Writing Secure Java Code: A Taxonomy of Heuristics and an Evaluation of Static Analysis Tools

Graduate School, August 2007 to May 2008

Click here for details.

Software Fault Analysis and Prediction

Undergraduate School, October 2005 to May 2006

I performed software fault analysis and prediction research under the direction of a faculty advisor on a NASA IV&V grant. We attempted to develop a new model (metrics) for predicting faults in code based on novel parameters. We called it NIF (Nested Information Flow). NIF has the goal of indicating which code modules are most likely to contain faults by considering the connectivity and data flow among modules at deep nested levels.

Security Requirements Engineering

Undergraduate School, May 2005 to August 2005 (University of South Carolina)

I performed software security requirements research for ten weeks during a Research Experience for Undergraduates program in Multidisciplinary Computing sponsored by the National Science Foundation. I hypothesized that by first identifying threats to the use case actors of a software system, the Common Criteria could then be used to effectively specify security requirements to mitigate threats.

I developed a use case development tool in Java that utilizes a Common Criteria knowledge base to carry out my approach.


Undergraduate School, December 2004 to May 2005

Our team worked alongside the Steganography Analysis Research Center (SARC). Our primary objective was to establish a repository of steganographic signatures to be used by computer forensic tools.

I created a data analysis tool in C# that compares two RegMon results captured during application installation and removal.

Intrusion Detection/Security Awareness

Undergraduate School, May 2004 to September 2004

Our primary goal was to discover ways to increase the security awareness of normal, everyday computer users. We analyzed different types of malware, such as viruses, worms, trojans, and spyware. Based on our findings, we designed and developed an educational tool for non-technical users of Microsoft Windows called A Windows Attack intRusion Emulator (AWARE) that emulates malware attacks in a simulate Windows XP environment.

      For more info, go to the AWARE Project page.