Title: Associate Director, CARE
Email: [email protected]
Phone: (703)-993-4321
Groups: CARE Researchers
Dr. Eric Osterweil is an assistant professor in the Computer Science Department at George Mason University. He studied physics and computer science at the Johns Hopkins University and earned his Ph.D. from the University of California, Los Angeles. Between these degrees he worked as a professional software engineer for many years, building large-scale production systems at a variety of companies. After earning his doctorate, he conducted research and led investigations as a principal scientist Verisign. While there he studied and published works on inter-domain routing security in the Internet, researched/designed/implemented/operationalized a large-scale DDoS detection and defense system for DNS attacks, and researched the previously unrecogonized threats posed by name collisions with the DNS.
PUBLICATIONS
Journal and Magazine Articles
To appear
- "Revealing Protocol Architecture’s Design Patterns in the Volumetric DDoS Defense Design Space"
Zhiyi Zhang, Guorui Xiao, Sichen Song, R. Can Aygun, Angelos Stavrou, Lixia Zhang, and Eric Osterweil,
IEEE Communications Surveys & Tutorials, To appear
doi: 10.1109/COMST.2024.3392253
2022
- "From the Beginning: Key Transitions in the First 15 Years of DNSSEC"
Eric Osterweil, Pouyan Fotouhi Tehrani, Thomas C. Schmidt, Matthias Wählisch,
IEEE Transactions on Network and Service Management, vol. 19, no. 4, pp. 5265-5283 , December 2022
doi: 10.1109/TNSM.2022.3195406
2020
- "21 Years of Distributed Denial-of-Service: A Call to Action"
Eric Osterweil, Angelos Stavrou, Lixia Zhang,
IEEE Computer Magazine, Cybertrust, August 2020
- "21 Years of Distributed Denial-of-Service: Current State of Affairs"
Eric Osterweil, Angelos Stavrou, Lixia Zhang,
IEEE Computer Magazine, Cybertrust, July 2020
- "A Cybersecurity Terminarch: Use It Before We Lose It"
Eric Osterweil,
IEEE Security and Privacy Magazine, July 2020
2014
- "Verifying Keys through Publicity and Communities of Trust: Quantifying Off-Axis Corroboration"
Eric Osterweil, Dan Massey, Danny McPherson, Lixia Zhang,
IEEE Transactions on Parallel and Distributed Systems (TPDS), February 2014
Supplemental text here
2011
- "Operational Implications of the DNS Control Plane"
Eric Osterweil, Danny McPherson, Lixia Zhang,
IEEE Reliability Society Newsletter, May 2011
2010
- "Deploying Cryptography in Internet-Scale Systems: A Case Study on DNSSEC"
Hao Yang, Eric Osterweil, Dan Massey, Lixia Zhang,
Transactions on Dependable and Secure Computing, Volume 7, Issue 2, January 2010
2009
- "Interadministrative Challenges in Managing DNSKEYs"
Eric Osterweil, Lixia Zhang,
IEEE Security and Privacy: Securing the Domain Name System 7(5), September 2009
2004
- "Habitat Monitoring with Sensor Networks"
Rob Szewczyk, Eric Osterweil, Joe Polastre, Michael Hamilton, Alan Mainwaring, and Deborah Estrin,
Communications of the ACM 47, 6, 34-40., June 2004
Conference and Workshop Papers
2022
- "SoK: Public key and namespace management in NDN"
Pouyan Fotouhi Tehrani, Eric Osterweil, Thomas C. Schmidt, and Matthias Wählisch, ICN '22: Proceedings of the 9th ACM Conference on Information-Centric Networking,
2021
- "Security of Alerting Authorities in the WWW: Measuring Namespaces, DNSSEC, and Web PKI"
Pouyan Fotouhi Tehrani, Eric Osterweil, Jochen Schiller, Thomas C. Schmidt, andd Matthias Wählisch, 30th The Web Conference (WWW'21), ACM : New York, USA,
Visit our website, which provides the toolchain used in this paper, measurement data (i.e., domain names, Web certificates etc. ), and a browser to verify the assurance profiles of Alerting Authorities. Data and toolchain are published under doi:10.5281/zenodo.4300946.
