Publications are sorted by research area. More recent areas of investigation come first. (You may want to check this page instead if you prefer to see papers sorted chronologically.)

The documents distributed from this webpage are provided as a means to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder.
Some of the works presented here are © ACM. This is the authors' version of the work. It is posted here by permission of the ACM for your personal use. Not for redistribution.

Online crime

Tyler Moore, Nektarios Leontiadis, and Nicolas Christin. Fashion Crimes: Trending-Term Exploitation on the Web. In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS 2011), pages 455-466. Chicago, IL. October 2011.
[paper (pdf, 738K)]  [BibTeX]

Nektarios Leontiadis, Tyler Moore, and Nicolas Christin. Measuring and Analyzing Search-Redirection Attacks in the Illicit Online Prescription Drug Trade. In Proceedings of the 20th USENIX Security Symposium (USENIX Security'11), pages 281-298. San Francisco, CA. August 2011.
[paper (pdf, 2.3M)]   [BibTeX]   [talk (video)]   [dataset (sql, 16.4M)]

Nicolas Christin, Sally Yanagihara, and Keisuke Kamataki. Dissecting One Click Frauds. In Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS 2010), pages 15-26. Chicago, IL. October 2010.
See also (earlier version): CMU CyLab Technical Report CMU-CyLab-10-011, April 2010.
[paper (pdf, 2.4M)]   [BibTeX]

David Molnar, Serge Egelman, and Nicolas Christin. This Is Your Data on Drugs:Lessons Computer Security Can Learn From The Drug War. In Proceedings of the 13th New Security Paradigms Workshop (NSPW 2010). Concord, MA. September 2010.
[paper (pdf, 124K)]   [BibTeX]

Economics of security

Benjamin Johnson, John Chuang, Jens Grossklags, and Nicolas Christin. Metrics for Measuring ISP Badness: The Case of Spam (Short Paper). To appear in Proceedings of the 16th International Conference on Financial Cryptography and Data Security (FC'12). Kralendijk, Bonaire. February 2012.

Nicolas Christin, Alessandro Acquisti, Adrian Perrig, and Bryan Parno. Monetary Forgery in the Digital Age: Will Physical-Digital Cash Be a Solution? To appear in I/S: A Journal of Law and Policy for the Information Society, Volume 7, Issue 2, pages 171-206. Winter 2012.
(Note: This is a thoroughly expanded and revised version of our FC'08 paper.)

Anupam Datta, Jeremiah Blocki, Nicolas Christin, Henry DeYoung, Deepak Garg, Limin Jia, Dilsun Kaynar, and Arunesh Sinha. Understanding and Protecting Privacy: Formal Semantics and Principled Audit Mechanisms. In Proceedings of the 7th International Conference on Information Systems Security (ICISS 2011), pages 1-27 (Invited paper). Kolkata, India. December 2011.
[paper (pdf, 419K)]  [BiBTeX]

Nicolas Christin. Network Security Games: Combining Game Theory, Behavioral Economics, and Network Measurements. In Proceedings of the 2nd Conference on Decision and Game Theory for Security (GameSec 2011), pages 4-6 (Invited keynote). College Park, MD. November 2011.
[paper (pdf, 68K)]   [BibTeX]   [slides (pdf, 9.6M)]

Jeremiah Blocki, Nicolas Christin, Anupam Datta, and Arunesh Sinha. Audit Mechanisms for Privacy Protection in Healthcare Environments. In Proceedings of the 2nd USENIX Workshop on Health Security and Privacy (HealthSec '11). San Francisco, CA. August 2011.
[paper (pdf, 61K)]    [BibTeX]

Jeremiah Blocki, Nicolas Christin, Anupam Datta, and Arunesh Sinha. Regret Minimizing Audits: A Learning-theoretic Basis for Privacy Protection. In Proceedings of the 24th IEEE Computer Security Foundations Symposium (CSF 2011), pages 312-327. Domaine de l'Abbaye des Vaux de Cernay, France. June 2011.
[paper (pdf, 371K)]    [BibTeX]

Benjamin Johnson, Jens Grossklags, Nicolas Christin, and John Chuang. Nash Equilibria for Weakest Target Security Games with Heterogeneous Agents. In Proceedings of the 2nd International ICST Conference on Game Theory for Networks (GameNets 2011). Shanghai, China. April 2011.
[paper (pdf, 1.3M)]   [BibTeX]

