-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathindex.html
More file actions
executable file
·148 lines (136 loc) · 8.36 KB
/
index.html
File metadata and controls
executable file
·148 lines (136 loc) · 8.36 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
<!doctype html>
<html lang="en">
<head>
<title>Stephen A. Weis - Security Researcher and Engineer</title>
<meta property="og:title" content="Stephen A. Weis - Security Researcher and Engineer" />
<meta name="keywords" content="Stephen Weis, Steve Weis, Stephen A. Weis, cryptography,
Anthropic, Google Authenticator, Facebook, security, privacy, RFID, threshold signatures, Keyczar" />
<meta property="og:description" name="description" content="Personal web page for Stephen A. Weis, Ph.D." />
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="style.css" type="text/css" />
</head>
<body>
<div class="container">
<header class="site-header">
<h1><a href="index.html">Stephen A. Weis</a></h1>
<p class="subtitle">Security Researcher and Engineer</p>
</header>
<div class="hero">
<img src="photos/steve_headshot_11.25.jpg" class="hero-photo" alt="Steve Weis photo" />
<div class="hero-contact">
<h4 id="contact">Contact</h4>
<ul>
<li><a href="mailto:sw@saweis.net">sw@saweis.net</a></li>
<li><a href="https://www.linkedin.com/in/stephenweis">linkedin.com/in/stephenweis</a></li>
<li><a href="https://twitter.com/sweis">twitter.com/sweis</a></li>
</ul>
</div>
</div>
<hr />
<div class="section" id="bio">
<h4 id="biography">Biography</h4>
<p>
Steve Weis is a software engineer interested in cryptography, security, privacy,
and machine learning. He is currently a member of technical staff at
<a href="https://www.anthropic.com/">Anthropic</a> working on the Secure Frameworks team.
</p>
<p>
Previously, Steve was a principal software engineer at
<a href="https://databricks.com/">Databricks</a> working on Trust & Safety Engineering,
a security & privacy consultant, a Fellow at the
<a href="https://aspentechpolicyhub.org">Aspen Institute Technology Policy Hub</a>,
and a software engineer at Facebook working on data privacy, data security,
and security infrastructure.
</p>
<p>
In the past, Steve was co-founder & CTO of
<a href="https://www.privatecore.com">PrivateCore</a>, a security
startup acquired by Facebook in 2014. His work includes data privacy,
Facebook Messenger security, building
<a href="https://www.facebook.com/notes/protect-the-graph/securing-email-communications-from-facebook/1611941762379302">PGP support for Facebook</a>,
<a href="https://www.google.com/landing/2step/">Google 2-step verification</a>
and the <a href="https://www.keyczar.org">Keyczar</a> cryptographic library.
Steve was also a technical director at
<a href="https://www.appdirect.com">AppDirect</a> and a member of the
applied security team at <a href="https://www.google.com">Google</a>.
Steve received a PhD in computer science from
<a href="https://www.mit.edu">MIT</a> where he was advised by
<a href="http://people.csail.mit.edu/rivest/">Ron Rivest</a>.
