JON.OBERHEIDE.ORG

• Home
• Blog
• Research
• Advisories
• Projects
• About

Research

I'm currently at Scio Security, a security startup founded by Dug Song and myself.

I'm wrapping up my PhD thesis at the University of Michigan, advised by Farnam Jahanian, the CSE chair and founder of Arbor Networks. Our research group website is here.

My current resume is available here.

Publications and Presentations

2010

• Internet Inter-Domain Traffic
  Craig Labovitz, Scott Iekel-Johnson, Danny McPherson, Jon Oberheide, and Farnam Jahanian
  SIGCOMM 2010
  New Delhi, India, September 2010
  [event]  
• The Power of Chinese Security
  Jon Oberheide, Jake Appelbaum, and Anthony Lai
  DEFCON 18
  Las Vegas, NV, July 2010
  [presentation]   [event]  
• The Twilight Saga: Android Edition
  Jon Oberheide
  DEFCON 18 Sky Talks
  Las Vegas, NV, July 2010
  [event]  
• Antique Exploitation (aka Terminator 3.11 for Workgroups)
  Jon Oberheide
  DEFCON 18
  Las Vegas, NV, July 2010
  [event]  
• Android Hax
  Jon Oberheide
  SummerCon 2010
  New York, NY, June 2010
  [presentation]   [event]  
• Linux Kernel Exploitation: Earning Its Pwnie a Vuln at a Time
  Jon Oberheide
  SOURCE Boston 2010
  Boston, MA, April 2010
  [presentation]   [event]  
• When Mobile is Harder Than Fixed: Demystifying Security Challenges in Mobile Environments
  Jon Oberheide and Farnam Jahanian
  HotMobile 2010
  Annapolis, MD, February 2010
  [paper]   [bibtex]   [event]  
• Vulnerability Classes in the Linux Kernel
  Jon Oberheide
  CERT Vulnerability Discovery Workshop
  Arlington, VA, February 2010
  [event]  

2009

• Internet Observatory Report
  Craig Labovitz, Danny McPherson, Scott Iekel-Johnson, Jon Oberheide, Farnam Jahanian, and Manish Karir
  NANOG 47
  Dearborn, MI, October 2009
  [presentation]   [event]  
• The More Things Change, the More They Stay the Same: Security Risk in Emerging Technologies
  Jon Oberheide
  Intel Security Conference
  Hillsboro, OR, September 2009
  [event]  
• PolyPack: An Automated Online Packing Service for Optimal Antivirus Evasion
  Jon Oberheide, Michael Bailey, and Farnam Jahanian
  Workshop on Offensive Technologies (WOOT'09)
  Montreal, Canada, August 2009
  [paper]   [presentation]   [bibtex]   [event]  
• Remote Fingerprinting and Exploitation of Mail Server Antivirus Engines
  Jon Oberheide and Farnam Jahanian
  University of Michigan Technical Report CSE-TR-552-09
  Ann Arbor, MI, June 2009
  [paper]   [bibtex]  
• If It Ain't Broke, Don't Fix It: Challenges and New Directions for Inferring the Impact of Software Patches
  Jon Oberheide, Evan Cooke, and Farnam Jahanian
  Workshop on Hot Topics in Operating Systems (HotOS XII)
  Monte Verita, Switzerland, May 2009
  [paper]   [presentation]   [bibtex]   [event]  
• A Look at a Modern Mobile Security Model: Google's Android Platform
  Jon Oberheide
  CanSecWest 2009
  Vancouver, Canada, March 2009
  [presentation]   [event]  
• Remote Security Services: Moving Security into the Network Cloud
  Jon Oberheide
  IQPC Remote Services Implementation
  San Francisco, CA, February 2009
  [event]  

