Michael Reiter is the Lawrence M. Slifkin Distinguished Professor in the Department of Computer Science in UNC's College of Arts and Sciences. He received a B.S. degree in mathematical sciences from UNC in 1989, and M.S. and Ph.D. degrees in computer science from Cornell University in 1991 and 1993, respectively.
Dr. Reiter's research interests include all areas of computer and communications security and distributed computing. He regularly publishes and serves on conference organizing committees in these fields. He served as program chair for the the flagship computer security conferences of the IEEE, the ACM and the Internet Society,
He was named an ACM Fellow in 2008 and an IEEE Fellow in 2014.
Industry Expertise (2)
Areas of Expertise (4)
Computer and communications security
Excellence in Teaching Award (professional)
2009 Awarded by the Computer Science Student Association of the Department of Computer Science at the University of North Carolina at Chapel Hill.
Cornell University: Ph.D., Computer Science 1993
Cornell University: M.S., Computer Science 1991
The University of North Carolina: B.S., Mathematical Sciences 1989
- ACM : Fellow
- IEEE : Fellow
Media Appearances (1)
Google-Led Denials Leave Room for U.S. Web Surveillance
Bloomberg Business online
Mining data associated with people’s communications is hardly new for the government, said Michael Reiter, a professor of computer science at the University of North Carolina at Chapel Hill. The Patriot Act, which was passed in response to the terrorist acts of Sept. 11, 2001, authorized secret U.S. surveillance of phone calls and e-mails. Still, a government hack of corporate servers to obtain that type of information is unlikely, Reiter said. “It’s certainly more difficult to do that and far riskier to do that than it is to just go get the court order,” he said. “It doesn’t make sense to me that the government would try to do it.”...
Event Appearances (8)
2019 ISOC Network and Distributed System Security Symposium
NDSS 2019 San Diego, Calif.
40th IEEE Symposium on Security and Privacy
IEEE Symposium San Francisco, Calif.
Northeastern Cybersecurity and Privacy Institute Northeastern University, Boston, Mass.
College of Information and Computer Sciences, University of Massachusetts Amherst Amherst, MA, USA
Department of Computer and Information Science and Engineering, University of Florida Gainesville, FL, USA
Computer Science and Engineering Department, University of California – Riverside Riverside, CA, USA
9th International Conference on Network and System Security New York, NY, USA
7th ACM Cloud Computing Security Workshop Denver, CO, USA
Recent articlesby Michael Reiter
On the suitability of Lp-norms for creating and preventing adversarial examples M. Sharif, L. Bauer, and M. K. Reiter In Proceedings of the 2018 Workshop on The Bright and Dark Sides of Computer Vision: Challenges and Opportunities for Privacy and Security, pages 1718–1726, June 2018. Static evaluation of noninterference using approximate model counting Z. Zhou, Z. Qian, M. K. Reiter, and Y. Zhang In Proceedings of the 39th IEEE Symposium on Security and Privacy, pages 514–528, May 2018. Differentially private access patterns for searchable symmetric encryption G. Chen, T.-H. Lai, M. K. Reiter, and Y. Zhang In Proceedings of the 2018 IEEE International Conference on Computer Communications, April 2018. On-demand time blurring to support side-channel defense W. Liu, D. Gao, and M. K. Reiter In Computer Security – ESORICS 2017: 22nd European Symposium on Research in Computer Security (Lecture Notes in Computer Science 10493), pages 210–228, September 2017. To permit or not to permit, that is the usability question: Crowdsourcing mobile apps' privacy permission settings Q. Ismail, T. Ahmed, K. Caine, A. Kapadia, and M. Reiter Proceedings on Privacy Enhancing Technologies, 2017(4):39–57, October 2017. Personalized pseudonyms for servers in the cloud Q. Xiao, M. K. Reiter, and Y. Zhang Proceedings on Privacy Enhancing Technologies, 2017(4):191–209, October 2017.
False data injection attacks against state estimation in electric power gridsACM Transactions on Information and System Security (TISSEC)
2011 A power grid is a complex system connecting electric power generators to consumers through power transmission and distribution networks across a large geographical area. System monitoring is necessary to ensure the reliable operation of power grids, and state estimation is used in system monitoring to best estimate the power grid state through analysis of meter measurements and power system models. Various techniques have been developed to detect and identify bad measurements, including interacting bad measurements introduced by arbitrary, nonrandom causes. At first glance, it seems that these techniques can also defeat malicious measurements injected by attackers.
Flicker: An execution infrastructure for TCB minimizationACM SIGOPS Operating Systems Review
2008 We present Flicker, an infrastructure for executing security-sensitive code in complete isolation while trusting as few as 250 lines of additional code. Flicker can also provide meaningful, fine-grained attestation of the code executed (as well as its inputs and outputs) to a remote party. Flicker guarantees these properties even if the BIOS, OS and DMA-enabled devices are all malicious. Flicker leverages new commodity processors from AMD and Intel and does not require a new OS or VMM. We demonstrate a full implementation of Flicker on an AMD platform and describe our development environment for simplifying the construction of Flicker-enabled code.
The design and analysis of graphical passwordsUsenix Security
1999 In this paper we propose and evaluate new graphical password schemes that exploit features of graphical input displays to achieve better security than text based passwords. Graphical input devices enable the user to decouple the position of inputs from the temporal order in which those inputs occur, and we show that this decoupling can be used to generate password schemes with substantially larger (memorable) password spaces. In order to evaluate the security of one of our schemes, we devise a novel way to capture a subset of the "memorable" passwords that, we believe, is itself a contribution. In this work we are primarily motivated by devices such as personal digital assistants (PDAs) that offer graphical input capabilities via a stylus, and we describe our prototype implementation of one of our password schemes on such a PDA, namely the Palm PilotTM.
Crowds: Anonymity for web transactionsACM Transactions on Information and System Security
1998 In this paper we introduce a system called Crowds for protecting users' anonymity on the world-wide-web. Crowds, named for the notion of “blending into a crowd,” operates by grouping users into a large and geographically diverse group (crowd) that collectively issues requests on behalf of its members. Web servers are unable to learn the true source of a request because it is equally likely to have originated from any member of the crowd, and even collaborating crowd members cannot distinguish the originator of a request from a member who is merely forwarding the request on behalf of another. We describe the design, implementation, security, performance, and scalability of our system. Our security analysis introduces degrees of anonymity as an important tool for describing and proving anonymity properties.
Byzantine quorum systemsDistributed Computing
1998 Quorum systems are well-known tools for ensuring the consistency and availability of replicated data despite the benign failure of data repositories. In this paper we consider the arbitrary (Byzantine) failure of data repositories and present the first study of quorum system requirements and constructions that ensure data availability and consistency despite these failures. We also consider the load associated with our quorum systems, i.e., the minimal access probability of the busiest server. For services subject to arbitrary failures, we demonstrate quorum systems over n servers with a load of O(1n√), thus meeting the lower bound on load for benignly fault-tolerant quorum systems. We explore several variations of our quorum systems and extend our constructions to cope with arbitrary client failures.