Edward W. Felten …

                             Edward W. Felten
                   Professor of Computer Science and Public Affairs
                   Director, Center for Information Technology Policy
                                  Princeton University
                                     35 Olden Street
                                   Princeton NJ 08540
                                     (609) 258-5906
                                   (609) 258-1771 fax
                                felten@cs.princeton.edu


Education

Ph.D. in Computer Science and Engineering, University of Washington, 1993.
   Dissertation title: "Protocol Compilation: High-Performance Communication for
   Parallel Programs." Advisors: Edward D. Lazowska and John Zahorjan.
M.S. in Computer Science and Engineering, University of Washington, 1991.
B.S. in Physics, with Honors, California Institute of Technology, 1985.


Employment

Professor of Computer Science and Public Affairs, Princeton University, 2006-present.
Professor of Computer Science, Princeton University, 2003-2006.
Associate Professor of Computer Science, Princeton University, 1999-2003.
Assistant Professor of Computer Science, Princeton University, 1993-99.
Senior Computing Analyst, Caltech Concurrent Computing Project, California Institute
   of Technology, 1986-1989.

Director, Center for Information Technology Policy, Princeton University, 2005-present.

Elysium Digital LLC and various law firms. Consulting and expert testimony in
   technology litigation, 1998-present
U.S. Federal Trade Commission: consulting regarding spam policy and investigation,
   2004, 2006.
U.S. Dept. of Justice, Antitrust Division: consulting and testimony in Microsoft antitrust
   case, 1998-2002..
Electronic Frontier Foundation. Consulting in intellectual property / free speech lawsuits,
   2001-present.
Certus Ltd.: consultant in product design and analysis, 2000-2002.
Cigital Inc.: Technical Advisory Board member, 2000-present.
Cloakware Ltd.: Technical Advisory Board member, 2000-present.
Propel.com: Technical Advisory Board member, 2000-2002.
NetCertainty.com: Technical Advisory Board member, 1999-2002.
FullComm LLC: Scientific Advisory Board member, 1999-2001.
Sun Microsystems: Java Security Advisory Board member, 1997-present.
Finjan Software: Technical Advisory Board member, 1997-2002.
International Creative Technologies: consultant in product design and analysis, 1997-98.
Bell Communications Research: consultant in computer security research, 1996-97.


Honors and Awards

EFF Pioneer Award, 2005.
Scientific American Fifty Award, 2003.
Alfred P. Sloan Fellowship, 1997.
Emerson Electric, E. Lawrence Keyes Faculty Advancement Award, Princeton
   University School of Engineering, 1996.
NSF National Young Investigator award, 1994.
Outstanding Paper award, 1997 Symposium on Operating Systems Principles.
Best Paper award, 1995 ACM SIGMETRICS Conference.
AT&T Ph.D. Fellowship, 1991-93.
Mercury Seven Foundation Fellowship, 1991-93.


Research Interests

Computer security, especially relating to consumer products. Technology law and policy.
Internet software. Intellectual property policy. Using technology to improve
government. Operating systems. Interaction of security with programming languages and
operating systems. Distributed computing. Parallel computing architecture and software.


Professional Service

Professional Societies and Advisory Groups

Transportation Security Administration, Secure Flight Privacy Working Group, 2005.
National Academies study committee on Air Force Information Science and Technology
Research, 2004-present.
Electronic Frontier Foundation, Advisory Board, 2004-present.
ACM U.S. Public Policy Committee, 2004-present (Executive Committee, 2005-present)
ACM Advisory Committee on Security and Privacy, 2002-2003.
DARPA Information Science and Technology (ISAT) advisory committee, 2002-2004..
Co-chair, ISAT study committee on "Reconciling Security with Privacy," 2001-2002.
National Academy study committee on Foundations of Computer Science, 2001-2004.

