Research interests (CV)

Software security and programming languages

Publications, arranged by:

Publication date

Venue type

Current Research projects:

Poco	Theory and practice of security-policy composition
RunTime	Theory and practice of monitoring software at runtime
Ciao	Principled definition and analysis of code injections
Completeness	Proving the completeness of subtyping relations

Older Research projects:

Grouper	A packet-classification algorithm
PoliSeer	Specifying and visualizing complex security policies
IVCon	Inline visualization of concerns
Polymer	Software monitoring in theory and practice
Project Zap	Trustworthy computing in the presence of transient faults
AspectML	Foundations of aspect-oriented programming languages
Gleipnir	Enforcing control-flow policies on software

Teaching:

Foundations of Software Security: Spring 2013 | Spring 2012 | Spring 2010 | Spring 2008 | Spring 2007

Programming Languages: Fall 2012 | Fall 2010 | Fall 2008

Advanced Programming Languages: Spring 2011

Compilers: Fall 2011 | Fall 2009 | Fall 2007

Operating Systems: Fall 2006

Current graduate students:

Donald Ray (PhD student 2011-present)

Danielle Ferguson (PhD student 2012-present)

Former graduate students:

• Daniel Lomsak

  • PhD student 2008-2013
  • Thesis title: "Toward More Composable Software-Security Policies: Tools and Techniques"
  • After graduation: Lead Quality Assurance Engineer at American Express

• Zach Carter

  • Master's student 2010-2012
  • Thesis title: "A Principled Approach to Policy Composition for Runtime Enforcement Mechanisms"
  • After graduation: Intern at Mozilla Labs

• Stan Naspinski

  • Master's student 2010-2011
  • Thesis title: "Selection and Implementation of Technologies for the Re-Engineering of an Existing Software System"
  • After graduation: Crew Commander, USAF; Software Engineer, General Dynamics; Lead Software Engineer, APAN Software

• Matt Spaulding

  • Master's student 2010-2011
  • Thesis title: "A Dynamic Hierarchical Web-Based Portal"
  • After graduation: Software Engineer at Enporion

• Nalin Saigal

  • PhD student 2006-2011
  • Thesis title: "Modularizing Crosscutting Concerns in Software"
  • After graduation: Software Developer at Epic Systems

• Josh Kuhn

  • Master's student 2009-2011
  • Thesis title: "Grouper: A Packet Classification Algorithm Allowing Time-Space Tradeoffs"
  • After graduation: Programmer analyst at Catalina Marketing

• Brandy Eyers

  • Master's student 2009-2011
  • Thesis title: "An Analysis of Remote Biometric Authentication with Windows"
  • After graduation: Testing/QA at NexTech

• Srikar Reddy

  • Master's student 2007-2009
  • Thesis title: "Program monitoring in a mandatory-results model"
  • After graduation: PhD student at UC-Davis CS

Talks:

• A Technique for Proving Subtyping Completeness, with an Application to Iso-recursive Types, TLDI (Philadelphia, 2012)

• Modeling Enforcement Mechanisms with Security Automata, The Discrete Mathematics Seminar (USF, 2010)

• A Theory of Runtime Enforcement, with Results, ESORICS (Athens, 2010)

• An Introduction to Cryptography for Homeland Security, Institute for Safety Security Rescue Technology (iSSRt) Distinguished Lecture (USF, 2008)

• Coping with Runtime-Policy Complexity, Workshop on Run Time Enforcement for Mobile and Distributed Systems [link] (Dresden, 2007)

• Runtime Software Monitoring, Carnegie Mellon University (Pittsburgh, 2007)

• Monitoring Software to Enforce Run-time Policies, Microsoft Research-INRIA Joint Centre (Paris, 2007)

• Polymer: A Language and System for Specifying Complex, Modular Run-time Policies, Katholieke Universiteit Leuven (Belgium, 2007)

• Intro to Language-based Security, IEEE-CS and ACM student chapter meetings (USF, 2007)

• New Research in Software Security, ACM student chapter meeting (USF, 2006)

• Enforcing Security Policies with Run-time Program Monitors, Various colloquia (Kansas State University, University of South Florida, Florida International University, University of Texas-Arlington, and Reservoir Labs-NYC, 2006)

• Enforcing Non-safety Security Policies with Program Monitors, ESORICS (Milan, 2005)

• Policy Enforcement via Program Monitoring, Princeton University (Princeton, 2005)

• Composing Security Policies with Polymer, PLDI (Chicago, 2005)

• Software Control Flow Integrity, Microsoft Research Silicon Valley (Mountain View, 2004)