David Evans — Publications

Peer-Reviewed Papers · Invited Papers · General Audience Writing · Proposals · Others
Google Scholar · Semantic Scholar       Talks · Videos

Books

Dori-Mic and the Universal Machine!
A Tragicomic Tale of Combinatorics and Computability for Curious Children of All Ages (With Illustrations by Kim Dylla), 2014.
Introduction to Computing:
Explorations in Language, Logic, and Machines
Introductory computer science coursebook, 2007–2012.
A Pragmatic Introduction to Secure Multi-Party Computation (with Vladimir Kolesnikov and Mike Rosulek)
NOW Publishers, December 2018. [PDF]

Preprints

Preprints on arXiv

Peer-Reviewed Research Papers

Do Membership Inference Attacks Work on Large Language Models?
Michael Duan, Anshuman Suri, Niloofar Mireshghallah, Sewon Min, Weijia Shi, Luke Zettlemoyer, Yulia Tsvetkov, Yejin Choi, David Evans, Hannaneh Hajishirzi. In Conference on Language Modeling (COLM), October 2024. [arXiv] [Blog Post] [Web Page and Code]
Evaluating Google's Protected Audience Protocol
Minjun Long, David Evans. In Privacy Enhancing Technologies Symposium (PoPETS). July 2024. [PoPETS Page] [arXiv]
Addressing Both Statistical and Causal Gender Fairness in NLP Models
Hannah Chen, Yangfeng Ji, David Evans. In Annual Conference of the North American Chapter of the Association for Computational Linguistics (NAACL). June 2024. [arXiv]
Combing for Credentials: Active Pattern Extraction from Smart Reply
Bargav Jayaraman, Esha Ghosh, Melissa Chase, Sambuddha Roy, Wei Dai, David Evans. In 45th IEEE Symposium on Security and Privacy (Oakland). San Francisco, CA. May 2024. [Arxiv] [IEEE]
TrojanPuzzle: Covertly Poisoning Code-Suggestion Models
Hojjat Aghakhani, Wei Dai, Andre Manoel, Xavier Fernandes, Anant Kharkar, Christopher Kruegel, Giovanni Vigna, David Evans, Ben Zorn, Robert Sim. In 45th IEEE Symposium on Security and Privacy (Oakland). San Francisco, CA. May 2024. [Arxiv]
SoK: Pitfalls in Evaluating Black-Box Attacks
Fnu Suya, Anshuman Suri, Tingwei Zhang, Jingtao Hong, Yuan Tian, and David Evans. In 2nd IEEE Conference on Secure and Trustworthy Machine Learning (SaTML). Toronto, April 2024. [Arxiv] [Blog Post] [Code]
What Distributions are Robust to Indiscriminate Poisoning Attacks for Linear Learners?
Fnu Suya, Xiao Zhang, Yuan Tian, David Evans. In 37th Conference on Neural Information Processing Systems (NeurIPS). New Orleans, December 2023. [Arxiv] [OpenReview]
GlucoSynth: Generating Differentially-Private Synthetic Glucose Traces
Josephine Lamp, Mark Derdzinski, Christopher Hannemann, Joost van der Linden, Lu Feng, Tianhao Wang, David Evans. In 37th Conference on Neural Information Processing Systems (NeurIPS). New Orleans, December 2023. [Arxiv] [OpenReview]
Efficient Privacy-Preserving Stochastic Nonconvex Optimization
Lingxiao Wang, Bargav Jayaraman, David Evans, Quanquan Gu. In 39th Conference on Uncertainty in Artificial Intelligence (UAI). Pittsburgh, PA. July 2023. [PMLR] [Arxiv] [OpenReview]
Manipulating Transfer Learning for Property Inference
Yulong Tian, Fnu Suya, Anshuman Suri, Fengyuan Xu, David Evans. In IEEE/CVF Conference on Computer Vision and Pattern Recognition 2023 (CVPR), Vancouver, Canada. June 2023. [Arxiv] [Code]
SoK: Let the Privacy Games Begin! A Unified Treatment of Data Inference Privacy in Machine Learning