</p>
</div>
<div class="section" id="videos">
<h4>Selected Videos and Podcasts</h4>
<ul>
<li><a href="https://saweis.net/posts/nist-curve-seed-origins.html">How were the NIST ECDSA curve parameters generated?</a> post discussed on
<a href="https://securitycryptographywhatever.com/2023/10/12/the-nist-curves/">"Jerry Solinas deserves a raise"</a> episode of
<a href="https://securitycryptographywhatever.com/">Security Cryptography Whatever</a> podcast, 2023</li>
<li><a href="https://securitycryptographywhatever.com/2023/06/29/why-do-we-think-anything-is-secure-with-steve-weis/">"Why do we think anything is secure"</a>
on <a href="https://securitycryptographywhatever.com/">Security Cryptography Whatever</a> podcast, 2023</li>
<li><a href="https://podcasts.apple.com/au/podcast/19-steve-weis-security-shouldnt-be-the-last-check-box/id1537190695?i=1000557652641">"Security Shouldn't Be the Last Check Box"</a>
on Building Better Systems, 2022</li>
<li><a href="https://www.youtube.com/watch?v=ptz1sInUaGA">"Emerging Cryptography"</a> at Enigma 2018</li>
<li><a href="https://www.youtube.com/watch?v=edNkIc6L9Qo">"Protecting Data In-Use from Firmware and Physical Attacks"</a> at BlackHat USA, 2014</li>
<li><a href="https://www.youtube.com/watch?v=lkO8SNiDSw0#t=5h19m14s">"Trusted Computing Technology and Government Implants"</a> at TrustyCon 2014</li>
</ul>
</div>
<div class="section" id="biblio">
<h4>Bibliography</h4>
<ul>
<li><a href="biblio.html">Bibliography</a>: Talks, papers, theses, articles, and book chapters</li>
<li><a href="https://scholar.google.com/citations?user=Ax6m7G4AAAAJ&hl=en">Google Scholar citations</a></li>
<li>ORCID: <a href="https://orcid.org/0000-0002-9723-9100">0000-0002-9723-9100</a></li>
</ul>
</div>
<div class="section" id="posts">
<h4>Posts</h4>
<ul>
<li><a href="https://saweis.net/posts/nist-curve-seed-origins.html">How were the NIST ECDSA curve parameters generated?</a></li>
<li><a href="posts/State-of-SGX-Development.html">"State of SGX Development"</a></li>
<li><a href="posts/Better-Defending-Private-Industry-from-Nation-State-Attackers.html">"Better Defending Private Industry from Nation State Attackers"</a></li>
<li><a href="posts/Security-and-Privacy-Risks-of-Machine-Learning-Models.html">"Security & Privacy Risks of Machine Learning Models"</a></li>
<li><a href="posts/Revisiting-Radix-Economy.html">"Revisiting Radix Economy"</a></li>
</ul>
</div>
<div class="section" id="code">
<h4>Coding Projects</h4>
<ul>
<li><a href="https://github.com/sweis/lthash-rs/">lthash-rs: Lattice-based Homomorphic Hash in Rust</a></li>
<li><a href="https://github.com/sweis/protoken-rs/">protoken-rs: Experimental Protobuf signed tokens in Rust</a></li>
<li><a href="https://github.com/sweis/xcert-rs">xcert-rs: x509 Certificate Inspection Utility in Rust</a></li>
</ul>
</div>
<div class="section" id="content">
<h4>Miscellaneous Content</h4>
<ul>
<li><a href="threatworksheet/index.html">Threat Model Worksheet</a></li>
<li><a href="posts/startup-pitch-elements.html">Startup Pitch Elements</a></li>
<li><a href="news.html">In the news</a></li>
</ul>
</div>
<div class="section" id="projects">
<h4>Old Stuff</h4>
<ul>
<li><a href="https://www.cve.org/CVERecord?id=CVE-2021-38296">CVE-2021-38296: Apache Spark Authentication</a></li>
<li><a href="https://www.databricks.com/blog/2021/05/26/introducing-delta-sharing-an-open-protocol-for-secure-data-sharing.html">Delta Sharing</a></li>
<li><a href="https://www.facebook.com/notes/protect-the-graph/securing-email-communications-from-facebook/1611941762379302">Facebook PGP support</a></li>
<li><a href="https://github.com/google/google-authenticator-android">Google Authenticator</a>: Mobile one-time passcode app</li>
<li><a href="https://github.com/google/keyczar">Keyczar</a>: An open source cryptographic toolkit designed to make it easier and safer for developers to use cryptography in their applications.</li>
<li><a href="crypto.html">Crypto Mini-Course</a> (2007): Includes videos, slides, readings, and exercises.</li>
<li><a href="hbplus.html">HB+ Authentication</a>: A low-cost authentication protocol based on the LPN problem</li>
<li><a href="https://github.com/sweis/pseudoid/">PseudoID</a>: Enhancing privacy in federated login.</li>
<li><a href="https://github.com/sweis/threshsig">Threshsig</a>: A Java implementation of Victor Shoup's <a href="http://www.iacr.org/archive/eurocrypt2000/1807/18070209-new.pdf">"Practical Threshold Signatures"</a></li>
<li><a href="https://github.com/sweis/step2">Step2</a>: An OpenID consumer that supports the OAuth Extension</li>
</ul>
</div>
</div>
<!-- Google Analytics -->
<script async src="https://www.googletagmanager.com/gtag/js?id=UA-448164-1"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'UA-448164-1');
</script>
</body>
</html>