About

Dan S. Wallach is a professor in Rice University's Department of Computer Science and the Department of Electrical & Computer Engineering, specializing in computer security. His research interests include mobile code, wireless and smartphone security, and the security of electronic voting systems. He is also a Rice Scholar at the Baker Institute for Public Policy. Currently, he is on leave from Rice, working as a program manager at DARPA's Information Innovation Office (I2O). Throughout his career, Wallach has contributed to the field of voting security, providing testimony before the Texas Senate Special Committee on Election Security and the U.S. Congress Space, Science, & Technology Committee on Voting Security. His work includes research on tamper-evident data structures, wireless localization, and cryptographically verifiable election technologies. Wallach has also been involved in efforts to improve the computer science publication process and has collaborated with organizations such as Microsoft and VotingWorks on election security technologies.

Research topics

• Computer Science
• Computer Security
• Political Science
• Artificial Intelligence
• Law
• Business
• Telecommunications
• Engineering
• Public relations
• Computer network
• Internet privacy
• Medicine

Selected publications

• Algorithmic DoS

  2025-01-01

  book-chapterSenior author
  PublisherDOI

• A Viewpoint: A Memory Safety Manifesto

  IEEE Security & Privacy · 2024-07-01

  article1st authorCorresponding

  Memory safety vulnerabilities, like buffer overflows and use after free, are endemic to the C and C++ programming languages. Despite decades of effort to help programmers find and fix these issues, they nonetheless are exploited with distressing regularity. It’s time for a new approach. This manifesto argues that we must commit to rewriting the world’s software in “safe” languages that eliminate these issues up front. It’s going to take a while, but it’s time to get started.

  PublisherDOI

• Ballot Tabulation Using Deep Learning

  2023 · 5 citations

  • Computer Science
  • Computer Science
  • Artificial Intelligence

  Currently deployed election systems that scan and process hand-marked ballots are not sophisticated enough to handle marks insufficiently filled in (e.g., partially filled-in), improper marks (e.g., using check marks or crosses instead of filling in bubbles), or marks outside of bubbles, other than setting a threshold to detect whether the pixels inside bubbles are dark and dense enough to be counted as a vote. The current works along this line are still largely limited by their degree of automation and require substantial manpower for annotation and adjudication. In this study, we propose a highly automated deep learning (DL) mark segmentation model-based ballot tabulation assistant able to accurately identify legitimate ballot marks. For comparison purposes, a highly customized traditional computer vision (T-CV) mark segmentation-based method has also been developed to compare with the DL-based tabulator, with a detailed discussion included. Our experiments conducted on two real election datasets achieved the highest accuracy of 99.984% on ballot tabulation. In order to further enhance our DL model’s capability of detecting the marks that are underrepresented in training datasets, e.g., insufficiently or improperly filled marks, we propose a Siamese network architecture that enables our DL model to exploit the contrasting features between a hand-marked ballot image and its corresponding blank template image to detect marks. Without the need for extra data collection, by incorporating this novel network architecture, our DL model-based tabulation method not only achieved a higher accuracy score but also substantially reduced the overall false negative rate.

  PublisherDOI

• ACM TechBrief: Election Security: Risk Limiting Audits

  ACM eBooks · 2022-10-12

  bookSenior author
  PublisherDOI

• VAULT-Style Risk-Limiting Audits and the Inyo County Pilot

  IEEE Security & Privacy · 2021-05-31 · 2 citations

  articleSenior author

  In 2020, Inyo County, California partnered with nonprofit VotingWorks to pilot the use of the Verifiable Audits Using Limited Transparency technique (called VAULT) to conduct an efficient, privacy-preserving, publicly verifiable risk-limiting audit of seven contests in the November general election. We describe VAULT, the pilot, and the software implementation that made this pilot possible.

  PublisherDOI

• Bad Tools Hurt: Lessons for teaching computer security skills to undergraduates

  International Journal of Computer Science Education in Schools · 2021-12-17

  articleOpen accessSenior author

  Understanding why developers continue to misuse security tools is critical to designing safer software, yet the underlying reasons developers fail to write secure code are not well understood. In order to better understand how to teach these skills, we conducted two comparatively large-scale usability studies with undergraduate CS students to assess factors that affect success rates in securing web applications against cross-site request forgery (CSRF) attacks. First, we examined the impact of providing students with example code and/or a testing tool. Next, we examined the impact of working in pairs. We found that access to relevant secure code samples gave significant benefit to security outcomes. However, access to the tool alone had no significant effect on security outcomes, and surprisingly, the same held true for the tool and example code combined. These results confirm the importance of quality example code and demonstrate the potential danger of using security tools in the classroom that have not been validated for usability. No individual differences predicted one’s ability to complete the task. We also found that working in pairs had a significant positive effect on security outcomes. These results provide useful directions for teaching computer security programming skills to undergraduate students.

