if you are interested in working with me as a student, see my
Graduated PhD Students
Here is a "genealogy" of my 18 graduated PhD students. Six of the 18 have gone into academic positions, and three of them have produced Ph.D. grads of their own.
Brent is working on a Ph.D. dissertation in CS involving changes to a system's architecture and instructions as a way to avoid various forms of dynamic coding attacks -- buffer overflow, alteration of return addresses, etc. Brent is working full time for Cisco Systems. Inc. in Nashville, TN.
Dannie is a Ph.D. student in CS, co-advised by Dongyan Xu. He's working on defenses against rootkits and unauthorized kernel modifications, and is planning to graduate in the 2013-2014 academic year.
Mohammed is a 2nd-year Ph.D. student in CS, co-advised by Mike Atallah. He has yet to pick a dissertation topic, but is investigating mechanisms to enhance remote authentication protocols, particularly in cases where an end-user may doubt the authenticity and security of a destination host.
Selected Former Students
Here I've listed the students whose names you might find on research papers or software products out of my research projects. It is not a complete list of all the notable students who have worked with me, because the list would be too long to contain them all!
An MS thesis student, who worked with me in access control and trusted computing environments. She is a senior engineer with Qualcomm in California.
Hira received his PhD in 1991. He is now working at Advanced Communication Systems (formerly Telcordia). His dissertation, Towards Automatic Debugging of Computer Programs, was done as part of the Spyder project in the SERC. Hira's co-advisor was Richard DeMillo.
Taimur received his MS degree in 1995 for his research with the COAST Project. His MS thesis, A Taxonomy of Security Faults in Operating Systems, explored how to classify faults in Unix that led to security compromises. The classification can be used for testing and software development. Taimur is a co-founder of Argole Systems, a medical records and services company.
Received his PhD in August 2005 and is now on the faculty of James Madison University. His dissertation was on embedding forensic support in a general-purpose OS file system, and was entitled Pervasive Binding of Labels to System Processes.
I was Serdar's co-advisor, with Carla Brodley at Tufts. His PhD dissertation involved exploration of how to create covert timing channels in the IP protocol, and how to discover those same types of channel. Serdar graduated in December, 2006. He is working at Deloitte, in England.
Brian received his PhD in spring 2006 for his dissertation on a formal framework for digital forensic investigations. He is now a senior member of the research staff at Basis Technology.
Steve received his PhD in 1993.He did his dissertation, entitled Scheduling Support for an Internetwork of Heterogeneous, Autonomous Processors, as the core of the Messiahs Project.
Steve is an Associate Professor at Syracuse University. He is the first of my former students to produce Ph.D. graduates of his own.
Mark received his MS degree in 1995 working in the COAST Project. His research topic was in using "Artificial Life" to build active computer security defenses. He originated the idea of using numerous, autonomous agents for intrusion detection. Mark married Tanya Mastin, another former student. He is currently Internet Security lead at Facebook.
Tom received his Ph.D. in December 2002 after completing his dissertation, Reference Models for the Concealment and Observation of Origin Identity in Store and Forward Networks. He is on the faculty of Iowa State University.
Bryn received his MS degree in 1995 while working in the COAST Project. He was involved with development of methods of testing security firewalls and screens in networks. After working for a while at Sun Microsystems, Bryn left to be one of the founders of the Open Directory Project and the TOPIX news site. Most recently, he is one of the founders of Blekko, an innovative search engine firm.
Kevin received his PhD in 2001. He is now on the faculty at Syracuse University. His thesis was entitled A Study Of Several Specific Secure Two-Party Computation Problems. His co-advisor was Mike Atallah.
Advised by myself and Professor Carla Brodley (formerly with Purdue ECE), Jim graduated in August 2005. His thesis was on detecting anomalies in network traffic, and his dissertation was entitled Behavioral Feature Extraction for Network Anomaly Detection. He is on the CS faculty at SUNY Oswego.
Dan completed his undergraduate degree at Purdue in 1990. While at Purdue, he built the COPS static audit tool under my direction, and has achieved notoriety for many achievements since then, including being named to the ISSA Hall of Fame. He is currently an independent security consultant.
I was coadvisor for Rajeev with Jan Vitek. His thesis was about how to employ methods of static analysis to increase confidence in the secure operation of software. He received his Ph.D. in spring 2006. He joined the research staff at Intel Laboratories in Oregon.
Gene H. Kim
Gene completed his BS degree in 1993 and his MSCS at the University of Arizona. He worked with me on the Tripwire project through COAST, released on November 2, 1992. Gene is now CTO of Tripwire, Inc. Since 1999, Gene has been capturing and codifying how "best in class" organizations have IT operations, security, audit, management, and governance working together to solve common business objectives. This was codified in 2004, he co-wrote the Visible Ops Handbook, showing how IT organizations successfully transformed from good to great.
