Research Interests
My research interests are focused in reliable computing, and in the consequences of computer failure and misuse. The increasing use of computer technology in the world around us presents difficult and sometimes dangerous situations when the computers and their programs fail to operate as intended. These failures can range from the unnoticeable to the catastrophic, including large losses of money and even life.
Computer-related failures may be the results of accident, as when a power failure or fire cause a system to cease functioning. Or, they may be caused by faults present in software that was poorly designed and inadequately tested. Failures may also occur when the systems are developed by individuals with insufficient understanding of the situation and potential dangers. Additionally, failures can occur because of malicious activity by individuals, or through the application of vandalware such as worms and viruses.
Thus, my interests may be summarized as:
- Computer and network security, including policy and forensics
- Ethical and societal implications of computing
- Software validation, verification, and debugging
- Reliable distributed computer systems
Selected Presentations
You can find archived video of a number of my talks, conference addresses, and interviews on YouTube.
Selected Publications
The following are a selection of the items I have authored over the last 40 years. It is not a complete list, but is intended to list some of the items that have been cited more frequently than the rest, or that otherwise have some particular significance.
A note about author name order: A policy I have maintained in my research groups from 1990 to about 2010 was to list authors by alphabetic order rather than trying to determine relative contributions. This eliminated some of the debate and difficulties I have heard about in other research groups. However, this sometimes resulted in students with last names starting far into the alphabet (e.g., Zamboni) not appearing as first author even in cases where they did most of the work, and it also means my name was seldom listed first even in those cases where I did most of the development. So it goes. Simply be aware that all authors listed made significant, material contributions to the papers where they are listed, and the order of names is not necessarily significant.
A note about conference papers: I have been a keynote or featured speaker at many conferences. Usually, those invitations include an opportunity to submit a paper. Unfortunately, I have been suffering from a combination of RSI (repetitive stress injury) and arthritis in my fingers since 1996: preparing papers is painful and slow. Thus, you will not find submitted papers for many of the more recent conferences where I have spoken because I have not been able to type them. And yes, I have tried voice recognition and various therapies, to little avail.
Books
Eugene H. Spafford, Kathleen A. Heaphy, and D. J. Ferbrache; Computer Viruses: Dealing with Electronic Vandalism and Programmed Threats; ADAPSO (now ITAA), Arlington, VA; 123 pages; 1989.
Simson L. Garfinkel and Gene Spafford; Practical UNIX Security; O'Reilly & Associates; 512 pages; May 1991; 2nd edition, renamed Practical UNIX and Internet Security; 1000 pages, May 1996; 3rd edition, with S. Garfinkel and A. Schwartz; 954 pages, February 2003.
Simson L. Garfinkel with Gene Spafford; Web Security & Commerce; O'Reilly & Associates; 483 pages; 1997 2nd edition, renamed Web Security, Privacy & Commerce; 756 pages; Jan 2002.
Gene Spafford, Leigh Metcalf, and Josiah Dykstra;Cybersecurity Myths and Misconceptions;Pearson; February 2023.
Books Edited
K. A. Seger, W. R. VonStorch and D. J. Icove; Computer Crime: A Crime-Fighters Handbook; Contributing editor; O'Reilly & Associates; 1995.
Editorial advisor (associate editor); A. B. Tucker, editor-in-chief; CRC Handbook of Computer Science and Engineering; CRC Press; Boca Raton, FL; 1996.
Major Reports and Book Chapters
A. B. Tucker, B. H. Barnes, R. M. Aiken, K. Barker, K. M. Bruce, J. T. Cain, S. E. Conry, G. L. Engel, R. G. Epstein, D. K. Lidtke, M. C. Mulder, J. B. Rogers, E. H. Spafford, and A. J. Turner; Computing Curricula 1991; IEEE Press and ACM; 160 pages; Feb 1991.
Eugene H. Spafford; Virus, entry in the Encyclopedia of Software Engineering; edited by John Marciniak; John Wiley & Sons; 1994.
- Reprinted in Internet Beseiged: Countering Cyberspace Scofflaws; Dorothy and Peter Denning, eds.; Addison-Wesley, 1997.
