Books

• B. Schneier, J. Kelsey, D. Whiting, D. Wagner, C. Hall, and N. Ferguson, The Twofish Encryption Algorithm: A 128-Bit Block Cipher, New York: J. Wiley, 1999. [abstract]
• D. L. Oppenheimer, D. Wagner, and M. D. Crabb, System Security: A Management Perspective, Short Topics in System Administration, Vol. 3, Berkeley, CA: USENIX Association, 1997. [abstract]

Book chapters or sections

• N. T. Courtois, G. V. Bard, and D. Wagner, "Algebraic and slide attacks on KeeLoq," in Fast Software Encryption: Proc. 15th Intl. Workshop (FSE 2008). Revised Selected Papers, K. Nyberg, Ed., Lecture Notes in Computer Science, Vol. 5086, Berlin, Germany: Springer-Verlag, 2008, pp. 97-115.
• N. Hopper, D. Molnar, and D. Wagner, "From weak to strong watermarking," in Theory of Cryptography: Proc. 4th Conf. (TCC 2007), S. P. Vadhan, Ed., Lecture Notes in Computer Science, Vol. 4392, Berlin, Germany: Springer-Verlag, 2007, pp. 362-382.
• M. Johnson, D. Wagner, and K. Ramchandran, "On compressing encrypted data without the encryption key," in Theory of Cryptography: Proc. 1st Theory of Cryptograpy Conf. (TSS 2004), M. Naor, Ed., Lecture Notes in Computer Science, Vol. 2951, Berlin, Germany: Springer-Verlag, 2004, pp. 491-504.
• R. Johnson, D. Molnar, D. Song, and D. Wagner, "Homomorphic signature schemes," in Topics in Cryptography: The Cryptographer's Track at the RSA Conf. (CT-RSA 2002), B. Preneel, Ed., Lecture Notes in Computer Science, Vol. 2271, Berlin, Germany: Springer-Verlag, 2002, pp. 244-262.

Articles in journals or magazines

• D. Tsafrir, D. Da Silva, and D. Wagner, "The murky issue of changing process identity: Revising "Setuid Demystified"," ;login: The USENIX Magazine, vol. 33, no. 3, pp. 55-66, June 2008.
• M. Bishop and D. Wagner, "Risks of e-voting," Communications of the ACM: Inside Risks Column, vol. 50, no. 11, pp. 120-120, Nov. 2007.
• R. C., W. Phan, and D. Wagner, "Security considerations for incremental hash functions based on pair block chaining," Computers & Security, Jan. 2006.