Ahmed Salem, Giovanni Cherubin, David Evans, Boris Köpf, Andrew Paverd, Anshuman Suri, Shruti Tople, Santiago Zanella-Begueli. In 44th IEEE Symposium on Security and Privacy (Oakland). May 2023. [Arxiv]
Dissecting Distribution Inference
Anshuman Suri, Yifu Lu, Yanjin Chen, David Evans. In IEEE Conference on Secure and Trustworthy Machine Learning (SaTML). Raleigh, North Carolina, 8–10 February 2023. [Arxiv] [Blog] [Code]
Balanced Adversarial Training: Balancing Tradeoffs between Fickleness and Obstinacy in NLP Models
Hannah Chen, Yangfeng Ji, and David Evans. In 2022 Conference on Empirical Methods in Natural Language Processing (EMNLP), Abu Dhabi, 7–11 December 2022. [Arxiv] [Blog] [Code]
Memorization in NLP Fine-tuning Methods
Fatemehsadat Mireshghallah, Archit Uniyal, Tianhao Wang, David Evans, and Taylor Berg-Kirkpatrick. In 2022 Conference on Empirical Methods in Natural Language Processing (EMNLP), Abu Dhabi, 7–11 December 2022. [Arxiv]
Are Attribute Inference Attacks Just Imputation?
Bargav Jayaraman and David Evans. In 29th ACM Conference on Computer and Communications Security (CCS). November 2022. [Arxiv] [Code]
Formalizing and Estimating Distribution Inference Risks
Anshuman Suri and David Evans. In Privacy Enhancing Technologies Symposium (PETS). July 2022. (Also published in Proceedings on Privacy Enhancing Technologies, Issue 4, 2022.) [Arxiv] [Code]
Incorporating Label Uncertainty in Understanding Adversarial Robustness
Xiao Zhang and David Evans. In 10th International Conference on Learning Representations (ICLR). April 2022. [arXiv] [OpenReview] [Code]
Stealthy Backdoors as Compression Artifacts
Yulong Tian, Fnu Suya, Fengyuan Xu and David Evans. IEEE Transactions on Information Forensics and Security (Volume 17). 16 March 2022. [PDF] [arXiv] [IEEE Page] [Code]
Model-Targeted Poisoning Attacks with Provable Convergence
Fnu Suya, Saeed Mahloujifar, Anshuman Suri, David Evans, and Yuan Tian. In 38th International Conference on Machine Learning (ICML). July 2021. [arXiv] [PMLR (PDF)] [Code]
Revisiting Membership Inference Under Realistic Assumptions
Bargav Jayaraman, Lingxiao Wang, Katherine Knipmeyer, Quanquan Gu, and David Evans. In Proceedings on Privacy Enhancing Technologies (PETS). July 2021. [Arxiv] [PDF] [Code]
Improved Estimation of Concentration Under lp-Norm Distance Metrics Using Half Spaces
Jack Prescott, Xiao Zhang, and David Evans. In International Conference on Learning Representations (ICLR). May 2021. [OpenReview] [Arxiv]
Finding Friends and Flipping Frenemies: Automatic Paraphrase Dataset Augmentation Using Graph Theory
Hannah Chen, Yangfeng Ji, and David Evans. In Findings of ACL: Empirical Methods in Natural Language Processing. 16 – 18 Novemeber 2020. [PDF] [Arxiv] [ACL] [Code]
Hybrid Batch Attacks: Finding Black-box Adversarial Examples with Limited Queries
Fnu Suya, Jianfeng Chi, David Evans, and Yuan Tian. In 29th USENIX Security Symposium. Boston, MA. August 12–14, 2020. [PDF] [arXiv] [Code]
Learning Adversarially Robust Representations via Worst-Case Mutual Information Maximization
Sicheng Zhu, Xiao Zhang, and David Evans. In 37th International Conference on Machine Learning (ICML). 12–18 July 2020. [arXiv]
Understanding the Intrinsic Robustness of Image Distributions using Conditional Generative Models
Xiao Zhang, Jinghui Chen, Quanquan Gu, David Evans. In 23rd International Conference on Artificial Intelligence and Statistics (AISTATS). Palermo, Italy. June 3–5, 2020. [PDF] [arXiv] [Code]
