My curriculum vitae

Personal Information

First name:		Niels
Last name:		Provos
Nationality:		German
Office address:		Google Inc
			1600 Amphitheatre
			Mountain View, CA 94043
E-Mail:			provos (at) citi.umich.edu
			provos (at) monkey.org

Education

August 2003

Ph.D. in Computer Science & Engineering, University of Michigan, Ann Arbor, Michigan, USA.

Dissertation: "Statistical Steganalysis".
May 2000

Ph.D. candidate in Computer Science & Engineering, University of Michigan, Ann Arbor, Michigan, USA.
April 2000

Master of Science in Computer Science & Engineering, University of Michigan, Ann Arbor, Michigan, USA.
September 1998 - August 2003

Graduate student in Computer Science, PhD program, University of Michigan, Michigan, USA.

Academic Report: Current transcript.

Advisor: Peter Honeyman.
GPA: 8.685 on 9.00 scale.
August 1998

Diplom in Mathematics, Universität Hamburg, Hamburg, Germany. (Masters in Mathematics).

Thesis: "Cryptography, especially the RSA algorithm on elliptic curves and Z/nZ".
March 1995

Vordiplom in Mathematics, Universität Hamburg, Hamburg, Germany.

Vordiplom in Physics, Universität Hamburg, Hamburg, Germany.
October 1992 - August 1998

Physics and Mathematics student, Universität Hamburg, Hamburg, Germany.
May 1992

Certificate in Latin, Großes Latinum, Leibniz Gymnasium, Bad Schwartau, Germany.

General Certificate of Education, Abitur, Leibniz Gymnasium, Bad Schwartau, Germany.
August 1983 - May 1992

Grammar school, Leibniz Gymnasium, Bad Schwartau, Germany.

Experience

August 2003 - present

Senior Staff Software Engineer, Google, Inc., USA.
September 1998 - August 2003

Research Assistant for the Center of Information Technology Integration, University of Michigan, USA.
August 1998

ISAKMP/Oakley (IKE) development for Ericsson Radio Systems AB, Sweden.
September 1997

Development of an Epidemic Control System for the Institute of Epidemic Control of the federal state Schleswig-Holstein, Germany.
February 1997 - August 2002

Part-time developer for the OpenBSD project: IPSEC, Key management (photuris, isakmpd), TCP/IP, OpenSSH, ...
August 1996 - August 1998

LuGrid development, a graphical information system, for the the Department of Agricultural Examiniation and Research of the federal state Schleswig-Holstein, Germany.
August 1993 - July 1998

Student System Administrator for UNIX and VMS cluster, responsibilites i.a. network security, Physics Department, Universität Hamburg, Germany.
February 1993 - June 1993

Assisting Scientist at the Department of Oceanography, Universität Hamburg, Germany.
July 1991 - August 1996

Development of database and statistical evaluation tools for the Medical Service for Health Insurances, Schleswig-Holstein, Germany.
August 1990 - June 1991

Software Development for Dräger, Electronic Patient Monitoring.

Technical Skills and Areas of Interest

Network Security and Protocols

Knowledge in network protocols and techniques, especially network security and cryptography.

Advisories: "A simple TCP spoofing attack", "BIND Vulnerabilities and Solutions".
Operating Systems

Knowledge in operating system theory and research, especially security and performance for network intensive applications.

Linux kernel development as part of the Linux Scalability: scaling of network I/O, poll()/select() improvements.
Number Theory and Cryptography

Knowledge in the theory of numbers, finite fields and their relation to cryptography. Diploma thesis about elliptic curve cryptography. Steganography, some of my work resulted in OutGuess, a system for practical steganography.
Miscellaneous

Knowledge of many UNIX-like operating systems: AIX, Linux, *BSD, Solaris, ... as well as VMS and others.

Programming experience in: C, Perl, Pascal, C++, 680x0 assembly, and many other more esoteric ones.

*BSD development: IPSEC and Key Management (photurisd, isakmpd), TCP/IP SACK and New Reno fast recovery, OpenSSH (press release), ...

Compiler backend optimizations, esp. partial redundancy elimination.

