Publications

2012

• S. Whalen, S. Peisert, and M. Bishop, “Multiclass Classification of Distributed Memory Parallel Computations,” Pattern Recognition Letters (2012).
• S. Peisert, E. Talbot, and M. Bishop, “Turtles All The Way Down: A Clean-Slate, Ground-Up, First-Principles Approach to Secure Systems,” Proceedings of the 2012 New Security Paradigms Workshop (Sep. 2012).
• M. Bishop and S. Peisert, “Security and Elections,” IEEE Security and Privacy 10(5) pp. 64–67 (Sep. 2012).
• M. Bishop, “Learning and Experience in Computer Security Education,” Actas de la XII Reunión Española sobre Criptología y Seguridad de la Información pp. 1–6 (Sep. 2012).
• H. Phan, G. Avrunin, M. Bishop, L. Clarke, and L. Osterweil, “A Systematic Process-Model-Based Approach for Synthesizing Attacks and Evaluating Them,” Proceedings of the 2012 USENIX/ACCURATE Electronic Voting Technology Workshop (Aug. 2012).
• K. Nance, B. Hay, and M. Bishop, “Secure Coding Education: Are We Making Progress?,” Proceedings of the 16^th Colloquium for Information Systems Security Education (June 2012).
• R. Ford, M. Carvalho, L. Mayron, and M. Bishop, “Towards Metrics for Cyber Security,” 21^st EICAR Annual Conference Proceedings pp. 151–159 (May 2012).
• M. Bishop, S. Engle, D. Howard, and S. Whalen, “A Taxonomy of Buffer Overflow Characteristics,” IEEE Transactions on Dependable and Secure Computing 9(3) pp. 305–317 (May 2012).
• B. Hay, K. Nance, M. Bishop, and L. McDaniel, “Are Your Papers in Order? Developing and Enforcing Multi-tenancy and Migration Policies in the Cloud,” Proceedings of the 45th Hawaii International Conference on System Science pp. 5473–5479 (Jan. 2012).

2011

• M. Bishop, C. Gates, P. Yellowlees and G. Silberman, “Facebook Goes to the Doctor,” Proceedings of the 2011 Workshop on Governance of Technology, Information, and Policies pp. 13–20 (Dec. 2011).
• J. Hunker, C. Gates, and M. Bishop, “Attribution Requirements for Next Generation Internets,” Proceedings of the 2011 IEEE International Conference on Technologies for Homeland Security pp. 345–350 (Nov. 2011).
• M. Ramilli, M. Bishop, and S. Sun, “Multiprocess Malware,” Proceedings of the 6th International Conference on Malicious and Unwanted Software (Oct. 2011).
• M. Bishop, R. Ford, and M. Ramilli, “Results-Oriented Security,” Proceedings of the 6th International Conference on Malicious and Unwanted Software (Oct. 2011).
• M. Bishop, M. Carvalho, R. Ford, and L. Mayron, “Resilience is More Than Availability,” Proceedings of the 2011 New Security Paradigms Workshop pp. 95–104 (Sep. 2011).
• C. Gates and M. Bishop, “One of These Records Is Not Like the Other,” Proceedings of the Third USENIX Workshop on the Theory and Practice of Provenance (June 2011).
• S. Whalen, S. Peisert, and M. Bishop, “Network-Theoretic Classification of Parallel Computation Patterns,” Proceedings of the First International Workshop on Characterizing Applications for Heterogeneous Exascale Systems (June 2011).
• M. Clifford and M. Bishop, “Trust of Medical Devices, Applications, and Users in Pervasive Healthcare,” Proceedings of the Fourth International Conference on Pervasive Technologies Related to Assistive Environments (May 2011).
• M. Bishop and C. Elliott, “Robust Programming by Example,” Proceedings of the Seventh World Conference on Information Security Education pp. 23–30 (June 2011).
• M. Bishop and K. Nance, “The Strengths and Challenges of Analogical Approaches to Computer Security Education,” Proceedings of the Seventh World Conference on Information Security Education pp. 96–102 (June 2011).
• M. Bishop, “Teaching Security Stealthily,” IEEE Security and Privacy 9(2) pp. 69–71 (Mar. 2011).
• M. Bishop, B. Hay, and K. Nance, “Applying Formal Methods Informally,” Proceedings of the 44th Hawaii International Conference on System Sciences pp. 1–8 (Jan. 2011).
• B. Hay, K. Nance, and M. Bishop, “Storm Clouds Rising: Security Challenges for IaaS Cloud Computing,” Proceedings of the 2011 Hawaii International Conference on System Sciences pp. 1–7 (Jan. 2011).
• M. Bishop, “Computer Security in the Future,” The ISC International Journal of Information Security 3(1)pp. 3–27 (Jan. 2011).

