Papers

These are some of the papers I’ve published. I’m adding to them slowly, so if you see something you want but it isn’t there, let me know.

The papers are in Postscript (PS) and PDF (PDF) format. In some cases, I needed to generate HTML, and when I did, I made it available.

2020

• A. Singer and M. Bishop, “Trust-Based Security; Or, Trust Considered Harmful,” to appear in the Proceedings of the 2020 New Security Paradigms Workshop (Oct. 2020).
• S. Furnell and M. Bishop, “Education for the Multifaith Community of Cybersecurity,” Proceedings of the 13th World Information Security Education Conference pp. 32–45 (Sep. 2020).
• R. Gegan, B. Perry, D. Ghosal, and M. Bishop, “Insider Attack Detection for Science DMZs Using System Performance Data,” Proceedings of the Sixth IEEE Workshop on Security and Privacy in the Cloud pp. 1–9 (July 2020).
• R. Sun, M. Botacin, N. Sapountzis, X. Yuan, M. Bishop, D. Porter, X. Li, A. Gregio, and D. Oliveira, “A Praise for Defensive Programming: Leveraging Uncertainty for Effective Malware Mitigation,” IEEE Transactions on Dependable and Secure Computing (Apr. 2020)
• R. Gegan, C. Mao, D. Ghosal, M. Bishop, and S. Peisert, “Anomaly Detection for Science DMZs Using System Performance Data,” Proceedings of the 2020 International Conference on Computing, Networking and Communications pp. 492–496 (Feb. 2020).
• S. Furnell and M. Bishop, “Addressing Cyber Security Skills: The Spectrum, Not the Silo,” Computer Fraud & Security 2020(2) pp. 6–11 (Feb. 2020).
• J. Clark, M. Bishop, and C. Hoke, “Introduction to the Minitrack on Inside the Insider Threat,” Proceedings of the 53rd Hawaii International Conference on System Sciences pp. 2228–2229 (Jan. 2020).

2019

• M. Dupuis, M. Bishop, B. Lagesse, C. Bejan, and S. David, “Design Patterns for Compensating Controls for Securing Financial Sessions,” Proceedings of the 2019 IEEE SmartWorld, Ubiquitous Intelligence & Computing, Advanced & Trusted Computing, Scalable Computing & Communications, Cloud & Big Data Computing, Internet of People and Smart City Innovation pp. 1437–1443 (Aug. 2019).
• K. Nance, V. Nestler, and M. Bishop, “Use My Digital Forensics Tool … It’s Shiny,” Journal of International Technology and Information Management 28(3) pp. 91–100 (2019).
• S. Templeton, M. Bishop, K. Levitt, and M. Heckman, “A Biological Framework for Characterizing Mimicry in Cyber-Deception,” Proceedings of the European Conference on Cyber Warfare and Security pp. 508–517 (July 2019).
• M. Bishop, M. Dark, L. Futcher, and J. van Niekerk, “Learning Principles and the Secure Programming Clinic,” Proceedings of the 12th World Conference on Information Security Education pp. 17–29 (June 2019).
• J. Clark, M. Bishop, and C. Hoke, “Introduction to the Minitrack on Inside the Insider Threats,” Proceedings of the 52nd Hawaii International Conference on System Sciences pp. 3200–3201 (Jan. 2019).

2018

• I. Ngambeki, J. Dai, P. Nico, and M. Bishop, “Concept Inventories in Cybersecurity Education: An Example from Secure Programming,” Proceedings of the 2018 IEEE Frontiers in Education Conference pp. 1–5 (Oct. 2018).
• M. Bishop, “A Design for a Collaborative Make-the-Flag Exercise,” Proceedings of the 2018 World Information Security Education Conference pp. 3–14 (Sep. 2018).
• M. Bishop, C. Gates, and K. Levitt, “Arguing for Argumentation in Break-the-Glass Scenarios,” Proceedings of the 2018 New Security Paradigms Workshop pp. 1–11 (Aug. 2018).
• M. Bishop, “A Constructive Build-the-Flag Contest,” Report of the Workshop on New Approaches to Cybersecurity Education (June 2018).
• D. Burley, M. Bishop, S. Kaza, D. Gibson, S. Buck, A. Parrish, and H. Mattord, “Special Session: Joint Task Force on Cybersecurity Education,” Proceedings of the 49th ACM Technical Symposium on Computer Science Education pp. 918–919 (Mar. 2018).
• W. Conklin and M. Bishop, “Contrasting the CSEC 2017 and the CAE Designation Requirements,” Proceedings of the 51st Hawaii International Conference on System Sciences pp. 2435–2441 (Jan. 2017).
• M. Bishop, J. Kesan, and J. Clark, “Introduction to the Minitrack on Insider Threats to Governments and Organizations,” Proceedings of the 51st Hawaii International Conference on System Sciences p. 2434 (Jan. 2018).