Publications

Search Worms

Niels Provos, Joe McClain, Ke Wang, ACM WORM Workshop, November 2006.
"Cookies Along Trust-Boundaries (CAT): Accurate and Deployable Flood Protection"

Martin Casado, Aditya Akella, Pei Cao, Niels Provos, Scott Shenker, SRUTI, July 2006.
Flow Cookies: Using Bandwidth Amplification to Defend Against DDoS Flooding Attacks

Martin Casado, Pei Cao, Aditya Akella and Niels Provos, IWQoS 2006 (short paper). To Appear.
Data Reduction for the Scalable Automated Analysis of Distributed Darknet Traffic

Michael Bailey, Evan Cooke, Farnam Jahanian, Niels Provos, Karl Rosaen, and David Watson, 2005 Internet Measurement Conference (IMC 2005) Berkeley, California October, 2005
A Virtual Honeypot Framework

Niels Provos, 13th USENIX Security Symposium, San Diego, CA, August 2004.

(An earlier version of this paper is available as CITI Technical Report 03-1)
Improving Host Security with System Call Policies

Niels Provos, 12th USENIX Security Symposium, Washington, DC, August 2003.

(An earlier version of this paper is available as CITI Technical Report 02-3)
Preventing Privilege Escalation

Niels Provos, Markus Friedl and Peter Honeyman, 12th USENIX Security Symposium, Washington, DC, August 2003.

(An earlier version of this paper is available as CITI Technical Report 02-2)
Detecting Steganographic Content on the Internet

Niels Provos and Peter Honeyman, ISOC NDSS'02, San Diego, CA, February 2002. [pdf]

(An earlier version of this paper is available as CITI Technical Report 01-11: [ps.gz] [pdf].)
ScanSSH - Scanning the Internet for SSH Servers

Niels Provos and Peter Honeyman, 16th USENIX Systems Administration Conference (LISA). San Diego, CA, December 2001. [pdf]
Defending Against Statistical Steganalysis

Niels Provos, 10th USENIX Security Symposium. Washington, DC, August 2001.

(An earlier version of this paper is available as CITI Technical Report 01-4)
Analyzing the Overload Behavior of a Simple Web Server

Niels Provos, Chuck Lever and Stephen Tweedie, 4th Annual Linux Showcase & Conference. Atlanta, GA, October 2000.

(Also available as "CITI Technical Report 00-7")
Encrypting Virtual Memory

Niels Provos. 9th USENIX Security Symposium. Denver, CO, August 2000.

(Also available as "CITI Technical Report 00-3") [ps]
Scalable Network I/O in Linux

Niels Provos and Chuck Lever. USENIX 2000 Technical Conference, Freenix Track. San Diego, CA, June 2000.

(Also available as "CITI Technical Report 00-4") [ps]
The Linux Scalability Project

Peter Honeyman, Chuck E. Lever, Stephen Molloy, and Niels Provos. NLUUG Najaarsconerentie 1999, Netherlands, November 1999.

(Also available as "CITI Technical Report 99-4")
Cryptography in OpenBSD: An Overview

Theo de Raadt, Niklas Hallqvist, Artur Grabowski, Angelos D. Keromytis, and Niels Provos. USENIX '99, Freenix Track. Monterey, CA, June 1999.
A Future-Adaptable Password Scheme (the electronic version)

Niels Provos and David Mazières. USENIX '99, Freenix Track. Monterey, CA, June 1999. From http://www.usenix.org/events/usenix99/provos.html. [ps]

Note: If you cite this paper, please cite it as the electronic version and include the USENIX URL. USENIX accidently printed our printer test document in the proceedings.

Additional Publications

Diffie-Hellman Group Exchange for the SSH Transport Layer Protocol

Markus Friedl, Niels Provos and William A. Simpson, Request For Comments (RFC 4419), March 2006.
Firewall

Niels Provos, Encyclopedia of Information Security, pages to appear, Kluwer 2003.
Hide and Seek: An Introduction to Steganography

Niels Provos and Peter Honeyman, IEEE Security & Privacy Magazine, May/June 2003.
Honeyd - A VirtualHoneypot Daemon (Extended Abstract) [ps]

Niels Provos, 10th DFN-CERT Workshop, Hamburg, Germany, Feburary 2003.
Systrace - A tightly locked jail of legitimate system calls

Marius A. Eriksen and Niels Provos, Linux Magazine, February 2003.
Enges Korsett: Systrace setzt Regeln für erlaubte Systemaufrufe durch

Marius A. Eriksen and Niels Provos, Linux Magazin, January 2003.
The Use of HMAC-RIPEMD-160-96 within ESP and AH

Angelos D. Keromytis and Niels Provos. Request for Comments (RFC 2857), June 2000.

