MIT Media Lab Technical Report, September 1986
Other Publications
Books
- Differential Privacy, Simson Garfinkel, (to appear) 2025 (MIT Press)
- Law and Policy for the Quantum Age, Chris Jay Hoofnagle and Simson L. Garfinkel, 2021 (Cambridge)
- The Computer Book: From the Abacus to Artificial Intelligence, 250 Milestones in the History of Computer Science (Sterling Milestones), by Simson L. Garfinkel and Rachel H. Grunspan. 2018 (Sterling)
- Usable Security: History, Themes, and Challenges, by Simson Garfinkel and Heather Lipford, 2014. (Morgan & Claypool, part of the Synthesis Lectures on Information Security, Privacy and Trust series.)
- Security and Usability, edited by Lorrie Cranor and Simson Garfinkel. 2005. (O'Reilly & Associates, Inc.)
- RFID : Applications, Security, and Privacy, edited by Simson Garfinkel and Beth Rosenberg. 2005. (Addison-Wesley Professional)
- Practical UNIX and Internet Security, 3rd Edition, co-authored with Gene Spafford and Alan Schwartz. 2003. (O'Reilly & Associates, Inc.)
- Building Cocoa Applications, with Michael K. Mahoney. 2002. (O'Reilly & Associates, Inc.)
- Web Security, Privacy and Commerce, with Gene Spafford. 2001. (O'Reilly & Associates, Inc.)
- Database Nation: The Death of Privacy in the 21st Century, 2000. (O'Reilly & Associates, Inc.)
- Architects of the Information Society, Edited by Hal Abelson. 1999 (MIT Press.) (chapter 1)
- Stopping Spam, co-authored with Alan Schwartz. 1998. (O'Reilly & Associates, Inc.)
- Web Security and Commerce, with Gene Spafford. 1997. (O'Reilly & Associates, Inc.)
- Practical UNIX and Internet Security, co-authored with Gene Spafford 1996. (O'Reilly & Associates, Inc.)
- PGP: Pretty Good Privacy. 1995. (O'Reilly & Associates, Inc.)
- The UNIX-HATERS Handbook, editor, with Daniel Weise and Steven Strassmann. 1994 (IDG Press)
- NeXTSTEP Programming, with Michael Mahoney. 1992 (Springer-Verlag)
- Practical UNIX Security, with Gene Spafford. 1991 (O'Reilly & Associates, Inc.)
Data Publications
- Digital Corpora Scenarios (2008-), forensic data from working systems but created by investigators according to scripts so that the images do not contain identifiable private information from actual persons. As such, IRB approval is not required. These images can be freely downloaded from https://digitalcorpora.org/. Teachers guides are available.
- The Real Data Corpus (2005-2015), a collection of raw data extracted from data-carrying devices that were purchased on the secondary market around the world. Many studies have shown that hard drives, cell phones, USB memory sticks, and other data-carrying devices are frequently discarded by their original users without the data first being cleared or purged. By purchasing these devices and extracting their data, we have created a data set that closely mimics data as it is found in the real world.
- GOVDOCS1 (2009), a collection of roughly 1 million files that have been characterized and are available for download and open use. By collecting documents already made publicly available by the US Government, this corpus avoids copyright and privacy issues.