2017

• S. Peisert, M. Bishop, and E. Talbot, “A Model of Owner Controlled, Full-Provenance, Non-Persistent, High-Availability Information Sharing,” Proceedings of the 2017 New Security Paradigms Workshop pp. 80–89 (Oct. 2017).
• A. Sarkar, S. Köhler, B. Ludäscher, and M. Bishop “Insider Attack Identification and Prevention in Collection-Oriented Dataflow-Based Processes,” IEEE Systems Journal 11(2) pp. 522–533 (June 2017).
• R. Sun, X. Yang, A. Lee, M. Bishop, D. Porter, X. Li, A. Gregio, and D. Oliveira, “The Dose Makes the Poison — Leveraging Uncertainty for Effective Malware Detection,” Proceedings of the 2017 IEEE Conference on Dependable and Secure Computing, pp. 123–130 (Aug. 2017).
• M. Bishop, D. Burley, and L. Futcher, “Workshop on the Joint Task Force Cybersecurity Curricular Guidelines,” Proceedings of the 10th World Conference on Information Security Education pp. ix–x (May 2017).
• M. Bishop, D. Burley, S. Buck, J. Ekstrom, L. Futcher, D. Gibson, E. Hawthorne, S. Kaza, Y. Levy, H. Mattord, and A. Parrish, “Cybersecurity Curricular Guidelines,” Proceedings of the 10th World Conference on Information Security Education pp. 3–13 (May 2017).
• M. Bishop, J. Dai, M. Dark, I. Ngambeki, P. Nico, and M. Zhu, “Evaluating Secure Programming Knowledge,” Proceedings of the 10th World Conference on Information Security Education pp. 51–62 (May 2017).
• H. Fu, Z. Zheng, S. Bose, M. Bishop, and P. Mohapatra, “LeakSemantic: Identifying Abnormal Sensitive Network Transmissions in Mobile Applications,” IEEE Conference on Computer Communications (to appear) (May 2017).
• L. Osterweil, M. Bishop, H. Conboy, H. Phan, B. Simidchieva, G. Avrunin, L. Clarke, and S. Peisert, “Iterative Analysis to Improve Key Properties of Critical Human-Intensive Processes: An Election Security Example,” ACM Transactions on Privacy and Security 20(20 pp. 5:1–5:30 (Mar. 2017).
• D. Burley, M. Bishop, S. Kaza, D. Gibson, E. Hawthorne, and S. Buck, “ACM Joint Task Force on Cybersecurity Education,” Proceedings of the 2017 ACM SIGCSE Technical Symposium on Computer Science pp. 683–684 (Mar. 2017).
• K. Nance and M. Bishop, “Deception, Digital Forensics, and Malware Minitrack (Introduction),” Proceedings of the 50th Hawaii International Conference on System Science p. 6059 (Jan. 2017).
• M. Bishop, K. Nance, and J. Clark, “Inside the Insider Threat (Introduction),” Proceedings of the 50th Hawaii International Conference on System Science p. 2637 (Jan. 2017).
• R. Linger, L. Goldrich, M. Bishop, and M. Dark, “Agile Applied Research for Cybersecurity: Creating Authoritative, Actionable Knowledge When Speed Matters,” Proceedings of the 50th Hawaii International Conference on System Sciences pp. 5958–5967 (Jan. 2017).

2016

• R. Sun, A. Lee, A. Chen, D. Porter, M. Bishop, D. Oliveira, “Bear: A Framework for Understanding Application Sensitivity to OS (Mis) Behavior,” Proceedings of the 27th IEEE International Symposium on Software Reliability Engineering pp. 388–399 (Oct. 2016).
• M. Fioravanti II, M. Bishop, and R. Ford, “I’m Not Sure If We’re Okay: Uncertainty for Attackers and Defenders,” Proceedings of the 2016 New Security Paradigms Workshop pp. 1–10 (Sep. 2016).
• M. Dark, L. Stuart, I. Ngambeki, and M. Bishop, “Effect of the Secure Programming Clinic on Learners’ Secure Programming Practices,” Proceedings of the 20th Colloquium on Information Systems Security Education (June 2016).
• B. Copos, K. Levitt, M. Bishop, and J. Rowe, “Is Anybody Home? Inferring Activity From Smart Home Network Traffic,” Proceedings of the 2016 IEEE Security and Privacy Workshops pp. 245–251 (May 2016).
• D. Burley, M. Bishop, E. Hawthorne, S. Kaza, S. Buck, and L. Futcher, “Special Session: ACM Joint Task Force on Cyber Education,” Proceedings of the 47th ACM Technical Symposium on Computing Science Education pp. 234–235 (Feb. 2016).
• K. Nance and M. Bishop, “Introduction to HICCS-49 Digital Forensics &mash; Education, Research and Practice Minitrack,” Proceedings of the 49th Hawaii International Conference on System Sciences p. 5596 (Jan. 2016).
• M. Bishop, K. Nance, and W. Claycomb, “Inside the Insider Threat (Introduction),” Proceedings of the 49th Hawaii International Conference on System Sciences p. 2728 (Jan. 2016).

2015

• S. Belcher, M. Bishop, M. Dark, and I. Ngambeki, “Practice, Practice, Practice … Secure Programmer,” Proceedings of the 19th Colloquium on Information Systems Security Education (June 2015).
• S. Belcher, M. Bishop, M. Dark, and I. Ngambeki, “Teach the Hands, Train the Mind … A Secure Programming Clinic,” Proceedings of the 19th Colloquium on Information Systems Security Education (June 2015).
• M. Dark, M. Bishop, R. Linger, and L. Goldrich, “Realism in Teaching Cybersecurity Research: The Agile Research Process,” Proceedings of the 9th World Conference on Information Security Education pp. 3–14 (May 2015).
• R. Sun, D. Porter, D. Oliveira, and M. Bishop, “The Case for Less Predictable Operating System Behavior,” Proceedings of the 15th Workshop on Hot Topics in Operating Systems (May 2015).
• R. Sun, M. Bishop, N. Ebner, D. Oliveira, and D. Porter, “The Case for Unpredictability and Deception as OS Features,” ;login: 40(4) pp. 12–17(Aug. 2015).

2014

• E. Talbot, S. Peisert, and M. Bishop, “Principles of Authentication,” Who are you?! Adventures in Authentication: WAY Workshop (Symposium on Usable Privacy and Security) (July 2013).
• M. Bishop, H. Conboy, H. Phan, B. Simidchieva, G. Avrunin, L. Clarke, L. Osterweil, and S. Peisert, “Insider Threat Identification by Process Analysis” Proceedings of the 2014 Workshop on Research on Insider Threat (2014 IEEE Security and Privacy Workshops) pp. 251–264 (May 2014).
• A. Sarkar, S. Köhler, S. Riddle, B. Ludäscher, and M. Bishop, “Insider Attack Identification and Prevention Using a Declarative Approach” Proceedings of the 2014 Workshop on Research on Insider Threat (2014 IEEE Security and Privacy Workshops) pp. 265–276 (May 2014).