Technical Reports/Work in Progress

A Hybrid Honeypot Architecture for Scalable Network Monitoring

CSE-TR-499-04. October, 2004.
Probabilistic Methods for Improving Information Hiding

Niels Provos, CITI Technical Report 01-1, January 2001.

Talks and Presentations

"Search Worms", ACM WORM 2006 Washington, DC, November 2006.

"Search Worms", SPAR Seminar Johns Hopkins, Baltimore, MD, November 2006.

"Google Safe Browsing", TIPPI Workshop, Stanford, CA, June 2006.

"Honeyd Virtual Honeypots and Their Applications", NoAH Workshop, Catania, Italy, May 2006.

"Limits of Virtualization", Panel Discussion, NDSS 2006, San Diego, February 2006.

"Honeyd Virtual Honeypots and Their Applications", Five-College Speaker Series on Information Assurance, Amherst, MA, December 2005.

"Honeyd Virtual Honeypots and Their Applications", Computer Science Colloquium, Perdue, IN, September 2005.

"A Virtual Honeypot Framework", Colloquium, Sonoma State University, CA, March 2005.

"Google: A Computer Scientist's Playground", Seminar, University of Michigan, Ann Arbor, MI, October 2004.

"The Honeyd Honeypot", DoD Honeygrid Techexchange, Washington, DC, August 2004.

"A Virtual Honeypot Framework", 13th USENIX Security Symposium, San Diego, CA, August 2004.
"Honeyd - A Virtual Honeypot Framework", Security Workshop - Pervasive Technology Lab, Indiana University, Bloomington, IN, June 2004.
"Honeyd - A Virtual Honeypot Framework", CESG, Cheltenham, UK, March 2004.
"Systrace - Improving Host Security with System Call Policies", Apple, Cupertino, CA, December 2003.
"Honeyd - A Virtual Honeypot Framework", Palo Alto Research Center, Palo Alto, CA, December 2003.
"Honeyd - A Virtual Honeypot Framework", Stanford Security Seminar, Palo Alto, CA, November 2003.
"Improving Host Security with System Call Policies", USENIX Security Symposium, Washington, DC, August 2003.
"Preventing Privilege Escalation", USENIX Security Symposium, Washington, DC, August 2003.
"The Honeynet Project - Virtual Honeypots", Lockdown, University of Wisconsin, Madison, July 2003.
"Libevent - An Event Notification Library", Libre Software Meeting, Metz, France, July 2003.
"Honeyd - A Virtual Honeypot Daemon", UW MSRT CMU Software Security Institute, June 2003.
"The Practice of Steganalysis", Seminar, UCSD, San Diego, CA, March 2003.
"Honeyd - A Virtual Honeypot Daemon", 10th DFN-CERT Workshop, Hamburg, Germany, February 2003.
"Honeyd - Virtual Honeypots", Libre Software Meeting, Bordeaux, France, July 2002.
"Systrace - Interactive Policy Generation for System Calls", Libre Software Meeting, Bordeaux, France, July 2002.
"Detecting Steganographic Content on the Internet", Communication Security Establishment, Ottawa, ON, May 2002.
"Virtual Honeypots and Hidden Content on the Internet", CanSecWest, Core02, Vancouver, BC, May 2002.
"Detecting Steganographic Content on the Internet", Columbia Networking Research Center, Columbia University, New York, NY, February 2002.
"Detecting Steganographic Content on the Internet", Network and Distributed System Security Symposium, San Diego, CA, February 2002.
"ScanSSH - Scanning the Internet for SSH Servers", USENIX LISA, San Diego, CA, December 2001.
"Detecting Steganographic Content on the Internet", CSL EE380 Colloquium, Stanford University, Palo Alto, CA, November 2001.
"Detecting Steganographic Content on the Internet", USENIX Security Symposium, Washington, DC, August 2001.
"Detecting Steganographic Content on the Internet", Hackers At Large, University of Twente, Netherlands, August 2001.
"Defeating Statistical Steganalysis", LCS Applied Security Reading Group, MIT, Boston, March 2001.
"The IPSec Architecture in OpenBSD", IPSEC 2000, Paris, October 2000.
"Analyzing the Overload Behavior of a Simple Web Server", Atlanta Linux Showcase, Atlanta, October 2000.
"Encrypting Virtual Memory", USENIX Security Symposium, Denver, August 2000.
"Scalable Network I/O in Linux", USENIX Technical Conference, Freenix Track, San Diego, June 2000.
"Encrypted Backing Store", UM ACM computer security seminar series, April 2000.
"OutGuess - Practical Steganography", UM ACM computer security seminar series, November 1999.
"A Future-Adaptable Password Scheme", USENIX Technical Conference, Freenix Track, Monterey, June 1999.
"An overview of the OpenBSD project", Dug Song and Niels Provos, ACM Tech Luncheon, University of Michigan, April 1999.
"TCP/IP Security", workshop, Hacking in Progress, Netherlands, August 1997.