Open Source Software
- Disclosure Avoidance System for the 2020 Demonstration Data Products
- bulk_extractor, a program for exporting email addresses, date stamps, and other information from disk images. Winner of a 2011 DOD Value Engineering Award. 2008--
- tcpflow, a TCP/IP session reassembler, 2006-
- fiwalk, a program for creating Digital Forensics XML files from disk images. Now included in The Sleuth Kit. 2008--2011
- md5deep. Performs hihg-speed hashing. Originally developed by Jesse Kornblum, original contributions include bringing the program up-to-date and making it multi-threaded. Released Sept. 2011
- frag_find, a program for performing hash-based file carving. 2009--
- ATA Raw, a user-level implementation of the ATA command set, for Linux. 2008
- AFFLIB, the Advanced Forensics Format Library and toolset. 2005--
- aimage, the advanced disk imager. 2005--
- NPSBloom, the NPS Bloom Filter implementation. 2007--2010
- SBook5, Simson Garfinkel's Address Book 1989-2005
- CDFS, the Compact Disk File System. 1985
History of Computing, Technology and MIT (selected)
- Garfinkel, S. How Technology Review got its start, Technology Review, January 4, 2024
- Garfinkel, S. MIT's First Divorce (how MITRE was created and got its name), Technology Review, June 27, 2023
- Garfinkel, S. Cold Trick Indeed (dorm room set up on the Charles, 1985), Technology Review, December 19, 2022
- Garfinkel, S. How an MIT Marxist weathered the Red Scare (Dirk Struik), Technology Review, June 29, 2022
- Garfinkel, S. In praise of the Feistel network (Horst Feistel '37), Technology Review, April 27, 2022
- Garfinkel, S. The man no one knows who changed Boston (Charles Hayden), Technology Review, February 23, 2022
- Garfinkel, S. 5 MIT patents that changed computing, Technology Review, February 23, 2022
- Garfinkel, S. Walker and the “Indian Question:” Before arriving at MIT, Francis Amasa Walker had twice led the US Census—and helped justify the troubling US policy of containing Native Americans on reservations. Technology Review, August 24, 2021
- Garfinkel, S. Tomorrow’s computer, yesterday. Four decades ago at Endicott House, an MIT professor convened a conference that launched quantum computing. Technology Review, April 27, 2021
- Garfinkel, S. Punching In: Bored teaching at MIT, Herman Hollerith left to launch the information age for the US Census. Technology Review, August 18, 2020
- Garfinkel, S. Everything is a Punch Card. ;login:, Fall 2020
- Garfinkel, S. The Tricky Cryptographic Hash Function. ;login:, Winter 2020
- Garfinkel, S. Shafi Goldwasser, Technology Review, August 21, 2019
- Garfinkel, S. Radia Perlman '73, SM '76, PhD '88, Technology Review, August 21, 2019
- Garfinkel, S. The Geek (Chris Schmandt), Technology Review, April 24, 2019
Other Publications (selected)
- Garfinkel, Simson and Jody Westby, Response to Request for Information on National AI Priorities by the White House Office of Science and Technology Policy, Association for Computing Machinery US Technology Policy Committee, July 7, 2023.
- Christopher Kang, Jeremy Epstein, Cory Doctorow, Simson Garfinkel and Jeanna Matthews, Statement on Principles for the Development and Deployment of Equitable, Private, and Secure Remote Proctoring Systems, ACM US Technology Policy Committee, December 16, 2022.
- Vijay Chidambaram, Simson Garfinkel, Carlos E. Jimenez-Gomez, Bran Knowles, Arnon Rosenthal, Ben Schneiderman, Stuart Shapiro, and Alejandro Saucedo, Statement on Principles for Responsible Algorithmic Systems, Association for Computing Machinery US Technology Policy Committee, October 26, 2022.
- Hoofnagle, Chris Jay and Simson Garfinkel, Quantum Cryptanalysis: Hype and Reality, Lawfare, Feb. 16, 2022
- Hoofnagle, Chris Jay and Simson Garfinkel, Quantum Sensors—Unlike Quantum Computers—Are Already Here, Defense One, June 27, 2022
- Hoofnagle, Charis Jay and Simson Garfinkel, What if Quantum Computing Is a Bust?, Slate Future Tense, Jan 26, 2022
- Garfinkel, S. "The iPhone Has Passed a Key Security Threshold", Technology Review, August 13, 2012
- Garfinkel, S. Track Me Not: "Do not track" legislation could simply accelerate the monopolization of Internet advertising, Technology Review, December 14, 2010
- Garfinkel, S., Privacy Requires Security, Not Abstinence; Protecting an inalienable right in the age of Facebook, Technology Review Magazine, July/August 2009
- Garfinkel, S. Right on Time? The Security Implications of the Humble Computer Clock, CSO Magazine, March 2, 2009
- Garfinkel, S., and Rosenberg., B., "Face Recognition: Clever or Creepy?", Technology Review, February 27, 2009.