2010

• M. Bishop, S. Greenwald, and M. Locasto, “New Security Paradigms Workshop,” ;login: 35(6) pp. 117–124 (Dec. 2010).
• M. Ramilli and M. Bishop, “Multi-Stage Delivery of Malware,” Proceedings of the 5th IEEE International Conference on Malicious and Unwanted Software pp. 91–97 (Oct. 2010).
• M. Bishop, J. Cummins, S. Peisert, A. Singh, B. Bhumiratana, D. Agarwal, D. Frincke, and M. Hogarth, “Relationships and Data Sanitization: A Study in Scarlet,” Proceedings of the 2010 New Security Paradigms Workshop pp. 151–164 (Sep. 2010).
• S. Whalen, M. Bishop, and J. Crutchfield, “Hidden Markov Models for Automated Protocol Learning,” Proceedings of SecureComm 2010 pp. 415–428 (Sep. 2010).
• M. Bishop, “Technology, Training, and Transformation,” IEEE Security and Privacy 8(5) pp. 72–75 (Sep. 2010).
• B. Simidchieva, S. Engle, M. Clifford, A. Jones, S. Peisert, M. Bishop, L. Clarke, and L. Osterweil, “Modeling and Analyzing Faults to Improve Election Process Robustness,” Proceedings of the 2010 USENIX/ACCURATE Electronic Voting Technology Workshop (Aug. 2010).
• M. Bishop and C. Hoke, “Essential Baseline Research for UOCAVA-MOVE Act Implementation at the State-Local Levels,” Workshop on UOCAVA Remote Voting Systems (Aug. 2010).
• C. Gates and M. Bishop, “The Security and Privacy Implications of Using Social Networks to Deliver Healthcare,” Proceedings of the 3rd International Conference on Pervasive Technologies Related to Assistive Environments (June 2010).
• M. Bishop, “Ten Years Past and Ten Years from Now,” Actas de la X Journada de Seguridad Informática (June 2010).
• E. Talbot, D. Frincke, and M. Bishop, “Demythifying Security,” IEEE Security and Privacy 8(3) pp. 56–59 (May 2010).
• P. Neumann, M. Bishop, S. Peisert, and M. Schaefer, “Reflections on the 30th Anniversary of the IEEE Symposium on Security and Privacy,” Proceedings of the 2010 IEEE Symposium on Security and Privacy pp. 109–13 (May 2010).
• M. Bishop, “A Clinic for ‘Secure’ Programming,” IEEE Security and Privacy 8(2) pp. 54–56 (Mar. 2010).

