Research Focus

The Trustworthy Systems Group (TSG) is engaged in experimental computer science research that investigates cross-layer methods of creating efficient, trustworthy computer systems. We seek to understand why it seems difficult to build trustworthy systems and how we can get better at it. Our areas of research include tools and patterns for trust design and coordination, operating systems and architectural support for security, debugging, intrusion defense, and infosec education. The TSG is affiliated with the University of Calgary's Institute for Security, Privacy, and Information Assurance (ISPIA).

News and Resources

May 2014: The LangSec workshop will be held with the IEEE Security and Privacy Workshops.
May 2014: Robin and Sarah presented their research during the poster session of CPSC Industry Day.
Apr 2014: Congrats to Sara, who earned an NSERC USRA to study the semantics of source code comments.
Mar 2014: US Patent 8,667,588 issued.
Dec 2013: US Patent 8,613,096 issued.
Nov 2013: Locasto Talks To SPIE About "Personal Strategies for Staying Safe Online"
Nov 2013: Congratulations to Robin for a successful MSc thesis defense!
Nov 2013: Locasto participates in ISPIA-CMSS workshop
Oct 2013: IEEE SPW will hold a LangSec workshop.
Aug 2013: Locasto on Alberta Primetime discussing Internet porn filtering.
May 2013: Congratulations to Sarah and Ashwathi, who both received a QEII award.
May 2013: Congratulations to Ashwathi, who had a 3rd place poster at CPSC Industry Day
Apr 2013: CACM news item on Digital Death paper
Mar 2013: UToday article "Assistant prof shares..."
Mar 2013: US Patent 8,407,160 issued.
Mar 2013: Congratulations to Taylor on earning a UofC PURE Award!
Feb 2013: US Patent 8,381,295 issued.
Jan 2013: Congratulations to Sarah, who received a QEII award!
> all news...

People

Prof. Michael E. Locasto
Ashwathi S. Shiva (MSc, co-advised with Carey Williamson)
Sarah Laing (MSc, co-advised with John Aycock)
James Sullivan (BSc, Summer 2013 research)
Benedict Chukuka (MSc)
Stephen Cartwright (MSc)
Evan Ranshaw (BSc, CPSC 502, co-advised by Tony Tang)
Mike Clark (BSc, CPSC 502)
Robin Gonzalez (PhD student)
Sara Williamson (BSc, Summer 2014 NSERC USRA)



Alum

Robin Gonzalez (MSc)
Faisal Iqbal (MSc, co-advised with Carey Williamson)
Taylor Hornby (BSc, Summer 2013 PURE Award)
Eric Fiselier (BSc, Summer 2013 research student)
Aleksandre Gorodetski (BSc, NSERC USRA and 502 Student)
Bogdan Copos (BSc, TCNJ, 2011 summer research intern)
Mateus Oliveria (BSc, TCNJ, 2011 summer research intern)

Research Projects

Robin's MSc thesis was about hot patching data structures.

Mike Clark wrote DAWK, a version of AWK that parses data structures rather than character sequences.

Bogdan worked on Trust Distribution Diagrams

Mateus created a Linux kernel framework for measuring the rate of access control decisions in cloud storage systems.

Eric examined the topic of Defensive Weird Machines.

Locasto is collaborating with Richard Weiss, Jens Mache, and their students on the cloud-based EDURange platform for cybersecurity training exercises.

Taylor worked on the Instruction Filters project.

James wrote a network treasure hunt using Scapy to provide the software-defined network infrastructure.

Ashwathi built an Android app for use in BYOD environments that actively probes networks to help establish their identity.

Sarah has modified the Linux kernel to export memory events to Wireshark.

Evan performed a study of the interactions that take place during collaborative debugging sessions. His data will help inform the design of UI elements that support such security analysis.

Stephen is researching the problem of measuring and visualizing data integrity in large-scale systems.

Benedict is currently surveying the landscape of ethical agreements governing information security courses.

Sara is working on a number of modules for COMTOR; these modules are focused on evaluating the semantics and natural language properties of source code comments.

Locasto wrote the libVEI library as an example for injecting packets into pre-existing network capture files.

Locasto co-wrote the SISMAT lab manual ("Hacking the Abacus") to provide a collection of information security exercises. PDF copies for review are available on request.