An Attack-Resilient Architecture for the Internet of Things
Hussain M. J. Almohri, Layne T. Watson, and David Evans. IEEE Transactions on Information Forensics and Security. May 2020. [PDF]
Empirically Measuring Concentration: Fundamental Limits on Intrinsic Robustness
Saeed Mahloujifar, Xiao Zhang, Mohammad Mahmoody, and David Evans. In NeurIPS. Vancouver, December 2019. [PDF] [arXiv] [Post] [Code]
Evaluating Differentially Private Machine Learning in Practice
Bargav Jayaraman and David Evans. In 28th USENIX Security Symposium. Santa Clara. August 2019. [PDF] [arXiv] [code]
Predictability of IP Address Allocations for Cloud Computing Platforms
Hussain M.J. Almohri, Layne T. Watson, and David Evans. In IEEE Transactions on Information Forensics and Security, 24 June 2019. [PDF]
Cost-Sensitive Robustness against Adversarial Examples
Xiao Zhang and David Evans. In Seventh International Conference on Learning Representations (ICLR). New Orleans. May 2019. [arXiv] [OpenReview] [PDF]
Context-aware Monitoring in Robotic Surgery
Mohammad Samin Yasar, David Evans, Homa Alemzadeh. In 2019 International Symposium on Medical Robotics (ISMR). Atlanta, Georgia. 3–5 April 2019. [arXiv] [PDF]
Distributed Learning without Distress: Privacy-Preserving Empirical Risk Minimization
Bargav Jayaraman, Lingxiao Wang, David Evans and Quanquan Gu. In 32nd Conference on Neural Information Processing Systems (NeurIPS). Montreal, Canada. December 2018. [PDF] [Video Summary]
Efficient Dynamic Searchable Encryption with Forward Privacy
Mohammad Etemad, Alptekin Küpçü Charalampos Papamanthou, and David Evans. In Privacy Enhancing Technologies Symposium (PETS). Barcelona, Spain. July 2018. [PDF]
Misery Digraphs: Delaying Intrusion Attacks in Obscure Clouds
Hussain Almohri, Layne T. Watson, and David Evans. IEEE Transactions on Information Forensics and Security. Volume 13, Number 6. June 2018. [PDF]
Fidelius Charm: Isolating Unsafe Rust Code
Hussain M. J. Almohri and David Evans. 8th ACM Conference on Data and Application Security and Privacy. Tempe, Arizona. March 2018. [PDF]
Feature Squeezing: Detecting Adversarial Examples in Deep Neural Networks
Weilin Xu, David Evans, and Yanjun Qi. In 2018 Network and Distributed System Security Symposium. 18-21 February, San Diego, California. [PDF] [Project]
Privacy-Preserving Distributed Linear Regression on High-Dimensional Data
Adrià Gascón and Phillipp Schoppmann and Borja Balle and Mariana Raykova and Jack Doerner and Samee Zahur and David Evans. In Privacy Enhancing Technologies Symposium (PETS). Minneapolis, Minnesota, 18 – 21 July 2017. [PDF]
Aggregating Private Sparse Learning Models Using Multi-Party Computation
Lu Tian, Bargav Jayaraman, Quanquan Gu, and David Evans. Private Multi-Party Machine Learning (NIPS 2016 Workshop). Barcelona, 9 December 2016. [PDF, 6 pages] [Project]
Secure Stable Matching at Scale
Jack Doerner, David Evans, abhi shelat. 23rd ACM Conference on Computer and Communications Security (CCS). Vienna, Austria. 24-28 October 2016. [PDF, 12 pages] [Project]
Revisiting Square-Root ORAM Efficient Random Access in Multi-Party Computation
Samee Zahur, Xiao Wang, Mariana Raykova, Adrià Gascón, Jack Doerner, David Evans, Jonathan Katz. 37th IEEE Symposium on Security and Privacy (“Oakland”). San Jose, CA. 23–25 May 2016. [PDF, 17 pages] [Project]
