About
I'm currently at Dropbox making the world and our users more secure. Previously I've completed a Ph.D in Computer Science at Stanford, working with Dan Boneh and others on research to secure the web as a platform. I've also worked at Google on Chrome and clickfraud, at Microsoft on CardSpace, and at a startup called Betable on social gambling. Some time ago, I graduated from Carnegie Mellon University with a B.S in Computer Science and a B.S in Discrete Mathematics.
Publications
- Andrew Bortz, Adam Barth, and Alexei Czeskis. Origin Cookies: Session Integrity for Web Applications. W2SP 2011.
- Collin Jackson, Adam Barth, Andrew Bortz, Weidong Shao, and Dan Boneh. Protecting Browsers from DNS Rebinding Attacks. ACM Transactions on the Web, Volume 3, Number 1, January 2009.
- Collin Jackson, Adam Barth, Andrew Bortz, Weidong Shao, and Dan Boneh. Protecting Browsers from DNS Rebinding Attacks. ACM CCS 2007.
- Andrew Bortz, Dan Boneh, and Palash Nandy. Exposing Private Information by Timing Web Applications. WWW 2007.
- Luis von Ahn, Andrew Bortz, Nicholas J. Hopper, and Kevin O'Neill. Selectively Traceable Anonymity. PET 2006.
- Collin Jackson, Andrew Bortz, Dan Boneh, and John C. Mitchell. Phishing and Counter-Measures: Understanding the Increasing Problem of Electronic Identity Theft, Chapter 12. Wiley-Interscience 2006.
- Collin Jackson, Andrew Bortz, Dan Boneh, and John C. Mitchell. Protecting Browser State from Web Privacy Attacks. WWW 2006.
- Luis von Ahn, Andrew Bortz, and Nicholas J. Hopper. k-Anonymous Message Transmission. ACM CCS 2003.
Patents
- Kim Cameron, Arun K. Nanda, Josh D. Benaloh, John P. Shewchuk, Daniel R. Simon, Andrew Bortz. Methods and system for asymmetric key security. Microsoft Corporation. U.S. Patent #7822200
Public Projects
- google-dnswall - A simple DNS proxy to defend against DNS rebinding attacks. Written at Google for deployment, later open-sourced. Now abandoned and deprecated by coordinated fixes to browsers, plugins, and recursive DNS resolvers.
Popular Press
- Website delay provides bait for 'phishers'. Issue 2604 of New Scientist magazine, May 19 2007, page 32
- Retro attack gets new life, worries browser makers. Security Focus, August 6, 2007
- Defending networks against DNS rebinding attacks. CircleID, August 9, 2007