Publications
Most of these papers are in
Postscript® format; these
are also available in
PDF®.
If you need
a Postscript viewer, try
Ghostscript.
Books and Chapters
- Fred Schneider, ed.,
Trust
in Cyberspace, National Academy Press, 1998.
- Steven M. Bellovin, "Network and Internet Security", in Peter
Denning and Dorothy Denning, eds., Internet Besieged:
Countering Cyberspace Scofflaws, ACM Press, 1997.
- Steven M. Bellovin, "Network Security Issues", in A.
Tucker, ed., CRC
Computer Science and Engineering Handbook," CRC Press, 1996.
- Steven M. Bellovin, "Security and Software Engineering," in B.
Krishnamurthy, editor. Practical
Reusable UNIX Software. John Wiley & Sons, 1995.
- W. R. Cheswick and S. M. Bellovin. Firewalls and
Internet Security: Repelling the Wily Hacker.
Addison-Wesley, 1994.
Papers
-
Steven M. Bellovin,
"Wiretapping the Net",
The Bridge,
Summer 2000, vol. 20, no. 2, pp. 21-26,
National Academy of Engineering.
(PDF here.)
-
Matt Blaze and Steven M. Bellovin,
"Tapping
on my Network Door",
Communications of the ACM, Vol 43, No. 10, October 2000,
Inside Risks.
-
S. Bellovin and M. Blaze.
Open Internet
Wiretapping. Written testimony for
a hearing on
"Fourth
Amendment Issues Raised by the FBI's 'Carnivore' Program"
by the Subcommittee on the Constitution,
House Judiciary Committee, 24 July 2000.
-
D. Whiting, B. Schneier, and S. Bellovin.
"AES Key Agility Issues in High-Speed IPsec
Implementations". May, 2000.
(PDF here.)
-
S. Bellovin, ed.
"The ICMP Traceback Message". March, 2000.
Work in progress -- do not mirror or archive.
- F. Schneider, S. Bellovin, and A. Inouye, "Building Trustworthy Systems",
IEEE Internet Computing, November/December 1999, Vol. 3, No. 6, pp. 64-72.
- J.S. Denker, S.M. Bellovin, H. Daniel, N.L. Mintz, T. Killian, and
M.A. Plotnick,
"Moat: A Virtual
Private Network Appliance and Services Platform",
Proceedings of LISA XIII, November 1999, pp. 251-260.
(PDF here.)
- Steven M. Bellovin,
"Distributed Firewalls", ;login:, November 1999, pp. 39-47.
(HTML, Postscript, PDF.)
- S. Bellovin, A. Buchsbaum, and S. Muthukrishnan,
"TCP
Compression Filter". Work in progress -- do not mirror or archive.
- S. Bellovin, A. Buchsbaum, and S. Muthukrishnan,
"TCP
Filters". Work in progress -- do not mirror or archive.
-
H. Lu, M. Krishnaswamy, L. Conroy, S. Bellovin, F.
Burg, A. DeSimone, K. Tewani, P. Davidson, H. Schulzrinne, K. Vishwanathan,
RFC 2458,
Toward
the PSTN/Internet Inter-Networking--Pre-PINT Implementations,
November 1998.
- William Cheswick and Steven M. Bellovin, "How Computer Security
Works: Firewalls",
Scientific
American, October 1998, pp. 106-107.
- Fred Schneider, Steven M. Bellovin, and Alan Inouye,
"Critical Infrastructures You Can Trust: Where
Telecommunications Fits",
Telecommunications Policy Research Conference, October 1998.
(PDF here; rtf here.)
- Steven M. Bellovin, "Cryptography and the Internet",
in Proceedings of CRYPTO '98, August 1998.
(PDF here.)
-
S. Bellovin, ed.,
RFC 2316,
Report
of the IAB Security Architecture Workshop,
April 1998.
- Hal
Abelson, Ross Anderson, Steven M. Bellovin, et al., "The Risks of Key Recovery, Key
Escrow, and Trusted Third-Party Encryption," May 1997.
- Yakov Rekhter, Paul Resnick, and Steven M. Bellovin, "Financial Incentives for Route Aggregation and
Efficient Address Utilization in the Internet," in Proceedings
of Telecommunications Policy Research Conference, Solomons,
MD..Also in Brian Kahin and James H. Keller, eds., Coordinating
the Internet, MIT Press, 1997
- Steven M. Bellovin, "Probable Plaintext Cryptanalysis of the IP Security
Protocols," in Proceedings of the Symposium on Network and
Distributed System Security, San Diego, CA, pp. 155-160, February
1997.
(PDF here.)
- Uri Blumenthal and Steven M. Bellovin,
"A Better Key Schedule for DES-like Ciphers,"
in Proceedings of
PRAGOCRYPT '96, Prague, September 1996.