2013

• R. Ford, M. Carvalho, L. Mayron, and M. Bishop, “Antimalware Software: Do We Measure Resilience?” Proceedings of the First Workshop on Anti-Malware Testing Research pp. 1–7 (Oct. 2013).
• M. Bishop, “Cauton: Danger Ahead (with Big Data)” Proceedings of the First Workshop on Anti-Malware Testing Research pp. 1–7 (Oct. 2013).
• J. Ard, M. Bishop, C. Gates, and M. Sun, “Information Behaving Badly,” Proceedings of the 2013 New Security Paradigms Workshop pp. 107–118 (Sep. 2013).
• M. Bishop, E. Butler, K. Butler, C. Gates, and S. Greenspan, “Forgive and Forget: Return to Obscurity,” Proceedings of the 2013 New Security Paradigms Workshop pp. 1–10 (Sep. 2013).
• M. Bishop and C. Hoke, “The Risk of Propagating Standards,” Proceedings of the Workshop on Risk Perception in IT Security and Privacy (Symposium on Usable Privacy and Security) (July 2013).
• H. Armstrong, M. Bishop, and C. Armstrong, “Virtual Penetration Testing: A Joint Education Exercise Across Geographic Boundaries,” Proceedings of the Eighth World Information Systems Education Conference pp. 11–19 (July 2013).
• M. Bishop, B. Taylor, E. Hawthorne, D. Burley, and S. Kaza, “Introducing Secure Coding in CS0 and CS1 (Abstract Only),” Proceedings of the 44th ACM Technical Symposium on Computer Science Education p. 761 (Mar. 2013).
• M. Bishop, E. Hawthorne, K. Nance, and B. Taylor, “Teaching Secure Coding—The Myths and the Realities,” Proceedings of the 44th ACM Technical Symposium on Computer Science Education pp. 281–282 (Mar. 2013).
• S. Whalen, S. Peisert, and M. Bishop, “Multiclass Classification of Distributed Memory Parallel Computations,” Pattern Recognition Letters 34(3) pp. 322–329 (Feb. 2013).
• K. Nance, M. Bishop, and A. Phillips, “Introduction to Digital Forensics — Education, Research, and Practice Minitrack,” Proceedings of the 46th Hawaii International Conference on System Science p. 4879 (Jan. 2016).

2012

• D. Fu and M. Bishop, “Metaphor Computing,” Proceedings of the Artificial Intelligence and Interactive Digital Entertainment Conference pp. 29–32 (Oct. 2012).
• S. Peisert, E. Talbot, and M. Bishop, “Turtles All The Way Down: A Clean-Slate, Ground-Up, First-Principles Approach to Secure Systems,” Proceedings of the 2012 New Security Paradigms Workshop (Sep. 2012).
• M. Bishop and S. Peisert, “Security and Elections,” IEEE Security and Privacy 10(5) pp. 64–67 (Sep. 2012).
• M. Bishop, “Learning and Experience in Computer Security Education,” Actas de la XII Reunión Española sobre Criptología y Seguridad de la Información pp. 1–6 (Sep. 2012).
• H. Phan, G. Avrunin, M. Bishop, L. Clarke, and L. Osterweil, “A Systematic Process-Model-Based Approach for Synthesizing Attacks and Evaluating Them,” Proceedings of the 2012 USENIX/ACCURATE Electronic Voting Technology Workshop (Aug. 2012).
• M. Bishop, M. Doroud, C. Gates, and J. Hunker, “Effects of Attribution Policies: The Second Summer of the Sisterhood,” Proceedings of the 11th European Conference on Information Warfare and Security pp. 63–69 (July 2012).
• K. Nance, B. Hay, and M. Bishop, “Secure Coding Education: Are We Making Progress?,” Proceedings of the 16th Colloquium for Information Systems Security Education (June 2012).
• S. Whalen, S. Engle, S. Peisert, and M. Bishop, “Network-Theoretic Classification of Parallel Computation Patterns,” International Journal of High Performance Computing 26(2) pp. 159–169 (May 2012).
• R. Ford, M. Carvalho, L. Mayron, and M. Bishop, “Towards Metrics for Cyber Security,” 21st EICAR Annual Conference Proceedings pp. 151–159 (May 2012).
• M. Bishop, S. Engle, D. Howard, and S. Whalen, “A Taxonomy of Buffer Overflow Characteristics,” IEEE Transactions on Dependable and Secure Computing 9(3) pp. 305–317 (May 2012).
• B. Taylor, M. Bishop, D. Burley, S. Cooper, R. Dodge, and R. Seacord, “Teaching Secure Coding—Report from Summit on Education in Secure Software,” Proceedings of the 43rd ACM Technical Symposium on Computer Science Education pp. 581–582 (Feb. 2012).
• B. Hay, K. Nance, M. Bishop, and L. McDaniel, “Are Your Papers in Order? Developing and Enforcing Multi-tenancy and Migration Policies in the Cloud,” Proceedings of the 45th Hawaii International Conference on System Science pp. 5473–5479 (Jan. 2012).

