Personal Information

First name:		Niels
Last name:		Provos
Nationality:		German
Office address:		Google Inc
			1600 Amphitheatre
			Mountain View, CA 94043
E-Mail:			provos (at) citi.umich.edu
			provos (at) monkey.org

Education

• August 2003

  Ph.D. in Computer Science & Engineering, University of Michigan, Ann Arbor, Michigan, USA.

  Dissertation: "Statistical Steganalysis".

• May 2000

  Ph.D. candidate in Computer Science & Engineering, University of Michigan, Ann Arbor, Michigan, USA.

• April 2000

  Master of Science in Computer Science & Engineering, University of Michigan, Ann Arbor, Michigan, USA.

• September 1998 - August 2003

  Graduate student in Computer Science, PhD program, University of Michigan, Michigan, USA.

  Academic Report: Current transcript.

  Advisor: Peter Honeyman.

  GPA: 8.685 on 9.00 scale.

• August 1998

  Diplom in Mathematics, Universität Hamburg, Hamburg, Germany. (Masters in Mathematics).

  Thesis: "Cryptography, especially the RSA algorithm on elliptic curves and Z/nZ".

• March 1995

  Vordiplom in Mathematics, Universität Hamburg, Hamburg, Germany.

  Vordiplom in Physics, Universität Hamburg, Hamburg, Germany.

• October 1992 - August 1998

  Physics and Mathematics student, Universität Hamburg, Hamburg, Germany.

• May 1992

  Certificate in Latin, Großes Latinum, Leibniz Gymnasium, Bad Schwartau, Germany.

  General Certificate of Education, Abitur, Leibniz Gymnasium, Bad Schwartau, Germany.

• August 1983 - May 1992

  Grammar school, Leibniz Gymnasium, Bad Schwartau, Germany.

Experience

• August 2003 - present

  Principal Software Engineer, Google, Inc., USA.

• September 1998 - August 2003

  Research Assistant for the Center of Information Technology Integration, University of Michigan, USA.

• August 1998

  ISAKMP/Oakley (IKE) development for Ericsson Radio Systems AB, Sweden.

• September 1997

  Development of an Epidemic Control System for the Institute of Epidemic Control of the federal state Schleswig-Holstein, Germany.

• February 1997 - August 2002

  Part-time developer for the OpenBSD project: IPSEC, Key management (photuris, isakmpd), TCP/IP, OpenSSH, ...

• August 1996 - August 1998

  LuGrid development, a graphical information system, for the the Department of Agricultural Examiniation and Research of the federal state Schleswig-Holstein, Germany.

• August 1993 - July 1998

  Student System Administrator for UNIX and VMS cluster, responsibilites i.a. network security, Physics Department, Universität Hamburg, Germany.

• February 1993 - June 1993

  Assisting Scientist at the Department of Oceanography, Universität Hamburg, Germany.

• July 1991 - August 1996

  Development of database and statistical evaluation tools for the Medical Service for Health Insurances, Schleswig-Holstein, Germany.

• August 1990 - June 1991

  Software Development for Dräger, Electronic Patient Monitoring.

Technical Skills and Areas of Interest

• Network Security and Protocols

  Knowledge in network protocols and techniques, especially network security and cryptography.

  Advisories: "A simple TCP spoofing attack", "BIND Vulnerabilities and Solutions".

• Operating Systems

  Knowledge in operating system theory and research, especially security and performance for network intensive applications.

  Linux kernel development as part of the Linux Scalability: scaling of network I/O, poll()/select() improvements.

• Number Theory and Cryptography

  Knowledge in the theory of numbers, finite fields and their relation to cryptography. Diploma thesis about elliptic curve cryptography. Steganography, some of my work resulted in OutGuess, a system for practical steganography.

• Miscellaneous

  Knowledge of many UNIX-like operating systems: AIX, Linux, *BSD, Solaris, ... as well as VMS and others.

  Programming experience in: C, Perl, Pascal, C++, 680x0 assembly, and many other more esoteric ones.

  *BSD development: IPSEC and Key Management (photurisd, isakmpd), TCP/IP SACK and New Reno fast recovery, OpenSSH (press release), ...

  Compiler backend optimizations, esp. partial redundancy elimination.

