Articles
I'm
(with Alan F. Westin), “Security and Privacy – Made Simpler”, www.bbb.org/securityandprivacy, March 2006.
with Kim Lawson and Jeremy Blum)“Trust Beyond Security: an Expanded Trust Model”, Communications of the ACM, July 2006, vol. 9, no. 7, pp. 95-101.
(with Tim Rosenberg) "Taking Networks on the Road: Portable Solutions for Security Educators," IEEE Security & Privacy, January-February 2006, pp. 64-67.
(with Ronald Dodge, Timothy Rosenberg, and Dan Ragsdale) “Exploring a National Cyber Security Exercise for Universities”, IEEE Security & Privacy, vol. 3, no. 5, September/October 2005, pp. 27-33.
(with J. Blum and A. Eskandarian), “Challenges of Inter-Vehicle Ad hoc Networks”, IEEE Trans. On Intelligent Transportation Systems 5(4), pp. 347-351.
21 March 2003, Government Pattern Analysis: Securing Terrorists While Preserving Privacy?, Advisory Committee to Congressional Internet Caucus, Washington, DC
with Cynthia Cicalese, Janine DeWitt, and Timothy Rosenberg) “An Integrated Approach to Computer Security Instruction Using Case Study Modules and a Portable Network Laboratory”, Proc. 4th World Information Security Education Conference, Moscow, May 2005, pp. 232-238, www.mephi.edu/wise4/accepted.php
(with Timothy Rosenberg and Steve Willmore) The Portable Educational Network (PEN), Proc. 4th Annual IEEE Information Assurance Workshop, West Point, NY, June 17-19, 2003, pp. 217-223.
(with Ronald Dodge, Timothy Rosenberg, and Daniel Ragsdale) Information Assurance Laboratory Innovations, Proc. Colloquium for Information Systems Security Education 2003, June 2-5, 2003, Washington, D. C.
Blum, J., Eskandarian, A., and Hoffman, L. (2003) "Assessment of Vulnerabilities in In-Vehicle Intelligent Transportation Systems", to appear in the International Journal of Vehicle Information and Communication Systems.
Blum, J., Eskandarian, A., and Hoffman, L. (2003) "Performance Characteristics of Inter-Vehicle Ad Hoc Networks", accepted for Shanghai, China: The IEEE 6th International Conference On Intelligent Transportation Systems.
Blum, J., Eskandarian, A., and Hoffman, L. (2003) "Mobility Management of Inter-Vehicle Networks", Columbus, OH: IEEE IV2003 Symposium, pp. 150-155, http://eewww.eng.ohio-state.edu/~umit/IV2003
Blum, J., Eskandarian, A., and Hoffman, L. (2003) "An Improved Communications Architecture for ITS Networks", Minneapolis, MN: Intelligent Transportation Society of America 2003.
(with A. Kim and C. D. Martin) “Building Privacy into the Semantic Web: An Ontology Needed Now”, Semantic Web Workshop, WWW2002 Conference, Hawaii, http://semanticweb2002.aifb.uni-karlsruhe.de/proceedings/Position/kim2.pdf
“Motivations Behind a Role Play at CFP: Repeated Assaults on the Constitution by Extremist Property Rights Advocates”, Proceedings of the 2002 ACM Conference on Computers, Freedom, and Privacy, http://www.cfp2002.org/proceedings/proceedings/hoffman.pdf
(with Lorrie Cranor), “Internet Voting for Public Officials: Introduction”, Communications of the ACM, 44, 1 (January 2001), pp. 69-71.
(with David M. Balenson, Karen A. Metivier-Carreiro, Anya Kim, and Matthew G. Mundy) Growing Development of Foreign Encryption Products in the Face of U. S. Export Regulations, The George Washington University Cyberspace Policy Institute, Report GWU-CPI-1999-02, June 1999.
(with Rachna Dhamija and Rachelle Heller) "Teaching E-Commerce to a Multidisciplinary Class", Communications of the ACM, 42, 9 (September 1999), pp. 50-55.
(with JF Winchester, BA Levine, J Collmann, KA Schulman, JW Turner, S Rathore, N Khanafer, A Alaoui, N Pania, A Al-Aama, M Hofilena, SK Mun), "Dialysis and Telemedicine: Clinical Experience with Hemodialysis, and Requirements for Home Based Peritoneal Dialysis", submitted to HII 99 conference
(with J. Collmann, M. Meissner, A. Kim, W. Tohme, J. Winchester, and S. K. Min) "Comparing the security risks of paper-based and computerized patient record systems", submitted to Journal of the American Medical Association, November 1997.
(with K. A. Metivier Carreiro), "Computer Technology to Balance Accountability and Anonymity in Self-regulatory Privacy Regimes", Self-Regulation and Privacy, National Telecommunications and Information Administration, 1997.
"Role-Based Risk Analysis", Proc. 20th National Information Systems Security Conference, Volume 2, Baltimore MD, 1997, pp. 587-602.