- "A Cooperative Market-based Decision Guidance Approach for Resilient Power Systems"
Alexander Brodsky, Eric Osterweil and Roberto Levy, 2021 International Conference on Operations Research and Enterprise Systems (ICORES 2021),
2019
- "Authenticated Communication in Crises: Toward an Infrastructureless Trust Model for Challenged Networks"
Pouyan Fotouhi Tehrani, Eric Osterweil, Jochen H Schiller, Thomas C Schmidt, Matthias Wählisch, 2019 International Conference on Information and Communication Technologies for Disaster Management (ICT-DM),
- "NDNSSEC: Namespace Management in NDN with DNSSEC"
Pouyan Fotouhi Tehrani, Luca Keidel, Eric Osterweil, Jochen Schiller, Thomas Schmidt, Matthias Wählisch, ACM Conference on Information-Centric Networking,
2017
- "Client-side Name Collision Vulnerability in the New gTLD Era: A Systematic Study"
Qi Alfred Chen, Matthew Thomas, Eric Osterweil, Yulong Cao, Jie You, Z. Morley Mao, ACM Conference on Computer and Communications Security (CCS '17),
2016
- "MitM Attack by Name Collision: Cause Analysis and Vulnerability Assessment in the New gTLD Era"
Qi Alfred Chen, Eric Osterweil, Matthew Thomas, Z. Morley Mao, 37th IEEE Symposium on Security and Privacy (S&P '16),
2014
- "The Shape and Size of Threats: Defining a Networked System's Attack Surface"
Eric Osterweil, Danny McPherson, and Lixia Zhang, Proceedings of the IEEE ICNP Workshop on Secure Network Protocols (NPSec '14),
Best Paper Award
- "Measuring IPv6 Adoption"
Jakub (Jake) Czyz, Mark Allman, Jing Zhang, Scott Iekel-Johnson, Eric Osterweil, and Michael Bailey, ACM SIGCOMM,
2012
- "Dissecting Ghost Clicks: Ad Fraud Via Misdirected Human Clicks"
Sumayah Alrwais, Christopher Dunn, Minaxi Gupta, Alexandre Gerber, Oliver Spatscheck, Eric Osterweil, Annual Computer Security Applications Conference (ACSAC) 2012,
- "Behavior of DNS' Top Talkers, a .com/.net View"
Eric Osterweil, Danny McPherson, Steve DiBenedetto, Christos Papadopoulos, Dan Massey, PAM 2012: Passive and Active Measurement Conference,
- "Reducing the X.509 Attack Surface with DNSSEC's DANE"
Eric Osterweil, Burt Kaliski, Matt Larson, Danny McPherson, Securing and Trusting Internet Names, SATIN 2012,
2011
- "The Great IPv4 Land Grab: Resource Certification for the IPv4 Grey Market"
Eric Osterweil, Shane Amante, Danny McPherson, Dan Massey, Tenth ACM Workshop on SIGCOMM Hot Topics in Networks (HotNets-X),
2009
- "Deploying and Monitoring DNS Security (DNSSEC)"
Eric Osterweil, Dan Massey, Lixia Zhang, IEEE Computer Society, 25th Annual Computer Security Applications Conference (ACSAC '09),
- "Managing Trusted Keys in Internet-Scale Systems"
Eric Osterweil, Dan Massey, Lixia Zhang, The Workshop on Trust and Security in the Future Internet (FIST '09),
2008
- "Quantifying the Operational Status of the DNSSEC Deployment"
Eric Osterweil, Michael Ryan, Dan Massey, Lixia Zhang, Proceedings of the 6th ACM/USENIX Internet Measurement Conference (IMC '08), ,
- "Limiting Replay Vulnerabilities in DNSSEC"
He Yan, Eric Osterweil, Jon Hajdu, Jonas Acres, and Dan Massey, 4th IEEE ICNP Workshop on Secure Network Protocols (NPSec '08),
2007
- "Observations from the DNSSEC Deployment"
Eric Osterweil, Dan Massey, Lixia Zhang, 3rd IEEE ICNP Workshop on Secure Network Protocols (NPSec '07),
