Announcements

Center for Information Protection
UC Davis is planning to join the NSF I/UCRC Center for Information Protection. We are looking for companies to join our Industrial Advisory Board.
Find out more here!

Conferences and Workshops

• NSPW 2008
• ESSoS 2009
• WISE 6, 2009

My Links

• My Home Page
• Books
• Classes
• Papers
• Reports and Notes
• Research
• Security in Programming
• Service
• Students
• Talks
• Miscellaneous
• My Family
• About Me (CV and such)

Other Links

• MyUCDavis
• Computer Security Lab
• Dept. of Computer Science
• College of Engineering
• University of California, Davis
• City of Davis
• County of Yolo
• State of California
• United States of America

This Quarter’s Classes

Office Hours for This Quarter

Contacting Me

Research Projects

Here are some research projects I am involved in. Many have their own web pages, so follow the links if you are curious and want more information than is here! The web pages change often, too, so please come back.

Current Projects

These are currently active projects. Not all are sponsored, and even those that are could use more sponsors; the students and I really enjoy working with external people!

• Attack Analysis Project
  This project is creating a model of multi-stage attacks using a variant of the requires/provides model for a large intrusion detection system. It also dealt some with data sanitization (although that work has been subsumed by the other project described here), and is also looking at the problem of ordering log entries among widely distributed systems without synchronized clocks.
  Past sponsor: Promia, Inc.

• Balancing Privacy and Analysis in Data Sanitization
  This project examines the balance between the need of security analysis for data with the need for people to keep information private. The goal is to develop a language to express both security analysis requirements and privacy requirements as policies, and through policy reconciliation determine when the requirements conflict. It also focuses on the mechanics of mapping the requirements into a sanitization engine automatically, to do the actual data sanitization.
  Current sponsor: National Science Foundation; Past sponsor: Promia, Inc.

• Deception
  This project examines host-based deception. We have several questions; among the more useful are how well deception works, whether the deception needs to be consistent or inconsistent, and how to analyze the paths of information flow throughout the system to determine what needs to be done to present the attacker with a deceptive view of the system.
  No sponsors yet

• Electronic Voting
  This project is looking at the process of an election, and establishing conditions that an electronic voting system must meet in order not to add new vulnerabilities to an election. The election model being used is that of a California county.
  No sponsors yet

• Electronic Voting
  This project is looking at the process of an election, and establishing conditions that an electronic voting system must meet in order not to add new vulnerabilities to an election. The election model being used is that of a California county.
  No sponsors yet

• Property-Based Testing
  This project is designing and implementing a system to test how well programs and systems conform to stated security properties. It is part of a much larger project on integrating assurance into the software life cycle that the folks at NASA JPL are doing.
  Past sponsors: NASA Jet Propulsion Laboratory, Sandia National Laboratories

• Security Properties of the SCENS Negotiation System
  The goal of this project is to assess the security properties of the SCENS negotiation system, and to develop techniques for reconciling disparate requirements among the parties. SCENS is being developed by Prof. Fillia Makedon’s DEVLAB group at Dartmouth College, and we are working with them on this project.
  Web page: http://heracleia.uta.edu/scens/
  Current sponsor: Dartmouth College

• Vulnerabilities Analysis
  This project treats vulnerabilities as a collection of conditions required for an attacker to violate the relevant security policy. We’re developing a set of conditions that apply to multiple vulnerabilties, which will help us locate previously unknown vulnerabilities, and a language to express the conditions in, which will help us reason about vulnerabilities with respect to security policies.
  Current sponsor: National Science Foundation

Past Projects

These are projects that have finished. If you’re interested in pursuing them, I’ll be happy to talk to you.

• Electronic Recordation
  This project examined the problem of recording real estate, liens, and other documents over the Internet.
  Past sponsor: Yolo County Clerk-Recorder’s Office

Research is what I’m doing when I don’t know what I’m doing.
    — Wernher von Braun