2008

• Virtualization Security Summit (Moderator and Speaker)
  Jon Oberheide, Steve Orrin, Dino Dai Zovi, Dennis Moreau, and Hezi Moore
  CSI Annual 2008
  National Harbor, MD, November 2008
  [event]  
• CloudAV: N-Version Antivirus in the Network Cloud
  Jon Oberheide, Evan Cooke, and Farnam Jahanian
  USENIX Security Symposium
  San Jose, California, July 2008
  [paper]   [presentation]   [bibtex]   [event]  
• Unraveling the VirtSec Debacle: Black Eyes and Emerging Opportunities
  Jon Oberheide
  Lockdown 2008
  Madison, Wisconsin, July 2008
  [event]  
• Understanding Malware Behavior for Network Security
  Jon Oberheide
  IDGA Cyber Security for National Defense
  Arlington, Virginia, June 2008
  [event]  
• Virtualized In-Cloud Security Services for Mobile Devices
  Jon Oberheide, Kaushik Veeraraghavan, Evan Cooke, Jason Flinn, and Farnam Jahanian
  Workshop on Virtualization in Mobile Computing (MobiVirt'08)
  Breckenridge, Colorado, June 2008
  [paper]   [presentation]   [bibtex]   [event]  
• CloudAV: Malware Analysis in the Network Cloud
  Jon Oberheide
  Merit Member Conference
  Ann Arbor, Michigan, June 2008
  [presentation]   [event]  
• Exploiting Live Virtual Machine Migration
  Jon Oberheide, Evan Cooke, and Farnam Jahanian
  Black Hat DC 2008 Briefings
  Washington DC, February 2008
  [paper]   [presentation]   [bibtex]   [event]  

2007

• Automated Classification and Analysis of Internet Malware
  Michael Bailey, Jon Oberheide, Jon Andersen, Z. Morley Mao, Farnam Jahanian, and Jose Nazario
  Recent Advances in Intrusion Detection (RAID'07)
  Queensland, Australia, September 2007
  [paper]   [bibtex]   [event]  
• Rethinking Antivirus: Executable Analysis in the Network Cloud
  Jon Oberheide, Evan Cooke, and Farnam Jahanian
  USENIX Workshop on Hot Topics in Security (HotSec'07)
  Boston, Massachusetts, August 2007
  [paper]   [presentation]   [bibtex]   [event]  
• Characterizing Dark DNS Behavior
  Jon Oberheide, Manish Karir, Z. Morley Mao, and Farnam Jahanian
  Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA'07)
  Lucerne, Switzerland, July 2007
  [paper]   [presentation]   [bibtex]   [event]  

2006

• VAST: Visualizing Autonomous System Topology
  Jon Oberheide, Manish Karir, and Dionysus Blazakis
  Workshop on Visualization for Computer Security (VizSEC'06)
  Alexandria, Virginia, November 2006
  [paper]   [bibtex]   [event]  
• Flamingo Tutorial
  Manish Karir and Jon Oberheide
  Internet2 Joint Techs Workshop
  Madison, Wisconsin, July 2006
  [presentation]   [event]  
• Extracting Information from Raw Network Data
  Manish Karir and Jon Oberheide
  IFIP Workshop on Infrastructure Security
  Annapolis, Maryland, June 2006
  [presentation]   [event]  
• Flamingo: Visualizing Internet Traffic
  Jon Oberheide, Michael Goff, and Manish Karir
  IEEE/IFIP Network Operations and Management Symposium (NOMS'06)
  Vancouver, Canada, April 2006
  [paper]   [bibtex]   [event]  
• Flamingo: Visualizing Internet Traffic
  Jon Oberheide, Michael Goff, and Manish Karir
  North American Network Operators Group (NANOG 36)
  Dallas, Texas, February 2006
  [presentation]   [event]  
• Honeyd Detection via Packet Fragmentation
  Jon Oberheide and Manish Karir
  Merit Technical Report
  Ann Arbor, Michigan, January 2006
  [paper]   [bibtex]   [event]  

2005

• The BGP-Inspect Project
  Manish Karir, Jon Oberheide, Dionysus Blazakis, and John Baras
  North American Network Operators Group (NANOG 35)
  Los Angeles, California, October 2005
  [presentation]   [event]  

Professional Services

I've served on the program committee and acted as an external reviewer for numerous workshops and conferences including:

• 2010 - DSN (Publicity Chair), NSF, RAID, WREN
• 2009 - CCS, DSN, IEEE S&P, IEEE TDSC, NSDI, NSF, QRASA (PC), WOOT (PC), WREN
• 2008 - CCS, DSN, LEET, NDSS, RAID, SIGCOMM CCR, WOOT
• 2007 - DSN, INM, LADC, RAID, SRUTI, USENIX Security, WOOT

Copyright © 2010 - Jon Oberheide <jon at oberheide dot org>