Gene Kim and Eugene H. Spafford; Tripwire: A Case Study in Integrity Monitoring in Internet Beseiged: Countering Cyberspace Scofflaws; edited by Dorothy and Peter Denning; Addison-Wesley; 1997.
E. Eugene Schultz and Eugene H. Spafford; Intrusion Detection: How to Utilize a Still Immature Technology in Information Security Management (4th Edition); edited by H. Tipton and M. Krause; Auerbach/CRC; 2000.
M. J. Atallah, K. N. Pantazopoulos, J. R. Rice, and Eugene H. Spafford; Secure Outsourcing of Scientific Computations; in Advances in Computers; Academic Press; Chap. 6, pp 215-272; August 2001.
James B. D. Joshi, Walid G. Aref, Arif Ghafoor and Eugene H. Spafford; Security and Privacy Challenges of a Digital Government in Advances in Digital Government: Technology, Human Factors, and Policy; Eds. W. J. McIver, Jr., A. K. Elmagarmid; Kluwer Academic Publishers, 2002; pp. 121-136.
Eugene H. Spafford; One View of Protecting the National Information Infrastructure in Science and Technology in a Vulnerable World; AAAS, 2002; pp. 41-50.
As a member of the PITAC; Report to the President on Revolutionizing Health Care Through Information Technology ; US Government Printing Office; May 2004.
As a member of the PITAC; Report to the President on Cyber Security: A Crisis of Prioritization ; US Government Printing Office; February 2005.
As a member of the PITAC; Report to the President on Computational Science: Ensuring America's Competitiveness ; US Government Printing Office; June 2005.
As a member of the USAF Scientific Advisory Board; Implications of Cyber Warfare, Vols. 1-3; SAB-TR-07-02; ed. T. Saunders and A. Levis; US Air Force; August 2007. (Note: Volumes 1 &2 Distribution FOUO; Volume 3 Classified Secret)
Eugene H. Spafford and Annie I. Antón; The Balance Between Security and Privacy; chapter 8, pp. 152–168 in Controversies in Science and Technology, Volume II; ed. D. L. Kleinman, K. A. Cloud-Hansen, C. Matta, and J. Handelsman; Mary Ann Liebert, Inc., New York, NY; 2008.
Bingrui Foo, Matthew W. Glause, Gaspar M. Howard, Yu-Sung Wu, Saurabh Bagchi, Eugene H. Spafford; Intrusion Response Systems: A Survey; chapter 13 in Information Assurance: Dependability and Security in Networked Systems; Morgan Kaufmann Publishers; pp 377-416; 2008.
Karthik Kannan, Jackie Rees, Eugene H. Spafford; Unsecured Economies: Protecting Vital Information ; ed. Red Consultancy; McAfee, Inc.; January 2009.
Lorraine Kisselburgh, Eugene H. Spafford, Mihaela Vorvoreanu; Web 2.0, A complex balancing act; McAfee Corporation; 2010.
Eugene H. Spafford; Cyber Security: Assessing Our Vulnerabilities and Developing an Effective Defense; chapter 3 in Protecting Persons While Protecting the People; revised papers of the Second Annual Workshop on Information Privacy and National Security, ISIPS 2008; ed. Cecilia S. Gal, Paul B. Kantor, Michael E. Lesk; Springer Lecture Notes in Computer Science; Volume 5661 2009.
Fariborz Farahmand and Eugene H. Spafford; Understanding Risk and Risk-Taking Behavior in Virtual Worlds; chapter 4 in Security in Virtual Worlds, 3D Webs, and Immersive Environments: Models for Development, Interaction, and Management, edited by Alan Rea; Information Science Reference, IGI Publishing; pp. 59–71; 2011.
Shimon Modi and Eugene H. Spafford; Future Biometric Systems and Privacy; chapter 6 in Privacy in America: Interdisciplinary Perspectives; edited by William Aspray and Philip Doty; Scarecrow Press, Inc.; pp. 167–193; 2011.
Mohammed Almeshekah and Eugene H. Spafford; Cyber Security Deception; chapter 2 in Cyber Deception: Building the Scientific Foundation; edited by Sushil Jajodia, V.S. Subrahmanian, Vipin Swarup, and Cliff Wang; Springer International; 2016.