2009

• M. Bishop, “Reflections on UNIX Security,” Proceedings of the 25th Annual Computer Security Applications Conference pp. 161–184 (Dec. 2009); includes the previously unpublished 1983 paper “Security Problems with the UNIX Operating System”.
• S. Cooper, C. Nickell, V. Piotrowski, B. Oldfield, A. Abdallah, M. Bishop, B. Caelli, M. Dark, E. Hawthorne, L. Hoffman, L. Pérez, C. Pfleeger, R. Raines, C. Schou, and J. Brynielsson, “An Exploration of the Current State of Information Assurance Education,” ACM SIGCSE Bulletin 41(4) pp. 109–125 (Dec. 2009).
• S. Peisert, M. Bishop, L. Corriss, and S. Greenwald, “Quis Custodiet ipsos Custodes? A New Paradigm for Analyzing Security Paradigms,” Proceedings of the 2009 New Security Paradigms Workshop pp. 71–84 (Sep. 2009).
• M. Bishop, C. Gates, and J. Hunker, “Sisterhood of the Traveling Packets,” Proceedings of the 2009 New Security Paradigms Workshop pp. 59–70 (Sep. 2009).
• R. Gardner, M. Bishop, and T. Kohno, “Are Patched Machines Really Fixed?” IEEE Security and Privacy 7(5) pp. 82–88 (Sep. 2009).
• M. Bishop, S. Peisert, C. Hoke, M. Graff, and D. Jefferson, “E-Voting and Forensics: Prying Open the Black Box,” Proceedings of the 2009 USENIX/ACCURATE Electronic Voting Technology Workshop (Aug. 2009).
• M. Bishop, “Some ‘Secure Programming’ Exercises for an Introductory Programming Class,” Proceedings of the Seventh World Conference on Information Security Education (July 2009).
• B. Bhumiratana and M. Bishop, “Privacy Aware Data Sharing: Balancing the Usability and Privacy of Datasets,” Proceedings of the 2nd International Conference on Pervasive Technologies Related to Assistive Environments (June 2009).
• Z. Le, M. Bishop and F. Makedon, “Strong Mobile Device Protection from Loss and Capture,” Proceedings of the 2nd International Conference on Pervasive Technologies Related to Assistive Environments (June 2009).
• M. Bishop and C. Taylor, “A Critical Analysis of the Centers of Academic Excellence Program,” Proceedings of the 13^th Colloquium for Information Systems Security Education (June 2009).
• M. Bishop, C. Gates, D. Frincke, and F. Greitzer, “AZALIA: A to Z Assessment of the Likelihood of Insider Attack,” Proceedings of the 2009 IEEE International Conference on Technologies for Homeland Security (May 2009).
• B. Hay, K. Nance, and M. Bishop, “Live Analysis: Progress and Challenges,” IEEE Security and Privacy 7(2) pp. 30–37 (Mar. 2009).
• K. Nance, B. Hay, and M. Bishop, “Investigating the Implications of Virtual Machine Introspection for Digital Forensics,” Proceedings of the 2009 International Conference on Availability, Reliability and Security pp. 1024–1029 (Mar. 2009).
• M. Bishop, S. Engle, S. Peisert, S. Whalen, and C. Gates, “Case Studies of an Insider Framework,” Proceedings of the 2009 Hawaii International Conference on System Sciences (Jan. 2009).
• S. Peisert, M. Bishop, and A. Yasinsac, “Vote Selling, Voter Anonymity, and Forensic Logging of Electronic Voting Machines” Proceedings of the 2009 Hawaii International Conference on System Sciences (Jan. 2009).
• K. Nance, B. Hay, and M. Bishop, “Digital Forensics: Defining a Research Agenda,” Proceedings of the 2009 Hawaii International Conference on System Sciences (Jan. 2009).

2008

• M. Bishop, S. Engle, C. Gates, S. Peisert, and S. Whalen, “We Have Met the Enemy and He Is Us,” Proceedings of the 2008 New Security Paradigms Workshop pp. 1–12 (Sep. 2008).
• K. Nance, M. Bishop, and B. Hay, “Virtual Machine Introspection: Observation or Interference?,” IEEE Security and Privacy 6(5) pp. 32–37 (Sep. 2008).
• S. Peisert, M. Bishop, and K. Marzullo, “Computer Forensics In Forensis,” Proceedings of the Third International IEEE Workshop on Systematic Approaches to Digital Forensic Engineering pp. 102–122 (May 2008).
• M. Bishop and C. Gates, “Defining the Insider Threat,” Proceedings of the Cyber Security and Information Intelligence Research Workshop article 15 (May 2008).
• A. Yasinsac and M. Bishop, “The Dynamics of Counting and Recounting Votes,” IEEE Security and Privacy 6(3) pp. 22–29 (May 2008).
• M. Bishop, “Some Exercises for an Introductory Class,” Faculty Workshop on Secure Software Development (Apr. 2008).
• M. Dark and M. Bishop, “Evaluating the Efficacy of Software Security Curriculum Exercises,” Faculty Workshop on Secure Software Development (Apr. 2008).
• S. Peisert, M. Bishop, and K. Marzullo, “Computer Forensics in Forensis,” ACM SIGOPS Operating Systems Review 42(3) pp. 112–122 (Apr. 2008).
• A. Yasinsac and M. Bishop, “Of Paper Trails and Voter Receipts,” Proceedings of the 2008 Hawaii International Conference on System Sciences (Jan. 2008).