Program Committees
World Wide Web Conference, 2006.
USENIX General Conference, 2004.
Workshop on Foundations of Computer Security, 2003.
ACM Workshop on Digital Rights Management, 2001.
ACM Conference on Computer and Communications Security, 2001.
ACM Conference on Electronic Commerce, 2001.
Workshop on Security and Privacy in Digital Rights Management, 2001.
Internet Society Symposium on Network and Distributed System Security, 2001.
IEEE Symposium on Security and Privacy, 2000.
USENIX Technical Conference, 2000.
USENIX Windows Systems Conference, 2000.
Internet Society Symposium on Network and Distributed System Security, 2000.
IEEE Symposium on Security and Privacy, 1998.
ACM Conference on Computer and Communications Security, 1998.
USENIX Security Symposium, 1998.
USENIX Technical Conference, 1998.
Symposium on Operating Systems Design and Implementation, 1996.

Boards
Electronic Frontier Foundation, Board of Directors.
DARPA Information Science and Technology study board, 2001-2003.
Cigital Inc.: Technical Advisory Board.
Sun Microsystems, Java Security Advisory Council.
Cloakware Ltd.: Technical Advisory Board.
Propel.com: Technical Advisory Board.
Finjan Software: Technical Advisory Board.
Netcertainty: Technical Advisory Board.
FullComm LLC: Scientific Advisory Board.

University and Departmental Service
Director, Center for Information Technology Policy, 2005-present.
SEAS Strategic Planning, 2004.
       Member, Executive Committee
       Co-Chair, Interactions with Industry area.
       Co-Chair, Engineering, Policy, and Society area.
Faculty Advisory Committee on Policy, 2002-present.
Council of the Princeton University Community, 2002-present (Executive Committee)
Faculty Advisory Committee on Athletics, 1998-2000.
Computer Science Academic Advisor, B.S.E. program, class of 1998 (approx. 25
   students)
Faculty-Student Committee on Discipline, 1996-98.
Faculty-Student Committee on Discipline, Subcommittee on Sexual Assault and
   Harrassment, 1996-98.
Students Advised

Ph.D. Advisees:
J. Alex Halderman (Ph.D. expected, 2008). Dissertation: Security Failures in Non-
   traditional Computing Environments.
Shirley Gaw (Ph.D. expected, 2008). Dissertation: Social Factors in Computer Security.
Brent Waters (Ph.D. 2004). Dissertation: Security in a World of Ubiquitous Recording
   Devices. Research scientist, SRI International.
Robert A. Shillingsburg (Ph.D. 2004). Dissertation: Improving Distributed File Systems
   using a Shared Logical Disk. Retired; previously a technical staff member at Google.
Michael Schneider (Ph.D. 2004). Dissertation: Network Defenses against Denial of
   Service Attacks. Researcher, Supercomputing Research Center, Institute for Defense
   Analyses.
Minwen Ji (Ph.D. 2001). Dissertation: Data Distribution for Dynamic Web Content.
   Researcher, HP Labs.
Dirk Balfanz (Ph.D. 2000). Dissertation: Access Control for Ad Hoc Collaboration.
   Technical staff member at Google.
Dan S. Wallach (Ph.D. 1998). Dissertation: A New Approach to Mobile Code Security.
   Associate Professor of Computer Science, Rice University.


Significant Advisory Role:
Drew Dean (Ph.D. 1998). Advisor: Andrew Appel. Technical staff member at Google.
Stefanos Damianakis (Ph.D. 1998). Advisor: Kai Li. President and CEO, Netrics, Inc.
Pei Cao (Ph.D. 1996). Advisor: Kai Li. Researcher, Google.
Lujo Bauer (Ph.D. 2003). Advisor: Andrew Appel. Research Scientist, School of
   Computer Science, Carnegie Mellon University.
Publications

Books and Book Chapters


[1] Securing Java: Getting Down to Business with Mobile Code. Gary McGraw and
    Edward W. Felten. John Wiley and Sons, New York 1999.
[2] Java Security: Web Browsers and Beyond. Drew Dean, Edward W. Felten, Dan S.
    Wallach, and Dirk Balfanz. In "Internet Besieged: Countering Cyberspace
    Scofflaws," Dorothy E. Denning and Peter J. Denning, eds. ACM Press, New York,
    1997.
[3] Java Security: Hostile Applets, Holes and Antidotes. Gary McGraw and Edward
    Felten. John Wiley and Sons, New York, 1996
[4] Dynamic Tree Searching. Steve W. Otto and Edward W. Felten. In "High
    Performance Computing", Gary W. Sabot, ed., Addison Wesley, 1995.