2011

• M. Bishop, C. Gates, P. Yellowlees and G. Silberman, “Facebook Goes to the Doctor,” Proceedings of the 2011 Workshop on Governance of Technology, Information, and Policies pp. 13--20 (Dec. 2011).
• J. Hunker, C. Gates, and M. Bishop, “Attribution Requirements for Next Generation Internets,” Proceedings of the 2011 IEEE International Conference on Technologies for Homeland Security pp. 345--350 (Nov. 2011).
• M. Ramilli, M. Bishop, and S. Sun, “Multiprocess Malware,” Proceedings of the 6th International Conference on Malicious and Unwanted Software pp. 8–13 (Oct. 2011).
• M. Bishop, R. Ford, and M. Ramilli, “Results-Oriented Security,” Proceedings of the 6th International Conference on Malicious and Unwanted Software pp. 42–49 (Oct. 2011).
• M. Bishop, M. Carvalho, R. Ford, and L. Mayron, “Resilience is More Than Availability,” Proceedings of the 2011 New Security Paradigms Workshop pp. 95–104 (Sep. 2011).
• C. Gates and M. Bishop, “One of These Records Is Not Like the Other,” Proceedings of the Third USENIX Workshop on the Theory and Practice of Provenance (June 2011).
• S. Whalen, S. Peisert, and M. Bishop, “Network-Theoretic Classification of Parallel Computation Patterns,” Proceedings of the First International Workshop on Characterizing Applications for Heterogeneous Exascale Systems (June 2011).
• M. Clifford and M. Bishop, “Trust of Medical Devices, Applications, and Users in Pervasive Healthcare,” Proceedings of the Fourth International Conference on Pervasive Technologies Related to Assistive Environments pp. 51–54 (May 2011).
• M. Bishop and C. Elliott, “Robust Programming by Example,” Proceedings of the Seventh World Conference on Information Security Education pp. 23–30 (June 2011).
• M. Bishop and K. Nance, “The Strengths and Challenges of Analogical Approaches to Computer Security Education,” Proceedings of the Seventh World Conference on Information Security Education pp. 96–102 (June 2011).
• M. Bishop, “Teaching Security Stealthily,” IEEE Security and Privacy 9(2) pp. 69–71 (Mar. 2011).
• M. Bishop, B. Hay, and K. Nance, “Applying Formal Methods Informally,” Proceedings of the 44th Hawaii International Conference on System Sciences pp. 1–8 (Jan. 2011).
• B. Hay, K. Nance, and M. Bishop, “Storm Clouds Rising: Security Challenges for IaaS Cloud Computing,” Proceedings of the 2011 Hawaii International Conference on System Sciences pp. 1–7 (Jan. 2011).
• M. Bishop, “Computer Security in the Future,” The ISC International Journal of Information Security 3(1) pp. 3–27 (Jan. 2011).

2010

• M. Bishop, S. Greenwald, and M. Locasto, “New Security Paradigms Workshop,” ;login: 35(6) pp. 117–124 (Dec. 2010).
• M. Ramilli and M. Bishop, “Multi-Stage Delivery of Malware,” Proceedings of the 5th IEEE International Conference on Malicious and Unwanted Software pp. 91–97 (Oct. 2010).
• M. Bishop, J. Cummins, S. Peisert, A. Singh, B. Bhumiratana, D. Agarwal, D. Frincke, and M. Hogarth, “Relationships and Data Sanitization: A Study in Scarlet,” Proceedings of the 2010 New Security Paradigms Workshop pp. 151–164 (Sep. 2010).
• S. Whalen, M. Bishop, and J. Crutchfield, “Hidden Markov Models for Automated Protocol Learning,” Proceedings of SecureComm 2010 pp. 415–428 (Sep. 2010).
• M. Bishop, “Technology, Training, and Transformation,” IEEE Security and Privacy 8(5) pp. 72–75 (Sep. 2010).
• B. Simidchieva, S. Engle, M. Clifford, A. Jones, S. Peisert, M. Bishop, L. Clarke, and L. Osterweil, “Modeling and Analyzing Faults to Improve Election Process Robustness,” Proceedings of the 2010 USENIX/ACCURATE Electronic Voting Technology Workshop (Aug. 2010).
• M. Bishop and C. Hoke, “Essential Baseline Research for UOCAVA-MOVE Act Implementation at the State-Local Levels,” Workshop on UOCAVA Remote Voting Systems (Aug. 2010).
• C. Gates and M. Bishop, “The Security and Privacy Implications of Using Social Networks to Deliver Healthcare,” Proceedings of the 3rd International Conference on Pervasive Technologies Related to Assistive Environments (June 2010).
• M. Bishop, “Ten Years Past and Ten Years from Now,” Actas de la X Journada de Seguridad Informática (June 2010).
• E. Talbot, D. Frincke, and M. Bishop, “Demythifying Security,” IEEE Security and Privacy 8(3) pp. 56–59 (May 2010).
• P. Neumann, M. Bishop, S. Peisert, and M. Schaefer, “Reflections on the 30th Anniversary of the IEEE Symposium on Security and Privacy,” Proceedings of the 2010 IEEE Symposium on Security and Privacy pp. 109–13 (May 2010).
• M. Bishop, “A Clinic for ‘Secure’ Programming,” IEEE Security and Privacy 8(2) pp. 54–56 (Mar. 2010).