• All Your iFrames Point to Us

  Niels Provos, Panayiotis Mavrommatis, Moheeb Rajab and Fabian Monrose, 17th USENIX Security Symposium, August 2008.

• To Catch a Predator: A Natural Language Approach for Eliciting Protocol Interaction

  Sam Small, Joshua Mason, Fabian Monrose, Niels Provos and Adam Stubblefield, 17th USENIX Security Symposium, August 2008.

• Peeking Through the Cloud

  Moheeb Abu Rajab, Fabian Monrose, Andreas Terzis, Niels Provos, 6th Conference on Applied Cryptography and Network Security (ACNS 2008).

• Corrupted DNS Resolution Paths: The Rise of a Malicious Resolution Authority

  David Dagon, Niels Provos, Chris Lee, and Wenke Lee, ISOC NDSS'08, February 2008.

• A Framework for Detection and Measurement of Phishing Attacks

  Sujata Garea, Niels Provos, Monica Chew and Aviel D. Rubin, 5th ACM Workshop on Recurring Malcode (WORM 2007), November 2007.

• The Ghost in the Browser: Analysis of Web-based Malware

  Niels Provos, Dean McNamee, Panayiotis Mavrommatis, Ke Wang, and Nagendra Modadugu, USENIX Workshop on Hot Topics in Understanding Botnets, April 2007.

• Search Worms

  Niels Provos, Joe McClain, Ke Wang, ACM WORM Workshop, November 2006.

• Cookies Along Trust-Boundaries (CAT): Accurate and Deployable Flood Protection

  Martin Casado, Aditya Akella, Pei Cao, Niels Provos, Scott Shenker, SRUTI, July 2006.

• Flow Cookies: Using Bandwidth Amplification to Defend Against DDoS Flooding Attacks

  Martin Casado, Pei Cao, Aditya Akella and Niels Provos, IWQoS 2006 (short paper).

• Data Reduction for the Scalable Automated Analysis of Distributed Darknet Traffic

  Michael Bailey, Evan Cooke, Farnam Jahanian, Niels Provos, Karl Rosaen, and David Watson, 2005 Internet Measurement Conference (IMC 2005) Berkeley, California October, 2005

• A Virtual Honeypot Framework

  Niels Provos, 13th USENIX Security Symposium, San Diego, CA, August 2004.

  (An earlier version of this paper is available as CITI Technical Report 03-1)

• Improving Host Security with System Call Policies

  Niels Provos, 12th USENIX Security Symposium, Washington, DC, August 2003.

  (An earlier version of this paper is available as CITI Technical Report 02-3)

• Preventing Privilege Escalation

  Niels Provos, Markus Friedl and Peter Honeyman, 12th USENIX Security Symposium, Washington, DC, August 2003.

  (An earlier version of this paper is available as CITI Technical Report 02-2)

• Detecting Steganographic Content on the Internet

  Niels Provos and Peter Honeyman, ISOC NDSS'02, San Diego, CA, February 2002. [pdf]

  (An earlier version of this paper is available as CITI Technical Report 01-11: [ps.gz] [pdf].)

• ScanSSH - Scanning the Internet for SSH Servers

  Niels Provos and Peter Honeyman, 16th USENIX Systems Administration Conference (LISA). San Diego, CA, December 2001. [pdf]

• Defending Against Statistical Steganalysis

  Niels Provos, 10th USENIX Security Symposium. Washington, DC, August 2001.

  (An earlier version of this paper is available as CITI Technical Report 01-4)

• Analyzing the Overload Behavior of a Simple Web Server

  Niels Provos, Chuck Lever and Stephen Tweedie, 4th Annual Linux Showcase & Conference. Atlanta, GA, October 2000.

  (Also available as "CITI Technical Report 00-7")

• Encrypting Virtual Memory

  Niels Provos. 9th USENIX Security Symposium. Denver, CO, August 2000.

  (Also available as "CITI Technical Report 00-3") [ps]

• Scalable Network I/O in Linux

  Niels Provos and Chuck Lever. USENIX 2000 Technical Conference, Freenix Track. San Diego, CA, June 2000.