- Garfinkel, S., Network Forensics: Tapping the Internet, The O'Reilly Network, April 26, 2002.
- Garfinkel, S. "Patently Absurd: How could the Patent Office ever grant a patent to Compton's on its claim to have invented multimedia?" Wired Magazine, July 1994.
Presentations and Tutorials (selected)
2022
- C14 Keeping Forensic Tools Sharp: A Case Study of Updating Bulk_Extractor 1.6 to 2.0, American Academy of Forensic Sciences, Annual Meeting, Seattle, 2022
2020
- 2020-01-27 Differential Privacy Status Report
- 2020-01-27 Special Topics in Privacy and Public Auditability
- 2020-03-04 Presentation on Differential Privacy at Google
- 2020-06-08 Spark+AI Summit
- 2020-06-10 Responsible Data Summit
2019
- 2019-12-10 Cloud Forensics
- 2019-11-19 Observing the impact of research by writing The Computer Book (Talk at the National Science Foundation)
- 2019-10-19-pmr-disclosure-avoidance
- 2019-10-16 Digital Corpora for Research and Education (Presented at OSDFCON 2019)
- 2019-09-25 Differential Privacy Tutorial (SECDEV 2019)
- 2019-07-20 Deploying Differential Privacy for the 2020 Census (Presented to Microsoft Research New England)
- 2019-07-16 Deploying Differential Privacy for the 2020 Census
- 2019-06-27 Differential Privacy and the 2020
- 2019-06-24 Understanding Differential Priavcy (Presented to the National Advisory Committee on Racial, Ethnic and Other Populations Spring 2019 Meeting)
- 2019-06-18 Macintosh Forensics In 90 Minutes (Presented to ACM (Presented to ISSA-DC)
- 2019-06-18 Differential Privacy and the US Census (Presented to the IARPA HECTOR PI meeting)
- 2019-05-15 Differential Privacy and the US Census (Presented to the DARPA Brandeis PI meeting)
- 2019-05-2 National Advisory Committee on Racial, Ethnic and Other Populations (NAC) Spring Meeting: May 2-3, 2019, Privacy and Confidentiality Protection Overview
- 2019-05-02 Differential Privacy: Basic
- 2019-04-26 Attacking Public Data
- 2019-04-22 Differential Privacy: Basic Concepts
- 2019-04-02 Garfinkel Attacking Public Data
- 2019-03-26 Garfinkel Attacking Public and Protected Data
- 2019-03-14 Issues Encountered Deploying Differential Privacy (IQT Technology Focus Day)
- 2019-02-28 Protecting the Confidentilaity of the 2020 Census, Presented to the Trust and Confidential Working Group, California Complete Count
- 2019-01-28a Privacy and the 2020 Census (Rice University)
2018
- 2018-10-31 Cybersecurity research is not making us more secure (University of Pennsylvania)
- 2018-10-19 2020 Census Program Management Review — October 19, 2018, 2020 Census Disclosure Avoidance.
- 2018-10-15 Issues Encountered Deploying Differential Privacy (Workshop on Privacy in the Electronic Society, Toronto Canadav)
- 2018-09-26 Issues Encountered Deploying Differential Privacy (University of Massachusetts)
- 2018-03-08 Challenges and Experiences Adapting Differentially Private Mechanisms to the 2020 Census
- 2018-02-20 Protecting Data Sources
- 2018-02-14 Garfinkel Georgetown Modernizing the DAS for the 2020 Census (Georgetown)
- 2018-01-31 Differential Privacy
2017
2012
- Using bulk_extractor for digital forensics triage and cross-drive analysis, DFRWS 2012
- Digital Signatures: Current Barriers, Invited Talk, 10th Symposium on Identity and Trust on the Internet, Gaithersburg, MD, 2011.
- Cyber Security, presented for Cyber Security Awareness Month at NPS.
- Digital Forensics 1: Technology, Policy and Countermeasures, 2009 Annual Computer Security Applications Conference, Honolulu, Hawaii, December 2009.