Automatically Evading Classifiers: A Case Study on PDF Malware Classifiers
Weilin Xu, Yanjun Qi, and David Evans. Network and Distributed System Security Symposium (NDSS). San Diego, CA. 21-24 February 2016. [PDF, 15 pages] [EvadeML.org]
Understanding and Monitoring Embedded Web Scripts
Yuchen Zhou and David Evans. 36th IEEE Symposium on Security and Privacy ("Oakland"). San Jose, CA. 18-20 May 2015. [PDF, 16 pages] [ScriptInspector.org]
Two Halves Make a Whole: Reducing Data Transfer in Garbled Circuits using Half Gates
Samee Zahur, Mike Rosulek, and David Evans. EuroCrypt 2015. Sofia, Bulgaria. 26-30 April 2015. [PDF, 28 pages] [Code]
SSOScan: Automated Testing of Web Applications for Single Sign-On Vulnerabilities
Yuchen Zhou and David Evans. 23rd USENIX Security Symposium, San Diego, CA 20-22 August 2014. [PDF, 16 pages]
Explicating SDKs: Uncovering Assumptions Underlying Secure Authentication and Authorization
Rui Wang, Yuchen Zhou, Shuo Chen, Shaz Qadeer, David Evans, and Yuri Gurevich. 22nd USENIX Security Symposium, Washington DC, 14-16 August 2013. [PDF, 16 pages]
Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose
Yan Huang, Jonathan Katz, and David Evans. 33rd International Cryptology Conference (CRYPTO 2013), Santa Barbara, CA, 18-22 August 2013. [PDF, 16 pages]
GuarDroid: A Trusted Path for Password Entry
Tianhao Tong and David Evans. Moble Security Technologies (MoST), San Francisco, CA, 23 May 2013. [PDF, 10 pages]
Circuit Structures for Improving Efficiency of Security and Privacy Tools
Samee Zahur and David Evans. 34th IEEE Symposium on Security and Privacy ("Oakland"), San Francisco, CA, 19-22 May 2013. [PDF, 15 pages]
Quid Pro Quo-tocols: Strengthening Semi-Honest Protocols with Dual Execution
Yan Huang, Jonathan Katz, and David Evans. In 33rd IEEE Symposium on Security and Privacy ("Oakland" 2012), San Francisco, CA. 20-23 May 2012. [PDF, 13 pages]
Private Set Intersection: Are Garbled Circuits Better than Custom Protocols?
Yan Huang, David Evans, and Jonathan Katz. In 19th Network and Distributed Security Symposium (NDSS 2012), San Diego, CA. 5-8 February 2012. [PDF, 15 pages]
Automated Black-Box Detection of Side-Channel Vulnerabilities in Web Applications
Peter Chapman and David Evans. In 18th ACM Conference on Computer and Communications Security (CCS 2011), Chicago, IL. 17-21 October 2011. [PDF, 12 pages]
Auditing Information Leakage for Distance Metrics
Yikan Chen and David Evans. In Third IEEE Conference on Privacy, Security, Risk and Trust, Boston, MA, 9-11 October 2011. [PDF, 10 pages]
Protecting Private Web Content from Embedded Scripts
Yuchen Zhou and David Evans. To appear in European Symposium on Research in Computer Security (ESORICS 2011), Lueven, Belguim. 12-14 September 2011. [PDF, 20 pages]
Privacy-Preserving Applications on Smartphones
Yan Huang, Peter Chapman, and David Evans. To appear in 6th USENIX Workshop on Hot Topics in Security (HotSec 2011), San Francisco. 9 August 2011. [PDF, 6 pages]
Faster Secure Two-Party Computation Using Garbled Circuits
Yan Huang, David Evans, Jonathan Katz, and Lior Malka. 20th USENIX Security Symposium, San Francisco, CA. 8-12 August 2011. (PDF, 16 pages)
Private Editing Using Untrusted Cloud Services
Yan Huang and David Evans. Second International Workshop on Security and Privacy in Cloud Computing. Minneapolis, Minnesota. 24 June 2011. (PDF, 10 pages)