Journal Articles


[5] Government Data and the Invisible Hand. David Robinson, Harlan Yu, William
    Zeller, and Edward W. Felten. To appear, Yale Journal of Law and Technology, Fall
    2008.
[6] Nuts and Bolts of Network Neutrality. Edward W. Felten. To appear, Colorado
    Journal of High-Tech Law.
[7] Mechanisms for Secure Modular Programming in Java. Lujo Bauer, Andrew W.
    Appel, and Edward W. Felten. Software ­ Practice and Experience, 33:461-480,
    2003.
[8] The Digital Millennium Copyright Act and its Legacy: A View from the Trenches.
    Illinois Journal of Law, Technology and Policy, Fall 2002.
[9] The Security Architecture Formerly Known as Stack Inspection: A Security
    Mechanism for Language-based Systems. Dan S. Wallach, Edward W. Felten, and
    Andrew W. Appel. ACM Transactions on Software Engineering and Methodology,
    9:4, October 2000.
[10] Statically Scanning Java Code: Finding Security Vulnerabilities. John Viega, Tom
     Mutdosch, Gary McGraw, and Edward W. Felten. IEEE Software, 17(5), Sept./Oct.
     2000.
[11] Client-Server Computing on the SHRIMP Multicomputer. Stefanos N. Damianakis,
     Angelos Bilas, Cezary Dubnicki, and Edward W. Felten. IEEE Micro 17(1):8-18,
     February 1997.
[12] Fast RPC on the SHRIMP Virtual Memory Mapped Network Interface. Angelos
     Bilas and Edward W. Felten. IEEE Transactions on Parallel and Distributed
     Computing, February 1997.
[13] Implementation and Performance of Integrated Application-Controlled File Caching,
     Prefetching and Disk Scheduling. Pei Cao, Edward W. Felten, Anna R. Karlin, and
     Kai Li. ACM Transactions on Computer Systems, Nov 1996.
[14] Virtual Memory Mapped Network Interface Designs. Matthias A. Blumrich, Cezary
     Dubnicki, Edward W. Felten, Kai Li, and Malena Mesarina. IEEE Micro, 15(1):21-
     28, February 1995.