  (Also available as "CITI Technical Report 00-4") [ps]

• The Linux Scalability Project

  Peter Honeyman, Chuck E. Lever, Stephen Molloy, and Niels Provos. NLUUG Najaarsconerentie 1999, Netherlands, November 1999.

  (Also available as "CITI Technical Report 99-4")

• Cryptography in OpenBSD: An Overview

  Theo de Raadt, Niklas Hallqvist, Artur Grabowski, Angelos D. Keromytis, and Niels Provos. USENIX '99, Freenix Track. Monterey, CA, June 1999.

• A Future-Adaptable Password Scheme (the electronic version)

  Niels Provos and David Mazières. USENIX '99, Freenix Track. Monterey, CA, June 1999. From http://www.usenix.org/events/usenix99/provos.html. [ps]

  Note: If you cite this paper, please cite it as the electronic version and include the USENIX URL. USENIX accidently printed our printer test document in the proceedings.

Additional Publications

• Virtual Honeypots: From Botnet Tracking to Intrusion Detection

  Niels Provos and Thorsten Holz, Addison Wesley, July 2007.

• Diffie-Hellman Group Exchange for the SSH Transport Layer Protocol

  Markus Friedl, Niels Provos and William A. Simpson, Request For Comments (RFC 4419), March 2006.

• Firewall

  Niels Provos, Encyclopedia of Information Security, pages to appear, Kluwer 2003.

• Hide and Seek: An Introduction to Steganography

  Niels Provos and Peter Honeyman, IEEE Security & Privacy Magazine, May/June 2003.

• Honeyd - A VirtualHoneypot Daemon (Extended Abstract) [ps]

  Niels Provos, 10th DFN-CERT Workshop, Hamburg, Germany, Feburary 2003.

• Systrace - A tightly locked jail of legitimate system calls

  Marius A. Eriksen and Niels Provos, Linux Magazine, February 2003.

• Enges Korsett: Systrace setzt Regeln für erlaubte Systemaufrufe durch

  Marius A. Eriksen and Niels Provos, Linux Magazin, January 2003.

• The Use of HMAC-RIPEMD-160-96 within ESP and AH

  Angelos D. Keromytis and Niels Provos. Request for Comments (RFC 2857), June 2000.

Technical Reports/Work in Progress

• A Hybrid Honeypot Architecture for Scalable Network Monitoring

  CSE-TR-499-04. October, 2004.

• Probabilistic Methods for Improving Information Hiding

  Niels Provos, CITI Technical Report 01-1, January 2001.

