[Title Bar]


Research Interests

[Summary] [Past Work] [Collaborators] [Future Interests] [Details]

My interests are pretty diverse. I'm often looking for new, fun, cool projects. Here are a list of my publications.


I have a bachelors of science degree in engineering in computer engineering and a masters of science and PhD in computer science. Broadly speaking, I have a "systems" background, with a focus on networks and protocols. I have done considerable work in security, with a focus on digital forensics. I have also worked in a pretty wide array of areas, from graphics to databases to user interfaces to embedded systems. I have created and taught classes, and done a lot of grant-based research.

That said, I tend to enjoy "problem solving" in many areas. The lower-level systems areas tend to be more appealing, since the connection is pretty direct. I'm less interested in software plumbing, in other words just connecting other people's half-assed, buggy libraries together and wonder why it only works sometimes. I'm not against using libraries and high-level languages—I feel no need to recreate everything from scratch—it's just that the many layers of abstraction tend to diminish the sense of accomplishment for me.

Past Work

My PhD was in Distributed Systems, including real-time networking protocols for multimedia data (Ethernet and ATM). During that time, I worked for the OSU CIS system staff, responsible for the X Windows installation for 2000 users—this included fixing bugs in the server and clients as needed and sending fixes back to the X Consortium.

As a postdoc at Cornell and the Xerox Design Research Institute, I worked in the area of Heterogeneous Databases. As a side project with colleagues from grad school, I worked on Multicast Protocols and simulations. The four of us also wrote a textbook on Mobile and Pervasive Computing, published by McGraw-Hill.

At ATC-NY (formerly Odyssey Research Associates), I worked on numerous projects, serving as PI on many. A main focus area was Computer Security, which had a strong focus on Digital Forensics. The digital forensics area included live forensics, peer-to-peer forensics, network forensics, memory forensics, VM and cloud forensics, and more. Other security areas include intrusion detection, marked data/honeypots/honeynets, automated attack and damage assessment, red teaming, and stegonography tool detection. Other broad areas include networking, such as distributed routing protocols, wireless real-time protocols, ultrawideband (UWB) routing, wireless intrusion detection and physical location, red teaming and penetration testing. User interface design (web and other) worked into the projects and products I helped create, as well. I've created and taught several courses, including Live Forensics and Peer-to-Peer Forensics. I've also co-taught a USENIX Security course on Reverse Engineering.

At GrammaTech, I worked on machine-learning for intrusion detection, and automated security assessment based on analysis of high-level system designs, as well as some web based data presentation.

I have a lot of hands-on experience with systems, including email and web servers, and have built many software tools. I have also co-authored a textbook on The Fundamentals of Mobile and Pervasive Computing (ISBN: 0071412379) with Golden Richard, Loren Schwiebert, and Sandeep Gupta (more details on the book here). I'm on the board of directors of the Digital Forensic Research Workshop (DFRWS) and have been associated with it since its inception and helped organize it since 2005.

Current and Future Interests

Broadly speaking, computer security, forensics, networks, and low-level systems interest me most.


I have worked with a number of different people in various capacities through the years in many roles. This is only a partial list: Julie Baker, Jordan Bonney, Brian Carrier, Eoghan Casey, Dianne Dietrich, Matthew Donovan, Tom Fine, Zygmunt Haas, David Guaspari, Sandeep Gupta, Jim Inoue, Robert Joyce, Dexter Kozen, Carla Marseau, Michael McDougall, Rick Parent, Judson Powers, Ranga Ramanujan, Steve Romig, Golden G. Richard III, Vassil Roussev, Loren Schwiebert, Mukesh Singhal, Rick Smith, Matt Stillerman, Daniel Tingstrom, Wietse Venema, Rachel Zax.

A Bit More Details

Distributed Systems

My PhD work at Ohio State CIS (formerly, now was in distributed systems (Mukesh Singhal was my advisor, now at UC-Merced). I am still interested in the area, though it covers a pretty broad area (from mutual exclusion and voting algorithms to network protocols and more). Specific topics are mentioned below. Here's a link to my CV/resume.

Real-time Multimedia Data (Dissertation Work)

My dissertation was on Network and Operation System Support for Multimedia. The focus was on how to send time-sensitive data over a network that provides no quality of service (QoS) guaranetees. One factor that made it easier was that it was a "soft" real-time system: data that had exceeded its deadline could not be used, however, the system could function as long as the overall error rate was below a certain value. We applied the notion of "delta-causality" to multimedia data to create an efficent approach for preserving data ordering.

Ethernet and ATM Networks

As part of the dissertation work, I created some schemes to increase the efficiency of the Ethernet protocol under high loads. This involved creating a detailed simulation of an Ethernet using csim and running a lot of sample systems on it.

I also did some analyses of ATM networks (but that was a while ago, back when ATMs were a soon-to-be big thing).