2007

• M. Bishop and D. Wagner, “Risks of E-Voting,” Communications of the ACM 50(11) p. 120 (Nov. 2007).
• E. Proebstel, S. Riddle, F. Hsu, J. Cummins, F. Oakley, T. Stanionis, and M. Bishop, “An Analysis of the Hart Intercivic DAU eSlate,” Proceedings of the 2007 USENIX/ACCURATE Electronic Voting Technology Workshop (Aug. 2007).
• S. Peisert and M. Bishop, “I’m a Scientist, Not a Philosopher!” IEEE Security & Privacy Magazine 5(4) pp. 48–51 (July 2007).
• C. Gates, C. Taylor, and M. Bishop, “Dependable Security: Testing Network Intrusion Detection Systems,” poster paper, Proceedings of the Third Workshop on Hot Topics in System Dependability paper 19 (June 2007).
• S. Peisert and M. Bishop, “How to Design Computer Security Experiments,” Proceedings of the World Conference on Information Security Education pp. 141–148 (June 2007).
• M. Bishop, “E-Voting as a Teaching Tool,” Proceedings of the World Conference on Information Security Education pp. 17–24 (June 2007).
• S. Peisert, M. Bishop, S. Karin, and K. Marzullo, “Towards Models for Forensic Analysis,” Proceedings of the Second International Workshop on Systematic Approaches to Digital Forensic Engineering pp. 3–15 (Apr. 2007).
• S. Peisert, M. Bishop, S. Karin, and K. Marzullo, “Analysis of Computer Intrusions Using Sequences of Function Calls,” IEEE Transactions on Dependable and Secure Computing 4(2) pp. 137–150 (Apr. 2007).
• E. Barr, M. Bishop, and M. Gondree, “Fixing Federal E-Voting Standards,” Communications of the ACM 50(3) pp. 19–24 (Mar. 2007).
• J. Zhou, M. Heckman, B. Reynolds, A. Carlson, and M. Bishop, “Modeling Network Intrusion Detection Alerts for Correlation,” ACM Transactions on Information and System Security 10(1) pp. 1–31 (Feb. 2007).
• M. Bishop and D. Frincke, “Achieving Learning Objectives through E-Voting Case Studies,” IEEE Security & Privacy Magazine 5(1) pp. 53–56 (Jan. 2007).

2006

• M. Bishop, “Teaching Context in Information Security,” Journal on Educational Resources in Computing 6(3) article #3 (Sep. 2006).
• R. Crawford, M. Bishop, B. Bhumiratana, L. Clark, and K. Levitt, “Sanitization Models and their Limitations,” Proceedings of the New Security Paradigms Workshop pp. 41–56 (Sep. 2006).
• V. Neagoe and M. Bishop, “Inconsistency in Deception for Defense,” Proceedings of the New Security Paradigms Workshop pp. 31–38 (Sep. 2006).
• E. Ceesay, J. Zhou, M. Gertz, K. Levitt, and M. Bishop, “Using Type Qualifiers to Analyze Untrusted Integers and Detecting Security Flaws in C Programs,” Proceedings of the GI/IEEE SIG SIDAR Conference on Detection and Intrusions and Malware and Vulnerability Assessment pp. 1–16 (July 2006).
• D. Gilliam, J. Powell, M. Bishop, C. Andrews, and S. Jog, “Security Verification Techniques Applied to PatchLink COTS Software,” Proceedings of the 15th IEEE International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises pp. 319–325 (June 2006).
• M. Bishop, R. Crawford, B. Bhumiratana, L. Clark, and K. Levitt, “Some Problems in Sanitizing Network Data,” Proceedings of the 15th IEEE International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises pp. 307–312 (June 2006).
• D. Gilliam and M. Bishop, “WETICE 2006 Eleventh Securities Technologies (ST) Workshop Report,” Proceedings of the 15th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise pp. 305–306 (June 2006).
• M. Bishop and S. Engle, “The Software Assurance CBK and University Curricula,” Proceedings from the Tenth Colloquium on Information Systems Security Education pp. 14–21 (June 2006).
• M. Bishop and B. J. Orvis, “A Clinic to Teach Good Programming Practices,” Proceedings from the Tenth Colloquium on Information Systems Security Education pp. 168–174 (June 2006).
• M. Bishop and D. Frincke, “Who Owns Your Computer?,” IEEE Security & Privacy Magazine 4(2) pp. 61–63 (Mar. 2006).

