Andrew Bortz - Research

About

I am currently on leave from the Stanford University Computer Science Department Ph.D program. At Stanford, my work is funded by a National Science Foundation Graduate Research Fellowship. I work in the Stanford Security Lab with my advisor, Dan Boneh, and others on topics in computer and network security. Previously, I graduated from Carnegie Mellon University in 2004 with a B.S in Computer Science and a B.S in Discrete Mathematics.

Publications

• Collin Jackson, Adam Barth, Andrew Bortz, Weidong Shao, and Dan Boneh. Protecting Browsers from DNS Rebinding Attacks. ACM Transactions on the Web, Volume 3, Number 1, January 2009.
• Collin Jackson, Adam Barth, Andrew Bortz, Weidong Shao, and Dan Boneh. Protecting Browsers from DNS Rebinding Attacks. ACM CCS 2007.
• Andrew Bortz, Dan Boneh, and Palash Nandy. Exposing Private Information by Timing Web Applications. WWW 2007.
• Luis von Ahn, Andrew Bortz, Nicholas J. Hopper, and Kevin O'Neill. Selectively Traceable Anonymity. PET 2006.
• Collin Jackson, Andrew Bortz, Dan Boneh, and John C. Mitchell. Phishing and Counter-Measures: Understanding the Increasing Problem of Electronic Identity Theft, Chapter 12. Wiley-Interscience 2006.
• Collin Jackson, Andrew Bortz, Dan Boneh, and John C. Mitchell. Protecting Browser State from Web Privacy Attacks. WWW 2006.
• Luis von Ahn, Andrew Bortz, and Nicholas J. Hopper. k-Anonymous Message Transmission. ACM CCS 2003.

Patents

• Kim Cameron, Arun K. Nanda, Josh D. Benaloh, John P. Shewchuk, Daniel R. Simon, Andrew Bortz. Methods and system for asymmetric key security. Microsoft Corporation. U.S. Patent Application #20060198517

Public Projects

• google-dnswall - A simple DNS proxy to defend against DNS rebinding attacks. Written at Google for deployment, later open-sourced. Now abandoned and deprecated by coordinated fixes to browsers, plugins, and recursive DNS resolvers.

Popular Press

• Website delay provides bait for 'phishers'. Issue 2604 of New Scientist magazine, May 19 2007, page 32
• Defending networks against DNS rebinding attacks. CircleID, August 9, 2007

Personal

I'm on Twitter, Facebook, and LinkedIn.