GuardRails: A Data-Centric Web Application Security Framework
Jonathan Burket, Patrick Mutchler, Michael Weaver, Muzzammil Zaveri, and David Evans. 2nd USENIX Conference on Web Application Development  (WebApps 2011). Portland, Oregon. 15-16 June 2011. (PDF, 12 pages)
A Sub-0.5V Lattice-Based Public-Key Encryption Scheme for RFID Platforms in 130nm CMOS
Yu Yao, Jiawei Huang, Sudhanshu Khanna, abhi shelat, Benton Highsmith Calhoun, John Lach, and David Evans. 2011 Workshop on RFID Security (RFIDsec'11 Asia), Wuxi, China, 6-8 April 2011. (PDF, 19 pages)
Efficient Privacy-Preserving Biometric Identification
Yan Huang, Lior Malka, David Evans, and Jonathan Katz. 18th Network and Distributed System Security Symposium (NDSS 2011), San Diego, 6-9 February 2011. (PDF, 14 pages)
Why Aren't HTTP-only Cookies More Widely Deployed?
Yuchen Zhou and David Evans. Web 2.0 Security and Privacy (W2SP), Oakland, CA, 20 May 2010. (Paper: PDF, 5 pages)
Privacy through Noise: A Design Space for Private Identification
Karsten Nohl and David Evans. 2009 Annual Computer Security Applications Conference (ACSAC), Honolulu, Hawaii, 7-11 December 2009. (Paper: PDF, 10 pages)
The User is Not the Enemy: Fighting Malware by Tracking User Intentions
Jeff Shirley and David Evans. New Security Paradigms Workshop (NSPW 2008), Lake Tahoe, California, 22-25 September 2008. (Paper: PDF, 13 pages)
Hiding in Groups: On the Expressiveness of Privacy Distributions
Karsten Nohl and David Evans. 23rd International Information Security Conference (SEC 2008). Co-located with IFIP World Computer Congress 2008. Milan, Italy. 8-10 September 2008. (Paper: PDF, 15 pages; Extended technical report: PDF, 18 pages)
Reverse-Engineering a Cryptographic RFID Tag
Karsten Nohl, David Evans, Starbug, and Henryk Plötz. USENIX Security 2008. San Jose, CA. July 2008. (PDF, 9 pages; HTML)
Privacy Protection for Social Networking Platforms
Adrienne Felt and David Evans. Web 2.0 Security and Privacy 2008 (in conjunction with 2008 IEEE Symposium on Security and Privacy). Oakland, CA. 22 May 2008. (PDF, 8 pages) (Talk slides: PDF)
Security through Redundant Data Diversity
Anh Nguyen-Tuong, David Evans, John C. Knight, Benjamin Cox, Jack W. Davidson. 38th IEEE/IFPF International Conference on Dependable Systems and Networks, Anchorage, Alaska, June 2008. (PDF, 10 pages)
Talking to Strangers Without Taking Their Candy: Isolating Proxied Content
Adrienne Felt, Pieter Hooimeijer, David Evans, Westley Weimer. First International Workshop on Social Network Systems, Glasgow, Scotland, April 2008. (PDF, 6 pages)
Quantifying Information Leakage in Tree-Based Hash Protocols (short paper)
Karsten Nohl and David Evans. Eighth International Conference on Information and Communications Security (ICICS). Raleigh, North Carolina, December 2006. (Paper: PDF, 10 pages; Technical Report (UVA-CS-2006-20): PDF, 12 pages)
N-Variant Systems: A Secretless Framework for Security through Diversity
Benjamin Cox, David Evans, Adrian Filipi, Jonathan Rowanhill, Wei Hu, Jack Davidson, John Knight, Anh Nguyen-Tuong, and Jason Hiser. 15th USENIX Security Symposium, Vancouver, BC, August 2006. (PDF, 16 pages; HTML)
Comparing Java and .NET security: Lessons Learned and Missed
Nathanael Paul and David Evans. Computers & Security, Volume 25, Issue 5, July 2006. (PDF, HTML, 13 pages)