Articles in conference proceedings

• G. Ho, A. S. M. Javed, V. Paxson, and D. Wagner, "Detecting Credential Spearphishing Attacks in Enterprise Settings," in Proceedings of the 26rd USENIX Security Symposium (USENIX Security’17), 2017, pp. 469--485.
• G. Ho, A. Sharma, M. Javed, V. Paxson, and D. Wagner, "Detecting Credential Spearphishing Attacks in Enterprise Settings," in USENIX Security Symposium, 2017, pp. 469-485.
• C. Thompson and D. Wagner, "Securing Recognizers for Rich Video Applications," in Proceedings of the 6th Workshop on Security and Privacy in Smartphones and Mobile Devices, SPSM, 2016, pp. 53--62. [abstract]
• T. Dang, P. Maniatis, and D. Wagner, "The performance cost of shadow stacks and stack canaries," in ACM Symposium on Information, Computer and Communications Security, ASIACCS, Vol. 15, 2015.
• J. Tan, K. Nguyen, M. Theodorides, H. Negron-Arroyo, C. Thompson, S. Egelman, and D. Wagner, "The Effect of Developer-Specified Explanations for Permission Requests on Smartphone User Behavior," in Proceedings of the ACM CHI Conference on Human Interaction in Computing Systems (CHI 2014), 2014.
• C. Sturton, R. Sinha, T. Dang, S. Jain, M. McCoyd, W. Y. Tan, P. Maniatis, S. A. Seshia, and D. Wagner, "Symbolic Software Model Validation," in Proceedings of the 10th ACM/IEEE International Conference on Formal Methods and Models for Codesign (MEMOCODE), M. Roncken and J. Talpin, Eds., 2013. [abstract]
• C. Thompson, M. Johnson, S. Egelman, D. Wagner, and J. King, "When it's better to ask forgiveness than get permission: attribution mechanisms for smartphone resources," in Proceedings of the Ninth Symposium on Usable Privacy and Security, SOUPS '13, New York, NY, USA: ACM, 2013. [abstract]
• A. Felt, M. Finifter, J. Weinberger, and D. Wagner, "Diesel: Applying Privilege Separation to Database Access," in Proc. of ACM Symposium on Information, Computer and Communications Security (ASIACCS), 2011, 2011.
• A. Felt, M. Finifter, J. Weinberger, and D. Wagner, "Diesel: Applying Privilege Separation to Database Access," in Proc. of ACM Symposium on Information, Computer and Communications Security (ASIACCS), 2011, 2011.
• A. P. Felt, M. Finifter, J. Weinberger, and D. Wagner, "Diesel: Applying Privilege Separation to Database Access," in ACM Symposium on Information, Computer and Communications Security, 2011.
• A. P. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner, "Android permissions demystified," in Proceedings of the 18th ACM conference on Computer and Communications Security, 2011, pp. 627-638.
• M. Finifter, A. Mettler, N. Sastry, and D. Wagner, "Verifiable Functional Purity in Java," in 15th ACM Conference on Computer and Communications Security (CCS 2008), 2008.
• M. Finifter, A. Mettler, V. Sastry, and D. Wagner, "Verifiable functional purity in Java," in Proc. 15th ACM Conf. on Computer and Communications Security (CCS 2008), P. Syverson, S. Jha, and X. Zhang, Eds., New York, NY: The Association for Computing Machinery, Inc., 2008, pp. 161-174.
• A. Cordero and D. Wagner, "Replayable voting machine audit logs," in Proc. 2008 USENIX/ACCURATE Electronic Voting Technology Workshop (EVT '08), Berkeley, CA: USENIX Association, 2008, pp. 14 pg.
• J. A. Halderman, E. Rescorla, H. Shacham, and D. Wagner, "You go to elections with the voting system you have: Stop-gap mitigations for deployed voting systems," in Proc. 2008 USENIX/ACCURATE Electronic Voting Technology Workshop (EVT '08), Berkeley, CA: USENIX Association, 2008, pp. 14 pg.
• C. Karlof, D. Tygar, and D. Wagner, "A user study design for comparing the security of registration protocols," in Proc. 1st USENIX Conf. on Usability, Psychology, and Security (UPSEC 2008), E. Churchill and R. Dhamija, Eds., Berkeley, CA: USENIX Association, 2008, pp. Art. 12.
• D. Tsafrir, T. Hertz, D. Wagner, and D. Da Silva, "Portably solving file TOCTTOU races with hardness amplification (Best Paper Award)," in Proc. 6th USENIX Conf. on File and Storage Technologies (FAST 2008), Berkeley, CA: USENIX Association, 2008, pp. 189-206.
• C. Karlof, U. Shankar, D. Tygar, and D. Wagner, "Dynamic pharming attacks and locked same-origin policies for web browsers," in Proc. 14th ACM Conf. on Computer and Communications Security (CCS 2007), S. De Capitani di Vimerca, P. Syverson, and D. Evans, Eds., New York, NY: The Association for Computing Machinery, Inc., 2007, pp. 58-71.
• K. Chen and D. Wagner, "Large-scale analysis of format string vulnerabilities in Debian Linux," in Proc. 2nd ACM SIGPLAN Workshop on Programming Languages and Analysis for Security (PLAS 2007), New York, NY: The Association for Computing Machinery, Inc., 2007, pp. 75-84.
• P. Golle and D. Wagner, "Cryptanalysis of a cognitive authentication scheme (Extended Abstract)," in Proc. 2007 IEEE Symp. on Security and Privacy (SP '07), Los Alamitos, CA: IEEE Computer Society, 2007, pp. 66-70.
• K. Yee, D. Wagner, M. Hearst, and S. M. Bellovin, "Prerendered User Interfaces for Higher-Assurance Electronic Voting," in USENIX/ACCURATE Electronic Voting Technology Workshop, 2006.
• N. Sastry, T. Kohno, and D. Wagner, "Designing voting machines for verification," in Usenix Security 2006, 2006.
• A. Cordero, D. Wagner, and D. Dill, "The Role of Dice in Election Audits -- Extended Abstract," in IAVoSS Workshop On Trustworthy Elections (WOTE 2006), 2006.
• D. Wagner and U. Shankar, "Preventing Secret Leakage from fork(): Securing Privilege-Separated Applications," in Network Security and Information Assurance Symposium, 2006.
• D. Molnar, T. Kohno, N. Sastry, and D. Wagner, "Tamper-Evident, History-Independent, Subliminal-Free Data Structures on PROM Storage -or- How to Store Ballots on a Voting Machine (Extended Abstract)," in 2006 IEEE Symposium on Security and Privacy, 2006.
• C. Crutchfield, D. Molnar, D. Turner, and D. Wagner, "Generic On-line/Off-line Threshold Signatures," in Public Key Cryptography (PKC) 2006, 2006.
• B. Schwarz, H. Chen, D. Wagner, G. Morrison, J. West, J. Lin, and W. Tu, "Model checking an entire Linux distribution for security violations," in Proc. 21st Annual Computer Security Applications Conf., Los Alamitos, CA: IEEE Computer Society, 2005, pp. 13-22.
• A. Juels, D. Molnar, and D. Wagner, "Security and privacy issues in e-passports," in Proc. 1st Intl. Conf. on Security and Privacy for Emerging Areas in Communications Networks, Los Alamitos, CA: IEEE Computer Society, 2005, pp. 74-85.
• S. Crosby, I. Goldberg, R. Johnson, D. Song, and D. Wagner, "A cryptanalysis of the High-Bandwidth Digital Content Protection system," in Security and Privacy in Digital Right Management: Proc. 2001 Workshop on Security and Privacy in Digital Rights Management. Revised Papers, T. Sander, Ed., Lecture Notes in Computer Science, Vol. 2320, Berlin, Germany: Springer-Verlag, 2002, pp. 159-182.
• H. Chen, D. Wagner, and D. Dean, "Setuid demystified," in Proc. 11th USENIX Security Symp., Berkeley, CA: USENIX Association, 2002, pp. 171-190.
• D. Song, D. Wagner, and X. Tian, "Timing analysis of keystrokes and timing attacks on SSH," in Proc. 10th USENIX Security Symp., Berkeley, CA: USENIX Association, 2001, pp. 16 pg.
• N. Borisov, I. Goldberg, and D. Wagner, "Intercepting mobile communications: The insecurity of 802.11," in Proc. 7th Annual Intl. Conf. on Mobile Computing and Networking, New York, NY: ACM Press, 2001, pp. 180-189.
• D. Song, D. Wagner, and A. Perrig, "Practical techniques for searches on encrypted data," in Proc. 2000 IEEE Symp. on Security and Privacy (SP '00), Los Alamitos, CA: IEEE Computer Society, 2000, pp. 44-55.
• D. Wagner, J. S. Foster, E. Brewer, and A. Aiken, "A first step towards automated detection of buffer overrun vulnerabilities," in Proc. Network and Distributed System Security Symp., Reston, VA: Internet Society, 2000, pp. 15 pp..