2009

• M. Bishop, “Reflections on UNIX Security,” Proceedings of the 25th Annual Computer Security Applications Conference pp. 161–184 (Dec. 2009); includes the previously unpublished 1983 paper “Security Problems with the UNIX Operating System”.
• S. Cooper, C. Nickell, V. Piotrowski, B. Oldfield, A. Abdallah, M. Bishop, B. Caelli, M. Dark, E. Hawthorne, L. Hoffman, L. Pérez, C. Pfleeger, R. Raines, C. Schou, and J. Brynielsson, “An Exploration of the Current State of Information Assurance Education,” ACM SIGCSE Bulletin 41(4) pp. 109–125 (Dec. 2009).
• S. Peisert, M. Bishop, L. Corriss, and S. Greenwald, “Quis Custodiet ipsos Custodes? A New Paradigm for Analyzing Security Paradigms,” Proceedings of the 2009 New Security Paradigms Workshop pp. 71–84 (Sep. 2009).
• M. Bishop, C. Gates, and J. Hunker, “Sisterhood of the Traveling Packets,” Proceedings of the 2009 New Security Paradigms Workshop pp. 59–70 (Sep. 2009).
• R. Gardner, M. Bishop, and T. Kohno, “Are Patched Machines Really Fixed?” IEEE Security and Privacy 7(5) pp. 82–88 (Sep. 2009).
• M. Bishop, S. Peisert, C. Hoke, M. Graff, and D. Jefferson, “E-Voting and Forensics: Prying Open the Black Box,” Proceedings of the 2009 USENIX/ACCURATE Electronic Voting Technology Workshop (Aug. 2009).
• M. Bishop, “Some ‘Secure Programming’ Exercises for an Introductory Programming Class,” Proceedings of the Seventh World Conference on Information Security Education pp. 226–232(July 2009).
• B. Bhumiratana and M. Bishop, “Privacy Aware Data Sharing: Balancing the Usability and Privacy of Datasets,” Proceedings of the 2nd International Conference on Pervasive Technologies Related to Assistive Environments (June 2009).
• Z. Le, M. Bishop and F. Makedon, “Strong Mobile Device Protection from Loss and Capture,” Proceedings of the 2nd International Conference on Pervasive Technologies Related to Assistive Environments (June 2009).
• M. Bishop and C. Taylor, “A Critical Analysis of the Centers of Academic Excellence Program,” Proceedings of the 13^th Colloquium for Information Systems Security Education (June 2009).
• M. Bishop, C. Gates, D. Frincke, and F. Greitzer, “AZALIA: A to Z Assessment of the Likelihood of Insider Attack,” Proceedings of the 2009 IEEE International Conference on Technologies for Homeland Security (May 2009).
• B. Hay, K. Nance, and M. Bishop, “Live Analysis: Progress and Challenges,” IEEE Security and Privacy 7(2) pp. 30–37 (Mar. 2009).
• K. Nance, B. Hay, and M. Bishop, “Investigating the Implications of Virtual Machine Introspection for Digital Forensics,” Proceedings of the 2009 International Conference on Availability, Reliability and Security pp. 1024–1029 (Mar. 2009).
• M. Bishop, S. Engle, S. Peisert, S. Whalen, and C. Gates, “Case Studies of an Insider Framework,” Proceedings of the 2009 Hawaii International Conference on System Sciences (Jan. 2009).
• S. Peisert, M. Bishop, and A. Yasinsac, “Vote Selling, Voter Anonymity, and Forensic Logging of Electronic Voting Machines” Proceedings of the 2009 Hawaii International Conference on System Sciences (Jan. 2009).
• K. Nance, B. Hay, and M. Bishop, “Digital Forensics: Defining a Research Agenda,” Proceedings of the 2009 Hawaii International Conference on System Sciences (Jan. 2009).

2008

• M. Bishop, S. Engle, C. Gates, S. Peisert, and S. Whalen, “We Have Met the Enemy and He Is Us,” Proceedings of the 2008 New Security Paradigms Workshop pp. 1–12 (Sep. 2008).
• K. Nance, M. Bishop, and B. Hay, “Virtual Machine Introspection: Observation or Interference?,” IEEE Security and Privacy 6(5) pp. 32–37 (Sep. 2008).
• S. Peisert, M. Bishop, and K. Marzullo, “Computer Forensics In Forensis,” Proceedings of the Third International IEEE Workshop on Systematic Approaches to Digital Forensic Engineering pp. 102–122 (May 2008).
• M. Bishop and C. Gates, “Defining the Insider Threat,” Proceedings of the Cyber Security and Information Intelligence Research Workshop article 15 (May 2008).
• A. Yasinsac and M. Bishop, “The Dynamics of Counting and Recounting Votes,” IEEE Security and Privacy 6(3) pp. 22–29 (May 2008).
• M. Bishop, “Some Exercises for an Introductory Class,” Faculty Workshop on Secure Software Development (Apr. 2008).
• M. Dark and M. Bishop, “Evaluating the Efficacy of Software Security Curriculum Exercises,” Faculty Workshop on Secure Software Development (Apr. 2008).
• S. Peisert, M. Bishop, and K. Marzullo, “Computer Forensics in Forensis,” ACM SIGOPS Operating Systems Review 42(3) pp. 112–122 (Apr. 2008).
• A. Yasinsac and M. Bishop, “Of Paper Trails and Voter Receipts,” Proceedings of the 2008 Hawaii International Conference on System Sciences (Jan. 2008).

2007

• M. Bishop and D. Wagner, “Risks of E-Voting,” Communications of the ACM 50(11) p. 120 (Nov. 2007).
• E. Proebstel, S. Riddle, F. Hsu, J. Cummins, F. Oakley, T. Stanionis, and M. Bishop, “An Analysis of the Hart Intercivic DAU eSlate,” Proceedings of the 2007 USENIX/ACCURATE Electronic Voting Technology Workshop (Aug. 2007).
• S. Peisert and M. Bishop, “I’m a Scientist, Not a Philosopher!” IEEE Security & Privacy Magazine 5(4) pp. 48–51 (July 2007).
• C. Gates, C. Taylor, and M. Bishop, “Dependable Security: Testing Network Intrusion Detection Systems,” poster paper, Proceedings of the Third Workshop on Hot Topics in System Dependability paper 19 (June 2007).
• S. Peisert and M. Bishop, “How to Design Computer Security Experiments,” Proceedings of the World Conference on Information Security Education pp. 141–148 (June 2007).
• M. Bishop, “E-Voting as a Teaching Tool,” Proceedings of the World Conference on Information Security Education pp. 17–24 (June 2007).
• S. Peisert, M. Bishop, S. Karin, and K. Marzullo, “Towards Models for Forensic Analysis,” Proceedings of the Second International Workshop on Systematic Approaches to Digital Forensic Engineering pp. 3–15 (Apr. 2007).
• S. Peisert, M. Bishop, S. Karin, and K. Marzullo, “Analysis of Computer Intrusions Using Sequences of Function Calls,” IEEE Transactions on Dependable and Secure Computing 4(2) pp. 137–150 (Apr. 2007).
• E. Barr, M. Bishop, and M. Gondree, “Fixing Federal E-Voting Standards,” Communications of the ACM 50(3) pp. 19–24 (Mar. 2007).
• J. Zhou, M. Heckman, B. Reynolds, A. Carlson, and M. Bishop, “Modeling Network Intrusion Detection Alerts for Correlation,” ACM Transactions on Information and System Security 10(1) pp. 1–31 (Feb. 2007).
• M. Bishop and D. Frincke, “Achieving Learning Objectives through E-Voting Case Studies,” IEEE Security & Privacy Magazine 5(1) pp. 53–56 (Jan. 2007).

