Biography

I am co-founder and CEO of DScope Security, a startup that specializes in threat intelligence for public cloud control and data planes. I am also an incoming Assistant Professor in the Department of Computer Science at Virginia Tech.

I completed my Ph.D. in the Computer Sciences department at the University of Wisconsin–Madison, where I was advised by Professor Patrick McDaniel and was the lead graduate student in the McDaniel research group. Before coming to UW–Madison, I co-founded and sold an email marketing technology startup, Sendtric.

My research focuses on measuring and securing modern Internet service deployments, particularly in the context of cloud computing. Public clouds upend service deployment assumptions, leading to new risks. At the same time, attackers have adapted to this new reality by targeting cloud systems. However, through rigorous empirical study of these deployment models we can not only improve their security, but also provide practical insights towards securing the software supply chain. I have applied this same security measurement approach to other domains, such as software security (e.g., fuzzing), machine learning security, and Internet of Things.

Outside of work, I enjoy finding new ways to challenge myself. I am an instrument-rated private pilot and spend much of my free time flying/maintaining my aircraft, a Piper Arrow. I also enjoy ☕️ coffee, 🥾 backpacking, 🧗 rock climbing, 🦆 bird watching, 📷 photography, and combinations thereof.

Email (DScope):[email protected]
Email (VT):[email protected]
Email (Personal):[email protected]

Selected Publications

Eric Pauley, Kyle Domico, Blaine Hoak, Ryan Sheatsley, Quinn Burke, Yohan Beugin, Engin Kirda, Patrick McDaniel (2025). Secure IP Address Allocation at Cloud Scale. Network and Distributed Systems Security Symposium (NDSS).

PDF Cite Code

Eric Pauley, Paul Barford, Patrick McDaniel (2023). The CVE Wayback Machine: Measuring Coordinated Disclosure from Exploits Against 2 Years of Zero-Days. ACM IMC 2023 (Best Paper Runner-Up).

PDF Cite Slides DOI

Eric Pauley, Paul Barford, Patrick McDaniel (2023). DScope: A Cloud-Native Internet Telescope. USENIX Security 2023 (CSAW ARC Finalist).

PDF Cite Slides Project Website

Blaine Hoak, Ryan Sheatsley, Eric Pauley, Patrick McDaniel (2023). The Space of Adversarial Strategies. USENIX Security 2023.

PDF Cite DOI

Eric Pauley, Patrick McDaniel (2023). Understanding the Ethical Frameworks of Internet Measurement Studies. EthiCS 2023 (Co-located with NDSS 2023) (Best Paper).

PDF Cite Slides DOI

Eric Pauley, Ryan Sheatsley, Blaine Hoak, Quinn Burke, Yohan Beugin, Patrick McDaniel (2022). Measuring and Mitigating the Risk of IP Reuse on Public Clouds. IEEE S&P 2022.

PDF Cite DOI Talk/Slides

See all publications

Recent Posts

Farewell to the Era of Cheap EC2 Spot Instances
AWS EC2 Spot prices have surged since the start of 2023. In this article I investigate this trend, possible causes, and how AWS customers can improve their deployments to get the maximum discount possible.
Eric Pauley
May 2, 2023 7 min read
The Need for Standardized Secret Scanning

It’s no secret that leaving credentials in source code is risky, especially when tools like GitHub make it easy to share code publicly with a single command. The major players have long had tooling to help prevent this like GitHub Secret Scanning, and GitHub also makes it possible (at least in theory) for third-party providers to join the program. Unfortunately, out of the countless platforms that use secrets for authentication, only 100 or so have partnered with GitHub’s program.

Eric Pauley
Dec 16, 2022 4 min read
Leveraging Mispriced AWS Spot Instances for Fun and Savings
AWS creates a market for spot instance pricing, but this market is inefficient as customers don’t consider all instance types available. Leveraging this mispricing can save even more than spot pricing already does.
Eric Pauley
Oct 20, 2022 8 min read
See all posts