- Automated Digital Forensics, MIT CSAIL, in 32-G449 (CSAIL Kiva) (slides), August 20, 2009
- "IRBs and Computer Science Research", presented at the Public Responsibility in Medicine and Research (PRIM&R) 2008 Advancing Ethical Research Conference, November 17--19, 2008, Orlando, FL.
- "Common-Mode Failures: What can you do with 236 used hard drives?", presented at FINSEC 2005, sponsored by the MSI Training Institute, New York, New York. December 7, 2005
- "Ensure Proper Data Management with Discarded IT Assets", presented to the Retail Data Systems Forum, November 3, 2005.
- Sanitization and Cross Drive Analysis, Naval Postgraduate School, Fall 2005.
- "Technology vs. Spam", presentation to the FCC Technological Advisory Council, February 23, 2004.
- "Speculating about Tomorrows's Threats," Workshop on Network Threats, Washington, DC. November 2003
- "Privacy in the Post-9/11 world", John Marshall Law School, January 2002.
- "Web Security: Is our Time Running out?" ISSA NE Annual Meeting, November 2001.
- "Privacy in the 21st Century," Pop!Tech, Camden, Maine, October 2001.
- "Wireless Threats to Privacy and Security," July 2001,
- "A Survey of Broadband ISP Privacy Policies," May 2001
- "Introduction to Online Privacy," New Orleans, December 2000.
- "Wireless Communication Security," Computer Security Day, Celebremos Juntos el D'ia Internacional de la Seguridad en C'omputo, Mexico City, Mexico, November 2000.
- "An Introduction to Privacy and Data Protection," October 2000.
- "Linux Security," O'Reilly Open Source Conference, June 2000.
- "Data Protection," May 2000.
- "Thirty Years of Spam," Brightlight Spam Summit, Washington, DC, May 2000
- "Biometrics and Privacy," April 2000.
- "Extending the Privacy Bubble," The Internet Security Conference, Boston, MA, October 1999.
- "Technical Solutions to Minimize Security Exposures," Information Systems Security Association, 14th Annual Meeting, California, September 27, 1999.
- "Linux Security", O'Reilly OpenSource Conference, Monterey, California, August 1999.
- "How to build a website that really sucks," VERIO/Hiway Webhosting Conference, June 1999.
- "Web Security and Privacy," Smart Card Forum, June 1999.
- "Information Warfare in the 21st Century," GartnerGroup Information Security Conference, April 12-14, 1999, Chicago.
- "What's Next for SPAM?" SPAM Roundtable, March 1999, California.
- "Combating Telephone Intrusions," SANS Intrusion Detection 99, February 1999, San Diego, California.
- "Introduction to Information Warfare," presented at the TTI Vanguard conference on Risk, Security and Trust, May 14-15, 1998, Trianon Palace Versailles, France.
- "Web Technology: Usability, Security, Reliability & Commerce," Thursday, November 20, 1997, Brown University Department of Computer Science, Industrial Partners Program.
- "Privacy In the Next Century", October 21, 1997, University of Oswego, featured speaker at the Digital Age conference at SUNY Oswego.
- "Computer Security Workshop", October 17, 1997, SUNY Oswego, day-long conference on computer security.
- "Berkeley Roundtable on Software Innovation", April 26, 1996, speaking about software patents.
- "Internet Service Providers", Sixth Conference on Computers, Freedom & Privacy, March 29, 1996.
- "Online Communities" and "Privacy", New York Macintosh User's Fair, March 23, 1996.
- "Information at Whose fingertips?" PC Expo 95, speaking on cryptography.
- "Managing Internet Security." I/S Analyzer Case Studies, June 8th, 1995. Chicago.
- "Roadmap to the Big 1995 Cyberstories," Telecommunication Policy Roundtable--Northeast, January 18, 1995.
- "The Future of Object-Oriented Programming," Object Oriented Computing for the Natural Sciences, EMBL, Germany, November 1994.
- "The Software Patent Crisis," Connecticut Patent Law Association, October 5, 1994.
- "Electronic Publishing Problems," MIT, December 1993.
Patents
- United States Patent 8,433,959, (Granted April 30, 2013), Garfinkel and Nelson, Method for Determining Hard Drive Contents through Statistical Drive Sampling. Filed Sep. 7, 2010.