2005

• J. Zhou, A. Carlson, and M. Bishop, “Verify Results of Network Intrusion Alerts Using Lightweight Protocol Analysis,” Proceedings of the 21st Annual Computer Security Applications Conference pp. 117–126 (Dec. 2005).
• S. Peisert, M. Bishop, S. Karin, and K. Marzullo, “Principles-Driven Forensic Analysis,” Proceedings of the 2005 New Security Paradigms Workshop pp. 85–93 (Sep. 2005).
• M. Bishop, “Position: ‘Insider’ is Relative” Proceedings of the New Security Paradigms Workshop pp. 77–78 (Sep. 2005).
• M. Bishop, “The Insider Problem Revisited” Proceedings of the New Security Paradigms Workshop pp. 75–76 (Sep. 2005).
• M. Bishop and D. Frincke, “Teaching Secure Programming,” IEEE Security & Privacy Magazine 3(5) pp. 54–56 (Sep. 2005).
• M. Bishop and D. Frincke, “A Human Endeavor: Lessons from Shakespeare and Beyond,” IEEE Security & Privacy Magazine 3(4) pp. 49–51 (July 2005).
• D. Gilliam, J. Powell, and M. Bishop, “Application of Lightweight Formal Methods to Software Security,” Proceedings of the 14th IEEE International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises pp. 160–165 (June 2005).
• M. Bishop, “Best Practices and Worst Assumptions,” Proceedings of the 9th Colloquium for Information Systems Security Education pp. 18–25 (June 2005).
• M. Bishop and H. Armstrong, “Uncovering Assumptions in Information Security,” Proceedings of the Fourth World Conference on Information Security Education pp. 223–231 (May 2005).

2004

• T. Walcott and M. Bishop, “Traducement: A Model for Record Security,” ACM Transactions on Information Systems Security 7(4) pp. 576–590 (Nov. 2004).
• M. Bishop and D. Frincke, “Academic Degrees and Professional Certification,” IEEE Security & Privacy Magazine 2(6) pp. 56–58 (Nov. 2004).
• D. Frincke and M. Bishop, “Joining the Security Education Community,” IEEE Security & Privacy Magazine 2(5) pp. 61–63 (Sep. 2004).
• M. Bishop, “Teaching Context in Information Security,” Proceedings of the Sixth Workshop on Education in Computer Security pp. 29–35 (July 2004).
• D. Frincke and M. Bishop, “Back to School,” IEEE Security & Privacy Magazine 2(4) pp. 54–56 (July 2004).
• M. Bishop, B. Bhumiratana, R. Crawford, and K. Levitt, “How to Sanitize Data,” Proceedings of the 13th IEEE International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises pp. 217–222 (June 2004).
• D. Frincke and M. Bishop, “Guarding the Castle Keep: Teaching with the Fortress Metaphor,” IEEE Security & Privacy Magazine 2(3) pp. 69–72 (May 2004).
• R. Bajcsy, T. Benzel, M. Bishop, B. Braden, C. Brodley, S. Fahmy, S. Floyd, W. Hardaker, A. Joseph, G. Kesidis, K. Levitt, B. Lindell, P. Liu, D. Miller, R. Mundy, C. Neuman, R. Ostrenga, V. Paxson, P. Porras, C. Rosenberg, J. D. Tygar, S. Sastry, D. Sterne, and S. Wu, “Cyber Defense Technology Networking and Evaluation,” Communications of the ACM 47(3) pp. 58–61 (Mar. 2004).