• "All Your iFrame are Point to Us", USENIX Security 2008, San Jose, CA, July 2008.
• "All Your iFrame are Point to Us", Yahoo Security Group, Sunnyvale, CA, July 2008.
• "The Ghost in the Browser: Analysis of Web-based Malware", OWASP, Palo Alto, CA, December 2007.
• "The Ghost in the Browser: Analysis of Web-based Malware", Stanford Security Seminar, Palo Alto, CA, September 2007.
• "The Ghost in the Browser: Analysis of Web-based Malware", USENIX Hot Topics in Understanding Botnets Cambridge, MA, April 2007.
• "Search Worms", ACM WORM 2006 Washington, DC, November 2006.
• "Search Worms", SPAR Seminar Johns Hopkins, Baltimore, MD, November 2006.
• "Google Safe Browsing", TIPPI Workshop, Stanford, CA, June 2006.
• "Honeyd Virtual Honeypots and Their Applications", NoAH Workshop, Catania, Italy, May 2006.
• "Limits of Virtualization", Panel Discussion, NDSS 2006, San Diego, February 2006.
• "Honeyd Virtual Honeypots and Their Applications", Five-College Speaker Series on Information Assurance, Amherst, MA, December 2005.
• "Honeyd Virtual Honeypots and Their Applications", Computer Science Colloquium, Perdue, IN, September 2005.
• "A Virtual Honeypot Framework", Colloquium, Sonoma State University, CA, March 2005.
• "Google: A Computer Scientist's Playground", Seminar, University of Michigan, Ann Arbor, MI, October 2004.
• "The Honeyd Honeypot", DoD Honeygrid Techexchange, Washington, DC, August 2004.
• "A Virtual Honeypot Framework", 13th USENIX Security Symposium, San Diego, CA, August 2004.
• "Honeyd - A Virtual Honeypot Framework", Security Workshop - Pervasive Technology Lab, Indiana University, Bloomington, IN, June 2004.
• "Honeyd - A Virtual Honeypot Framework", CESG, Cheltenham, UK, March 2004.
• "Systrace - Improving Host Security with System Call Policies", Apple, Cupertino, CA, December 2003.
• "Honeyd - A Virtual Honeypot Framework", Palo Alto Research Center, Palo Alto, CA, December 2003.
• "Honeyd - A Virtual Honeypot Framework", Stanford Security Seminar, Palo Alto, CA, November 2003.
• "Improving Host Security with System Call Policies", USENIX Security Symposium, Washington, DC, August 2003.
• "Preventing Privilege Escalation", USENIX Security Symposium, Washington, DC, August 2003.
• "The Honeynet Project - Virtual Honeypots", Lockdown, University of Wisconsin, Madison, July 2003.
• "Libevent - An Event Notification Library", Libre Software Meeting, Metz, France, July 2003.
• "Honeyd - A Virtual Honeypot Daemon", UW MSRT CMU Software Security Institute, June 2003.
• "The Practice of Steganalysis", Seminar, UCSD, San Diego, CA, March 2003.
• "Honeyd - A Virtual Honeypot Daemon", 10th DFN-CERT Workshop, Hamburg, Germany, February 2003.
• "Honeyd - Virtual Honeypots", Libre Software Meeting, Bordeaux, France, July 2002.
• "Systrace - Interactive Policy Generation for System Calls", Libre Software Meeting, Bordeaux, France, July 2002.
• "Detecting Steganographic Content on the Internet", Communication Security Establishment, Ottawa, ON, May 2002.
• "Virtual Honeypots and Hidden Content on the Internet", CanSecWest, Core02, Vancouver, BC, May 2002.
• "Detecting Steganographic Content on the Internet", Columbia Networking Research Center, Columbia University, New York, NY, February 2002.
• "Detecting Steganographic Content on the Internet", Network and Distributed System Security Symposium, San Diego, CA, February 2002.
• "ScanSSH - Scanning the Internet for SSH Servers", USENIX LISA, San Diego, CA, December 2001.
• "Detecting Steganographic Content on the Internet", CSL EE380 Colloquium, Stanford University, Palo Alto, CA, November 2001.
• "Detecting Steganographic Content on the Internet", USENIX Security Symposium, Washington, DC, August 2001.
• "Detecting Steganographic Content on the Internet", Hackers At Large, University of Twente, Netherlands, August 2001.
• "Defeating Statistical Steganalysis", LCS Applied Security Reading Group, MIT, Boston, March 2001.
• "The IPSec Architecture in OpenBSD", IPSEC 2000, Paris, October 2000.
• "Analyzing the Overload Behavior of a Simple Web Server", Atlanta Linux Showcase, Atlanta, October 2000.
• "Encrypting Virtual Memory", USENIX Security Symposium, Denver, August 2000.
• "Scalable Network I/O in Linux", USENIX Technical Conference, Freenix Track, San Diego, June 2000.
• "Encrypted Backing Store", UM ACM computer security seminar series, April 2000.
• "OutGuess - Practical Steganography", UM ACM computer security seminar series, November 1999.
• "A Future-Adaptable Password Scheme", USENIX Technical Conference, Freenix Track, Monterey, June 1999.
• "An overview of the OpenBSD project", Dug Song and Niels Provos, ACM Tech Luncheon, University of Michigan, April 1999.
• "TCP/IP Security", workshop, Hacking in Progress, Netherlands, August 1997.

Teaching

• Teaching Assistant, EECS 598-1 Cryptography and Network Security, University of Michigan, Winter 2001.