- United States Patent 7,779,032, (Granted August 17, 2010), Garfinkel, Forensic feature extraction and cross drive analysis. Filed September 6, 2006.
- United States Patent 7,023,854, (Granted April 4, 2006), Garfinkel, Packet interception system including arrangement facilitating authentication of intercepted packets. Filed November 17, 1999 (Continuation of Patent 6,678,270).
- United States Patent 6,993,661, (Granted January 31, 2006), Garfinkel, System and method that provides for the efficient and effective sanitizing of disk storage units and the like Filed August 9, 2001.
- United States Patent 6,744,864, (Granted June 1, 2004), Garfinkel, Adaptive Dialing System and Method. Filed May 18, 2000.
- United States Patent 6,678,270, (Granted January 13, 2004), Garfinkel, Packet interception system including arrangement facilitating authentication of intercepted packets. Filed March 12, 1999.
- United States Patent 6,490,349, (Granted December 3, 2002), Garfinkel et al., System and Method for Scan-Dialing Telephone Numbers and Classifying Equipment Connected to Telephone Lines Associated therewith. Filed December 19, 1998.
Teaching Experience, Academic
George Washington University, 2019--
- DATS 6450: Data Science Ethics ★ (Fall 2019, Fall 2020, Fall 2021)
George Mason University, 2016--
- CFRS 510: Digital Forensics Analysis ★ (Spring 2016)
- CFRS 765: Macintosh Forensics ★ (Spring 2019)
- CFRS 780: Cloud Forensics ★ (Spring 2018)
Georgetown University, 2016--2017
- CS3610: Information Crime, Law and Ethics ★ (Fall 2007; Fall 2008)
- CS3636: Data Fusion with Online Information Systems ★ (Summer 2009)
- CS3690: Network Security (Fall 2012)
- CS3773: Java as a Second Language (Winter 2008; Winter 2009)
- CS4614: Special topics in computer security ★ (Summer 2014)
- CS4922: Advanced Computer Architecture (Spring 2009)
- CS4920: Automated Document and Media Exploitation ★ (Fall 2008; Fall 2009; Winter 2010)
Harvard University Extension School (Fall 2004--Spring 2006)
- CSCI E-170: Security, Privacy and Usability ★ (Fall 2004, Fall 2005)
- CSCI E-180: Building Programs with Graphical Interfaces ★ (Spring 2006)
Northeastern University School of Computer Science and Information Science (Summer 2004)
- CSG 357: Computer Security, Privacy and Usability ★ (Summer 2004)
★ Indicates an original course that was developed and taught
Teaching Experience, Tutorials
Berkeley Initiative for Transparency in the Social Sciences
- Summer Institute 2016, tutorial on de-identification.
Computers, Freedom and Privacy
Annual Computer Security Applications Conference (ACSAC)
Usenix Association, Spring 2006--
- Network Forensics & Disk Forensics, LISA 2008, San Diego, CA
- Computer Forensics & Forensics Lab, USENIX Security 2008, San Jose, CA
- Computer Forensics, USENIX 2007, San Jose, CA
- Computer Forensics, LISA 2007, Dallas, TX
Symposium on Usable Security and Privacy (Summer 2005)
- Computer Security Tutorial, SOUPS 2005, Pittsburgh, PA
University of Aizu, Japan (December 1993)
- Created and taught a one-week course on NeXTSTEP Programming
Fellowships, Honors and Awards
- 2023 IEEE Cybersecurity Awards for Practice/, awarded to John Abowd and Simson Garfinkel for Contributions to Privacy-Preserving Distribution of U.S. Census Data
- 2023 Department of Commerce US Census Bureau Gold Medal for Scientific/Engineering Achievement awarded to Victoria A. Velkoff, Ryan R. Cumings, Michael B. Hawes, Philip Daniel Leclerc, Pavel Zhuravlev, Matthew Spence, Cynthia Davis Hollingsworth, James C A Whitehorne, John M. Abowd, Simson L. Garfinkel. "This group is honored for the practical design, testing, and implementation of a cutting-edge disclosure avoidance system for the legally mandated 2020 Census P.L. 94-171 Redistricting Data Summary File, thereby guaranteeing the quality and availability of Census data for critical societal purposes, including the redrawing of Federal and state legislative voting districts, while providing mathematically provable guarantees of the confidentiality of census respondents' information."
