Teaching

Courses

North Carolina State University, Department of Computer Science

• CSC230 - C and Software Tools
  • Spring 2019
• CSC472 - Cybersecurity Projects
  • Spring 2024
• CSC474 - Network Security
  • Fall 2012
  • Fall 2013
  • Fall 2014
  • Fall 2015
  • Fall 2016
  • Fall 2017
  • Fall 2020
  • Fall 2021
  • Fall 2022
  • Fall 2023
• CSC 472 - Cybesecurity Projects
  • Spring 2024
• CSC574 - Computer and Network Security
  • Fall 2011
  • Spring 2013
  • Spring 2016
  • Spring 2018
  • Fall 2018
  • Fall 2019
  • Spring 2020
  • Spring 2021
  • Spring 2022
  • Fall 2022
  • Fall 2024
• CSC591-006 - Smartphone OS Security
  • Spring 2012
• CSC705 - OS Security
  • Spring 2014
  • Spring 2015
  • Spring 2017
• CSC801-001 - Systems Seminar
  • Fall 2012

Pennsylvania State University, College of Engineering

• CSE/EE458 - Communications Networks
  • Summer 2007
• CSE597a - Cellular Phone Operating Systems Security
  • Spring 2009

Tutorials

Text Analytics for Security

ACM Conference on Computer and Communications Security (CCS'14)
co-presented with Tao Xie
November 5, 2014

Computing systems that make security decisions often fail to take into account human expectations. This failure occurs because human expectations are typically drawn from in textual sources (e.g., mobile application description and requirements documents) and are hard to extract and codify. Recently, researchers in security and software engineering have begun using text analytics to create initial models of human expectation. In this tutorial, we will provide an introduction to popular techniques and tools of natural language processing (NLP) and text mining, and share our experiences in applying text analytics to security problems. We will also highlight the current challenges of applying these techniques and tools for addressing security problems. We conclude with discussion of future research directions.

[Slides]

Intro to Securing Android Applications

Raleigh Chapter of ISSA, Back-to-Basics session
December 4, 2014

The Android platform runs on hundreds of millions of smartphones and mobile devices, with over a million applications available in the Google Play Store. As Android continues to mature to meet the requirements of enterprises, companies have begun to develop custom Android applications that allow employees to access business information. When developing these applications, application security is of utmost importance. In this talk, we will discuss common security failures in Android applications. We will also discuss best practices and overview security features that Android makes available to developers.

[Slides]

Intro to Developing Android Applications

Raleigh Chapter of ISSA, Back-to-Basics session
October 2, 2014

Android has become pervasive as a computing platform. In addition to smartphones and tablets, Android is increasingly appearing in embedded systems such as TVs and cars. This adoption is occurring because Android provides an embedded platform on top of which software can be easily developed. This talk will start the attendees on their way of developing Android applications. We will overview the basic design of an Android application and then work through a "Hello World" example. Throughout the talk, we will point the attendees towards valuable resources for learning to develop Android apps. Note that to get the most out of this talk, attendees should bring a laptop pre-setup with the Android SDK (http://developer.android.com/sdk) and have a basic knowledge of Java.

[Slides]

Understanding Android's Security Framework

ACM Conference on Computer and Communications Security (CCS'08)
co-presented with Patrick McDaniel
October 29, 2008

The Google Android mobile phone platform is one of the most anticipated smartphone operating systems. Android defines a new component-based framework for developing mobile applications, where each application is comprised of different numbers and types of components. Activity components form the basis of the user interface; each screen presented to the user is a different Activity. Service components provide background processing that continues even after its application loses focus. Services also define arbitrary interfaces for communicating with other applications. Content Provider components share information in relational database form. For instance, the system includes an application with a Content Provider devoted to sharing the user's address book upon which other applications can query. Finally, Broadcast Receiver components act as an asynchronous mailbox for messages from the system and other applications. As a whole, this application framework supports a flexible degree of collaboration between applications, where dependencies can be as simple or complex as a situation requires.

In this tutorial, we will overview the mechanisms required to develop secure applications within the Android development framework, indicating how the environment has evolved with recent releases of the SDK. We will begin with the basics of building an Android application; no prior knowledge of Android is required. From this base, we will demonstrate how applications can communicate and provide services to one another. However, these interfaces must be carefully secured to defend against general malfeasance. We show how Android's security model aims to provide mechanisms for requisite protection of applications and critical smartphone functionality and present a number of "best practices" for secure application development within the environment

The slides and example application source code are available.