2003

• M. Clifford, D. Faigin, M. Bishop, and T. Brutch, “Miracle Cures and Toner Cartridges: Finding Solutions to the Spam Problem,” Proceedings of the 19th Annual Computer Security Applications Conference pp. 428–429 (Dec. 2003).
• D. Gilliam, J. Powell, E. Haugh, and M. Bishop, “Addressing Software Security Risk Mitigation in the Life Cycle,” Proceedings of the 28th Annual NASA/IEEE Goddard Software Engineering Workshop pp. 201–206 (Dec. 2003).
• M. Bishop and E. Goldman, “The Strategy and Tactics of Information Warfare,” Contemporary Security Policy 24(1) pp. 113–139 (June 2003).
• D. Gilliam, T. Wolfe, J. Sherif, and M. Bishop, “Software Security Checklist for the Software Life Cycle,” Proceedings of the 12th IEEE International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises pp. 243–248 (June 2003).
• M. Bishop, “Teaching Undergraduate Information Assurance,” Security Education and Critical Infrastructure: Proceedings of the Third World Conference on Information Security Education pp. 169–171 (June 2003).
• E. Haugh and M. Bishop, “Testing C Programs for Buffer Overflow Vulnerabilities,” Proceedings of the 2003 Symposium on Networked and Distributed System Security pp. 123–130 (Feb. 2003).
• M. Bishop, “What Is Computer Security?,” IEEE Security & Privacy Magazine 1(1) pp. 67–69 (Jan. 2003).

2002

• D. Peterson, M. Bishop, and R. Pandey, “A Flexible Containment Mechanism for Executing Untrusted Code,” Proceedings of the 11th USENIX UNIX Security Symposium pp. 207–225 (Aug. 2002).
• M. Bishop, “Computer Security Education: Training, Scholarship, and Research,” IEEE Computer 35(4), Part Privacy and Security Supplement pp. 31–33 (Apr. 2002).

2001

• J. Reynolds, M. Bishop, A. Ghosh, and J. Whittaker, “How Useful is Software Fault Injection for Evaluating the Security of COTS Products,” Proceedings of the 17th Annual Computer Security Applications Conference pp. 339–340 (Dec. 2001).
• D. Gilliam, J. Powell, J. Kelly, and M. Bishop, “Reducing Software Security Risk Through an Integrated Approach,” Proceedings of the 26th Annual NASA/IEEE Goddard Software Engineering Workshop pp. 36–42 (Nov. 2001).
• D. Gilliam, J. Kelly, J. Powell, and M. Bishop, “Development of a Software Security Assessment Instrument to Reduce Software Security Risk,” Proceedings of the 10th IEEE International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises pp. 144–149 (June 2001).

2000

• D. Faigin, M. Clifford, M. Bishop, and M. Abrams, “Defining, Computing, and Interpreting Trust,” Proceedings of the 16th Annual Computer Security Applications Conference p. 88 (Dec. 2000).
• M. Bishop, “Education in Information Security,” IEEE Concurrency 8(4) pp. 4–8 (Oct. 2000).
• T. Aura, M. Bishop, and D. Sniegowski, “Analyzing Single-Server Network Inhibition,” Proceedings of the 13th IEEE Computer Security Foundations Workshop pp.108–117 (July 2000).
• B. Hashii, S. Malabarba, R. Pandey, and M. Bishop, “Supporting Reconfigurable Security Policies for Mobile Programs,” Computer Networks 33(1-6) pp. 77–93 (June 2000).
• J. Hughes, T. Aura, and M. Bishop, “Using Conservation of Flow as a Security Mechanism in Network Protocols,” Proceedings of the 2000 IEEE Symposium on Security and Privacy pp. 132–141 (May 2000).

1999

• M. Bishop, “What Do We Mean By ‘Computer Security Education’?,” Proceedings of the 22nd National Information Systems Security Conference p. 604 (Oct. 1999).
• M. Bishop, “Vulnerabilities Analysis,” Proceedings of the Symposium on Recent Advances in Intrusion Detection pp. 125–136 (Sep. 1999).