Journal Articles
- Reprinted (and translated into Japanese) in bit (Tokyo); Kyöritsu Publishing, Co.; Tokyo, Japan; v. 21(14) pp. 1830-1842; Dec 1989.
- Reprinted as chapter 12 (pp. 223-243) in Computers Under Attack: Intruders, Worms and Viruses; Peter J. Denning, editor; ACM Press; 1990.
- Reprinted in Crime, Deviance and the Computer (volume in the International Library of Criminology, Criminal Justice and Penology); R. Hollinger, editor; Dartmouth Publishing Company; Hampshire, England; 1997.
Eugene H. Spafford; Extending Mutation Testing to Find Environmental Bugs; Software Practice & Experience, v. 20(2) pp.181-189; Feb 1990.
Hiralal Agrawal, Richard A. DeMillo and Eugene H. Spafford; An Execution Backtracking Approach to Program Debugging; IEEE Software, pp. 21-26; May 1991.
Eugene H. Spafford; Are Computer Break-Ins Ethical?; Journal of Systems and Software; v. 17(1) pp. 41-48; Jan 1992.
- Reprinted (pp. 125-134) in Compuers, Ethics, & Social Values; D. G. Johnson and H. Nissenbaum, editors; Prentice-Hall; 1995.
- Reprinted in The Moral Foundations of Intellectual Property; Adam D. Moore, editor; 1997. Reprinted in Computers, Ethics and Society; M. David Ermann, Mary B. Williams, and Michele S. Shauf, eds.; Oxford University Press; 1997.
- Reprinted in the Encyclopedia of Applied Ethics; Ruth Chadwick, editor; pp. 571-577; Academic Press; 1997.
- Reprinted in Internet Beseiged: Countering Cyberspace Scofflaws; Dorothy and Peter Denning, editors; pp. 73-95; Addison-Wesley, 1997.
Eugene H. Spafford; OPUS: Preventing Weak Password Choices; Computers & Security; v. 11(3) pp. 273-278; May 1992.
Hiralal Agrawal, Richard A. DeMillo and Eugene H. Spafford; Debugging with Dynamic Slicing and Backtracking; Software Practice & Experience; v. 23(6) pp. 589-616; June 1993.
Eugene H. Spafford and Stephen A. Weeber; Software Forensics: Tracking Code to its Authors; Computers & Security; v. 12(6) pp. 585-595; Dec. 1993.
Eugene H. Spafford; Computer Viruses as Artificial Life; Journal of Artificial Life; v. 1(3) pp. 249-265; 1994.
- Reprinted (pp. 249-266) in Artificial Life: An Overview; ed Chris Langton; 1995.
Steve J. Chapin and Eugene H. Spafford; Support for Implementing Scheduling Algorithms Using MESSIAHS; Scientific Programming; volume 3, pp. 325-340; 1994.
Ivan Krsul and Eugene H. Spafford; Authorship Analysis: Identifying the Author of a Program; Computers & Security; v. 16(3) pp. 248-259; 1997.
Simson Garfinkel and Eugene H. Spafford; Cryptography and the Web; World Wide Web Journal; v. 2(3) pp. 113-126; Summer 1997.
Simson Garfinkel and Eugene H. Spafford; Secure CGI/API Programming; World Wide Web Journal; v. 2(3) pp. 187-200; Summer 1997.
Steve J. Chapin and Eugene H. Spafford; Dissemination of State Information in Distributed, Autonomous Systems; Computer Communications; v. 21(11), pp. 969-979, Oct 1998.
Christoph Schuba, Berry Kercheval, and Eugene H. Spafford; Prototyping Experiences with Classical IP and ARP over Signaled ATM Connections; Journal of Systems and Software; #44, pp. 31-43; April 1998 .
Thomas E. Daniels and Eugene H. Spafford; Identification of Host Audit Data to Detect Attacks on Low-level IP Vulnerabilities; Journal of Computer Security; v. 7(1). pp. 3-35; 1999.
Eugene H. Spafford and Diego Zamboni; Intrusion Detection Using Autonomous Agents; in Computer Networks (Elsevier); v. 34(4) pp. 547-570; 2000.