Nicolas Christin, Serge Egelman, Timothy Vidas, and Jens Grossklags. It's All About the Benjamins: An Empirical Study on Incentivizing Users to Ignore Security Advice. To appear in Proceedings of the 15th International Conference on Financial Cryptography and Data Security (FC'11), pages 16-30. St Lucia. February 2011.
[paper (pdf, 437K)]   [BibTeX]

Benjamin Johnson, Jens Grossklags, Nicolas Christin, and John Chuang. Uncertainty in Interdependent Security Games. In Proceedings of the 1st Conference on Decision and Game Theory for Security (GameSec 2010). Berlin, Germany. November 2010.
[paper (pdf, 549K)]   [BibTeX]

Benjamin Johnson, Jens Grossklags, Nicolas Christin, and John Chuang. Are Security Experts Useful? Bayesian Nash Equilibria for Network Security Games with Limited Information. In Proceedings of the 15th European Symposium on Research in Computer Security (ESORICS 2010), pages 588-606. Athens, Greece. September 2010.
See also: CMU CyLab Technical Report CMU-CyLab-10-010, April 2010.
[paper (pdf, 208K)]   [BibTeX]

Jens Grossklags, Benjamin Johnson, and Nicolas Christin. When Information Improves Information Security. In Proceedings of the Fourteenth International Conference on Financial Cryptography and Data Security (FC'10), pages 416-423. Tenerife, Spain. January 2010.
See also (extended version): CMU CyLab Technical Report CMU-CyLab-09-004, March 2009.
[paper (pdf, 289K)]   [BibTeX]

Jens Grossklags, Benjamin Johnson, and Nicolas Christin. The Price of Uncertainty in Security Games. In Proceedings (online) of the 8th Workshop on Economics of Information Security (WEIS 2009). London, UK. June 2009.
[paper (pdf, 587K]   [slides (pdf, 2148K)]   [BibTeX]

Ash Bashir and Nicolas Christin. Three Case Studies in Quantitative Information Risk Analysis. In Proceedings of the CERT/SEI Business Case Workshop: Making the Business Case for Software Assurance, pages 77-86. Pittsburgh, PA. September 2008.
[paper (pdf, 120K)]   [appendix data (pdf, 530K)]  [BibTeX]  [software (xls/vba, 1.5M)]

Jens Grossklags, Nicolas Christin, and John Chuang. Security and Insurance Management in Networks with Heterogeneous Agents. In Proceedings of the 9th ACM Conference on Electronic Commerce (EC'08), pages 160-169. Chicago, IL. July 2008.
[paper (pdf, 208K)]  [BibTeX]

Jens Grossklags, Nicolas Christin, and John Chuang. Security Investment (Failures) in Five Economic Environments: A Comparison of Homogeneous and Heterogeneous User Agents. In Proceedings (online) of the 7th Workshop on Economics of Information Security (WEIS 2008). Hannover, NH. June 2008.
[paper (pdf, 287K)]  [BibTeX]

Jens Grossklags, Nicolas Christin, and John Chuang. Secure or Insure? A Game-Theoretic Analysis of Information Security Games. In Proceedings of the 17th International World Wide Web Conference (WWW'08), pages 209-218. Beijing, China. April 2008.
[paper (pdf, 223K)]  [BibTeX]

Jens Grossklags, Nicolas Christin, and John Chuang. Predicted and Observed User Behavior in the Weakest-Link Security Game. In Proceedings of the 2008 USENIX Workshop on Usability, Psychology, and Security (UPSEC'08). San Francisco, CA. April 2008.
[paper (pdf, 128K)]  [paper (html)]  [BibTeX]

Alessandro Acquisti, Nicolas Christin, Adrian Perrig, and Bryan Parno. Countermeasures against Government-Scale Monetary Forgery. In Proceedings of the Twelfth International Conference on Financial Cryptography and Data Security (FC'08). Cozumel, Mexico. January 2008.
See also (extended version): CMU CyLab Technical Report CMU-CyLab-07-016, December 2007.
[paper (pdf, 40K)]    [BibTeX]

Security, psychology, and usability

Blase Ur, Patrick Gage Kelley, Saranga Komanduri, Joel Lee, Michael Maass, Michelle Mazurek, Timothy Passaro, Richard Shay, Timothy Vidas, Lujo Bauer, Nicolas Christin and Lorrie Faith Cranor. How Does Your Password Measure Up? The Effect of Strength Meters on Password Creation. To appear in Proceedings of the 21st USENIX Security Symposium (USENIX Security'12). Bellevue, WA. August 2012.

