Papers

• Calypso: Fine-Grained Access Control for Zero-Trust Cloud Service Discovery
  Pankaj Niroula, Peyton Boggs, Aashutosh Poudel, Stephen Herwig
  To appear in ACM Symposium on Access Control Models and Technologies (SACMAT), 2026
  
• Akeso: Bringing Post-Compromise Security to Cloud Storage
  Lily Gloudemans, Pankaj Niroula, Aashutosh Poudel, Collin MacDonald, Stephen Herwig
  In Privacy Enhancing Technologies Symposium (PETS), 2025
  slides artifacts
• Bento: Safely Bringing Network Function Virtualization to Tor
  Michael Reininger, Arushi Arora, Stephen Herwig, Nicholas Francino, Jayson Hurst, Christina Garman, Dave Levin
  In SIGCOMM, 2021
  
• Achieving Keyless CDNs with Conclaves
  Stephen Herwig, Christina Garman, Dave Levin
  In USENIX Security Symposium, 2020
  slides project
• Measurement and Analysis of Hajime: A Peer-to-peer IoT Botnet
  Stephen Herwig, Katura Harvey, George Hughey, Richard Roberts, Dave Levin
  In Network and Distributed System Security Symposium (NDSS), 2019
  slides project
• DeTor: Provably Avoiding Geographic Regions in Tor
  Zhihao Li, Stephen Herwig, Dave Levin
  In USENIX Security Symposium, 2017
  project
• secmodel_sandbox: An application sandbox for NetBSD
  Stephen Herwig
  In BSDCan, 2017
  slides code

Workshops, Seminars, & Posters

• AccNimbus: Scalable Proofs of Data Possession for Cloud Storage
  Collin MacDonald, Pankaj Niroula^*, Aashutosh Poudel^*, Stephen Herwig
  In Hardware and Architectural Support for Security and Privacy (HASP), 2025
  ^*These authors contributed equally.
  
• Mazu: A Zero Trust Architecture for Service Mesh Control Planes
  Aashutosh Poudel, Pankaj Niroula, Collin MacDonald, Lily Gloudemans, Stephen Herwig
  In European Workshop on Systems Security (EuroSec), 2025
  Best Presentation Award
• Mazu: A Zero Trust Architecture for Service Mesh Control Planes
  Aashutosh Poudel, Pankaj Niroula, Collin MacDonald, Lily Gloudemans, Stephen Herwig
  In Network and Distributed System Security (NDSS) Poster Session, 2025
  abstract
  
• Akeso: Bringing Post-Compromise Security to Cloud Storage
  Lily Gloudemans, Pankaj Niroula, Aashutosh Poudel, Stephen Herwig
  In USENIX Security Symposium Poster Session, 2024
  abstract
  
• SIPS, IPPS, or Oops! An Analysis of the Security and Privacy of DNS Service Discovery
  Joseph Call, Mostafa Ahmed, Stephen Herwig
  In USENIX Security Symposium, Poster Session, 2024
  abstract
  
• Towards Protecting Billions and Billions of Bits on the Interplanetary Internet
  Stephen Herwig
  In Workshop on Security of Space and Satellite Systems (SpaceSec), 2023
  slides
• Measurement and Analysis of Hajime: A Peer-to-peer IoT Botnet
  Stephen Herwig, Katura Harvey, George Hughey, Richard Roberts, Dave Levin
  In ACM Internet Measurement Conference (IMC) Poster Session, 2018
  project
• SecureCDN: Providing End-to-End Security in Content Delivery Networks
  Stephen Herwig
  DC-Area Anonymity, Privacy, and Security Seminar, Georgetown University, Summer 2018
  slides
• DNSql: Processing Massive DNS Collections
  Stephen Herwig, Dave Levin, Bobby Bhattacharjee, Neil Spring
  DNS And Internet Naming Research Directions (DINR) Workshop, USC/ISI, 2016
  slides project