James Joshi, Arif Ghafoor, Walid G. Aref and Eugene H. Spafford; Digital Government Security Infrastructure Design Challenges; in IEEE Computer; v. 34(2) pp. 66-72; 2001.
Florian Kerschbaum, Eugene H. Spafford, and Diego Zamboni; Embedded Sensors and Detectors for Intrusion Detection; Journal of Computer Security; v. 10(1/2) pp. 23-70; 2002.
Brian Carrier and Eugene H. Spafford; Getting Physical with the Digital Investigation Process; in International Journal of Digital Evidence; v 2(2); Fall 2003.
Brian Carrier and Eugene H. Spafford; Defining Digital Event Reconstruction of Digital Crime Scenes; in Journal of Forensic Sciences; v 49(6), Nov. 2004.
Florian Buchholz and Eugene H. Spafford; On the Role of File System Metadata in Digital Forensics; in Digital Investigation; v. 1(4); pp. 298-309; Dec. 2004.
Brian Carrier and Eugene H. Spafford; Categories of Digital Investigation Analysis Techniques Based On the Computer History Model; in Digital Investigation; v. 3(S), pp. 121-130, Aug. 2006.
Paul Williams and Eugene H. Spafford; CuPIDS: An Exploration of Highly Focused, Coprocessor-based Information System Protection; Computer Networks; Elsevier; v 51(5); pp. 1284-1298; April 2007.
Yu-Sung Wu, Bingrui Foo, Yu-Chun Mao, Saurabh Bagchi, Eugene H. Spafford; Automated Adaptive Intrusion Containment in Systems of Interacting Services; Computer Networks; Elsevier; v 51(5); pp. 1334-1360; April 2007.
Florian Buchholz and Eugene H. Spafford; Run-time Label Propagation for Forensic Audit Data; Computers &Security; Elsevier; 26(7-8); pp. 496-513; Dec 2007.
Xuxian Jiang, Florian Buchholz, Aaron Walters, Dongyan Xu, Yi-Min Wang, Eugene H. Spafford, Tracing Worm Break-in and Contaminations via Process Coloring: A Provenance-Preserving Approach; IEEE Transactions on Parallel and Distributed Systems; 19(7); pp. 890-902; Jul 2008.
Travis D. Breaux, Annie I. Antón, and Eugene H. Spafford; A Distributed Requirements Management Framework For Legal Compliance And Accountability; Computers &Security; Elsevier; 28(1); pp. 8-17; Jan 2009.
Benjamin A. Kuperman and Eugene H. Spafford; Audlib: A Configurable, High-Fidelity Application Audit Mechanism; Software Practice & Experience; John Wiley & Sons; 40(11); pp. 989–1005; Oct. 2010.
Fariborz Farahmand, Mikhail Atallah, and Eugene H. Spafford; Incentive Alignment and Risk Perception: An Information Security Application ; IEEE Transactions on Engineering Management; IEEE; 60(2), pp. 238-246; May 2012.
Kyungroul Lee, Kangbin Yim, and Eugene H. Spafford; Reverse-safe authentication protocol for secure USB memories ; Security and Communication Networks; John Wiley & Sons; 5(8); pp. 834_845; August 2012.
Fariborz Farahmand and Eugene H. Spafford; Understanding Insiders: An Analysis of Risk-Taking Behavior ; Information Systems Frontiers; Springer; 15(1), March 2013; pp. 5-15.
Fariborz Farahmand, Aman Yadav, and Eugene H. Spafford; Risks and Uncertainties in Virtual Worlds: An Educators' Perspective ; Journal of Computing in Higher Education; Springer; August 2013, 25(2), pp 49-67.
ACM Transactions on Privacy and Security (TOPS), 2016
Conference and Workshop Papers
Hiralal Agrawal and Eugene H. Spafford; An Execution Backtracking Approach to Program Debugging; in Proceedings of the 6th Pacific Northwest Software Quality Conference; pp. 283-300; Oct. 1988.
Eugene H. Spafford; Some Musings on Ethics and Computer Break-ins (invited paper); in Proceedings of the Winter 1989 Usenix Conference; Usenix Association; pp. 305-311; Feb 1989.