Released Software

• dnsscan - a fast scanner for identifying open recursive dns resolvers
• SpyBye - helps web masters determine if their web pages have been compromised and install malware. Released in Feburary, 2007.
• Disconcert - a distributed computing framework for loosely-coupled workstations, part of the steganography detection framework. Released in January, 2003.
• Systrace - fine-grained confinement for multiple applications with multiple policies and interactive policy generation. Released in May, 2002.
• Honeyd - a small daemon for creating virtual honeypots. Released in April, 2002.
• Privilege Separated OpenSSH - use privilege separation to contain unknown programming errors in a completely unprivileged process. Released in March, 2002.
• Crawl - a small and efficient HTTP crawler that saves images it encounters. Released in June, 2001.
• Vomit - voice over misconfigured internet telephones - an VoIP debugging tool. Released in June, 2001.
• Stegdetect - a steganography detection framework. Released in April, 2001.
• libevent - an event notification library. Released in November, 2000.
• ScanSSH - an efficient SSH server version scanner. Released in September, 2000.
• OutGuess - a steganography tool for the JPEG image format that performs statistical corrections to avoid detection. Released in November, 1999.

Board of Directors

• Director, USENIX Organization, elected by popular vote, 2 year term: 2008-2010.
• Director, USENIX Organization, elected by popular vote, 2 year term: 2006-2008.

Program Committees

• Program Committee, 17th Annual Network and Distributed System Security Symposium (NDSS 2010).
• Program Committee, 18th USENIX Security Symposium (2009)
• Program Committee, 2009 USENIX Annual Technical Conference (ATC 2009).
• Program Committee, 16th Annual Network and Distributed System Security Symposium (NDSS 2009).
• Program Committee, 2nd USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET '09)
• Program Committee, ACM Web 2.0 Security & Privacy Workshop (W2SP 2008)
• Program Committee, ACM SIGCOMM (SIGCOMM 2008)
• Program Chair, 3rd Workshop on Hot Topics in Security (HotSec 2008).
• Program Committee, 1st USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET '08)
• Program Committee, 1st EuroSec Workshop (EuroSec 2008)
• Program Committee, Internet Measurement Conference (IMC 2008)
• Program Committee, IEEE Symposium on Security and Privacy (2008).
• Program Committee, 15th Annual Network and Distributed System Security Symposium (NDSS 2008).
• Program Committee, 1st Workshop On Offensive Technologies (2007)
• Program Committee, 2nd HotSec Workshop (2007)
• Program Committee, Internet Measurement Conference (IMC 2007)
• Program Committee, ACM SIGCOMM Workshop on Large-Scale Attack Defense (LSAD 2007)
• Program Chair, 1st Workshop on Hot Topics in Understanding Botnets (HotBots 2007)
• Program Chair, 16th USENIX Security Symposium (2007)
• Program Committee, WORM Workshop (2006).
• Program Committee, ACM SIGCOMM Workshop on Large-Scale Attack Defense (LSAD 2006)
• Program Committee, 2nd Steps to Reducing Unwanted Traffic on the Internet Workshop (SRUTI 2006)
• Program Committee, 15th USENIX Security Symposium (2006).
• Program Committee, 13th Annual Network and Distributed System Security Symposium (NDSS 2006).
• Program Committee, WORM Workshop (2005).
• Program Committee, Applied Cryptography and Network Security (2005).
• Program Committee, IEEE Symposium on Security and Privacy (2005).
• Program Committee, 14th USENIX Security Symposium (2005).
• Program Committee, 14th International World Wide Web Conference (WWW2005), Security and Privacy track.
• Program Committee Chair, USENIX 2005 Freely Distributable Software Track (FREENIX).
• Program Committee, 12th Annual Network and Distributed System Security Symposium (NDSS 2005).
• Program Committee, 11th ACM Computer and Commmunications Security, Industry Track (2004).
• Program Committee, 13th USENIX Security Symposium (2004).
• Program Committee, 13th International World Wide Web Conference (WWW2004), Security and Privacy track.
• Program Committee, 12th DFN-CERT Workshop (2004), Hamburg, Germany.
• Co-chair, Security track, RMLL 2003.
• Program Committee, 12th USENIX Security Symposium (2003).
• Program Committee, USENIX 2002 Freely Distributable Software Track (FREENIX).
• Program Committee, USENIX 2000 Freely Distributable Software Track (FREENIX).

Thesis Committees

• Ke Wang, Columbia University, 2006.
• Angelos Stavrou, Columbia University, 2007.
• Moheeb Rajab, Johns Hopkins University, 2008.

Awards

• Rackham Predoctoral Fellowship, University of Michigan, 2002.
• Distinguished Achievement Award in Computer Science, University of Michigan, 2002.