- 2023 PET Award, awarded to John M. Abowd, Robert Ashmead, Ryan Cumings-Menon, Simson Garfinkel, Micah Heineck, Christine Heiss, Robert Johns, Daniel Kifer, Philip Leclerc, Ashwin Machanavajjhala, Brett Moran, William Sexton, Matthew Spence, Pavel Zhuravlev. "The 2020 Census Disclosure Avoidance System TopDown Algorithm". Harvard Data Science Review Special Issue 2: Differential Privacy for the 2020 U.S. Census.
- 2023 Department of Commerce US Census Bureau Bronze Medal awarded to the Harvard Data Science Review Symposium Disclosure Avoidance Team, "for its contributions to the field of data science through its role in organizing the Harvard Data Science Review symposium on differential privacy and the 2020 Census. This marked the first major public engagement of the data science and privacy communities in the design and implementation of formal privacy solutions for large-scale statistical data releases."
- 2021 Fellow, American Association for the Advancement of Science (AAAS)
- 2019 Fellow, Institute for Electrical and Electronics Engineers (certificate)
- 2019 Department of Commerce US Census Bureau Bronze Medal Award awarded to the 2018 End-to-End Test Disclosure Avoidance Team "For successful execution of the 2018 End-to- End Test Disclosure Avoidance System that generated microdata in a formerly private manner, while satisfying complex requirements, thus demonstrating the feasibility of utilizing high-quality and rigorous disclosure avoidance protection to be applied to the 2020 Decennial Census." (program)
- 2017 NIST Information Technology Laboratory Outstanding Standards Document Award for NIST SP 800-188, Trustworthy Email
- 2013 Best Paper Award, "Language Translation for File Paths," DFRWS, Aug 4-7, Monterey
- 2013 Fellow, Association for Computing Machinery (certificate)
- 2011 Best Paper Award, "Forensic Carving of Network Packets and Associated Data Structures," Aug 1-3, New Orleans, LA
- 2011 Information Systems Security Association Hall of Fame
- 2011 Department of Defense Value Engineering Achievement Award, Bulk Extractor Program.
- 2010 IEEE, elevated to "IEEE Senior Member."
- 2010 Best Paper Award, "Bringing Science to Digital Forensics with Standardized Forensic Corpora," Aug, Monterey, Canada.
- 2010 Letter of appreciation from NPS CIO for developing and deploying three “USB Transfer Stations” to allow NPS employees to safely transfer information from USB memory devices to the NPS network in accordance with DoD guidelines.
- 2009 Letter of Recognition, Naval Postgraduate School staff of Information Technology and Communications Services, for completing DoD Computer Tasking Order 08-008
- 2005 George M. Sprowls Award for the best doctoral theses in computer science, Honorable Mention, awarded for "Design Principles and Patterns for Computer Systems That Are Simultaneously Secure and Usable" supervised by Robert Miller and David Clark.
- 2005 Best Regular Column, Contributed (Gold) (Northeast Region, Under 80,000 circulation), awarded by the American Society of Business Publication Editors (ASBPE), for the "Machine shop" series in CSO Magazine. (Award granted for the July and September 2004 columns.)
- 2005 Jesse H. Neal National Business Journalism Award, for Best Regularly Featured Department or Column, awarded to CSO Magazine's "Machine Shop" column, by Simson Garfinkel (edited by Elaine Cummings, designed by Chandra Tallman with Steve Traynor).
- 2004 Best Regular Column, Contributed (Gold) (National, Under 80,000), awarded by the American Association of Business Publishers and Editors (ASBPE), for the "Machine shop" series in CSO Magazine. (Award granted for the April and May 2003 columns.)
- 2004 Best Regular Column, Contributed (Gold) (East Coast Region, Under 80,000 circulation), awarded by the American Society of Business Publication Editors] (ASBPE), East Coast Region, for the "Machine Shop" series in CSO Magazine.