Technical Reports

• J. Beekman, J. Manferdelli, and D. Wagner, "Attestation Transparency: Building secure Internet services for legacy clients," EECS Department, University of California, Berkeley, Tech. Rep. UCB/EECS-2016-12, March 2016. [abstract]
• G. Ho, D. Leung, P. Mishra, A. Hosseini, D. Song, and D. Wagner, "Smart Locks: Lessons for Securing Commodity Internet of Things Devices," EECS Department, University of California, Berkeley, Tech. Rep. UCB/EECS-2016-11, March 2016. [abstract]
• D. Kantola, E. Chin, W. He, and D. Wagner, "Reducing Attack Surfaces for Intra-Application Communication in Android," EECS Department, University of California, Berkeley, Tech. Rep. UCB/EECS-2012-182, July 2012. [abstract]
• A. P. Felt, S. Egelman, and D. Wagner, "I’ve Got 99 Problems, But Vibration Ain’t One: A Survey of Smartphone Users’ Concerns," EECS Department, University of California, Berkeley, Tech. Rep. UCB/EECS-2012-70, May 2012. [abstract]
• A. P. Felt, E. Ha, S. Egelman, A. Haney, E. Chin, and D. Wagner, "Android Permissions: User Attention, Comprehension, and Behavior," EECS Department, University of California, Berkeley, Tech. Rep. UCB/EECS-2012-26, Feb. 2012. [abstract]
• A. P. Felt, M. Finifter, J. Weinberger, and D. Wagner, "Diesel: Applying Privilege Separation to Database Access," EECS Department, University of California, Berkeley, Tech. Rep. UCB/EECS-2010-149, Dec. 2010. [abstract]
• A. P. Felt, K. Greenwood, and D. Wagner, "The Effectiveness of Install-Time Permission Systems for Third-Party Applications," EECS Department, University of California, Berkeley, Tech. Rep. UCB/EECS-2010-143, Dec. 2010. [abstract]
• A. Mettler and D. Wagner, "The Joe-E Language Specification, Version 1.0," EECS Department, University of California, Berkeley, Tech. Rep. UCB/EECS-2008-91, Aug. 2008. [abstract]
• C. K. Karlof, U. Shankar, D. Tygar, and D. Wagner, "Dynamic pharming attacks and the locked same-origin policies for web browsers," EECS Department, University of California, Berkeley, Tech. Rep. UCB/EECS-2007-52, May 2007. [abstract]
• C. K. Karlof, U. Shankar, D. Tygar, and D. Wagner, "Locked cookies: Web authentication security against phishing, pharming, and active attacks," EECS Department, University of California, Berkeley, Tech. Rep. UCB/EECS-2007-25, Feb. 2007. [abstract]
• D. A. Molnar and D. Wagner, "Catchconv: Symbolic execution and run-time type inference for integer conversion errors," EECS Department, University of California, Berkeley, Tech. Rep. UCB/EECS-2007-23, Feb. 2007. [abstract]
• K. Yee, D. Wagner, M. Hearst, and S. Bellovin, "Prerendered User Interfaces for Higher-Assurance Electronic Voting," EECS Department, University of California, Berkeley, Tech. Rep. UCB/EECS-2006-35, April 2006. [abstract]
• A. M. Mettler and D. Wagner, "The Joe-E Language Specification (draft)," EECS Department, University of California, Berkeley, Tech. Rep. UCB/EECS-2006-26, March 2006. [abstract]
• J. D. Waddle and D. A. Wagner, "Fault Attacks on Dual-Rail Encoded Systems," EECS Department, University of California, Berkeley, Tech. Rep. UCB/CSD-04-1347, Aug. 2004. [abstract]
• R. Johnson and D. Wagner, "Finding User/Kernel Pointer Bugs With Type Inference," EECS Department, University of California, Berkeley, Tech. Rep. UCB/CSD-04-1308, March 2004. [abstract]
• N. Sastry, U. Shankar, and D. Wagner, "Secure Verification of Location Claims," EECS Department, University of California, Berkeley, Tech. Rep. UCB/CSD-03-1245, 2003. [abstract]
• C. Karlof and D. Wagner, "Hidden Markov Model Cryptanalysis," EECS Department, University of California, Berkeley, Tech. Rep. UCB/CSD-03-1244, 2003. [abstract]
• H. Chen and D. A. Wagner, "MOPS: an Infrastructure for Examining Security Properties of Software," EECS Department, University of California, Berkeley, Tech. Rep. UCB/CSD-02-1197, Sep. 2002. [abstract]
• D. A. Wagner, "Janus: an Approach for Confinement of Untrusted Applications," EECS Department, University of California, Berkeley, Tech. Rep. UCB/CSD-99-1056, 1999. [abstract]