2006

• M. Bishop, “Teaching Context in Information Security,” Journal on Educational Resources in Computing 6(3) article #3 (Sep. 2006).
• R. Crawford, M. Bishop, B. Bhumiratana, L. Clark, and K. Levitt, “Sanitization Models and their Limitations,” Proceedings of the New Security Paradigms Workshop pp. 41–56 (Sep. 2006).
• V. Neagoe and M. Bishop, “Inconsistency in Deception for Defense,” Proceedings of the New Security Paradigms Workshop pp. 31–38 (Sep. 2006).
• E. Ceesay, J. Zhou, M. Gertz, K. Levitt, and M. Bishop, “Using Type Qualifiers to Analyze Untrusted Integers and Detecting Security Flaws in C Programs,” Proceedings of the GI/IEEE SIG SIDAR Conference on Detection and Intrusions and Malware and Vulnerability Assessment pp. 1–16 (July 2006).
• D. Gilliam, J. Powell, M. Bishop, C. Andrews, and S. Jog, “Security Verification Techniques Applied to PatchLink COTS Software,” Proceedings of the 15th IEEE International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises pp. 319–325 (June 2006).
• M. Bishop, R. Crawford, B. Bhumiratana, L. Clark, and K. Levitt, “Some Problems in Sanitizing Network Data,” Proceedings of the 15th IEEE International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises pp. 307–312 (June 2006).
• D. Gilliam and M. Bishop, “WETICE 2006 Eleventh Securities Technologies (ST) Workshop Report,” Proceedings of the 15th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise pp. 305–306 (June 2006).
• M. Bishop and S. Engle, “The Software Assurance CBK and University Curricula,” Proceedings from the Tenth Colloquium on Information Systems Security Education pp. 14–21 (June 2006).
• M. Bishop and B. J. Orvis, “A Clinic to Teach Good Programming Practices,” Proceedings from the Tenth Colloquium on Information Systems Security Education pp. 168–174 (June 2006).
• M. Bishop and D. Frincke, “Who Owns Your Computer?,” IEEE Security & Privacy Magazine 4(2) pp. 61–63 (Mar. 2006).

2005

• J. Zhou, A. Carlson, and M. Bishop, “Verify Results of Network Intrusion Alerts Using Lightweight Protocol Analysis,” Proceedings of the 21st Annual Computer Security Applications Conference pp. 117–126 (Dec. 2005).
• S. Peisert, M. Bishop, S. Karin, and K. Marzullo, “Principles-Driven Forensic Analysis,” Proceedings of the 2005 New Security Paradigms Workshop pp. 85–93 (Sep. 2005).
• M. Bishop, “Position: ‘Insider’ is Relative” Proceedings of the New Security Paradigms Workshop pp. 77–78 (Sep. 2005).
• M. Bishop, “The Insider Problem Revisited” Proceedings of the New Security Paradigms Workshop pp. 75–76 (Sep. 2005).
• M. Bishop and D. Frincke, “Teaching Secure Programming,” IEEE Security & Privacy Magazine 3(5) pp. 54–56 (Sep. 2005).
• M. Bishop and D. Frincke, “A Human Endeavor: Lessons from Shakespeare and Beyond,” IEEE Security & Privacy Magazine 3(4) pp. 49–51 (July 2005).
• D. Gilliam, J. Powell, and M. Bishop, “Application of Lightweight Formal Methods to Software Security,” Proceedings of the 14th IEEE International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises pp. 160–165 (June 2005).
• M. Bishop, “Best Practices and Worst Assumptions,” Proceedings of the 9th Colloquium for Information Systems Security Education pp. 18–25 (June 2005).
• M. Bishop and H. Armstrong, “Uncovering Assumptions in Information Security,” Proceedings of the Fourth World Conference on Information Security Education pp. 223–231 (May 2005).

2004

• T. Walcott and M. Bishop, “Traducement: A Model for Record Security,” ACM Transactions on Information Systems Security 7(4) pp. 576–590 (Nov. 2004).
• M. Bishop and D. Frincke, “Academic Degrees and Professional Certification,” IEEE Security & Privacy Magazine 2(6) pp. 56–58 (Nov. 2004).
• D. Frincke and M. Bishop, “Joining the Security Education Community,” IEEE Security & Privacy Magazine 2(5) pp. 61–63 (Sep. 2004).
• M. Bishop, “Teaching Context in Information Security,” Proceedings of the Sixth Workshop on Education in Computer Security pp. 29–35 (July 2004).
• D. Frincke and M. Bishop, “Back to School,” IEEE Security & Privacy Magazine 2(4) pp. 54–56 (July 2004).
• M. Bishop, B. Bhumiratana, R. Crawford, and K. Levitt, “How to Sanitize Data,” Proceedings of the 13th IEEE International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises pp. 217–222 (June 2004).
• D. Frincke and M. Bishop, “Guarding the Castle Keep: Teaching with the Fortress Metaphor,” IEEE Security & Privacy Magazine 2(3) pp. 69–72 (May 2004).
• R. Bajcsy, T. Benzel, M. Bishop, B. Braden, C. Brodley, S. Fahmy, S. Floyd, W. Hardaker, A. Joseph, G. Kesidis, K. Levitt, B. Lindell, P. Liu, D. Miller, R. Mundy, C. Neuman, R. Ostrenga, V. Paxson, P. Porras, C. Rosenberg, J. D. Tygar, S. Sastry, D. Sterne, and S. Wu, “Cyber Defense Technology Networking and Evaluation,” Communications of the ACM 47(3) pp. 58–61 (Mar. 2004).

