Research

I've presented on a wide range of security research topics over the years as an independent researcher, a PhD candidate at the University of Michigan, and at the CTO at Duo Security. A good amount of those materials are listed below chronologically.

2014

Security in an Age of Zero Trust
Jon Oberheide
True Infrastructure Summit
San Francisco, CA, September 2014
[presentation]   [event]  

Security as a Service for your Software as a Service
Jon Oberheide
Subscribed 2014
San Francisco, CA, June 2014
[event]  

Security in an Age of Zero Trust
Jon Oberheide
InfraGard 2014
Grand Rapids, MI, May 2014
[presentation]   [event]  

The Real Deal of Android Device Security: The Third Party
Jon Oberheide and Collin Mulliner
CanSecWest 2014
Vancouver, Canada, March 2014
[presentation]   [event]  

Insecurity at UofM
Jon Oberheide
UofM Tech Talk
Ann Arbor, MI, January 2014
[presentation]   [event]  

2013

Extending Security Throughout the Mobile Ecosystem
Jon Oberheide
Federal Trade Commission (FTC) Mobile Security Forum
Washington, DC, June 2013
[presentation]   [event]  

X-Ray Mobile Vulnerability Assessment
Jon Oberheide
Interop 2013
Las Vegas, NV, May 2013
[presentation]   [event]  

A Tale of Two Androids
Jon Oberheide and Zach Lanier
Amazon ZonCon
Seattle, WA, March 2013
[event]  

Mobile Security Battle Royale
Jon Oberheide, Charlie Miller, Dino Dai Zovi, Zach Lanier, and Tiago Assumpcao
RSA Conference
San Francisco, CA, February 2013
[event]  

Two Factor Authentication: Security in an Age of Zero Trust
Jon Oberheide
United Summit
Boston, MA, 2013
[presentation]   [event]  

2012

Mobile Vulnerability Assessment: There's an App for That
Jon Oberheide
CSAW THREADS
Brooklyn, NY, November 2012
[presentation]   [event]  

Mobile Vulnerability Assessment: There's an App for That
Jon Oberheide
Intel Security Conference
Hillsboro, OR, November 2012
[event]  

Android Security and the Elusive HSM
Jon Oberheide
Visa Mobile Security Summit
Foster City, CA, August 2012
[presentation]   [event]  

Mobile Vulnerability Assessment: There's an App for That
Jon Oberheide
United Summit
San Francisco, CA, September 2012
[presentation]   [event]  

Dissecting the Android Bouncer
Jon Oberheide and Charlie Miller
SummerCon 2012
Brooklyn, NY, June 2012
[presentation]   [event]  

Exploiting the Linux Kernel: Measures and Countermeasures
Jon Oberheide
SyScan 2012
Singapore, April 2012
[presentation]   [event]  

The Stack is Back
Jon Oberheide
Infiltrate 2012
Miami, FL, January 2012
[presentation]   [event]  

2011

Don't Root Robots: Breaks in Google's Android Platform
Jon Oberheide
UofM SUMIT_11
Ann Arbor, MI, October 2011
[presentation]   [event]  

Cyber Security Panel
Jon Oberheide and Gary Miliefsky
Michigan Cyber Summit 2011
Ypsilanti, MI, October 2011
[presentation]   [event]  

Kernel Fun
Jon Oberheide
GrrCON 2011
Grand Rapids, MI, September 2011
[event]  

Stackjacking and Other Kernel Nonsense
Jon Oberheide and Dan Rosenberg
SummerCon 2011
New York City, NY, June 2011
[presentation]   [event]  

Don't Root Robots: Breaks in Google's Android Platform
Jon Oberheide
BSides Detroit 2011
Detroit, MI, June 2011
[presentation]   [event]  

Stackjacking Your Way to grsecurity/PaX Bypass
Jon Oberheide and Dan Rosenberg
Infiltrate 2011
Miami, FL, April 2011
[presentation]   [event]  

Stackjacking Your Way to grsecurity/PaX Bypass
Jon Oberheide and Dan Rosenberg
Hackito Ergo Sum 2011
Paris, France, April 2011
[presentation]   [event]  

Team JOCH vs Android: The Ultimate Showdown
Jon Oberheide and Zach Lanier
ShmooCon 2011
Washington DC, January 2011
[presentation]   [event]  