Encryption Policy, article in TESSI (The Enhanced System Security Info-source), International Security Technology, Inc., 1996.
"Snipping Clipper", Letter to the Editor, MIT Technology Review 98, 7 (October 1995), page 8.
"Data Security and Privacy in Health Information Systems", Topics in Emergency Medicine 17, 4 (December 1995).
"Private Markings and Accountability in Computer Networks" in Proceedings of the Conference on Ethical, Legal, and Technological Aspects of Network Use and Abuse, American Association for the Advancement of Science, August 1995.
"Encryption Policy for the Global Information Infrastructure", in Eloff, J. H. P. and von Solms, S. H., Information Security -- the Next Decade (Proc. 11th International Conference on Information Security, (IFIP/Sec 95), pp. 63-76, Chapman & Hall, London, 1995.
(with P. C. Clark) BITS: A Smartcard Protected Operating System, Communications of the ACM 37, 11 (November 1994), 66-70, 94.
(with F. Ali, S. Heckler, and A. Huybrechts) "Cryptography policy", Communications of the ACM 37, 9 (September 1994), 109-117.
"What is the Role of Network Users in Dealing with Network Abuse?", Proceedings of the AAAS Workshop on Legal, Ethical, and Technological Aspects of Computer and Network Use and Abuse, December 1993
"Who holds the cryptographic keys? The government key escrow initiative of 1993", Computer, November 1993, 76-78.
"Clipping Clipper", Communications of the ACM 36, 9 (September 1993).
(with J. Fitch) "A Shortest Path Network Security Model", Computers and Security 12, 2 (March 1993), Elsevier, Oxford, U.K., pp. 169-189
"Reducing Society's Vulnerability as Computers and Networks Proliferate" in Education and Society (R. Aiken, editor), Information Processing 92, Volume II, Elsevier Science Publishers B. V. (North-Holland)
"Bugging the Digital Network", Information Systems Security 1, 4 (Winter 1993), 12-15.
(with J. Adam, K. Brunnstein, W. Caelli, P. Neumann, M. Rotenberg, W. Ware) "A Security Roundtable", IEEE Spectrum, August 1992
"The Impact of Telephone Services on Information Privacy", Information Systems Security 1, 2 (Summer 1992)
(with J. Fitch) "The Cascade Problem: Graph Theory Can Help", in Proc. 14th National Computer Security Conference, Washington, DC, October 1991, pp. 88-100.
"Privacy Pitfalls with Knowledge Discovery", Proc. 1991 AAAI Workshop on Knowledge Discovery in Databases.
(with P. C. Clark) "Imminent Policy Considerations in the Design and Management of National and International Computer Networks", IEEE Communications Magazine, Vol. 29, No. 2, (February 1991), pp. 68-74 (also appeared in Computing Research News, Vol. 3, Nos. 1 and 2, January and March 1991.
(with W. M. Garrabrants, A. W. Ellis III, and M. Kamel) "CERTS: A Comparative Evaluation method for Risk Management Methodologies and Tools", in Proc. 6th Computer Security Applications Conference, Tucson, AZ, December 1990.
(with R. J. Davis) "Security Pipeline Interface (SPI)", in Proc. 6th Computer Security Applications Conference, Tucson, AZ, December 1990.
"A General Purpose Shell for Risk Analysis", in New Risks, edited by Louis Cox, Jr. and Paolo Ricci, Plenum Press, 1990 [this is the Proceedings of the Society for Risk Analysis National Conference, Boston, 1986].
(with Brad Stubbs) "Mapping the Virus Battlefield: An Overview of Personal Computer Vulnerabilities to Virus Attack" in Rogue Programs, edited by Lance J. Hoffman, Van Nostrand Reinhold, 1990.
(with B. Hung) "A Pictorial Representation and Validation of the Emerging Computer System Security Risk Management Framework" in Proc. 1989 Computer Security Risk Management Model Builders Workshop, National Institute of Standards and Technology, Gaithersburg, Md.
"Computer Viruses: a Plea for Sanity", pp. 28-29 in Computer Viruses, Deloitte, Haskins + Sells, New York, NY, 1989.
"A Prototype Implementation of a General Risk Model", 1st International NBS/NCSC Invitational Workshop on Risk Management Models, May 24-26, 1988, Denver, Colorado.
"Smoking Out the Bad Actors: Risk Analysis in the Age of the Microcomputer", Proc. COMPSEC 87, Fourth National Computer Security Conference of the United Kingdom, October 28-29, 1987, Windsor, England. (reprinted in Computers and Security 8 (1989), 299-302).
(with L. Rutledge) "A Survey of Issues in Computer Network Security", Computers and Security, Vol. 5, No. 4 (Dec. 1986), pp. 296‑308. (reprinted in Management and Organization of Automation, Holland, 1990)
(with L. Moran) "Societal Vulnerability to Computer System Failures", Computers and Security, Vol. 5 (1986), pp. 211‑217.