(PDF here.)
- Bill Cheswick and Steven M. Bellovin, "A DNS Filter and
Switch for Packet-filtering Gateways," in Proceedings of the
Sixth Usenix UNIX Security Symposium, pp. 15-19, San Jose, CA, July
1996.
- Steven M. Bellovin, "Problem Areas
for the IP Security Protocols," in Proceedings of the Sixth
Usenix Unix Security Symposium, pp. 1-16, San Jose, CA, July 1996.
(PDF here.)
- Steven M. Bellovin, RFC 1948, "Defending Against Sequence
Number Attacks", May 1996.
- David A. Wagner and Steven M.
Bellovin, "A "Bump in the Stack" Encryptor for
MS-DOS Systems," in Proceedings of the Symposium on Network and
Distributed System Security, San Diego, CA, pp. 155-160, February
1996.
(PDF here.)
- Matt Blaze and Steven M. Bellovin, "Session-Layer
Encryption," in Proceedings of the Fifth Usenix UNIX Security
Symposium, Salt Lake City, UT, June, 1995.
- Steven M. Bellovin, "Using the Domain Name
System for System Break-Ins", in Proceedings of the Fifth Usenix
UNIX Security Symposium, Salt Lake City, UT, June, 1995.
(PDF here.)
- Steven
M.Bellovin, "Security and Uses of the Internet", in Proceedings of
the North American Serials Interest Group", June 1995.
- David A. Wagner and Steven M. Bellovin, "A
Programmable Plaintext Recognizer," 1994.
(PDF here.)
- Steven M.
Bellovin, RFC 1681, "On
Many Addresses per Host", August 1994.
(Also in
IPng:
Internet Protocol Next Generation,
S. Bradner and A. Mankin, eds.,
Addison-Wesley, 1996.)
- Steven M.
Bellovin, RFC 1675, "Security Concerns for
IPng," August 1994.
(Also in
IPng:
Internet Protocol Next Generation,
S. Bradner and A. Mankin, eds.,
Addison-Wesley, 1996.)
- Steven M. Bellovin, RFC 1579 , "Firewall-Friendly
FTP," February 1994.
- Steven M. Bellovin and Michael
Merritt, "An Attack on the Interlock Protocol
When Used for Authentication," in IEEE Transactions on
Information Theory 40:1, pp. 273-275, January 1994.
(PDF here.)
- Steven M. Bellovin and Michael Merritt, "Augmented Encrypted Key Exchange," in Proceedings
of the First ACM Conference on Computer and Communications Security
, pp. 244-250, November 1993.
(PDF here.)
- Steven M. Bellovin, "Packets Found on an Internet," in Computer
Communications Review 23:3, pp. 26-31, July 1993.
(PDF here.)
- Steven
M. Bellovin, "There Be Dragons," in
Proceedings of the Third Usenix UNIX Security Symposium , pp.
1-16, 1992.
(PDF here.)
- Steven M. Bellovin and Michael Merritt, "Encrypted Key Exchange: Password-Based Protocols Secure
Against Dictionary Attacks," in Proc. IEEE Computer Society
Symposium on Research in Security and Privacy , pp. 72--84, May
1992.
(PDF here.)
- Steven M. Bellovin, "A Best-Case
Network Performance Model," February 1992.
(PDF here.)
- Steven M.
Bellovin and Michael Merritt, "Limitations of the Kerberos Authentication
System," in USENIX Conference Proceedings, pp. 253--267,
Winter 1991.
(PDF here.)
- Steven M. Bellovin and Michael Merritt,
"Limitations of the Kerberos Authentication System", in Computer
Communication Review, pp. 119--132, October 1990.
- Steven M. Bellovin, "Pseudo-Network Drivers
and Virtual Networks," in USENIX Conference Proceedings, pp.
229-244, Winter 1990.
(PDF here.)
- Steven M. Bellovin, "Towards a
Commercial IP Security Option", in Commercial IPSO Workshop, INTEROP
'89, October 1989.
- Steven M. Bellovin, "Security Problems in the TCP/IP Protocol Suite," in
Computer Communications Review 2:19, pp. 32-48, April 1989.
(PDF here.)
- Steven M. Bellovin, "The Session
Tty Manager," in USENIX Conference Proceedings, pp.
339-354, Summer 1988.
(PDF here.)
- Peter Honeyman and Steven M. Bellovin,
"PATHALIAS or The Care and Feeding of
Relative Addresses," in USENIX Conference Proceedings, pp.
126--141, Summer 1986.
(PDF here.)
Dissertation
smb home |
Research home |
AT&T home
Updated 16 October 2000. Copyright AT&T.