2010

Team JOCH vs Android: The Ultimate Showdown
Jon Oberheide and Zach Lanier
Intel Security Conference
Hillsboro, OR, November 2010
[event]  

Internet Inter-Domain Traffic
Craig Labovitz, Scott Iekel-Johnson, Danny McPherson, Jon Oberheide, and Farnam Jahanian
SIGCOMM 2010
New Delhi, India, September 2010
[paper]   [presentation]   [event]  

The Power of Chinese Security
Jon Oberheide, Jake Appelbaum, and Anthony Lai
DEFCON 18
Las Vegas, NV, July 2010
[presentation]   [event]  

The Twilight Saga: Android Edition
Jon Oberheide
DEFCON 18 Sky Talks
Las Vegas, NV, July 2010
[event]  

Antique Exploitation (aka Terminator 3.11 for Workgroups)
Jon Oberheide
DEFCON 18
Las Vegas, NV, July 2010
[presentation]   [event]  

Android Hax
Jon Oberheide
SummerCon 2010
New York, NY, June 2010
[presentation]   [event]  

Multifactor Authentication: Past, Present, and Future
Jon Oberheide
Merit Member Conference 2010
Ann Arbor, MI, May 2010
[presentation]   [event]  

Linux Kernel Exploitation: Earning Its Pwnie a Vuln at a Time
Jon Oberheide
SOURCE Boston 2010
Boston, MA, April 2010
[presentation]   [event]  

When Mobile is Harder Than Fixed: Demystifying Security Challenges in Mobile Environments
Jon Oberheide and Farnam Jahanian
HotMobile 2010
Annapolis, MD, February 2010
[paper]   [bibtex]   [event]  

Vulnerability Classes in the Linux Kernel
Jon Oberheide
CERT Vulnerability Discovery Workshop
Arlington, VA, February 2010
[event]  

2009

Internet Observatory Report
Craig Labovitz, Danny McPherson, Scott Iekel-Johnson, Jon Oberheide, Farnam Jahanian, and Manish Karir
NANOG 47
Dearborn, MI, October 2009
[presentation]   [event]  

The More Things Change, the More They Stay the Same: Security Risk in Emerging Technologies
Jon Oberheide
Intel Security Conference
Hillsboro, OR, September 2009
[event]  

PolyPack: An Automated Online Packing Service for Optimal Antivirus Evasion
Jon Oberheide, Michael Bailey, and Farnam Jahanian
Workshop on Offensive Technologies (WOOT'09)
Montreal, Canada, August 2009
[paper]   [presentation]   [bibtex]   [event]  

Remote Fingerprinting and Exploitation of Mail Server Antivirus Engines
Jon Oberheide and Farnam Jahanian
University of Michigan Technical Report CSE-TR-552-09
Ann Arbor, MI, June 2009
[paper]   [bibtex]  

If It Ain't Broke, Don't Fix It: Challenges and New Directions for Inferring the Impact of Software Patches
Jon Oberheide, Evan Cooke, and Farnam Jahanian
Workshop on Hot Topics in Operating Systems (HotOS XII)
Monte Verita, Switzerland, May 2009
[paper]   [presentation]   [bibtex]   [event]  

A Look at a Modern Mobile Security Model: Google's Android Platform
Jon Oberheide
CanSecWest 2009
Vancouver, Canada, March 2009
[presentation]   [event]  

Remote Security Services: Moving Security into the Network Cloud
Jon Oberheide
IQPC Remote Services Implementation
San Francisco, CA, February 2009
[event]  

2008

Virtualization Security Summit (Moderator and Speaker)
Jon Oberheide, Steve Orrin, Dino Dai Zovi, Dennis Moreau, and Hezi Moore
CSI Annual 2008
National Harbor, MD, November 2008
[presentation]   [event]  

CloudAV: N-Version Antivirus in the Network Cloud
Jon Oberheide, Evan Cooke, and Farnam Jahanian
USENIX Security Symposium
San Jose, California, July 2008
[paper]   [presentation]   [bibtex]   [event]  

Unraveling the VirtSec Debacle: Black Eyes and Emerging Opportunities
Jon Oberheide
Lockdown 2008
Madison, Wisconsin, July 2008
[event]  