- 2004 Jesse H. Neal National Business Journalism Award, for Best Regularly Featured Department or Column, awarded to CSO Magazine's "Machine Shop" column, by Simson Garfinkel (edited by Elaine Cummings, designed by Chandra Tallman with Steve Traynor). (front)(back)
- 2004 Jesse H. Neal National Business Journalism Award, Grand Neal Runner-up, 2nd place, CSO Magazine, "Machine Shop."
- 2003 Best Regular Column, Contributed (Silver) (East Coast Region, Under 80,000 circulation), awarded by the American Society of Business Publication Editors], (ASBPE) for the "Machine Shop" series in CSO Magazine.
- 2002-2005 MIT Presidential Fellowship, for study in the field of Computer Science at the Massachusetts Institute of Technology Laboratory for Computer Science.
- 2000 Best COMPUTERS IN SOCIETY book, Third Annual BookBytes Awards, awarded for Database Nation: The Death of Privacy in the 21st Century.
- 1999 Best Feature Series (West Coast Region, Circulation over 80,000), awarded by the awarded by the American Society of Business Publication Editors], for the "Privacy in the Internet Age" feature series appearing in PC World Magazine.
- 1997 Award of Merit for Practical UNIX and Internet Security, International Technical Publications Competition, awarded by the Society for Technical Communication.
- 1996 Award of Distinguished Technical Communication (highest award) for Practical UNIX and Internet Security, STC Boston/NNE Technical Publications Competition, awarded by the Society for Technical Communication
- 1988 Winner of the Elisabbeta DiCagno Award "for the best investigative story on environmental protection or human rights," Columbia University Graduate School of Journalism.
- 1983 The Senior Scholarship Award, The Shipley School, ``for the highest academic average in both junior and senior year.
Service
US Government Inter-Agency Committees
- Vice-chair, FCSM Confidentiality and Data Access Committee (2017-2020)
- NITRD PrivacyRD (2015-2022), member
University Committees and Volunteer Service
- NPS Institutional Review Board (IRB), 2007-2015
- NPS Learning Management System Ad-Hoc Committee (2008-2009)
- NPS IT Task Force (2007--2010)
- Ad-Hoc Committee regarding NPS course scheduling software (2007-2009)
- Institute Security Advisory Committee, MIT (2004---2005)
- MIT Educational Council, Cambridge, MA., Educational Counselor (2003---2005), 2014--
Professional Organizations
- ACM Ethics & Plagiarism Committee 2018-
- ACM US Technology Privacy Committee (formerly US ACM Public Policy Council), 2013-- (Secretariat member-at-large 2016-2021; co-chair, Digital Government subcommittee, 2021-)
Editorial Boards, Conference Chairs, and Award Committees
- Current
- Past
- 2016 and 2017 John Karat Usable Privacy and Security Student Research Award
- Computers and Security, editorial board (2010--2018)
- DFRWS (Formerly Digital Forensics Research Workshop) PC Co-Chair 2014--2015; Organizing Committee, 2014-2017
- Symposium on Usable Privacy and Security (SOUPS), Program Committee Co-Chair, 2008--2009, 2014--2015; Steering Committee, 2009--2017
- Workshop on Data Surveillance and Privacy Protection (2006), Program Chair
- Workshop on User Studies, Symposium on Usable Privacy and Security, Workshop Coordinator (at SOUPS 2006)
- IEEE Computer Society Fellow Evaluation Committee 2019, 2022
- IEEE Security and Privacy Magazine, Co-editor, Special issue on Data Surveillance, 2006
- IEEE Security and Privacy Magazine, Co-editor, Special issue on Security and Usability, 2004.