- "Zone State Revocation for DNSSEC"
Eric Osterweil, Vasileios Pappas, Dan Massey, Lixia Zhang, Proceedings of ACM Sigcomm Workshop on Large Scale Attack Defenses (LSAD '07),
2006
- "Security Through Publicity"
Eric Osterweil, Dan Massey, Batsukh Tsendjav, Beichuan Zhang, Lixia Zhang, USENIX First Workshop on Hot Topics in Security (HotSec '06),
2004
- "System for Simulation, Emulation, and Deployment of Heterogeneous Sensor Networks"
Lewis Girod, Thanos Stathopoulos, Nithya Ramanathan, Jeremy Elson, Deborah Estrin, Eric Osterweil, and Tom Schoellhammer, Proceedings of the second ACM Conference on Embedded Networked Sensor Systems (SenSys),
- "Lightweight Temporal Compression of Microclimate Datasets"
Tom Schoellhammer, Eric Osterweil, Ben Greenstein, Mike Wimbrow, Deborah Estrin, Proceedings of the 29th Annual IEEE International Conference on Local Computer Networks,
Technical Reports
2024
- "How to Measure TLS, X. 509 Certificates, and Web PKI: A Tutorial and Brief Survey"
Pouyan Fotouhi Tehrani, Eric Osterweil, Thomas C. Schmidt, and Matthias Wählisch,
arXiv Preprint, January 2024
2023
- "The Key to Deobfuscation is Pattern of Life, not Overcoming Encryption"
Taylor Henderson, Eric Osterweil, Pavan Kumar Dinesh, and Robert Simon ,
arXiv Preprint, October 2023
2021
- "From the Beginning: Key Transitions in the First 15 Years of DNSSEC"
Eric Osterweil, Pouyan Fotouhi Tehrani, Thomas C. Schmidt, Matthias Wählisch,
arXiv Preprint, September 2021
2019
- "20 Years of DDoS: a Call to Action"
Eric Osterweil, Angelos Stavrou, Lixia Zhang,
arXiv pre-print, April 2019
2013
- "New gTLD Security, Stability, Resiliency Update: Exploratory Consumer Impact Analysis"
Eric Osterweil, Matt Thomas, Andrew Simpson, Danny McPherson,
Verisign Labs Technical Report #1130008 v1.1, August 2013
- "New gTLD Security and Stability Considerations"
Eric Osterweil, and Danny McPherson,
Verisign Labs Technical Report #1130007 v2.1, March 2013
- "TASRS: Towards a Secure Routing System Through Internet Number Resource Certification"
Eric Osterweil, Shane Amante, Danny McPherson,
Verisign Labs Technical Report #1130009, February 2013
2012
- "Sizing Estimates for a Fully Deployed/wp-content/uploads RPKI"
Eric Osterweil, Terry Manderson, Russ White, Danny McPherson,
Verisign Labs Technical Report #1120005 v2, March 2012
2010
- "Cross-Modal Vulnerabilities: An Illusive form of Hijacking"
Eric Osterweil, Dan Massey, Christos Papadopoulos,
Technical Report, May 2010
2004
- "Tools for Deployment and Simulation of Heterogeneous Sensor Networks"
Lewis Girod, Thanos Stathopoulos, Nithya Ramanathan, Eric Osterweil, Tom Schoellhammer, Deborah Estrin,
CENS Technical Report #37, April 2004
RFCs
- "Problem Definition and Classification of BGP Route Leaks"
Kotikalapudi Sriram, Doug Montgomery, Danny McPherson, Eric Osterweil, Brian Dickson,
RFC 7908, June 2016
- "Considerations for Internet Routing Registries (IRRs) and Routing Policy Configuration"
Danny McPherson, Shane Amante, Eric Osterweil, Larry Blunk, Dave Mitchell,
RFC 7682, December 2015
- "Architectural Considerations of IP Anycast"
Danny McPherson, Dave Oran, Dave Thaler, Eric Osterweil,
RFC 7094, January 2014
Papers in Limbo...
2008
- "lbsh: Pounding Science into the Command-Line"
Eric Osterweil, Lixia Zhang,
To appear: Someday...