Unpublished articles

• P. Hawthorne, B. Simons, C. Clifton, D. Wagner, S. Bellovin, R. Wright, A. Rosenthal, R. Spencer Poore, L. Coney, R. Gellman, and H. Hochheiser, "Statewide Databases of Registered Voters: Study Of Accuracy, Privacy, Usability, Security, and Reliability Issues," Feb. 2006.
• D. Wagner, D. Jefferson, M. Bishop, C. Karlof, and N. Sastry, "Security Analysis of the Diebold AccuBasic Interpreter," Feb. 2006.

Ph.D. Theses

• T. Dang, D. Wagner, and P. Maniatis, "Towards Improved Mitigations for Two Attacks on Memory Safety," EECS Department, University of California, Berkeley, Tech. Rep. UCB/EECS-2017-209, Dec. 2017. [abstract]

Masters Reports

• N. Shah, G. Ho, M. Schweighauser, M. Afifi, A. Cidon, and D. A. Wagner, "A Large-Scale Analysis of Attacker Activity in Compromised Enterprise Accounts," EECS Department, University of California, Berkeley, Tech. Rep. UCB/EECS-2020-80, May 2020. [abstract]
• L. Tsai, P. Wijesekera, J. Reardon, I. Reyes, J. Chen, N. Good, S. Egelman, and D. Wagner, "TurtleGuard: Helping Android Users Apply Contextual Privacy Preferences," EECS Department, University of California, Berkeley, Tech. Rep. UCB/EECS-2017-44, May 2017. [abstract]
• L. Lee, D. Fifield, N. Malkin, G. Iyer, S. Egelman, and D. Wagner, "Tor's Usability for Censorship Circumvention," EECS Department, University of California, Berkeley, Tech. Rep. UCB/EECS-2016-58, May 2016. [abstract]
• P. Pearce, A. P. Felt, G. Nunez, and D. Wagner, "AdDroid: Privilege Separation for Applications and Advertisers in Android," EECS Department, University of California, Berkeley, Tech. Rep. UCB/EECS-2013-59, May 2013. [abstract]

Miscellaneous

• M. Clarkson, B. Hay, M. Inge, A. Shelat, D. Wagner, and A. Yasinsac, "Software Review and Security Analysis of Scytl Remote Voting Software," Sep. 2008.
• J. A. Calandrino, A. J. Feldman, J. A. Halderman, D. Wagner, H. Yu, and W. P. Zeller, "Source Code Review of the Diebold Voting System," July 2007.
• D. Wagner, "Written testimony before the U.S. House of Representatives Committee on Oversight and Government Reform," May 2007.
• D. Wagner, "Written testimony before the U.S. House of Representatives Committee on House Administration, Elections Subcommittee," March 2007.