Secure and Practical Defense Against Code-injection Attacks Using Software Dynamic Translation

Wei Hu, Jason Hiser, Dan Williams, Adrian Filipi, Jack W. Davidson, David Evans, John C. Knight, Anh Nguyen-Tuong, and Jonathan Rowanhill. Second International Conference on Virtual Execution Environments. Ottawa, Canada, June 14-16, 2006. (PDF, 11 pages)
Perracotta: Mining Temporal API Rules From Imperfect Traces
Jinlin Yang, David Evans, Deepali Bhardwaj, Thirumalesh Bhat, Manuvir Das. 28th International Conference in Software Engineering, Research Track, Shanghai, China, May 2006. (PDF, 10 pages; Perracotta web site)
Inculcating Invariants in Introductory Courses
David Evans and Michael Peck. 28th International Conference in Software Engineering, Education Track, Shanghai, China, May 2006. (PDF, 6 pages; Talk [PPT])
Thermal Attacks on Storage Systems
Nathanael Paul, Sudhanva Gurumurthi, David Evans. 14th NASA Goddard, 23rd IEEE Conference on Mass Storage Systems and Technologies, College Park, Maryland, May 2006. (PDF, 9 pages)
Towards Disk-Level Malware Detection
Nathanael Paul, Sudhanva Gurumurthi, David Evans. Workshop on Code Based Software Security Assessments. Pittsburgh, Pennsylvania, USA, 7 November 2005.
Toasters, Seat Belts, and Inferring Program Properties
David Evans. IFIP Working Conference on Verified Software: Theories, Tools, Experiments. Zürich, Switzerland. 10-13 October 2005. (PDF, 8 pages)
Where's the FEEB?: The Effectiveness of Instruction Set Randomization
Ana Nora Sovarel, David Evans and Nathanael Paul. 14th USENIX Security Symposium. Baltimore, MD. August 2005. (PDF, HTML, 16 pages)
Automatically Hardening Web Applications Using Precise Tainting
Anh Nguyen-Tuong, Salvatore Guarnieri, Doug Greene, Jeff Shirley, and David Evans. IFIP TC11 20th International Conference on Information Security, June 2005. (PDF, 12 pages)
.NET Security: Lessons Learned and Missed from Java
Nathanael Paul and David Evans. Twentieth Annual Computer Security Applications Conference (ACSAC 2004). December 6-10, 2004, Tucson, Arizona. (PDF, 10 pages) (Extended version published in Computers & Security.)
Automatically Inferring Temporal Properties for Program Evolution
Jinlin Yang and David Evans. Fifteenth IEEE International Symposium on Software Reliability Engineering (ISSRE 2004). 2-5 November 2004, Saint-Malo, France. (PDF, 12 pages)
Localization for Mobile Sensor Networks
Lingxuan Hu and David Evans. Tenth Annual International Conference on Mobile Computing and Networking (ACM MobiCom 2004). 26 September - 1 October 2004. (PDF, 13 pages)
Dynamically Inferring Temporal Properties
Jinlin Yang and David Evans. ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering (PASTE 2004). Washington, DC 7-8 June 2004. (PDF, 6 pages) [ACM DL Page]
Election Security: Perception and Reality
David Evans and Nathanael Paul. IEEE Security and Privacy, January-February 2004. (PDF, 8 pages)
Using Directional Antennas to Prevent Wormhole Attacks
Lingxuan Hu and David Evans. Network and Distributed System Security Symposium, San Diego, 5-6 February 2004. (PDF, 11 pages)
EnviroTrack: Towards an Environmental Computing Paradigm for Distributed Sensor Networks
T. Abdelzaher, B. Blum B, Q. Cao, Y. Chen, D. Evans, J. George, S. George, L. Gu, T. He, S. Krishnamurthy, L. Luo, S. Son, J. Stankovic, R. Stoleru and A. Wood. The 24th International Conference on Distributed Computing Systems. Tokyo, Japan. March 23-26, 2004. (PDF, 8 pages)
A Biological Programming Model for Self-Healing
Selvin George, David Evans and Steven Marchette. First ACM Workshop on Survivable and Self-Regenerative Systems, October 31, 2003. (PDF, 10 pages)
Power-Efficient Adaptable Wireless Sensor Networks
John Lach, David Evans, Jon McCune, Jason Brandon. Military and Aerospace Programmable Logic Devices (MAPLD) International Conference 2003. September 9-11, 2003. (PDF, 2 page abstract; PDF, full paper, 8 pages)
Towards Differential Program Analysis
Joel Winstead and David Evans. Workshop on Dynamic Analysis. 9 May 2003. (PDF, 4 pages)
Authentication for Remote Voting
Nathanael Paul, David Evans, Avi Rubin and Dan Wallach. Workshop on Human-Computer Interaction and Security Systems. 6 April 2003. (PDF, 4 pages)
Secure Aggregation for Wireless Networks.
Lingxuan Hu and David Evans. Workshop on Security and Assurance in Ad hoc Networks. January, 2003. (PDF, PS, 8 pages)
A Biologically Inspired Programming Model for Self-Healing Systems.
Selvin George, David Evans and Lance Davidson. Workshop on Self-Healing Systems (WOSS'02). November, 2002. (PDF, PS, 3 pages) [ACM DL Page]
Improving Security Using Extensible Lightweight Static Analysis.
David Evans and David Larochelle. IEEE Software, Jan/Feb 2002. (PDF, 10 pages)
Security Issues and Requirements for Internet-Scale Publish-Subscribe Systems.
Chenxi Wang, Antonio Carzaniga, David Evans, Alexander L. Wolf. In Hawaii International Conference on System Sciences, January 7-10, 2002. (PDF, 8 pages)
Structured Exception Semantics for Concurrent Loops.
Joel Winstead and David Evans. In Fourth Workshop on Parallel/High-Performance Object-Oriented Scientific Computing 14-18 October 2001, Tampa Bay. (PS, 20 pages)
Statically Detecting Likely Buffer Overflow Vulnerabilities.
David Larochelle and David Evans. In Proceedings of the 2001 USENIX Security Symposium, Washington, D. C., August 13-17, 2001. (PDF, HTML, 13 pages)
Annotation-Assisted Lightweight Static Checking
David Evans. The First International Workshop on Automated Program Analysis, Testing and Verification (ICSE 2000). Feb 25, 2000.
Separation of Concerns for Security
John Viega and David Evans. Workshop on Multi-Dimensional Separation of Concerns in Software Engineering (ICSE 2000). Feb 25, 2000.
Policy-Directed Code Safety
David Evans and Andrew Twyman. In Proceedings of the 1999 IEEE Symposium on Security and Privacy, Oakland, California, May 9-12, 1999. (PDF, PS, 14 pages)
Static Detection of Dynamic Memory Errors
David Evans. In SIGPLAN Conference on Programming Language Design and Implementation (PLDI '96), Philadelphia, PA, May 1996. (PS, PDF, 10 pages)