2003

• M. Clifford, D. Faigin, M. Bishop, and T. Brutch, “Miracle Cures and Toner Cartridges: Finding Solutions to the Spam Problem,” Proceedings of the 19th Annual Computer Security Applications Conference pp. 428–429 (Dec. 2003).
• D. Gilliam, J. Powell, E. Haugh, and M. Bishop, “Addressing Software Security Risk Mitigation in the Life Cycle,” Proceedings of the 28th Annual NASA/IEEE Goddard Software Engineering Workshop pp. 201–206 (Dec. 2003).
• M. Bishop and E. Goldman, “The Strategy and Tactics of Information Warfare,” Contemporary Security Policy 24(1) pp. 113–139 (June 2003).
• D. Gilliam, T. Wolfe, J. Sherif, and M. Bishop, “Software Security Checklist for the Software Life Cycle,” Proceedings of the 12th IEEE International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises pp. 243–248 (June 2003).
• M. Bishop, “Teaching Undergraduate Information Assurance,” Security Education and Critical Infrastructure: Proceedings of the Third World Conference on Information Security Education pp. 169–171 (June 2003).
• E. Haugh and M. Bishop, “Testing C Programs for Buffer Overflow Vulnerabilities,” Proceedings of the 2003 Symposium on Networked and Distributed System Security pp. 123–130 (Feb. 2003).
• M. Bishop, “What Is Computer Security?,” IEEE Security & Privacy Magazine 1(1) pp. 67–69 (Jan. 2003).

2002

• D. Peterson, M. Bishop, and R. Pandey, “A Flexible Containment Mechanism for Executing Untrusted Code,” Proceedings of the 11th USENIX UNIX Security Symposium pp. 207–225 (Aug. 2002).
• M. Bishop, “Computer Security Education: Training, Scholarship, and Research,” IEEE Computer 35(4), Part Privacy and Security Supplement pp. 31–33 (Apr. 2002).

2001

• J. Reynolds, M. Bishop, A. Ghosh, and J. Whittaker, “How Useful is Software Fault Injection for Evaluating the Security of COTS Products,” Proceedings of the 17th Annual Computer Security Applications Conference pp. 339–340 (Dec. 2001).
• D. Gilliam, J. Powell, J. Kelly, and M. Bishop, “Reducing Software Security Risk Through an Integrated Approach,” Proceedings of the 26th Annual NASA/IEEE Goddard Software Engineering Workshop pp. 36–42 (Nov. 2001).
• D. Gilliam, J. Kelly, J. Powell, and M. Bishop, “Development of a Software Security Assessment Instrument to Reduce Software Security Risk,” Proceedings of the 10th IEEE International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises pp. 144–149 (June 2001).

2000

• D. Faigin, M. Clifford, M. Bishop, and M. Abrams, “Defining, Computing, and Interpreting Trust,” Proceedings of the 16th Annual Computer Security Applications Conference p. 88 (Dec. 2000).
• M. Bishop, “Education in Information Security,” IEEE Concurrency 8(4) pp. 4–8 (Oct. 2000).
• T. Aura, M. Bishop, and D. Sniegowski, “Analyzing Single-Server Network Inhibition,” Proceedings of the 13th IEEE Computer Security Foundations Workshop pp.108–117 (July 2000).
• B. Hashii, S. Malabarba, R. Pandey, and M. Bishop, “Supporting Reconfigurable Security Policies for Mobile Programs,” Computer Networks 33(1-6) pp. 77–93 (June 2000).
• J. Hughes, T. Aura, and M. Bishop, “Using Conservation of Flow as a Security Mechanism in Network Protocols,” Proceedings of the 2000 IEEE Symposium on Security and Privacy pp. 132–141 (May 2000).

1999

• M. Bishop, “What Do We Mean By ‘Computer Security Education’?,” Proceedings of the 22nd National Information Systems Security Conference p. 604 (Oct. 1999).
• M. Bishop, “Vulnerabilities Analysis,” Proceedings of the Symposium on Recent Advances in Intrusion Detection pp. 125–136 (Sep. 1999).

1998

• M. Clifford, C. Lavine, and M. Bishop, “The Solar Trust Model: Authentication Without Limitation,” Proceedings of the 14th Annual Computer Security Applications Conference pp. 300–307 (Dec. 1998).
• M. Bishop, S. Cheung, J. Frank, J. Hoagland, S. Samorodin, and C. Wee, “Internet Attacks: How they Occur and How to Protect Against Them,” Engineering World 8(3) pp. 32–38 (June/July 1998); abridged from “The Threat from the Net,” IEEE Spectrum 34(8) pp. 56–63 (Aug. 1997).

1997

• M. Bishop, S. Cheung, J. Frank, J. Hoagland, S. Samorodin, and C. Wee, “The Threat from the Net,” IEEE Spectrum 34(8) pp. 56–63 (Aug. 1997).
• G. Fink and M. Bishop, “Property Based Testing: A New Approach to Testing for Assurance,” ACM SIGSOFT Software Engineering Notes 22(4) pp. 74–80 (July 1997).
• M. Bishop, “The State of INFOSEC Education in Academia: Present and Future Directions,” Proceedings of the National Colloquium on Information System Security Education pp. 19–33 (Apr. 1997).
• P. Denning and M. Bishop, Network and Data Security, ACM Professional Knowledge Program, http://www.cne.gmu.edu/modules/acmpkp/security/map_frm.html (Mar. 1997).
• M. Bishop, “Information Survivability, Security, and Fault Tolerance,” Proceedings of the Information Survivability Workshop, paper #6 (Feb. 1997).
• M. Bishop, “Teaching Computer Security,” Proceedings of the Workshop on Education in Computer Security pp. 78–82 (Jan. 1997).

1996

• M. Bishop, “Conspiracy and Information Flow in the Take-Grant Protection Model,” Journal of Computer Security 4(4) pp. 331–359 (1996).
• L. Heberlein and M. Bishop, “Attack Class: Address Spoofing,” Proceedings of the Nineteenth National Information Systems Security Conference pp. 371–377 (Oct. 1996).
• M. Bishop and L. Heberlein, “An Isolated Network for Research,” Proceedings of the Nineteenth National Information Systems Security Conference pp. 349–360 (Oct. 1996).
• M. Bishop and M. Dilger, “Checking for Race Conditions in File Accesses,” Computing Systems 9(2) pp. 131–152 (Spring 1996).

1995

• M. Bishop, “A Standard Audit Trail Format,” Proceedings of the Eighteenth National Information Systems Security Conference pp. 136–145 (Oct. 1995).
• M. Bishop and D. Klein, “Improving System Security Through Proactive Password Checking,” Computers and Security 14(3) pp. 233–249 (May/June 1995).
• M. Bishop, “Theft of Information in the Take-Grant Protection Model,” Journal of Computer Security 3(4) pp. 283–309 (1994/1995).

