Schedule
| Spring 2012 | ||
|---|---|---|
| MWF: 10:00-10:50am | CSCI 151: Principles of Computer Science II | King 221 |
| M: 2:30-4:20pm | CSCI 151: Lab (Boggus/Price) | King 201 |
| T: 1:00-2:50pm | CSCI 151: Lab (Boggus/Marsh) | King 201 |
| Tue: 3:00-4:30pm Wed: 1:30-3:00pm or by appointment |
Office Hours | King 223B |
Research
My research is in the field of Information Security. Specifically, I am interested in host-based attack, intrusion, and misuse prevention/detection, as well as the design and construction of audit sources that can supply information for the detection/prevention of the same. I am also interested in computer forensics and the application of machine learning techniques to the analysis of audit information.
I maintain a list of my research publications online.
Current projects include:
| Open Source Audit Systems |
An investigation into the current state of open source audit systems. We are looking at initial configuration, runtime overhead, and performance under load. Currently examining the audit systems in GNU/Linux, SELinux, Solaris, Mac OS X. |
| Audlib |
An interposable library to generate audit information from existing applications. Building tailored audit sources to supply information directed towards one or more of attack, intrusion, or misuse detection. |
| XenLabs |
Using modern VM technology to create a virtual laboratory of machines that students can use for "hands-on" security exercises. Students (or groups of students) can have an identical set of machines where they have full control, but are encapsulated from the each other and the rest of the network. Also, security exercises that use flaws in a particular OS version can remain viable for longer periods. We are collaborating with folks at Iowa State and SUNY Oswego on this project. |
| Browser-Level Event Logging |
Collecting user activity and web browser logs, along with web server response time information by instrumenting the web browser through the use of a plugin. |
Past research projects include:
- Trackle - An integrated system for tracking trouble tickets and the changes needed to resolve them. This system is designed to be used in a training environment where new admins are hired without necessarily being experts, but allow them to learn from past instances of similar problems.
- SmashGuard - A hardware modification to detect and prevent attacks on saved return address pointers (buffer overflow or "stack smashing" attacks).
- AAFID - Autonomous Agents for Intrusion Detection
- Vulnerability Database (VDB) - precursor project to the CVE and later the NVD
- Hewlett-Packard's IDS/9000 (now HP-UX HIDS)- I was one of the software engineers and designer/author of the initial release's detection logic.
Education
- Ph.D. Computer Sciences, Purdue University, 2004
- M.S. Computer Sciences, Purdue University, 1999
- B.S.E. Computer Science and Engineering, University of Toledo, 1997
- B.S. Mathematics, University of Toledo, 1997
Past Course Websites
| Fall 2011 |
| Spring 2011 |
| Fall 2010 |
| Spring 2009 |
| Fall 2008 |
| Spring 2008 |
Fall 2007
|
| Spring 2007 |
| Fall 2006 |