Eugene H. Spafford; An Analysis of the Internet Worm; in Proceedings of the European Software Engineering Conference 1989 (Lecture Notes in Computer Science #387); Springer-Verlag; pp. 446-468; Sep 1989.
- Reprinted as chapter 18 in Rogue Programs: Viruses, Worms, and Trojan Horses; Lance Hoffman, editor; Van Nostrand Reinhold, New York; 1990.
Eugene H. Spafford; Computer Viruses: A Form of Artificial Life? (invited contribution); in Artificial Life II, Studies in the Sciences of Complexity, vol. XII, eds. D. Farmer, C. Langton, S. Rasmussen, and C. Taylor; Addison-Wesley; pp. 727-747; 1991.
Dan Farmer and Eugene H. Spafford; The COPS Security Checker System; in Proceedings of the Summer 1990 Usenix Conference; Usenix Association; pp. 165-170; Jun 1990.
Mehmet Sahinoglu and Eugene H. Spafford; A Bayes Sequential Statistical Procedure for Approving Software Products; in Proceedings of the IFIP Conference on Approving Software Products (ASP-90); Elsevier Science; pp. 43-56; Sep 1990.
Eugene H. Spafford; Preventing Weak Password Choices; in 14th National Computer Security Conference; pp. 446-455; Oct 1991.
Mehmet Sahinoglu, I. Baltaci, and Eugene H. Spafford; Monte Carlo Simulation on Software Mutation Testcase Adequacy; in Proceedings of COMPSTAT '92, International Association of Statistical Computing; Springer-Verlag; pp. 47-52; Aug 1992.
Eugene H. Spafford; Observing Reusable Password Choices; in 3rd Usenix UNIX Security Symposium; Usenix Association; pp. 299-312; 14-16 Sep 1992.
Eugene H. Spafford and Stephen A. Weeber; Software Forensics: Can We Track Code to its Authors?; in 15th National Computer Security Conference; pp. 641-650; Oct 1992.
Hsin Pan and Eugene H. Spafford; Towards Automatic Localization of Software Faults; in Proceedings of the 10th Pacific Northwest Software Quality Conference; pp. 192-209; Oct 1992.
Sandeep Kumar and Eugene H. Spafford; A Generic Virus Scanner in C++; in Proceedings of the 8th Computer Security Applications Conference; IEEE Press; pp. 210-219; Dec 1992.
Steve J. Chapin and Eugene H. Spafford; Constructing Distributed Schedulers Using the Messiahs Interface Language; in Proceedings of the 27th Hawaii International Conference on Systems and Software HICSS); IEEE Press; pp. 425-434, Vol. II; 1994.
Gene H. Kim and Eugene H. Spafford; Experiences With Tripwire: Using Integrity Checkers for Intrusion Detection; in Proceedings of the SANS III: System Administration, Networking, and Security Conference; Open Systems Board, SAGE and Usenix; Usenix Association; April 1994.
Gene H. Kim and Eugene H. Spafford; Writing, Supporting, and Evalutaing Tripwire: A Publically Available Security Tool; in Proceedings of the USENIX Unix Applications Development Symposium; Usenix Association; pp. 89-107; 1994.
Steve J. Chapin and Eugene H. Spafford; Support for Security in Distributed Systems Using MESSIAHS; in Proceedings of the National Computer Security Conference; pp. 339-447; Oct. 1994.
Sandeep Kumar and Eugene H. Spafford; A Pattern-Matching Model for Intrusion Detection; in Proceedings of the National Computer Security Conference; pp. 11-21; Oct. 1994.
Sandeep Kumar and Eugene H. Spafford; A Software Architecture to Support Misuse Intrusion Detection; in Proceedings of the 18th National Information Security Conference; pp. 194-204; Oct, 1995.
Ivan Krsul and Eugene H. Spafford; Authorship Analysis: Identifying the Author of a Program; in Proceedings of the 18th National Information Security Conference; Oct, 1995.
Mark Crosbie and Eugene H. Spafford; Genetic Programming Applied to Intrusion Detection; in Proceedings of the AAAI Genetic Programming Symposium; November 1995.