As a side project, during the time I was a postdoc, I did some research on multicasting techniques and protocols with some colleagues (Golden Richard and Loren Schwiebert). We looked at was to represent the overall efficiency of a multicast system, and created an efficient, robust, distributed way of building multicast trees. We created some tools and protocols, and published a few papers.

Heterogeneous Databases

As a postdoc at the Xerox Design Research Institute (sadly, neither it nor its web server exist any more), I worked on a project that created automatic translators for heterogeneous databases. In addition, I worked on a metadata project which was an extension of the heterogeneous DB project.

I also wrote a web page "crawler" which would grab all the pages from a site, build a graph of them, and then present a tree representation of them, when you specify which node is the root. This was in the later '90s.

Wireless Networks

I did some work on wireless networks, in terms of both designing network protocols and providing security. I led a project that would physically locate remote 802.11 stations by triangulating the signal, and then take appropriate action using a customized access point (such as blocking them or routing their traffic to a honeypot/honeynet). Fun stuff, though I didn't consider that it would require holding a metal antenna pole, outside, in the winter in Ithaca.

I also worked on designing protocols for UltraWide Band radios (kind of 802.15, but not exactly), for vehicle communication that had specific real-time constraints.

Handheld Devices

Going hand-in-hand with wireless networks are handheld devices. I had an iPAQ pocket PC that ran the Intimate distribution of Linux back in the early 2000s. It was pretty damn cool, although I must admit I didn't really use it all that much. I currently don't have a smartphone, and haven't done much about developing programs to run on those platforms. I should, it's just that the development platforms and OSs haven't really grabbed me. I finally bought a cell phone in August 2013. Not a smartphone, and most of the time it sits on a shelf turned off. But that's just me (I am a high-tech luddite).


I have been involved in various computer security related stuff. I've dealt with behavior based detection (computer immunology) and pseudo honeypot like system, as well as correlators.

I've done some Red Team work, testing the security of a software system, and penetration testing on a web and mail interface of a large company's system, as well as vulnerability analysis of the whole information protection infrastructure (from physical to online).

In general, security and trust issues interest me, and I often find myself applying the same principles in the real world (or deciding to break the rules and trust someone, despite the lack of credentials).

I have gotten a bit cynical and paranoid about security. Mostly because it doesn't really exist, and people would rather have a sense of security and stick with convenience than have real security. And in many cases, it probably is the right choice. Just saying "don't do that" over and over gets tiring. Also, it's kind of an impossible problem too. That said, there are many ways to make security better, so there is some hope.

Intrusion Detection Systems (IDSs)

I have worked on a few different IDSs. When I started at Odyssey Research Associates, I worked on the tail end of a project involving using n-grams to detect abnormal behavior based on system calls.

I was the PI on a project involving creating marked data during a system scan and using that to correlate between the actors from the reconnaissance and exploit phases of an attack. This involved setting up test networks at a half-dozen sites using "dark networks" (unallocated IP space).

Recently, I worked on using machine learning techniques to detect malicious behaviors on a machine given sets of traces (lists of system calls).

Digital Forensics

I've worked on many digital forensics projects and have been involved as an organizer in the Digital Forensics Research Workshop (DFRWS). I'm interested ways to automate reconstructing the events that took place, as well as synchronizing multiple time lines. I had a Gold GIAC Certified Forensic Analyst (GCFA) certification and created a free tool, tar2d2, for the practical exam. I renewed it once and have since let it lapse, because I considered it a pretty crappy certification as SANS pushed to increase the number of certificates they awarded (I found it quite easy; just read the material and take a test, oh, and pay them).

I've worked on several digital forensics projects. One of the first was in the area of Live Forensics, helping to create the Mobile Forensic Platform (MFP)/Online Digital Forensics Suite (Online DFS), which did live forensics in the early 2000s back when the common practice was to simply pull the plug on a machine. I also worked in peer-to-peer forensics, helping create P2P Marshal, a tool that automated identification of P2P clients on a machine or disk image. This tool was widely used by law enforcement in the US and abroad. I worked in the area of memory forensics visualation, and detection of registry artifacts of steganography tools after they have been installed, used, and uninstalled on a computer.


I used to think the web was cool. I'm not so sure anymore. There area lot of neat things it can do, but I'm not sure it's the end-all and be-all of user-interfaces or ways to interact. And so many sites simply don't work. But that's more of a rant, so I'll leave it at that.

I've designed a number of sites and built user interfaces. Back in the day, I helped create for the East Hill Flying Club, and I've made, and the site where it resided before that (, and before that web pages at Xerox DRI, Cornell CS, and Ohio State CIS back in the early '90s (including having one of—but certainly not the—first cameras on the web).

I'm conversant in HTML, XHTML, CSS, HTTP, PHP, Perl, Python, and a small bit of Javascript/JQuery. Personally, I use NoScript and Cookie Monster to restrict the user of scripting and cookies on web pages I use, which means most of them don't work.

This page last modified Feb 13, 2015.
RSS Feed