LCLint: A Tool for Using Specifications to Check Code

David Evans, John Guttag, Jim Horning and Yang Meng Tan, SIGSOFT Symposium on the Foundations of Software Engineering, December 1994. (PDF, PS; 10 pages)

General Audience Writing (non-technical papers and other fun stuff)

Algorithmic Accountability and the Law
Tom Nachbar and David Evans. Brink, 7 December 2020. [ Brink News]
Jobs for Humans, 2029-2059
Write-up of talk a fundraiser for Academy of Hope. 30 October 2019. [Talk Write-up]
Four Key Risks about AI Systems
David Evans. 9 July 2019. [Brink]
Keynote: Truth, Social Justice (and the American Way?)
David Evans. Invited paper for keynote talk at First ACM Workshop for Women in Cybersecurity, 30 October 2017. (PDF, 2 pages)
On the Impossibility of Virus Detection
David Evans. 12 February 2017. (PDF, 6 pages)
On the Non-Equivalence of the Kleene-* and Kleene-X Operators
(with Dorina M. Evans). First International Conference on Hygenic Computing, Gesundheit Institute, 12 March 2013.
CS101: One Year Later
David Evans. 20 February 2013. Blog post about my experiences at Udacity.
How Computing Changes Thinking
David Evans. Essay in What Should I Read Next?: 70 University of Virginia Professors Recommend Readings in History, Politics, Literature, Math, Science, Technology, the Arts, and More edited by Jessica Feldman and Robert Stilling, University of Virginia Press, 2008. [HTML, PDF, 4 pages]
Pancakes, Puzzles, and Polynomials: Cracking the Cracker Barrel
Christopher Frost, Michael Peck, David Evans. SIGACT News, March 2004. [PDF, 4 pages]

Invited (and Uninvited) Publications

Efficient Secure Computation with Garbled Circuits
Yan Huang, Chih-hao Shen, David Evans, Jonathan Katz, and abhi shelat. Invited paper for Seventh International Conference on Information Systems Security (ICISS 2011). 15-19 December 2011, Jadavpur University, Kolkata. [PDF (21 pages)]
Science of Security
Special Issue of IEEE Security and Privacy Magazine, May/June 2011. Co-edited by David Evans and Sal Stolfo.

