You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
### DO NOT FORGET TO ADD YOUR NEW TAG &XXXXXX TO THE ENTRIES AT THE BOTTOM ###
1185
1183
### IF YOU FORGET, YOUR ENTRIES WILL NOT SHOW UP ON THE SITE! ###
1186
1184
1185
+
- &moore_port_icsoft_2022.pdf
1186
+
anchor: moore_port_icsoft_2022
1187
+
title: "Needles in a Haystack: Using PORT to Catch Bad Behaviors within Application Recordings"
1188
+
authors:
1189
+
- name: "P. Moore, T. Wies, M. Waldman, P. Frankl, J. Cappos"
1190
+
project: *crashsimulator
1191
+
booktitle: "2022 International Conference on Software Technologies (ICSOFT 2022)"
1192
+
year: ""
1193
+
pages: ""
1194
+
publisher: ""
1195
+
link: "/papers/moore_port_icsoft_2022.pdf"
1196
+
abstract: "Earlier work has proven that information extracted from recordings of an application’s activity can be tremendously valuable. However, given the many requests that pass between applications and external entities, it has been difficult to isolate the handful of patterns that indicate the potential for failure. In this paper, we propose a method that harnesses proven event processing techniques to find those problematic patterns. The key addi- tion is PORT, a new domain specific language which, when combined with its event stream recognition and transformation engine, enables users to extract patterns in system call recordings and other streams, and then rewrite input activity on the fly. The former task can spot activity that indicates a bug, while the latter produces a modified stream for use in more active testing. We evaluated PORT’s capabilities in several ways, starting with recreating the mutators and checkers utilized by an earlier work called SEA to modify and replay the results of system calls. Our re-implementations achieved the same efficacy using fewer lines of code. We also illustrated PORT’s extensibility by adding support for detecting malicious USB commands within recorded traffic."
1197
+
1198
+
- &moore_shuffle_ccsne_2022.pdf
1199
+
anchor: moore_shuffle_ccsne_2022
1200
+
title: "Cybersecurity Shuffle: Using Card Magic to Teach Introductory Cybersecurity Topics"
1201
+
authors:
1202
+
- name: "P. Moore, J. Cappos"
1203
+
project: *crashsimulator
1204
+
booktitle: "2022 Consortium for Computer Science Education Northeast (CCSNE 2022)"
1205
+
year: ""
1206
+
pages: ""
1207
+
publisher: ""
1208
+
link: "/papers/moore_shuffle_ccsne_2022.pdf"
1209
+
abstract: "One of the main challenges in designing lessons for an introductory information security class is how to present new technical concepts in a manner comprehensible to students with widely different backgrounds. A non-traditional approach can help students engage with the material and master these unfamiliar ideas. We have devised a series of lessons that teach important information security topics, such as social engineering, side-channel attacks, and attacks on randomness using card magic. Each lesson centers around a card trick that allows the instructor to simulate the described attack in a way that makes sense, even for those who have no prior technical background. In this paper, we describe our experience using these lessons to teach cybersecurity topics to high school students with limited computer science knowledge. Students were assessed be- fore and after the demonstration to gauge their mastery of the material, and, while we had a very limited set of responses, the results show an improvement on post-test scores. Furthermore, several indicators affirm the students enjoyed the lessons and remained engaged throughout the session."
1210
+
1187
1211
- &gopstein_thinking_fse20
1188
1212
anchor: gopstein_thinking_fse20
1189
1213
title: "Thinking Aloud About Confusing Code: A Qualitative Investigation of Program Comprehension and Atoms of Confusion"
0 commit comments