Mark Crosbie and Eugene H. Spafford; Evolving Event-Driven Programs; in Proceedings of the First Annual Conference on Genetic Programming; pp. 273-278; July 1996.
Taimur Aslam, Ivan Krsul and Eugene H. Spafford; A Taxonomy of Security Vulnerabilities; in Proceedings of the 19th National Information Systems Security Conference; pp. 551-560; Oct 1996.
Steve Lodin, Bryn Dole, and Eugene H. Spafford; Misplaced Trust: Kerberos 4 Random Session Keys; in Proceedings of Internet Society Symposium on Network and Distributed System Security; pp. 60-70; Feb 1997.
Christoph Schuba, Ivan Krsul, Markus G. Kuhn, Eugene H. Spafford, Aurobindo Sundaram, Diego Zamboni; Analysis of a Denial of Service Attack on TCP; in Proceedings of the 1997 IEEE Symposium on Security and Privacy; pp. 208-233; May 1997.
Hsin Pan, Richard A. DeMillo, and Eugene H. Spafford; Failure and Fault Analysis for Software Debugging; in Proceedings of COMPSAC 97; 1997.
Mohd A. Bashar, Ganesh Krishnan, Markus G. Kuhn, Eugene H. Spafford, and S. S. Wagstaff, Jr.; Low-Threat Security Patches and Tools; in Proceedings of the 1997 IEEE International Conference on Software Maintenance; pp. 306-313; Oct 1997.
Christoph Schuba and Eugene H. Spafford; A Reference Model for Firewall Technology; in Proceedings of the 13th IEEE Computer Security Applications Conference; pp. 133-145; Dec 1997.
Eugene H. Spafford and Diego Zamboni; AAFID: Autonomous Agents for Intrusion Detection; in Proceedings of the RAID'98 Workshop; September, 1998.
Jai Sundar Balasubramaniyan, Jose Omar Garcia-Fernandez, David Isacoff, Eugene H. Spafford, and Diego Zamboni; An Architecture for Intrusion Detection using Autonomous Agents; in Proceedings of the 14th IEEE Computer Security Applications Conference; pp. 13-24; Dec 1998.
Christoph Schuba and Eugene H. Spafford; Modeling Firewalls Using Hierarchical Colored Petri Nets; in NATO Symposium on Protecting Information Systems in the 21st Century; October 1999.
NSPW '00 Proceedings of the 2000 workshop on New security paradigms, 2001
Thomas E. Daniels and Eugene H. Spafford; Subliminal Traceroute in TCP/IP; in Proceedings of the National Information Systems Security Conference; Sep 2000.
Thomas E. Daniels, Benjamin A. Kuperman and Eugene H. Spafford; Penetration Analysis of XEROX Docucenter DC 230ST: Assessing the Security of a Multi-Purpose Office Machine; in Proceedings of the National Information Systems Security Conference; Sep 2000.
Florian Kerschbaum, Eugene H. Spafford and Diego Zamboni; Using embedded sensors for detecting network attacks; in Proceedings of the 1st ACM Workshop on Intrusion Detection Systems; Nov 2000.
Eugene H. Spafford and Diego Zamboni; Design and implementation issues for embedded sensors in intrusion detection; in Proceedings of the RAID'2000 Workshop; October, 2000.
Thomas E. Daniels and Eugene H. Spafford; A Network Audit System for Host-based Intrusion Detection (NASHID) in Linux; Proceedings of the 16th Annual Computer Security Applications Conference; Dec 2000.
Eugene H. Spafford; A Failure to Learn from the Past ; in Proceedings of the 19th Annual Computer Security Applications Conference; Dec 2003.
Eric Bryant, James Early, Rajeev Gopalakrishna, Gregory Roth, Eugene H. Spafford, Keith Watson, Paul Williams and Scott Yost; Poly2 Paradigm: A Secure Network Service Architecture; in Proceedings of the 19th Annual Computer Security Applications Conference; Dec 2003.
Brian Carrier and Eugene H. Spafford; An Event-Based Digital Forensic Investigation Framework; in Proceedings of the Digital Forensics Research Workshop; 2004.