"Societal Vulnerability to Computer Systems Failures", Proc. COMPASS '86 Computer Assurance Conference, IEEE Order No. 86TH0143‑8, pp. 8‑9, July 1986.
"Risk Analysis and Computer Security: Bridging the Cultural Gaps", Proc. 9th National Computer Security Conference, National Bureau of Standards, Gaithersburg, Md., September 1986.
"PC Software for Risk Analysis Proves Effective", Government Computer News, Vol. 4, No. 18, September 27, 1985, pp. 58‑59.
(with A. F. Westin) "A Survey: Office Automation Security and Privacy Practices",Computer Security Journal, Vol. 3, No. 2, Winter 1985.
"Information Policy ‑‑ Domestic Players and Legislation" in "Institutional Options for Addressing Information Policy Issues", U. S. Congress Office of Technology Assessment, November 29, 1983.
"Impacts of Information System Vulnerabilities on Society",Proceedings of the 1982 National Computer Conference, pp. 461‑467.
translated into Italian and reprinted in Sisteni e Automozione, No. 246, March 1984.
(with L. A. Neitzel) "Inexact Risk Analysis", Proceedings of the IEEE 1980 International Conference on Cybernetics and Society, Boston, Mass., October 1980.
reprinted in Computer Security Journal, Vol. 1, No. 1, Spring 1981
(with A. D. Friedman) "Towards a Fail‑Safe Approach to Secure Databases", Proceedings of the 1980 Symposium on Security and Privacy, IEEE Catalog No. CH1522‑2, April 1980.
"A Research Agenda for Privacy in the Next Decade" in Computers and Privacy in the Next Decade, L. J. Hoffman (Ed.), Academic Press, New York, N. Y., 1980.
reprinted in Computerworld, August 13, 1980
"Nuclear Engineers of the 1980s?", Datamation, February 1980, pp. 198‑200.
(with L. A. Neitzel) "Fuzzy Cost/Benefit Analysis", Proceedings of the First International Symposium on Policy Analysis and Information Systems, Durham, N. C., June 1979.
reprinted in Wang, P. P. and Chang, S. K. D., Fuzzy Sets, Plenum Press, New York and London, 1980, pp. 275‑290.
"The Application of Networks in Basic Computer Science and Information Science Research", Vol. 15, No. 6, Information Processing and Management, pp. 269‑280.
"Personal Computers and People", Proceedings of the 2nd Rocky Mountain Symposium on Microcomputers, pp. 7‑10.
(with E. Michelman and D. Clements), "SECURATE: Security Evaluation and Analysis Using Fuzzy Metrics", Proceedings of the 1978 AFIPS National Computer Conference, June 1978, pp. 531‑540.
"Privacy Laws Affecting System Design", Computers and Society, Fall 1977.
Compte rendu des Journees "Securite en Informatique", Bulletin de Liaison de Club Banques de Donnes, No. 16, Juin 1976, IRIA, Rocquencourt, France.
(with F. Sindelar) "A Two‑Level Disk Protection System", Proceedings of the Second USA‑Japan Computer Conference, August 1975.
"Computer Security: a Course", Computers and Society, Vol. 5, No. 4, Winter 1974.
"Course Outline for Computer Security and Privacy", Bulletin of the ACM Special Interest Group on Computer Science Education, Vol. 6, No. 3 (September 1974), pp. 13‑17.
"Constructing Security Ratings for Computer Systems", Proceedings of the IEEE National Telecommunications Conference, December 1974.
(with F. Woodward) "Worst‑Case Costs for Dynamic Data Element Security Decisions", Proceedings of the 1974 ACM Conference, pp. 539‑544.
(with T. D. Friedman) "Execution Time Requirements of Programmed Encipherment Methods", Communications of the ACM, Vol. 17, No. 8 (August 1974).
"Research on Computer Security Costs at the University of California, Berkeley", Proceedings of the 1974 AFIPS National Computer Conference, Vol. 43, pp. 993‑994.
"IBM's Resource Security System (RSS)", in Security and Privacy in Computer Systems (L. J. Hoffman, Ed.), 1973.
(with H. Campaigne) "Computer Privacy and Security", Computers and Automation, July 1973, pp. 12‑17.
(with R. Sandor) "Computers and Commodity Trading", Commodities, Vol. 1, No. 1, February/March 1973, pp. 20‑23.
"The Formulary Model for Flexible Privacy and Access Controls", Proceedings of the AFIPS 1971 Fall Joint Computer Conference, pp. 587‑601.
(with W. F. Miller) "Getting a Personal Dossier from a Statistical Data Bank", Datamation, May 1970.
"Computers and Privacy: A Survey", Computing Surveys, Vol. 1, No. 2 (June 1969), pp. 85‑103.
Reprinted in P. Freeman, Software Systems Principles‑‑A Survey, Science Research Associates, Inc., 1975
Reprinted in IEEE Computer Society, Tutorial Notes on Computer Security and Integrity, 1977.