- RFID Privacy Workshop, November 2003, Conference Chair
Program Committees
- Current and Recent
- AAAI/ACM Conference on AI, Ethics, and Society (AIES) [1] 2020--2024
- DFRWS (formerly Digital Forensics Research Workshop) 2007-2016, 2018, 2020-2022
- IEEE EuroS&P conference (Euro S&P 2019, 2020, 2022)
- Privacy Enhancing Technologies Symposium (PETS 2007, 2008, 2011, 2012, 2020-2023, 2025)
- The Research Conference on Communications, Information and Internet Policy (TPRC) 2023
- USENIX Security 14, 23
- Workshop on Privacy in the Electronic Society (WPES 2018, 2019, 2020, 2023)
- Workshop on Usable Security and Privacy USEC 2019, 2022
- Past
- ACM Northeast Forensics Exchange (NeFX 2010)
- Cyber-security Research Ethics Dialogue & Strategy (CREDS) 2013
- DFRWS EU (2017)
- European Workshop on Usable Security (EuroUSEC) 2016, 2017, 2018
- IEEE International Workshop on Security and Forensics in Communication Systems (SFCS 2012)
- IFIP WG 11.9 International Conference on Digital Forensics (IFIP WG11.9 2006)
- IEEE International Conference on Big Data, Santa Carla, CA, October 6-9, 2013
- IEEE International Conference on Big Data Science and Engineering (BDSE), Sydney, Australia, Dec. 3-5, 2013
- International Conference on Digital Forensics and Cyber Crime (ICDF2C) (2014, 2015, 2018)
- International Workshop on Computational Forensics (IWCF 2010, 2012)
- National Academies Committee on the Usability, Security and Privacy of Computer Systems (A Workshop project) (2009)
- National Academies Press, Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop, 2010. Member Steering Committee.
- PASSWORDS 2016
- Symposium on Identity and Trust on the Internet (IDTRUST 2009, 2010)
- Symposium on Usable Security and Privacy (SOUPS 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2014, 2015, 2016)
- Systematic Approaches to Digital Forensic Engineering (SADFE 2009, 2010, 2011, 2012, 2013, 2015)
- Usability, Psychology, and Security (USEC07; UPSEC 2008)
- USENIX Workshop on Cyber Security Experimentation and Test (CSET 2018 2019, 2020, 2021)
- Web 2.0 Security and Privacy Workshop, held with IEEE S&P (W2SP 2014)
- World Wide Web Conference Security and Privacy Research Track (WWW 2016)
- The Web Conference 2019 (WWW 2019)
- Workshop on Cloud Security and Forensics (WCSF 2018)
- Workshop on Digital Forensics (WSDF 2013) held with ARES 2013
- Workshop on Security and Forensics in Communication Systems (IEEE-SFCS 2012, ASIACCS-SFCS 2014, 2015)
Journal and Panel Reviewer
- IEEE Security and Privacy Magazine, 2003-
- Digital Investigation, 2005-
- NSF Panels: IED 2007, CISE 2011, SaTC 2014
Non-Academic Volunteer
- Arlington Public School System, Superintendent's Information Technology Advisory Committee, 2015--; Chair, 2017--
- ACM Public Policy Council (USACM), (2013--)
- Liberty Science Center, Jersey City, NJ., Member, Advisory Board, Communication Exhibition (2003---2006)
- Information Technology Advisory Committee, Belmont, MA. (2002--2006), Secretary, appointed by Town Selectmen.
- The Computer Museum, Boston, MA. Volunteer (1992---1995), Volunteer archivist
- First Ballston Commons, Arlington, VA. (2016--) Board Member; (2022--) President
Professional Societies
I am a member of:
- American Association for the Advancement of Science (AAAS), Fellow, 2022-
- American Association of Forensic Sciences, Member, 2009-
- American Statistical Association, 2023-
- Association of Computing Machinery (ACM), Fellow(certificate), Lifetime Member, 1984-
- Author's Guild, 2022-
- DAMA International (the Global Data Management Community), Member, 2021-
- Institute of Electrical and Electronic Engineers (IEEE), Fellow, 2002-
- International Association of Privacy Professionals (IAPP), Member, 2015-
- Information Systems Security Association (ISSA), Lifetime Member, 2001-
- National Association of Science Writers (NASW), Member, 1988-
- The Research Data Alliance
- Sigma XI, The Scientific Research Society, Lifetime Member, 2003-
- Society for the Social Studies of Science (4s), Member, 2022-