Saurabh Bagchi, Bingrui Foo, Yu-Sung Wu, Yu-Chun Mao and Eugene H. Spafford; ADEPTS: Adaptive Intrusion Response using Attack Graphs in an E-Commerce Environment; in Proceedings of the DSN-DCC Symposium 2005; Yokohama, Japan; June 2005.
Paul D. Williams and Eugene H. Spafford; CuPIDS Enhances StUPIDS: Exploring a Coprocessing Paradigm Shift in Information System Security; in Proceedings of the IEEE Workshop on Information Assurance and Security; West Point, NY; June 2005.
X. Jiang, D. Xu, H. J. Wang, and E. H. Spafford; Virtual Playgrounds for Worm Behavior Investigation; in Procedings of the RAID 2005 Symposium; Seattle, WA; Sept 2005.
Brian Carrier and Eugene H. Spafford; Automated Digital Evidence Target Definition Using Outlier Analysis and Existing Evidence; in Proceedings of the Digital Forensics Research Workshop (DRFWS); Aug. 2005.
X. Jiang, A. Walters, F. Buchholz, D. Xu, Y. Wang, and E. H. Spafford; Provenance-Aware Tracing of Worm Break-ins and Contaminations: A Process Coloring Approach; in Proceedings of the IEEE International Conference on Distributed Computing Systems (ICDCS 2006); Lisbon, Portugal, July 2006.
Eugene H. Spafford; Some Challenges in Digital Forensics; in Research Advances in Digital Forensics – II – Proceedings of the IFIP Conference on Digital Forensics; Springer; Aug 2006.
Yu-Sung Wu, Bingrui Foo, Gaspar Modelo-Howard, Saurabh Bagchi, and Eugene H. Spafford; The Search for Efficiency in Automated Intrusion Response for Distributed Applications; Proceedings of the 27th IEEE Symposium on Reliable and Distributed Systems (SRDS 2008); October 2008; Napoli, Italy.
Fariborz Farahmand and Eugene H. Spafford; Insider Behavior: An Analysis of Decision under Risk; First International Workshop on Managing Insider Security Threats, International Federation for Information Processing (IFIP) International Conference on Trust Management, Jun 2009, Purdue University.
Brent Roth and Eugene H. Spafford; Implicit Buffer Overflow Protection Using Memory Segregation; ARES 2012 Conference; Aug 2011; Vienna, Austria.
Mohammed H. Almeshekah, Mikhail J. Atallah, and Eugene H. Spafford; Layering Authentication Channels to Provide Covert Communication; in Proceedings of the 21st International Workshop on Security Protocols; 2013; Springer-Verlag; Cambridge, England.
Mohammed Almeshekah and Eugene H. Spafford; The Case of Using Negative (Deceiving) Information in Data Protection; in Proceedings of the 9th Conference on Cyber Warfare and Security; pp. 235–244; 2014; West Lafayette, IN.
NSPW '14 Proceedings of the 2014 workshop on New Security Paradigms Workshop, 2014
Jeffrey Avery, Eugene H. Spafford, and Mohammed Almeshekah; Offensive Deception in Computing; Proceedings of the 12th Conference on Cyber Warfare and Security; pp. 23-31; 2017; Dayton, OH.
Jeffrey Avery and Eugene H. Spafford; Ghost Patches: Fake Patches for Fake Vulnerabilities; Proceedings of the 32nd International Conference on ICT Systems Security and Privacy Protection (IFIP SEC 2017); pp. 399-412; 2017; Rome, Italy.
Christopher N. Gutierrez, Mohammed Almeshekah, Saurabh Bagchi, and Eugene H. Spafford; A Hypergame Analysis for Ersatz Passwords; Proceedings of the 33rd International Conference on ICT Systems Security and Privacy Protection (IFIP SEC 2018); pp. 47-61; 2018; Poznan, Poland.
Other Selected Published Works
ACM SIGCSE Bulletin, 2004
ACM SIGCAS Computers and Society - Special Issue on Women in Computing, 2014
Communications of the ACM, 2016
Steve Furnell and Eugene H. Spafford; The Morris Worm at 30; IT NOW; v61(1); February 20, 2019; British Computer Society.