1998

• M. Clifford, C. Lavine, and M. Bishop, “The Solar Trust Model: Authentication Without Limitation,” Proceedings of the 14th Annual Computer Security Applications Conference pp. 300–307 (Dec. 1998).
• M. Bishop, S. Cheung, J. Frank, J. Hoagland, S. Samorodin, and C. Wee, “Internet Attacks: How they Occur and How to Protect Against Them,” Engineering World 8(3) pp. 32–38 (June/July 1998); abridged from “The Threat from the Net,” IEEE Spectrum 34(8) pp. 56–63 (Aug. 1997).

1997

• M. Bishop, S. Cheung, J. Frank, J. Hoagland, S. Samorodin, and C. Wee, “The Threat from the Net,” IEEE Spectrum 34(8) pp. 56–63 (Aug. 1997).
• G. Fink and M. Bishop, “Property Based Testing: A New Approach to Testing for Assurance,” ACM SIGSOFT Software Engineering Notes 22(4) pp. 74–80 (July 1997).
• M. Bishop, “The State of INFOSEC Education in Academia: Present and Future Directions,” Proceedings of the National Colloquium on Information System Security Education pp. 19–33 (Apr. 1997).
• P. Denning and M. Bishop, Network and Data Security, ACM Professional Knowledge Program, http://www.cne.gmu.edu/modules/acmpkp/security/map_frm.html (Mar. 1997).
• M. Bishop, “Information Survivability, Security, and Fault Tolerance,” Proceedings of the Information Survivability Workshop, paper #6 (Feb. 1997).
• M. Bishop, “Teaching Computer Security,” Proceedings of the Workshop on Education in Computer Security pp. 78–82 (Jan. 1997).

1996

• M. Bishop, “Conspiracy and Information Flow in the Take-Grant Protection Model,” Journal of Computer Security 4(4) pp. 331–359 (1996).
• L. Heberlein and M. Bishop, “Attack Class: Address Spoofing,” Proceedings of the Nineteenth National Information Systems Security Conference pp. 371–377 (Oct. 1996).
• M. Bishop and L. Heberlein, “An Isolated Network for Research,” Proceedings of the Nineteenth National Information Systems Security Conference pp. 349–360 (Oct. 1996).
• >M. Bishop and M. Dilger, “Checking for Race Conditions in File Accesses,” Computing Systems 9(2) pp. 131–152 (Spring 1996).

1995

• M. Bishop, “A Standard Audit Trail Format,” Proceedings of the Eighteenth National Information Systems Security Conference pp. 136–145 (Oct. 1995).
• M. Bishop and D. Klein, “Improving System Security Through Proactive Password Checking,” Computers and Security 14(3) pp. 233–249 (May/June 1995).
• M. Bishop, “Theft of Information in the Take-Grant Protection Model,” Journal of Computer Security 3(4) pp. 283–309 (1994/1995).

1994

• M. Bishop, “Guest Editorial,” Computing Systems 7(4) pp. v-vii (Winter 1994).

1993

• M. Bishop, “Teaching Computer Security,” Proceedings of the Eighth International Conference on Information Security pp. 43–52 (May 1993).
• M. Bishop, “Recent Changes to Privacy-Enhanced Electronic Mail,” Journal of Internetworking: Research and Experience 4(1) pp. 47–59 (Mar. 1993).

1992

• M. Bishop, “Anatomy of a Proactive Password Checker,” Proceedings of the Third UNIX Security Symposium pp. 130–139 (Sep. 1992).
• M. Bishop, “Proactive Password Checking,” Proceedings of the Fourth Workshop on Computer Security Incident Handling pp. W11:1–9 (Aug. 1992).
• M. Bishop, “A Cautionary Tale,” Proceedings of the Workshop on Future Directions in Computer Misuse and Anomaly Detection, pp. 110–114 (Mar. 1992).

1991

• M. Bishop, “Privacy-Enhanced Electronic Mail,” Journal of Internetworking: Research and Experience 2(4) pp. 199–233 (Dec. 1991).
• M. Bishop, “Comparing Authentication Systems,” Proceedings of the Third Workshop on Computer Incident Handling pp. G–II–1:10 (Aug. 1991).
• M. Bishop, “A Proactive Password Checker,” Proceedings of the Seventh International Conference on Information Security pp. 169–181 (May 1991).
• M. Bishop, “An Overview of Computer Viruses in a Research Environment,” Proceedings of the Fourth Annual Computer Virus and Security Conference, pp. 111–144 (Mar. 1991).
• M. Bishop, “Password Management,” Proceedings of Compcom Spring ’91: Digest of Papers, pp. 167–169 (Feb. 1991).
• M. Bishop, “Authenticated Network News,” Proceedings of the 1991 Winter USENIX Conference, pp. 281–287 (Jan. 1991).