Symposium Articles


[15] Lest We Remember: Cold Boot Attacks on Encryption Keys. J. Alex Halderman,
     Seth D. Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A.
     Calandrino, Ariel J. Feldman, Jacob Appelbaum, and Edward W. Felten. Proc.
     Usenix Security Symposium, 2008.
[16] In Defense of Pseudorandom Sample Selection. Joseph A. Calandrino, J. Alex
     Halderman, and Edward W. Felten. Proc. Electronic Voting Technology Workshop,
     2008.
[17] Machine-Assisted Election Auditing. Joseph A. Calandrino, J. Alex Halderman, and
     Edward W. Felten. Proc. Electronic Voting Technology Workshop, 2007.
[18] Lessons from the Sony CD DRM Episode. J. Alex Halderman and Edward W.
     Felten. Proc. Usenix Security Symposium, 2006.
[19] A Convenient Method for Securely Managing Passwords. J. Alex Halderman, Brent
     R. Waters, and Edward W. Felten. Proc. 14th World Wide Web Conference, 2005.
[20] New Client Puzzle Outsourcing Techniques for DoS Resistance. Brent R. Waters,
     Ari Juels, J. Alex Halderman, and Edward W. Felten. ACM Conference on
     Computer and Communications Security. November 2004.
[21] Privacy Management for Portable Recording Devices. J. Alex Halderman, Brent R.
     Waters, and Edward W. Felten. 3rd Workshop on Privacy in Electronic Society.
     November 2004.
[22] Receiver Anonymity via Incomparable Public Keys. Brent R. Waters, Edward W.
     Felten, and Amit Sahai. ACM Conference on Computer and Communications
     Security. November 2003.
[23] Attacking an Obfuscated Cipher by Injecting Faults. Matthias Jacob, Dan Boneh,
     and Edward W. Felten. ACM Workshop on Digital Rights Management, November
     2002.
[24] A General and Flexible Access-Control System for the Web. Lujo Bauer, Michael
     A. Schneider, and Edward W. Felten. 11th USENIX Security Symposium, August
     2002.
[25] Informed Consent in the Mozilla Browser: Implementing Value-Sensitive Design.
     Batya Friedman, Daniel C. Howe, and Edward W. Felten. Hawaii International
     Conference on System Sciences, January 2002. (Best Paper award, organizational
     systems track.)
[26] Reading Between the Lines: Lessons from the SDMI Challenge. Scott A. Craver,
     John P. McGregor, Min Wu, Bede Liu, Adam Stubblefield, Ben Swartzlander, Dan
     S. Wallach, Drew Dean, and Edward W. Felten. USENIX Security Symposium,
     August 2001.
[27] Cookies and Web Browser Design: Toward Realizing Informed Consent Online.
     Lynette I. Millett, Batya Friedman, and Edward W. Felten. Proc. of CHI 2001
     Conference on Human Factors in Computing Systems, April 2001.
[28] Timing Attacks on Web Privacy. Edward W. Felten and Michael A. Schneider. Proc.
     of 7th ACM Conference on Computer and Communications Security, Nov. 2000.
[29] Archipelago: An Island-Based File System for Highly Available and Scalable
     Internet Services. USENIX Windows Systems Symposium, August 2000.
[30] Proof-Carrying Authentication. Andrew W. Appel and Edward W. Felten. Proc. of
     6th ACM Conference on Computer and Communications Security, Nov. 1999.
[31] An Empirical Study of the SHRIMP System. Matthias A. Blumrich, Richard D.
     Alpert, Yuqun Chen, Douglas W. Clark, Stefanos, N. Damianakis, Cezary Dubnicki,
     Edward W. Felten, Liviu Iftode, Margaret Martonosi, Robert A. Shillner, and Kai Li.
     Proc. of 25th International Symposium on Computer Architecture, June 1998.
[32] Performance Measurements for Multithreaded Programs. Minwen Ji, Edward W.
     Felten, and Kai Li. Proc. of 1998 SIGMETRICS Conference, June 1998.
[33] Understanding Java Stack Inspection. Dan S. Wallach and Edward W. Felten. Proc.
     of 1998 IEEE Symposium on Security and Privacy, May 1998.
[34] Extensible Security Architectures for Java. Dan S. Wallach, Dirk Balfanz, Drew
     Dean, and Edward W. Felten. Proc. of 16th ACM Symposium on Operating Systems
     Principles, Oct. 1997. Outstanding Paper Award.
[35] Web Spoofing: An Internet Con Game. Edward W. Felten, Dirk Balfanz, Drew