Richard Shay, Patrick Gage Kelley, Saranga Komanduri, Michelle Mazurek, Blase Ur, Timothy Vidas, Lujo Bauer, Nicolas Christin and Lorrie Faith Cranor. Correct horse battery staple: Exploring the usability of system-assigned passphrases. To appear in Proceedings of the 8th Symposium on Usable Privacy and Security (SOUPS'12). Washington, DC. July 2012.

Patrick Gage Kelley, Saranga Komanduri, Michelle Mazurek, Richard Shay, Timothy Vidas, Lujo Bauer, Nicolas Christin, Lorrie Cranor and Julio Lopez. Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms. To appear in Proceedings of the 33rd IEEE Symposium on Security and Privacy (Oakland 2012). San Francisco, CA. May 2012.

Saranga Komanduri, Richard Shay, Patrick Gage Kelley, Michelle Mazurek, Lujo Bauer, Nicolas Christin, Lorrie Cranor and Serge Egelman. Of Passwords and People: Measuring the Effect of Password-Composition Policies. In Proceedings of the 2011 ACM Conference on Human Factors in Computing Systems (CHI 2011), pages 2595-2604. Vancouver, BC, Canada. May 2011. Honorable Mention Award.
[paper (pdf, 478K)]    [BibTeX]

Eiji Hayashi, Jason Hong, and Nicolas Christin. Security through a Different Kind of Obscurity: Evaluating Distortion in Graphical Authentication Schemes. In Proceedings of the 2011 ACM Conference on Human Factors in Computing Systems (CHI 2011), pages 2055-2064. Vancouver, BC, Canada. May 2011.
[paper (pdf, 396K)]    [BibTeX]

Ambarish Karole, Nitesh Saxena, and Nicolas Christin. A Comparative Usability Evaluation of Traditional Password Managers. In Proceedings of the 13th International Conference on Information Security and Cryptology (ICICS 2010). Seoul, Republic of Korea. December 2010.
[paper (pdf, 2.2M)]   [BibTeX]

Richard Shay, Saranga Komanduri, Patrick Gage Kelley, Pedro Leon, Michelle Mazurek, Lujo Bauer, Nicolas Christin and Lorrie Cranor. Encountering Stronger Password Requirements: User Attitudes and Behaviors. In Proceedings of the Sixth Symposium on Usable Privacy and Security (SOUPS'10). Redmond, WA. July 2010.
[paper (pdf, 684K)]   [BibTeX]

Serge Egelman, David Molnar, Nicolas Christin, Alessandro Acquisti, Cormac Herley, and Shriram Krishnamurthi. Please Continue to Hold: An Empirical Study on User Tolerance of Security Delays. In Proceedings (online) of the 9th Workshop on Economics of Information Security (WEIS 2010). Cambridge, MA. June 2010.
[paper (pdf, 346K)]   [BibTeX]   [slides (pdf, 1.1M)]

Madoka Hasegawa, Nicolas Christin, and Eiji Hayashi. New Directions in Multisensory Authentication. In Adjunct Proceedings of the Seventh International Conference on Pervasive Computing (Pervasive 2009) - Late Breaking Results, pages 103-106. Nara, Japan. May 2009.
[paper (pdf, 519K]  [BibTeX]

Eiji Hayashi, Nicolas Christin, Rachna Dhamija, and Adrian Perrig. Use Your Illusion: Secure Authentication Usable Anywhere. In Proceedings of the Fourth Symposium on Usable Privacy and Security (SOUPS'08). Pittsburgh, PA. July 2008.
See also (preliminary version, very different!): CMU CyLab Technical Report CMU-CyLab-07-011, August 2007.
[paper (pdf, 412K)]  [BibTeX]   [demo site]

Hirokazu Sasamoto, Nicolas Christin, and Eiji Hayashi. Undercover: Authentication Usable in Front of Prying Eyes. In Proceedings of the 2008 ACM Conference on Human Factors in Computing Systems (CHI 2008), pages 183-192. Florence, Italy. April 2008.
[paper (pdf, 618K)]    [BibTeX]

Mobile device security

Timothy Vidas, Daniel Votipka, and Nicolas Christin. All Your Droid Are Belong to Us: A Survey of Current Android Attacks. In Proceedings of the 5th USENIX Workshop on Offensive Technologies (WOOT '11). San Francisco, CA. August 2011.
[paper (pdf, 133K)]   [BibTeX]