Talks
For a full list of publications, please visit my Google Scholar Page and/or DBLP Page
2023
Eric Osterweil, Pavan Kumar Dinesh, and Srivalli Vajjha,
ICANN 78, DNSSEC and Security Workshop, October 2023
Video of talk HERE
Eric Osterweil and Lixia Zhang,
ICANN 78, DNSSEC and Security Workshop, October 2023
Video of talk HERE
Eric Osterweil,
Department of Informatik at HAW Hamburg, October 2023
Zhiyi Zhang, R. Can Aygun, Guorui Xiao, Sichen Song, Eric Osterweil, Angelos Stavrou, and Lixia Zhang,
NDNComm '23, March 2023
2022
Eric Osterweil,
CS Department New Student Welcome, November 2022
Tawhidal Islam, Josh Yuen, Pavan Kumar Dinesh, Tomofumi Okubo, and Eric Osterweil,
ICANN 74, DNSSEC and Security Workshop, June 2022
Minar Islam, Josh Yuen, Pavan Kumar Dinesh, Tomofumi Okubo, and Eric Osterweil,
The Cybersecurity Innovation Forum, June 2022
Tawhidul Minar Islam, Joshua Yuen, Pavan Kumar Dinesh, Tomofumi Okubo, Eric Osterweil,
1st CCI Syposium, April 2022
Tawhidal Islam, Josh Yuen, Pavan Kumar Dinesh, Tomofumi Okubo, and Eric Osterweil,
Mason Competitive Cyber Club, April 2022
VIDEO of presentation here
Pouyan Fotouhi Tehrani, Eric Osterweil, Thomas C. Schmidt, Matthias Wählisch,
ICANN 73 DNSSEC and Security Workshop, March 2022
2021
Eric Osterweil, Pouyan Fotouhi Tehrani, Thomas C. Schmidt, Matthias Waehlisch,
ICANN 70, DNSSEC Workshop, March 2021
Priya Ravichander, Eric Osterweil, Steve Crocker,
ICANN 70, DNSSEC Workshop, March 2021
2020
Eric Osterweil,
ICANN 69, DNSSEC Workshop, October 2020
2019
Eric Osterweil,
NIST Information Technology Lab, September 2019
Video HERE
Eric Osterweil,
NDNComm, September 2019
2018
Eric Osterweil,
CS Department Seminar, November 2018
Eric Osterweil,
NIST Workshop on Reasoning About IoT Trustworthiness, September 2018
Eric Osterweil,
Network Collective Podcast, June 2018
2015
Eric Osterweil,
USTelecom Webinar, August 2015
View the VIDEO online anytime
Eric Osterweil, Glen Wiley,
IETF 92, dane wg, March 2015
2014
Eric Osterweil, Lynch Davis, Gowri Visweswaran,
IETF 91, dane wg, November 2014
Eric Osterweil, Danny McPherson, Lixia Zhang,
NPSec 2014, October 2014
Best Paper
Eric Osterweil,
Caribbean Network Operators Group (CaribNOG) 7, April 2014
2013
Eric Osterweil,
21st IEEE ICNP Conference, Ph.D. Forum, October 2013
Keynote Talk
Eric Osterweil, Dan Massey, Danny McPherson, Lixia Zhang,
NIST Workshop on Improving Trust in the Online Marketplace, April 2013
Eric Osterweil, Danny McPherson, Lixia Zhang,
C4I Seminar Series, George Mason Univeristy, April 2013
Eric Osterweil,
IEPG (IETF 86), March 2013
Eric Osterweil,
AIMS 2013, February 2013
2012
Danny McPherson, Shane Amante, Eric Osterweil, Larry Blunk,
IETF 85, grow, November 2012
Eric Osterweil, Danny McPherson, Steve DiBenedetto, Christos Papadopoulos, Dan Massey,
PAM 2012: Passive and Active Measurement Conference, March 2012
2010
Eric Osterweil,
Internet ON, 2010 (ION '10), December 2010
Interview
2009
Eric Osterweil, Dan Massey, Lixia Zhang,
IETF 75, July 2009
Eric Osterweil, Dan Massey, Lixia Zhang,
RIPE 58, May 2009
PDF version available here
2008
Eric Osterweil, Michael Ryan, Dan Massey, Lixia Zhang,
NANOG 44 - DNSSEC BoF, October 2008
PDF version here
Eric Osterweil, Michael Ryan, Dan Massey, Lixia Zhang,
NANOG 44 - Tools BoF, October 2008
PDF version available here
Eric Osterweil, Michael Ryan, Dan Massey, Lixia Zhang,
Proceedings of the 6th ACM/USENIX Internet Measurement Conference (IMC '08), , October 2008
Eric Osterweil, Dan Massey, Lixia Zhang,
UCLA Engineering Technology Forum, May 2008
2007
Eric Osterweil,
3rd OARC Workshop, November 2007
Eric Osterweil, Dan Massey, and Lixia Zhang,
3rd OARC Workshop, November 2007
Eric Osterweil, Vasileios Pappas, Dan Massey, Lixia Zhang,
Proceedings of ACM Sigcomm Workshop on Large Scale Attack Defenses (LSAD '07), August 2007
Eric Osterweil,
NANOG 40, May 2007
2006
Eric Osterweil,
2nd OARC Workshop, November 2006