Gene was named as a 2007 Outstanding Alumnus by Purdue CS.
Ivan completed his PhD on the topic of Software Vulnerability Analysis in 1998. He constructed a large-scale database of system vulnerabilities, and then used this to explore their characteristics. His research was part of the COAST Project. He is the founder and CEO of start-up company, Arte Xacta, in his native Bolivia.
Ivan also did his MS thesis under my direction, entitled Authorship Analysis: Identifying the Author of a Program.
Ivan is the only repeat winner of the Maurice Halsted Software Engineering Award, given at Purdue each year.
Sandeep received his Ph.D. in August, 1995. His dissertation, Classification and Detection of Computer Intrusions developed a new approach to intrusion detection. His research was part of the COAST Project. He is currently working for Google in India.
Ben graduated in August 2004 and then joined the faculty of Swarthmore College as a visiting assistant professor. Since the fall of 2006 he has been on the CS faculty of Oberlin College. His dissertation was entitled A Categorization of Computer Security Monitoring Systems and the Impact on the Design of Audit Sources.
Steve received his MS degree in 1996 while at Purdue as a GM Fellow. He worked with the COAST group while here, and is credited with discovering the Kerberos random number generator vulnerability - one of the 10 worst software bugs in history. Steve is co-founder of the security consulting firm Pondurance, LLC in Indianapolis.
Tanya completed her BS degree in the spring of 1997. While at Purdue, she worked with COAST to redesign the entire on-line archive, including introducing a new database format to keep track of entries.
Pascal came to Purdue with a Ph.D. in biological sciences. He completed his M.S. under my direction, and worked as a research scientist with CERIAS for nearly a decade. He is now a member of the technical staff for Information Technology at Purdue (ITaP).
Mike completed his MS work and is now on the technical staff at MITRE Corporation. He worked on botnet research while at Purdue.
Stephanie Miller Bansal
Finished a M.S. thesis in security policy and infrastructure for a statewide education project in 1999. She has worked at Accenture, Deloitte, and HP, but is now hard at work as a stay-at-home mom.
Sofie completed her MS degree while working with us on forensics and network security. She worked for a while in security and critical infrastructure protection in her native Norway. She is now the CISO for DnB.
Hsin (Sean) Pan
Sean received his PhD in 1993 and is co-founder and Executive Director of Rich House Global Technology Ltd., a company working in near-field communications. His dissertation, Debugging with Dynamic Instrumentation and Test-Based Information, was done as part of the Spyder project in the SERC. Hsin's co-advisor was Richard DeMillo.
Kat completed an MS thesis in 1997 on the nature of audit trails in intrusion detection systems, entitled Host-based Misuse Detection and Conventional Operating Systems' Audit Data Collection. She is now a developer with SAS Institute in North Carolina.
I was Maja's co-advisor, with Carla Brodley at Tufts. Maja graduated in spring 2007 after completing a dissertation on the topic of dynamic reauthentication based on computer mouse activity. She is currently working for Ab Initio in Boston.
Christoph's PhD topic involved the development of a reference model for firewalls, and an implementation of a proof-of-concept on native ATM technology. He received his PhD in 1997 for his dissertation On the Modeling, Design and Implementation of Firewall Technology. He is currently Director, Secure Coding Standards and Training Programs at Oracle Corporation.
Christoph did his MS thesis under my direction, entitled Addressing Weaknesses in the Domain Name System.
Karyl completed his BS degree in 1998. While working with the COAST Project, he helped design our firewall testing testbed, as well as contributing to several other projects. He is currently a technical advisory with FedEx.
Aurobindo (Robin) Sundaram
Robin completed his MS degree in 1997. He initially worked in corporate security for Schlumberger. He is currently the VP of Security Investigations for Reed Elsevier.
Nok received her PhD in 1994 for her dissertation Enhancing Debugging Technology. This was the final part of the Spyder project in the SERC. Nok has been President of IFBPW. She was named as a 2007 Outstanding Alumna by Purdue CS. She is currently Advisor to the Minister at Ministry of Science and Technology in Thailand.
Keith received his BS degree in 1997. He worked with me on developing methods of testing security software and firewalls. After a while at Sun Microsystem Labs, Keith left and came back to CERIAS as a senior research engineer, working on our intrusion detection and security architecture projects.
Steve received his MS in 1992 and then took a job with the CIAC at LLNL. He worked with me on several COAST projects, including software forensics and OPUS. He is currently working at XO Communications doing network security design and incident response.
Paul is a lieutenant colonel in the US Air Force. His dissertation was on using a co-processor to monitor security-related behavior of a running system. His dissertation was entitled CUPIDS: Increasing Information System Security Through the Use of Dedicated Co-Processing.
Diego received his Ph.D. in 2001. His dissertation was entitled Using Internal Sensors for Computer Intrusion Detection. He is currently working as an author and as the senior software security advisor for CFEngine, Inc.