Includes:

Effectiveness of Moving Target Defenses
David Evans, Anh Nguyen-Tuong, and John Knight. Chapter in Moving Target Defense: An Asymmetric Approach to Cyber Security, edited by Sushil Jajodia. Springer. Planned for 2011. (20 pages)
Automatic Inference and Effective Application of Temporal Specifications
Jinlin Yang and David Evans. Chapter in Mining Software Specifications: Methodologies and Applications. Edited by David Lo, Siau-Cheng Khoo, Chao Liu, and Jiawei Han. CRC Press. 2011. [PDF, 74 pages]
Creating a Computer Science Major for Arts & Sciences Students
David Evans and J. McGrath Cohoon. Computing Research News, Computing Research Association, January 2008. (PDF, 3 pages)
Hostile Java Applets
David Evans. Article in The Handbook of Information Security. September 2005. [PDF, 10 pages]
Finding Security Vulnerabilities Before Evildoers Do
David Evans. Invited paper for Conferencia Internacional de Software Libre, Malaga, Spain, 20 February 2004. [PDF, 6 pages]

LCLint User's Guide

David Evans, February 1996 - 2001. (Obsoleted by Splint.)
Splint User's Guide
Secure Programming Group, 2002.

Selected Proposals

NSF CAREER: Programming the Swarm
David Evans. Submitted July 2000. Grant awarded 1 March 2001 - 28 Feb 2006. (PDF, PS, NSF Page) [Cited in Jane McGonigal's PhD (Performance Studies) Thesis, This Might Be a Game: Ubiquitous Play and Performance at the Turn of the Twenty-First Century!]

University of Virginia Teaching Fellowship: Teaching Introductory Computer Science as a Liberal Art

David Evans. Submitted February 2001. Awarded 2001-2002. (PDF, Course)

NSF CCLI: Teaching Software Engineering Using Lightweight Analysis

David Evans. Submitted June 2001. Grant awarded 1 January 2002 - 31 December 2003. (PDF, PS)
NSF ITR: A Framework for Environment-Aware, Massively Distributed Computing
David Evans (PI), Tarek Abdelzaher and David Brogan. Submitted 13 Nov 2001. Grant awarded September 2002 - August 2005. (PDF)

Other Publications

Nathaneal Paul and David Evans. Isolating Drivers without Tears. IEEE Security and Privacy Work-in-Progress Abstract. May 2004. [PDF]

Christopher Frost, Michael Peck, David Evans. Pancakes, Puzzles, and Polynomials: Cracking the Cracker Barrel. University of Virginia Computer Science Technical Report, CS-2004-04. March 2004. [PDF]

David Evans and Michael Peck. Simulating Critical Software Engineering. University of Virginia Computer Science Technical Report, CS-2004-03. February 2004. [PDF]

Weilin Zhong and David Evans. When Ants Attack: Security Issues for Stigmergic Systems. University of Virginia Computer Science Technical Report, CS-2002-23. April 2002. [PDF]

Theses

Policy-Directed Code Safety
David Evans. MIT PhD Thesis. October 19, 1999. (abstract; PDF, PS, 137 pages).

Using Specifications to Check Source Code

David Evans. MIT SM Thesis. MIT/LCS/TR-628, June 1994. (PDF, PS, 96 pages)

Videos

On the Non-Equivalence of the Kleene-* and Kleene-X Operators

David Evans and Dorina Evans. Zeroth International Conference on Hygenic Computing. 12 March 2013.
On The Run
Marc Raibert, Jessica Hodgins, Robert Playter, Lance Borvansky, Lee Campbell, David Evans, Adam Crane and Marie Lamb, SIGGRAPH `91 Electronic Theater Las Vegas. Also shown at Los Angeles International Animation Celebration, October 1991; London Computer Animation Festival, October 1991; and Imagina, Monte Carlo, January 1992. (Video)