     Dean, and Dan S. Wallach. Proc. of 20th National Information Systems Security
     Conference, Oct. 1997.
[36] Reducing Waiting Costs in User-Level Communication. Stefanos N. Damianakis,
     Yuqun Chen, and Edward W. Felten. Proc. of 11th Intl. Parallel Processing
     Symposium, April 1997.
[37] Stream Sockets on SHRIMP. Stefanos N. Damianakis, Cezary Dubnicki, and
     Edward W. Felten. Proc. of 1st Intl. Workshop on Communication and Architectural
     Support for Network-Based Parallel Computing, February 1997. (Proceedings
     available as Lecture Notes in Computer Science #1199.)
[38] Early Experience with Message-Passing on the SHRIMP Multicomputer. Richard D.
     Alpert, Angelos Bilas, Matthias A. Blumrich, Douglas W. Clark, Stefanos
    Damianakis, Cezary Dubnicki, Edward W. Felten, Liviu Iftode, and Kai Li. Proc. of
    23rd Intl. Symposium on Computer Architecture, 1996.
[39] A Trace-Driven Comparison of Algorithms for Parallel Prefetching and Caching.
     Tracy Kimbrel, Andrew Tomkins, R. Hugo Patterson, Brian N. Bershad, Pei Cao,
     Edward W. Felten, Garth A. Gibson, Anna R. Karlin, and Kai Li. Proc. of 1996
     Symposium on Operating Systems Design and Implementation.
[40] Java Security: From HotJava to Netscape and Beyond. Drew Dean, Edward W.
     Felten, and Dan S. Wallach. Proc. of 1996 IEEE Symposium on Security and
     Privacy.
[41] Integrated Parallel Prefetching and Caching. Tracy Kimbrel, Pei Cao, Edward W.
     Felten, Anna R. Karlin, and Kai Li. Proc. of 1996 SIGMETRICS Conference.
[42] Software Support for Virtual Memory-Mapped Communication. Cezary Dubnicki,
     Liviu Iftode, Edward W. Felten, and Kai Li. Proc. of Intl. Parallel Processing
     Symposium, April 1996.
[43] Protected, User-Level DMA for the SHRIMP Network Interface. Matthias A.
     Blumrich, Cezary Dubnicki, Edward W. Felten, and Kai Li. Proc. of 2nd Intl.
     Symposium on High-Performance Computer Architecture, Feb. 1996
[44] Improving Release-Consistent Shared Virtual Memory using Automatic Update .
     Liviu Iftode, Cezary Dubnicki, Edward W. Felten, and Kai Li. Proc. of 2nd Intl.
     Symposium on High-Performance Computer Architecture, Feb. 1996
[45] Synchronization for a Multi-Port Frame Buffer on a Mesh-Connected
     Multicomputer. Bin Wei, Gordon Stoll, Douglas W. Clark, Edward W. Felten, and
     Kai Li. Parallel Rendering Symposium, Oct. 1995.
[46] A Study of Integrated Prefetching and Caching Strategies. Pei Cao, Edward W.
     Felten, Anna R. Karlin, and Kai Li. Proc. of 1995 ACM SIGMETRICS Conference.
     Best Paper award.
[47] Evaluating Multi-Port Frame Buffer Designs for a Mesh-Connected Multicomputer.
     Gordon Stoll, Bin Wei, Douglas W. Clark, Edward W. Felten, Kai Li, and Patrick
     Hanrahan. Proc. of 22nd Intl. Symposium on Computer Architecture.
[48] Implementation and Performance of Application-Controlled File Caching. Pei Cao,
     Edward W. Felten, and Kai Li. Proc. of 1st Symposium on Operating Systems
     Design and Implementation, pages 165-178, November 1994.
[49] Application-Controlled File Caching Policies. Pei Cao, Edward W. Felten, and Kai
     Li. Proc. of USENIX Summer 1994 Technical Conference, pages 171-182, 1994.
[50] Virtual Memory Mapped Network Interface for the SHRIMP Multicomputer.
     Matthias A. Blumrich, Kai Li, Richard D. Alpert, Cezary Dubnicki, Edward W.
     Felten, and Jonathan S. Sandberg. Proc. of Intl. Symposium on Computer
     Architecture, 1994.
[51] Performance Issues in Non-Blocking Synchronization on Shared-Memory
     Multiprocessors. Juan Alemany and Edward W. Felten. Proceedings of Symposium
     on Principles of Distributed Computing, 1992.
[52] Improving the Performance of Message-Passing Applications by Multithreading.
     Edward W. Felten and Dylan McNamee. Proceedings of Scalable High-Performance
     Computing Conference (SHPCC), 1992.
[53] A Highly Parallel Chess Program. Edward W. Felten and Steve W. Otto. 1988
     Conference on Fifth Generation Computer Systems.