Teaching

Teaching Assistant, EECS 598-1 Cryptography and Network Security, University of Michigan, Winter 2001.

Released Software

Disconcert - a distributed computing framework for loosely-coupled workstations, part of the steganography detection framework. Released in January, 2003.
Systrace - fine-grained confinement for multiple applications with multiple policies and interactive policy generation. Released in May, 2002.
Honeyd - a small daemon for creating virtual honeypots. Released in April, 2002.
Privilege Separated OpenSSH - use privilege separation to contain unknown programming errors in a completely unprivileged process. Released in March, 2002.
Crawl - a small and efficient HTTP crawler that saves images it encounters. Released in June, 2001.
Vomit - voice over misconfigured internet telephones - an VoIP debugging tool. Released in June, 2001.
Stegdetect - a steganography detection framework. Released in April, 2001.
libevent - an event notification library. Released in November, 2000.
ScanSSH - an efficient SSH server version scanner. Released in September, 2000.
OutGuess - a steganography tool for the JPEG image format that performs statistical corrections to avoid detection. Released in November, 1999.

Board of Directors

Director, USENIX Organization, elected by popular vote, 2 year term: 2006-20 08.

Program Committees

Program Chair, 1st Workshop on Hot Topics in Understanding Botnets (HotBots 2007)
Program Chair, 16th USENIX Security Symposium (2007)
Program Committee, WORM Workshop (2006).
Program Committee, ACM SIGCOMM Workshop on Large-Scale Attack Defense (LSAD 2006)
Program Committee, 2nd Steps to Reducing Unwanted Traffic on the Internet Workshop (SRUTI 2006)
Program Committee, 15th USENIX Security Symposium (2006).
Program Committee, 13th Annual Network and Distributed System Security Symposium (NDSS 2006).
Program Committee, WORM Workshop (2005).
Program Committee, Applied Cryptography and Network Security (2005).
Program Committee, IEEE Symposium on Security and Privacy (2005).
Program Committee, 14th USENIX Security Symposium (2005).
Program Committee, 14th International World Wide Web Conference (WWW2005), Security and Privacy track.
Program Committee Chair, USENIX 2005 Freely Distributable Software Track (FREENIX).
Program Committee, 12th Annual Network and Distributed System Security Symposium (NDSS 2005).
Program Committee, 11th ACM Computer and Commmunications Security, Industry Track (2004).
Program Committee, 13th USENIX Security Symposium (2004).
Program Committee, 13th International World Wide Web Conference (WWW2004), Security and Privacy track.
Program Committee, 12th DFN-CERT Workshop (2004), Hamburg, Germany.
Co-chair, Security track, RMLL 2003.
Program Committee, 12th USENIX Security Symposium (2003).
Program Committee, USENIX 2002 Freely Distributable Software Track (FREENIX).
Program Committee, USENIX 2000 Freely Distributable Software Track (FREENIX).

Awards

Rackham Predoctoral Fellowship, University of Michigan, 2002.
Distinguished Achievement Award in Computer Science, University of Michigan, 2002.

Affiliations

USENIX Advanced Computing Systems Association.
International Association for Cryptologic Research (IACR).
Internet Engineering Task Force (IETF): Secure Shell Working Group (SECSH).
The Honeynet Project.