1990

• M. Bishop, “A Security Analysis of the NTP Protocol,” Proceedings of the 6th Annual Computer Security Applications Conference, pp. 20–29 (Dec. 1990).
• M. Bishop, “An Extensible Password Changing Program,” Proceedings of the UNIX Security Workshop II, pp. 15–16 (Aug. 1990).
• M. Bishop, “Collaboration Using Roles,” Software—Practice and Experience 20(5) pp. 485–498 (May 1990).
• M. Bishop, “Storage in C,” C Users’ Journal 8(5) pp. 73–78 (May 1990).

1989

• M. Bishop, “A Model of Security Monitoring,” Proceedings of the 5th Annual Computer Security Applications Conference, pp. 46–52 (Dec. 1989).
• M. Bishop, “UNIX™ Security in a Supercomputing Environment,” Proceedings of the 1989 ACM/IEEE Conference on Supercomputing pp. 693–698 (Nov. 1989).
• M. Bishop, “Privacy-Enhanced Electronic Mail,” Proceedings of the DIMACS Workshop on Distributed Computing and Cryptography, pp. 93–106 (Oct. 1989).

1988

• M. Bishop, “Auditing Files on a Network of UNIX Machines,” Proceedings of the UNIX Security Workshop pp. 51–52 (Aug. 1988).
• M. Bishop, “Theft of Information in the Take-Grant Protection Model,” Proceedings of the Workshop on Foundations of Computer Security, MITRE TR M88-37, pp. 194–218 (June 1988).
• M. Bishop, “An Application of a Fast Data Encryption Standard Implementation,” Computing Systems 1(3) pp. 221–254 (Summer 1988).

1987

• M. Bishop, “Profiling under UNIX™ by Patching,” Software—Practice and Experience 17(10) pp. 729–740 (Oct. 1987).
• M. Bishop, “File Protection in UNIX,” The DEC Professional Special Edition pp. 44–48 (June 1987).
• M. Bishop, “Sharing Accounts,” Proceedings of the Large Installation System Administrator’s Workshop, p. 135 (Apr. 1987).
• M. Bishop, “Array Names and Pointers,” The C Journal 3(1) pp. 44–46 (Spring 1987).
• M. Bishop, “How To Write A Setuid Program,” ;login: 12(1) pp. 5–11 (Jan./Feb. 1987).

1986

• M. Bishop and B. Leiner, “Access Control and Privacy in Large Distributed Systems,” Proceedings of the AIAA/ASIS/DODCI Second Aerospace Computer Security Conference: A Collection of Technical Papers, pp. 95–98 (Dec. 1986).
• M. Bishop, “Analyzing the Security of an Existing Computer System,” Proceedings of the 1986 Fall Joint Computer Conference pp. 1115–1119 (Nov. 1986).
• M. Bishop, “Trnum—A Program to Number Figures,” Text in Computers 1(1) pp. 9–15 (July 1986).
• M. Bishop, “How To Write A Setuid Program,” Cray User Group Proceedings pp. 110–111 (Spring 1986).
• M. Bishop, “Scope in C,” The C Journal 2(1) pp. 40–47 (Spring 1986).
• M. Bishop, “Portability in C—A Case Study,” The C Journal 1(4) p. 25–31 (Winter 1986).
• M. Bishop, “A Pauper’s Callback Scheme,” Computers and Security 5(2) pp. 141-144 (June 1986).

1981

• M. Bishop, “Hierarchical Take-Grant Protection Systems,” Proceedings of the Eighth Symposium in Operating Systems Principles pp. 107–123 (Dec. 1981).

1979

• M. Bishop and L. Snyder, “The Transfer of Information and Authority in a Protection System,” Proceedings of the Seventh Symposium in Operating Systems Principles pp. 45–54 (Dec. 1979).