Other Publications

[54] Freedom to Tinker weblog, at http://www.freedom-to-tinker.com. Commentary on
     technology law and policy, typically four 500-word pieces per week. About
     1,000,000 page views per month.
[55] Security Analysis of the Diebold AccuVote-TS Voting Machine. Ariel J. Feldman,
     J. Alex Halderman, and Edward W. Felten. Sept. 2006
[56] Digital Rights Management, Spyware, and Security. Edward W. Felten and J. Alex
     Halderman, IEEE Security and Privacy, Jan./Feb. 2006.
[57] Inside RISKS: DRM and Public Policy. Edward W. Felten. Communications of the
     ACM, 48:7, July 2005.
[58] Understanding Trusted Computing: Will its Benefits Outweigh its Drawbacks?
     Edward W. Felten. IEEE Security and Privacy, May 2003.
[59] A Skeptical View of DRM and Fair Use. Edward W. Felten. Communications of
     the ACM 46(4):56-61, April 2003.
[60] Consumer Privacy and Government Technology Mandates in the Digital Media
     Marketplace. Testimony before U.S. Senate Commerce Committee. September
     2003.
[61] Secure, Private Proofs of Location. Brent R. Waters and Edward W. Felten.
     Submitted for publication, 2003.
[62] An Efficient Heuristic for Defense Against Distributed Denial of Service Attacks
     using Route-Based Distributed Packet Filtering. Michael A. Schneider and Edward
     W. Felten. Submitted for publication, 2003.
[63] Written testimony to House Commerce Committee, Subcommittee on Courts, the
     Internet, and Intellectual Property, oversight hearing on "Piracy of Intellectual
     Property on Peer to Peer Networks." September 2002.
[64] Written testimony to Senate Judiciary Committee hearings on "Competition,
     Innovation, and Public Policy in the Digital Age: Is the Marketplace Working to
     Protect Digital Creativity?" March 2002.
[65] Informed Consent Online: A Conceptual Model and Design Principles. Batya
     Friedman, Edward W. Felten, and Lynette I. Millett. Technical Report 2000-12-2,
     Dept. of Computer Science and Engineering, University of Washington, Dec. 2000.
[66] Mechanisms for Secure Modular Programming in Java. Lujo Bauer, Andrew W.
     Appel, and Edward W. Felten. Technical Report CS-TR-603-99, Department of
     Computer Science, Princeton University, July 1999.
[67] A Java Filter. Dirk Balfanz and Edward W. Felten. Technical Report 567-97, Dept.
     of Computer Science, Princeton University, October 1997.
[68] Inside RISKS: Webware Security. Edward W. Felten. Communications of the ACM,
     40(4):130, 1997.
[69] Simplifying Distributed File Systems Using a Shared Logical Disk.Robert A.
     Shillner and Edward W. Felten. Princeton University technical report TR-524-96.
[70] Contention and Queueing in an Experimental Multicomputer: Analytical and
     Simulation-based Results. Wenjia Fang, Edward W. Felten, and Margaret Martonosi.
     Princeton University technical report TR-508-96.
[71] Design and Implementation of NX Message Passing Using SHRIMP Virtual
     Memory Mapped Communication. Richard D. Alpert, Cezary Dubnicki, Edward W.
     Felten, and Kai Li. Princeton University technical report TR-507-96.
[72] Protocol Compilation: High-Performance Communication for Parallel Programs.
     Edward W. Felten. Ph.D. dissertation, Dept. of Computer Science and Engineering,
     University of Washington, August 1993.
[73] Building Counting Networks from Larger Balancers. Edward W. Felten, Anthony
     LaMarca, and Richard Ladner. Univ. of Washington technical report UW-CSE-93-
     04-09.
[74] The Case for Application-Specific Communication Protocols. Edward W. Felten.
     Univ. of Washington technical report TR-92-03-11.
[75] A Centralized Token-Based Algorithm for Distributed Mutual Exclusion. Edward W.
     Felten and Michael Rabinovich. Univ. of Washington technical report TR-92-02-02.
[76] Issues in the Implementation of a Remote Memory Paging System. Edward W.
     Felten and John Zahorjan. Univ. of Washington technical report TR-91-03-09.