Timothy Vidas, Chengye Zhang, and Nicolas Christin. Towards a General Collection Methodology for Android Devices. In Proceedings of the 11th Digital Forensics Research Workshop (DFRWS 2011). New Orleans, LA. August 2011.
[paper (pdf, 6.9M)]   [BibTeX]

Timothy Vidas, Nicolas Christin, and Lorrie Cranor. Curbing Android Permission Creep. In Proceedings of the 2011 Web 2.0 Security and Privacy Workshop (W2SP 2011). Oakland, CA. May 2011.
[paper (pdf, 418K)]    [BibTeX]

Rajesh Balan, Narayan Ramasubbu, Komsit Prakobphol, Nicolas Christin, and Jason Hong. mFerio: The Design and Evaluation of a Peer-to-Peer Mobile Payment System. In Proceedings of the Seventh ACM/USENIX Annual International Conference on Mobile Systems, Applications and Services (MobiSys '09), pages 291-304. Krakow, Poland. June 2009.
[paper (pdf, 908K]  [BibTeX]

Security and policy

Nicolas Christin. On Critical Infrastructure Protection and International Agreements. Center for International and Security Studies at Maryland Working Paper. March 2011.
[paper (pdf, 255K)]  

Economics-informed design and analysis of networked systems

Nicolas Christin, John Chuang, and Jens Grossklags. Economics-Informed Design of Content Delivery Networks. Invited chapter in R. Buyya, A.-M. Khan Pathan, A. Vakali (editors), Content Delivery Networks: Principles and Paradigms, chapter 7. Springer Verlag, Germany, July 2008.
[BibTeX]

Soon Hin Khor, Nicolas Christin, Tina Wong, and Akihiro Nakao. Power to the People: Securing the Internet one Edge at a Time. In Proceedings of the ACM SIGCOMM'07 Workshop on Large-Scale Attack Defense (LSAD), pages 89-96. Kyoto, Japan. August 2007.
[paper (pdf, 163K)]    [BibTeX]

Nicolas Christin and John Chuang. A Cost-Based Analysis of Overlay Routing Geometries. In Proceedings of IEEE INFOCOM'05, vol. 4, pages 2566-2577. Miami, FL. March 2005.
[paper (pdf, 498K)]   [slides (pdf, 916K)]   [BibTeX]

Nicolas Christin, Jens Grossklags, and John Chuang. Near Rationality and Competitive Equilibria in Networked Systems. In Proceedings of the ACM SIGCOMM'04 Workshop on Practice & Theory of Incentives in Networked Systems (PINS), pages 213-219. Portland, OR. August 2004.
A preliminary version known as University of California, Berkeley, Technical Report p2pecon TR-2004-04-CGC (also arXiv:cs.GT/0404040) is also available, but we prefer you cite the PINS paper.
[paper (pdf, 95K)]    [slides (pdf, 151K)]    [BibTeX]

Nicolas Christin and John Chuang. On the Cost of Participating in a Peer-to-Peer Network. In Proceedings of the Third International Workshop on Peer-to-Peer Systems (IPTPS'04). San Diego, CA. February 2004.
See also (preliminary version, quite different!): University of California, Berkeley, Technical Report p2pecon TR-2003-12-CC (also arXiv:cs.NI/0401010).
[paper (pdf, 181K)]    [slides (pdf, 448K)]    [BibTeX]

Information flow security & digital rights management

Nicolas Christin. Peer-to-Peer Networks: Interdisciplinary Challenges for Interconnected Systems. In M. Dark (editor), Information Assurance and Security Ethics in Complex Systems: Interdisciplinary Perspectives. IGI Global, United States, 2010.
[paper (pdf, 553K)]   [slides (pdf, 3104K)]     [BibTeX]
(Copyright 2010, IGI Global, www.igi-global.com. Posted by permission of the publisher.)

Keiji Takeda, Nicolas Christin, and Davar Pishva. Jouhou Sekyuriti ni Kansuru Torikumi Nitsuite no Saishin Doukou (Recent trends in information security challenges, in Japanese). Invited paper in Journal of Japan Society for Fuzzy Theory and Intelligent Informatics 19(3), Special Issue on Security and Trust, pages 200-208. June 2007.
[Abstract in English]       [BibTeX]

Nicolas Christin, Andreas S. Weigend, and John Chuang. Content Availability, Pollution and Poisoning in Peer-to-Peer File Sharing Networks. In Proceedings of the Sixth ACM Conference on Electronic Commerce (EC'05), pages 68-77. Vancouver, BC, Canada. June 2005.
[paper (pdf, 654K)]    [slides (pdf, 2M)]   [BibTeX]