Misc. Topics

Information Security Education
Deep Introspection
Security Considerations in eHealth
Digital Footprint
Entropy Measurement Library
The Comment Mentor (w/ P. DePasquale & M. Martinovic, TCNJ; NSF funding)
Infosec Topics
We occasionally contribute to the U of C's wiki: And we occasionally find bugs in real software (12 bugs since January 2011).

Recent Publications

  1. Analyzing the Data Semantics of Security Patches Robin Gonzalez and Michael E. Locasto. Poster for IEEE Security and Privacy 2014.
  2. Beyond Planted Bugs in "Trusting Trust": The Input-Processing Frontier Bratus, S. and Darley, T. and Locasto, M. and Patterson, M.L. and Shapiro, R.B. and Shubina, A. IEEE Security and Privacy Magazine. January 2014.
  3. "Security Applications of Formal Language Theory." Len Sassaman, Meredith L. Patterson, Sergey Bratus, and Michael Locasto. IEEE Systems Journal: Special Issue on Security and Privacy in Complex Systems. Sushil Jajodia and Pierangela Samarati, Ed. 2012. September 2013.
  4. Classifying the Data Semantics of Patches Robin Gonzalez and Michael E. Locasto. CPSC Tech Report 2013-1047-14.
  5. "Babel: A Secure Computer is a Polyglot." John Aycock, Daniel Medeiros Nunes de Castro, Michael E. Locasto, and Chris Jarabek. Proceedings of the ACM Cloud Computing Security Workshop (CCSW) October 2012.
  6. "LoSt: Location Based Storage." Gaven J. Watson, Reihaneh Safavi-Naini, Mohsen Alimomeni, Michael E. Locasto, and Shivaramakrishnan Narayan. Proceedings of the ACM Cloud Computing Security Workshop (CCSW) October 2012.
  7. "// TODO: Help Students Improve Commenting Practices" Peter J. DePasquale, Michael E. Locasto, Lisa Kaczmarczyk, and Mike Martinovic. Proceedings of the IEEE Frontiers in Education Conference (FIE 2012). October 2012.
  8. "Empirical Evaluation and Pushback of Malicious Web Advertisements" Robin Gonzalez. (Poster, USENIX Security 2012)
  9. "Software diversity: Security, Entropy and Game Theory." Saran Neti, Anil Somayaji, and Michael E. Locasto. Proceedings of the 7th USENIX Workshop on Hot Topics in Security August 2012. Bellvue, WA, USA.
  10. "Composition Patterns of Hacking." Sergey Bratus, Julian Bangert, Alexandar Gabrovsky, Anna Shubina, Daniel Bilar, and Michael E. Locasto. Proceedings of the 1st International Workshop on Cyber Patterns. pp. 80-85. 9-10 July 2012, Abingdon, Oxfordshire, UK
  11. "Intrusion Detection For Resource-constrained Embedded Control Systems in the Power Grid." Jason Reeves, Ashwin Ramaswamy, Michael Locasto, Sergey Bratus and Sean Smith. International Journal of Critical Infrastructure Protection. (2012)
  12. "Exploit Programming: From Buffer Overflows to 'Weird Machines' and Theory of Computation". Sergey Bratus, Michael E. Locasto, Meredith L. Patterson, Len Sassaman, and Anna Shubina. USENIX ;login: vol. 36, no. 6, pp. 13--21 December 2011.
  13. "Using Active Intrusion Detection to Recover Network Trust" John F. Williamson, Sergey Bratus, Michael E. Locasto, Sean W. Smith. Proceedings of USENIX LISA 2011
  14. "Security and Privacy Considerations in Digital Death." Michael E. Locasto, Michael Massimi, and Peter J. DePasquale. Proceedings of the 20th New Security Paradigms Workshop (NSPW 2011). September 12-15 2011. Marin County, CA, USA. [pre-proceedings version]
  15. "A Failure-based Discipline of Trustworthy Computing" Michael E. Locasto and Matthew Little. IEEE Security and Privacy, vol. 9, no. 4, July/Aug. 2011
  16. "The Ephemeral Legion: Producing an Expert Cyber-security Workforce from Thin Air." Michael E. Locasto, Anup Ghosh, Sushil Jajodia, and Angelos Stavrou. Communications of the ACM, 2011. Vol. 54, Issue 1, pp 129--131.
> full list...