1994

• M. Bishop, “Guest Editorial,” Computing Systems 7(4) pp. v-vii (Winter 1994).

1993

• M. Bishop, “Teaching Computer Security,” Proceedings of the Eighth International Conference on Information Security pp. 43–52 (May 1993).
• M. Bishop, “Recent Changes to Privacy-Enhanced Electronic Mail,” Journal of Internetworking: Research and Experience 4(1) pp. 47–59 (Mar. 1993).

1992

• M. Bishop, “Anatomy of a Proactive Password Checker,” Proceedings of the Third UNIX Security Symposium pp. 130–139 (Sep. 1992).
• M. Bishop, “Proactive Password Checking,” Proceedings of the Fourth Workshop on Computer Security Incident Handling pp. W11:1–9 (Aug. 1992).
• M. Bishop, “A Cautionary Tale,” Proceedings of the Workshop on Future Directions in Computer Misuse and Anomaly Detection, pp. 110–114 (Mar. 1992).

1991

• M. Bishop, “Privacy-Enhanced Electronic Mail,” Journal of Internetworking: Research and Experience 2(4) pp. 199–233 (Dec. 1991).
• M. Bishop, “Comparing Authentication Systems,” Proceedings of the Third Workshop on Computer Incident Handling pp. G–II–1:10 (Aug. 1991).
• M. Bishop, “A Proactive Password Checker,” Proceedings of the Seventh International Conference on Information Security pp. 169–181 (May 1991).
• M. Bishop, “An Overview of Computer Viruses in a Research Environment,” Proceedings of the Fourth Annual Computer Virus and Security Conference, pp. 111–144 (Mar. 1991).
• M. Bishop, “Password Management,” Proceedings of Compcom Spring ’91: Digest of Papers, pp. 167–169 (Feb. 1991).
• M. Bishop, “Authenticated Network News,” Proceedings of the 1991 Winter USENIX Conference, pp. 281–287 (Jan. 1991).

1990

• M. Bishop, “A Security Analysis of the NTP Protocol,” Proceedings of the 6th Annual Computer Security Applications Conference, pp. 20–29 (Dec. 1990).
• M. Bishop, “An Extensible Password Changing Program,” Proceedings of the UNIX Security Workshop II, pp. 15–16 (Aug. 1990).
• M. Bishop, “Collaboration Using Roles,” Software—Practice and Experience 20(5) pp. 485–498 (May 1990).
• M. Bishop, “Storage in C,” C Users’ Journal 8(5) pp. 73–78 (May 1990).

1989

• M. Bishop, “A Model of Security Monitoring,” Proceedings of the 5th Annual Computer Security Applications Conference, pp. 46–52 (Dec. 1989).
• M. Bishop, “UNIX™ Security in a Supercomputing Environment,” Proceedings of the 1989 ACM/IEEE Conference on Supercomputing pp. 693–698 (Nov. 1989).
• M. Bishop, “Privacy-Enhanced Electronic Mail,” Proceedings of the DIMACS Workshop on Distributed Computing and Cryptography, pp. 93–106 (Oct. 1989).

1988

• M. Bishop, “Auditing Files on a Network of UNIX Machines,” Proceedings of the UNIX Security Workshop pp. 51–52 (Aug. 1988).
• M. Bishop, “Theft of Information in the Take-Grant Protection Model,” Proceedings of the Workshop on Foundations of Computer Security, MITRE TR M88-37, pp. 194–218 (June 1988).
• M. Bishop, “An Application of a Fast Data Encryption Standard Implementation,” Computing Systems 1(3) pp. 221–254 (Summer 1988).

1987

• M. Bishop, “Profiling under UNIX™ by Patching,” Software—Practice and Experience 17(10) pp. 729–740 (Oct. 1987). doi: 10.1002/spe.4380171006
• M. Bishop, “File Protection in UNIX,” The DEC Professional Special Edition pp. 44–48 (June 1987).
• M. Bishop, “Sharing Accounts,” Proceedings of the Large Installation System Administrator’s Workshop, p. 135 (Apr. 1987).
• M. Bishop, “Array Names and Pointers,” The C Journal 3(1) pp. 44–46 (Spring 1987).
• M. Bishop, “How To Write A Setuid Program,” ;login: 12(1) pp. 5–11 (Jan./Feb. 1987).

1986

• M. Bishop and B. Leiner, “Access Control and Privacy in Large Distributed Systems,” Proceedings of the AIAA/ASIS/DODCI Second Aerospace Computer Security Conference: A Collection of Technical Papers, pp. 95–98 (Dec. 1986).
• M. Bishop, “Analyzing the Security of an Existing Computer System,” Proceedings of the 1986 Fall Joint Computer Conference pp. 1115–1119 (Nov. 1986).
• M. Bishop, “Trnum—A Program to Number Figures,” Text in Computers 1(1) pp. 9–15 (July 1986).
• M. Bishop, “How To Write A Setuid Program,” Cray User Group Proceedings pp. 110–111 (Spring 1986).
• M. Bishop, “Scope in C,” The C Journal 2(1) pp. 40–47 (Spring 1986).
• M. Bishop, “Portability in C—A Case Study,” The C Journal 1(4) p. 25–31 (Winter 1986).
• M. Bishop, "A Pauper’s Callback Scheme," Computers and Security 5(2) pp. 141–144 (June 1986). doi: 10.1016/0167-4048(86)90137-9.

1981

• M. Bishop, “Hierarchical Take-Grant Protection Systems,” Proceedings of the Eighth Symposium in Operating Systems Principles pp. 107–123 (Dec. 1981). doi: 10.1145/1067627.806598

1979

• M. Bishop and L. Snyder, “The Transfer of Information and Authority in a Protection System,” Proceedings of the Seventh Symposium in Operating Systems Principles pp. 45–54 (Dec. 1979).