Information Assurance Research in the College of Engineering Information Assurance Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. Florida Institute of Technology was designated a Center for Academic Excellence in Information Assurance Research by the National Security Agency The Harris Institute for Assured Information serves as a focal point for collaboration and project support COE Faculty Performing Research in Information Assurance – Richard Ford, Computer Science – Harris Institute – Fredric Ham, Electrical and Computer Engineering – Gerald Marin, Computer Science – Harris Institute – William Allen, Computer Science – Harris Institute – Ryan Stansifer, Computer Science – Liam Mayron, Computer Science – Harris Institute – Marius Silaghi, Computer Science – Adjunct Faculty: Marco Carvalho, Ronda Henning Adaptive Supervisory Control and Data Acquisition • Funded by the U.S. Department of Energy – Enhanced Protection of Critical Infrastructure – COE Participants: • Drs. Ford, Allen, Ham, Stansifer • Supporting 1 Ph.D. student and 2 M.S. students – Publications: • three conference papers accepted/presented to date • two papers in preparation – $470,000 in funding over two years (current) Neurocomputing and Interoception • Funded by Harris Corporation – Attempts to allow computers to engage in interoceptive behaviors, inspired by the brain’s “system of systems” – COE Participants: • Drs. Ford, Carvalho • Supporting 1 M.S. student – Publications: • One paper accepted and presented to date – $65,000 in funding over two semesters Human Ground Truth in Virtual Worlds • Funded by Harris Corporation – Create new collaborative environments that leverage the power of Virtual Worlds – COE Participants: • Drs. Ford, Carvalho • Supporting 3 students – Publications: • No publications to date – project has just started – $150,000 in funding over one year (current) Biologically-Inspired Security Infrastructure for Tactical Environments • Research funded by the Army Research Lab – Improving the Security of Mobile Networks – COE Participants: • Drs. Ford, Allen, Ham, Marin, one Postdoc Researcher • Graduated 1 Ph.D. and 5 M.S. students – Publications: • twelve papers published on this work – $2,785,300 in funding over 3 years (completed) Assured Information in SOA Environments • Funded by Harris Corporation – Developed a method for evaluating securitycentric testing tools for use in SOA environments – COE Participants: • Dr. Tilley • Supported 1 Ph.D. student and 1 M.S. student – Publications: • three conference papers published on this work – $150,000 in funding over one year Harris Corporation Grants • The Harris Corporation funded several recent projects through the Harris Institute: – Vulnerabilities in Graphics Systems - $125k • Drs. Ford and Allen – Brain-inspired computing for security -$65k • Dr. Ford – Collection of Malware Samples - $100k • Drs. Allen and Ford and graduate students – Metrics for Human Computer Interaction - $60k • Dr. Ford and Dr. Bahr (Psychology) Using Program Slicing in Software Maintenance • This seminal work by Dr. Keith Gallagher was published in IEEE Transactions on Software Engineering in 1991 – Program slicing helps in understanding foreign code and in debugging, Dr. Gallagher extended this idea to aid in software maintenance. – This work had a significant impact on discovering and correcting the Y2K problem and continues to be widely used for software maintenance – This paper has been cited over 600 times Software Testing • Information Assurance requires the ability to verify that software is free from vulnerabilities and that it functions as intended • Dr. Cem Kaner has co-authored four books and numerous articles and workshops on software testing principals and practices, including: – Cem Kaner, Jack Falk, & Hung Quoc Nguyen, Testing Computer Software, 2nd edition – Cem Kaner, James Bach, & Bret Pettichord, Lessons Learned in Software Testing – Cem Kaner & David Pels, Bad Software: What To Do When Software Fails Towards a Secure Software Development Framework Based on an Integrated Engineering Process • Abdulaziz Alkussayer, PhD completed in 2011 – Developed a methodology for improving the development of secure software – Publications: • one Journal article, five Conference papers to date – Advisor: William Allen – Abdulaziz is currently on the faculty of a University in Saudi Arabia Program Comprehension Through Sonification • Lewis Berman, PhD completed in 2011 – Developed a sonification (i.e., non-speech sound) scheme to facilitate the understanding of software which has been shown to be particularly useful for analyzing dynamic program behaviors – Publications: • three Conference papers to date – Advisor: Keith Gallagher Migrating Software Testing to the Cloud • Tauhida Parveen, PhD completed in 2010 – Developed a methodology for migrating software testing to a cloud environment to improve performance and lower costs – Publications: • two Journal articles, six Conference papers to date – Advisor: Scott Tilley – Tauhida is employed at a local security company Automatic Design of Feistel Ciphers Using Constraint Techniques • Venkatesh Ramamoorthy, PhD completed in 2010 – Developed several improvements to existing cryptographic techniques – Publications: • three Conference papers to date – A patent has been applied for on this work – Advisor: Marius Silaghi – Venkatesh is employed at Array Networks, Inc. Malicious Mobile Code Related Experiments with an Extensible Network Simulator • Attila Ondi, PhD completed in 2007 – Developed a technique for simulating the spread of malicious code with high fidelity to better evaluate methods for defending against attacks – Publications: • two Journal articles, four Conference papers to date – Advisor: Richard Ford – Attila is employed at Securboration, Inc. Masters Research in Information Assurance • Reputations for Security in Mobile Ad Hoc Networks, Katherine Hoffman, M.S., 2011 • MANET Security and Antibodies, Stephen Dotson, M.S., 2011 – a biologically-inspired approach to protecting mobile networks • Evaluating the Capabilities of SOA Testing Tools from a Security Perspective, Nawwar Kabbani, M.S., 2010 • A Proactive Defense System for Mobile Ad Hoc Networks, Eyosias Yoseph Imana, M.S., 2009 • A State-Machine-Based Attack Description Language for the Evaluation of Intrusion Detection Systems, Samuel Oswald, M.S, 2009 Masters Research in Information Assurance • Incrementally Learning Rules for Anomaly Detection, Denis Petrusenko, M.S., 2009 • A Mobile Ad Hoc Network (MANET) Simulator with Worm Propagation, Matthew Reedy, M.S., 2009 • A Modular Framework for Next-Generation Testing and Evaluation of Network Applications, Derek Pryor, M.S., 2009 • Discovering a Covert Channel between Virtual Machines Sharing the Same Set of Hardware, James Stimers, M.S., 2008 • Changing the Modulus of Secret Sharing, Accessing Arrays of Secrets and Incentive Mixnets, Timothy Atkinson, M.S., 2007 • The Hunt for Viral Processes, Christiana Ioannou, M.S., 2006