Understanding Malware Behavior for Network Security
Jon Oberheide
IDGA Cyber Security for National Defense
Arlington, Virginia, June 2008
[event]  

Virtualized In-Cloud Security Services for Mobile Devices
Jon Oberheide, Kaushik Veeraraghavan, Evan Cooke, Jason Flinn, and Farnam Jahanian
Workshop on Virtualization in Mobile Computing (MobiVirt'08)
Breckenridge, Colorado, June 2008
[paper]   [presentation]   [bibtex]   [event]  

CloudAV: Malware Analysis in the Network Cloud
Jon Oberheide
Merit Member Conference
Ann Arbor, Michigan, June 2008
[presentation]   [event]  

Exploiting Live Virtual Machine Migration
Jon Oberheide, Evan Cooke, and Farnam Jahanian
Black Hat DC 2008 Briefings
Washington DC, February 2008
[paper]   [presentation]   [bibtex]   [event]  

2007

Automated Classification and Analysis of Internet Malware
Michael Bailey, Jon Oberheide, Jon Andersen, Z. Morley Mao, Farnam Jahanian, and Jose Nazario
Recent Advances in Intrusion Detection (RAID'07)
Queensland, Australia, September 2007
[paper]   [bibtex]   [event]  

Rethinking Antivirus: Executable Analysis in the Network Cloud
Jon Oberheide, Evan Cooke, and Farnam Jahanian
USENIX Workshop on Hot Topics in Security (HotSec'07)
Boston, Massachusetts, August 2007
[paper]   [presentation]   [bibtex]   [event]  

Characterizing Dark DNS Behavior
Jon Oberheide, Manish Karir, Z. Morley Mao, and Farnam Jahanian
Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA'07)
Lucerne, Switzerland, July 2007
[paper]   [presentation]   [bibtex]   [event]  

2006

VAST: Visualizing Autonomous System Topology
Jon Oberheide, Manish Karir, and Dionysus Blazakis
Workshop on Visualization for Computer Security (VizSEC'06)
Alexandria, Virginia, November 2006
[paper]   [bibtex]   [event]  

Flamingo Tutorial
Manish Karir and Jon Oberheide
Internet2 Joint Techs Workshop
Madison, Wisconsin, July 2006
[presentation]   [event]  

Extracting Information from Raw Network Data
Manish Karir and Jon Oberheide
IFIP Workshop on Infrastructure Security
Annapolis, Maryland, June 2006
[presentation]   [event]  

Flamingo: Visualizing Internet Traffic
Jon Oberheide, Michael Goff, and Manish Karir
IEEE/IFIP Network Operations and Management Symposium (NOMS'06)
Vancouver, Canada, April 2006
[paper]   [bibtex]   [event]  

Flamingo: Visualizing Internet Traffic
Jon Oberheide, Michael Goff, and Manish Karir
North American Network Operators Group (NANOG 36)
Dallas, Texas, February 2006
[presentation]   [event]  

Honeyd Detection via Packet Fragmentation
Jon Oberheide and Manish Karir
Merit Technical Report
Ann Arbor, Michigan, January 2006
[paper]   [bibtex]   [event]  

2005

The BGP-Inspect Project
Manish Karir, Jon Oberheide, Dionysus Blazakis, and John Baras
North American Network Operators Group (NANOG 35)
Los Angeles, California, October 2005
[presentation]   [event]  

Professional Services

I've served on the program committee and acted as an external reviewer for numerous workshops and conferences including:

  • 2015 - ACSAC (PC)
  • 2014 - USENIX Security (Invited Talks)
  • 2013 - WOOT (Program Chair), ACSAC (PC)
  • 2012 - ACSAC (PC)
  • 2010 - DSN (Publicity Chair), NSF, RAID, WREN
  • 2009 - CCS, DSN, IEEE S&P, IEEE TDSC, NSDI, NSF, QRASA (PC), WOOT (PC), WREN
  • 2008 - CCS, DSN, LEET, NDSS, RAID, SIGCOMM CCR, WOOT
  • 2007 - DSN, INM, LADC, RAID, SRUTI, USENIX Security, WOOT

Copyright © 2015 - Jon Oberheide <jon at oberheide dot org>.