  PublisherOA PDFDOI

• Machine Learning for Measuring and Analyzing Online Social Communications

  ESANN 2021 proceedings · 2021-01-01 · 1 citations

  articleOpen access

  In this paper, we propose a framework for application of a novel machine learning-based system for analyzing online social communications. As a example, we are targeting anti-Semitic graphical memes posted to social media. We presented very promising preliminary results on a Facebook dataset that consists of a total of 10000 labeled memes. We can conclude that machine learning will soon be able to successfully analyze and monitor complex social communications.

  PublisherDOI

• Table of Contents

  IEEE Security & Privacy · 2021-07-01

  articleOpen access
  PublisherOA PDFDOI

• Scaling Up Anonymous Communication with Efficient Nanopayment Channels

  Proceedings on Privacy Enhancing Technologies · 2020 · 4 citations

  Senior authorCorresponding
  • Computer Science
  • Computer Science
  • Computer Security

  Abstract Tor, the most widely used and well-studied traffic anonymization network in the world, suffers from limitations in its network diversity and performance. We propose to mitigate both problems simultaneously through the introduction of a premium bandwidth market between clients and relays. To this end, we present moneTor: incentivizing nodes to join and support Tor by giving them anonymous payments from Tor users. Our approach uses efficient cryptographic nanopayments delivered alongside regular Tor traffic. Our approach also gives a degree of centralized control, allowing Tor’s managers to shape the economy created by these payments. In this paper, we present a novel payment algorithm as well as a data-driven simulation and evaluation of its costs and benefits. The results show that moneTor is both feasible and flexible, offering upwards of 100% improvements in differentiated bandwidth for paying users with near-optimal throughput and latency overheads.

  PublisherDOI

• How Human Factors Can Help Preserve Democracy in the Age of Pandemics

  Human Factors The Journal of the Human Factors and Ergonomics Society · 2020 · 9 citations

  • Political Science
  • Computer Security
  • Computer Science

  OBJECTIVE: To describe user-centered voting systems that would support the safe conduct of voting in a pandemic environment. BACKGROUND: The COVID-19 pandemic has complicated our democratic processes. Voters and poll workers feel threatened by the potential dangers of voting in business-as-usual polling stations. Indeed, significant problems were encountered in the recent 2020 primary elections in Wisconsin, where the National Guard had to be mobilized because so few poll workers reported to work, and more than 90% of polling places had to remain closed. METHOD: We describe a number of possible user-centered solutions that would help protect voters and poll workers in times of pandemic, and also report the results of a survey that asked voters and poll workers about what kinds of systems might make them willing to vote. RESULTS: Political as well as safety considerations will need to be considered as these safer voting solutions are designed since, surprisingly, the kinds of solutions preferred depend on the political affiliation of the voters. CONCLUSION: Human factors professionals have a large role to play in realizing the safe, successful implementation of these user-centered systems. Good human factors analysis can help minimize the risk to voters and poll workers. Moreover, human factors methods can help safeguard democracy by creating safe and well-engineered environments that are conducive to voting in the age of pandemics. APPLICATION: Creating safe and effective voting solutions that protect voters and poll workers during pandemic outbreaks is crucial to the preservation of democracy.

  PublisherOA PDFDOI

Recent grants

• TC: Small: Security Architectures for Smartphones

  NSF · $500k · 2011–2015

• TWC: Medium: Collaborative: Measurement and Analysis Techniques for Internet Freedom on IP and Social Networks

  NSF · $600k · 2013–2019

• Collaborative Research: CT-CS: A Center for Correct, Usable, Reliable, Auditable, and Transparent Elections (ACCURATE)

  NSF · $1.8M · 2005–2012

• CSR/PDOS: Security and Incentives for Overlay Network Infrastructure

  NSF · $441k · 2005–2010

• TC: Medium: Collaborative Research: WHISPER - Wireless, Handheld, Infrastructureless, Secure Communication System for the Prevention of Eavesdropping and Reprisal

  NSF · $56k · 2010–2014

Frequent coauthors

• Algis Rudys

  Rice University

  17 shared

• Philip B. Stark

  16 shared

• Willy Zwaenepoel

  University of Sydney

  16 shared

• Josh Benaloh

  Microsoft (United States)

  15 shared

• Eyal de Lara

  University of Toronto

  14 shared

• Vanessa Teague

  Australian National University

  13 shared

• Peter Druschel

  11 shared

• Philip Kortum

  Rice University

  10 shared

Awards & honors

• NSF-funded multi-institution research center, ACCURATE (A Ce…