Service differentiation in packet networks

Nicolas Christin, Jörg Liebeherr, and Tarek F. Abdelzaher. Enhancing Class-Based Service Architectures with Adaptive Rate Allocation and Dropping Mechanisms. In IEEE/ACM Transactions on Networking 15(3), pages 669-682. June 2007.
See also (older version): University of Virginia, Technical Report CS-2004-09.
[BibTeX]

Ahsan Habib, Nicolas Christin, and John Chuang. On the Feasibility of Switching ISPs in Residential Multihoming. In Proceedings of the Fifteenth IEEE International Workshop on Quality-of-Service (IWQoS 2007), pages 91-99. Chicago, IL. June 2007.
[paper (pdf, 276K)]   [BibTeX]

Nicolas Christin and Jörg Liebeherr. The QoSbox: Quantitative Service Differentiation in BSD Routers. In Computer Networks 50(17), pages 3353-3374, December 2006.
See also (very preliminary version, quite different): University of Virginia, Technical Report CS-2001-28. [BibTeX]

Victor Firoiu, Xiaohui Zhang, Emre Gündüzhan, and Nicolas Christin. Providing Service Guarantees in High-Speed Switching Systems with Feedback Output Queuing. In IEEE Transactions on Parallel and Distributed Systems 17(5), pages 434-447, May 2006.
See also (older version): Nortel Networks, Technical Report arXiv:cs.NI/0406019.
[paper (pdf, 312K)]    [BibTeX]

Ahsan Habib, Nicolas Christin, and John Chuang. Taking Advantage of Multihoming with Session Layer Striping. In Proceedings of the 9th IEEE Global Internet Symposium (Global Internet 2006), pages 102-107. Barcelona, Spain. April 2006.
[paper (pdf, 122K)]   [slides (pdf, 388K)]    [BibTeX]

Nicolas Christin and Jörg Liebeherr. Marking Algorithms for Service Differentiation of TCP Traffic. In Computer Communications 28(18), Special Issue on End-to-End Quality of Service Differentiation, pages 2058-2069. November 2005.
See also: University of Virginia, Technical Report CS-2003-04, February 2003.
[paper (pdf, 962K)]    [BibTeX]

Nicolas Christin. Quantifiable Service Differentiation for Packet Networks, Ph.D. Dissertation, University of Virginia, August 2003.
[dissertation (pdf, 3.3M)]    [slides (pdf, 2.4M)]    [BibTeX]

Nicolas Christin and Jörg Liebeherr. A QoS Architecture for Quantitative Service Differentiation. In IEEE Communications Magazine 41(6), Special Issue on Scalability in IP-Oriented Networks, pages 38-45. June 2003.
[paper (pdf, 99K)]    [BibTeX]

Jörg Liebeherr and Nicolas Christin. Rate Allocation and Buffer Management for Differentiated Services. In Computer Networks 40(1), Special Issue on the New Internet Architecture, pages 89-110. September 2002.
[paper (pdf, 1M)]    [BibTeX]

Nicolas Christin and Jörg Liebeherr. A Scalable Service Architecture for Providing Strong Service Guarantees. In Scalability and Traffic Control in IP Networks II (ITCOM'02), Proceedings of SPIE, vol. 4868, pages 31-42. Boston, MA. July 2002.
[paper (pdf, 261K)]    [slides (pdf, 2M)]    [BibTeX]

Nicolas Christin, Jörg Liebeherr, and Tarek F. Abdelzaher. A Quantitative Assured Forwarding Service. In Proceedings of IEEE INFOCOM'02, vol. 2, pages 864-873, New York, NY. June 2002.
See also (long version): University of Virginia, Technical Report CS-2001-21, August 2001.
[paper (pdf, 338K)]    [slides (pdf, 2M)]    [BibTeX]

Jörg Liebeherr and Nicolas Christin. JoBS: Joint Buffer Management and Scheduling for Differentiated Services. In Proceedings of the Ninth IEEE/IFIP International Workshop on Quality-of-Service (IWQoS 2001), pages 404-418, Karlsruhe, Germany. June 2001.
[paper (ps.gz, 212K)]    [paper (pdf, 291K)]    [slides (pdf, 2.4M)]    [BibTeX]

Jörg Liebeherr and Nicolas Christin. Buffer Management and Scheduling for Enhanced Differentiated Services. University of Virginia, Technical Report CS-2000-24, August 2000.
[paper (ps.gz, 1.2M)]   [paper (pdf, 1.2M)]    [BibTeX]