Research Focus

The Trustworthy Systems Group (TSG) is engaged in experimental computer science research that investigates cross-layer methods of creating efficient, trustworthy computer systems. We seek to understand why it seems difficult to build trustworthy systems and how we can get better at it. Our areas of research include tools and patterns for trust design and coordination, operating systems and architectural support for security, debugging, intrusion defense, and infosec education. The TSG is affiliated with the University of Calgary's Institute for Security, Privacy, and Information Assurance (ISPIA).

News and Resources

Dec 2013: US Patent 8,613,096 issued.
Nov 2013: Locasto Talks To SPIE About "Personal Strategies for Staying Safe Online"
Nov 2013: Congratulations to Robin for a successful MSc thesis defense!
Nov 2013: Locasto participates in ISPIA-CMSS workshop
Oct 2013: IEEE SPW will hold a LangSec workshop.
Aug 2013: Locasto on Alberta Primetime discussing Internet porn filtering.
May 2013: Congratulations to Sarah and Ashwathi, who both received a QEII award.
May 2013: Congratulations to Ashwathi, who had a 3rd place poster at CPSC Industry Day
Apr 2013: CACM news item on Digital Death paper
Mar 2013: UToday article "Assistant prof shares..."
Mar 2013: US Patent 8,407,160 issued.
Mar 2013: Congratulations to Taylor on earning a UofC PURE Award!
Feb 2013: US Patent 8,381,295 issued.
Jan 2013: Congratulations to Sarah, who received a QEII award!
> all news...

We occasionally contribute to the U of C's wiki: And we occasionally find bugs in real software (12 bugs since January 2011).


Prof. Michael E. Locasto
Ashwathi S. Shiva (MSc, co-advised with Carey Williamson)
Sarah Laing (MSc, co-advised with John Aycock)
James Sullivan (BSc, Summer 2013 research)
Benedict Chukuka (MSc)
Stephen Cartwright (MSc)
Evan Ranshaw (BSc, CPSC 502, co-advised by Tony Tang)
Mike Clark (BSc, CPSC 502)
Robin Gonzalez (PhD student)


Robin Gonzalez (MSc)
Faisal Iqbal (MSc, co-advised with Carey Williamson)
Taylor Hornby (BSc, Summer 2013 PURE Award)
Eric Fiselier (BSc, Summer 2013 research student)
Aleksandre Gorodetski (BSc, NSERC USRA and 502 Student)
Bogdan Copos (BSc, TCNJ, 2011 summer research intern)
Mateus Oliveria (BSc, TCNJ, 2011 summer research intern)

Research Projects and Areas

Information Security Education
Deep Introspection
Trust Distribution Diagrams
Security Considerations in eHealth
Digital Footprint
Entropy Measurement Library
The Comment Mentor (w/ P. DePasquale & M. Martinovic, TCNJ; NSF funding)
Infosec Topics

Recent Publications

  1. Classifying the Data Semantics of Patches Robin Gonzalez and Michael E. Locasto. CPSC Tech Report 2013-1047-14. "Babel: A Secure Computer is a Polyglot." John Aycock, Daniel Medeiros Nunes de Castro, Michael E. Locasto, and Chris Jarabek. Proceedings of the ACM Cloud Computing Security Workshop (CCSW) October 2012.
  2. "LoSt: Location Based Storage." Gaven J. Watson, Reihaneh Safavi-Naini, Mohsen Alimomeni, Michael E. Locasto, and Shivaramakrishnan Narayan. Proceedings of the ACM Cloud Computing Security Workshop (CCSW) October 2012.
  3. "Security Applications of Formal Language Theory." Len Sassaman, Meredith L. Patterson, Sergey Bratus, and Michael Locasto. IEEE Systems Journal: Special Issue on Security and Privacy in Complex Systems. Sushil Jajodia and Pierangela Samarati, Ed. 2012. (to appear)
  4. "// TODO: Help Students Improve Commenting Practices" Peter J. DePasquale, Michael E. Locasto, Lisa Kaczmarczyk, and Mike Martinovic. Proceedings of the IEEE Frontiers in Education Conference (FIE 2012). October 2012.
  5. "Empirical Evaluation and Pushback of Malicious Web Advertisements" Robin Gonzalez. (Poster, USENIX Security 2012)
  6. "Software diversity: Security, Entropy and Game Theory." Saran Neti, Anil Somayaji, and Michael E. Locasto. Proceedings of the 7th USENIX Workshop on Hot Topics in Security August 2012. Bellvue, WA, USA.
  7. "Composition Patterns of Hacking." Sergey Bratus, Julian Bangert, Alexandar Gabrovsky, Anna Shubina, Daniel Bilar, and Michael E. Locasto. Proceedings of the 1st International Workshop on Cyber Patterns. pp. 80-85. 9-10 July 2012, Abingdon, Oxfordshire, UK
  8. "Intrusion Detection For Resource-constrained Embedded Control Systems in the Power Grid." Jason Reeves, Ashwin Ramaswamy, Michael Locasto, Sergey Bratus and Sean Smith. International Journal of Critical Infrastructure Protection. (2012)
  9. "Exploit Programming: From Buffer Overflows to 'Weird Machines' and Theory of Computation". Sergey Bratus, Michael E. Locasto, Meredith L. Patterson, Len Sassaman, and Anna Shubina. USENIX ;login: vol. 36, no. 6, pp. 13--21 December 2011.
  10. "Using Active Intrusion Detection to Recover Network Trust" John F. Williamson, Sergey Bratus, Michael E. Locasto, Sean W. Smith. Proceedings of USENIX LISA 2011
  11. "Security and Privacy Considerations in Digital Death." Michael E. Locasto, Michael Massimi, and Peter J. DePasquale. Proceedings of the 20th New Security Paradigms Workshop (NSPW 2011). September 12-15 2011. Marin County, CA, USA. [pre-proceedings version]
  12. "A Failure-based Discipline of Trustworthy Computing" Michael E. Locasto and Matthew Little. IEEE Security and Privacy, vol. 9, no. 4, July/Aug. 2011
  13. "The Ephemeral Legion: Producing an Expert Cyber-security Workforce from Thin Air." Michael E. Locasto, Anup Ghosh, Sushil Jajodia, and Angelos Stavrou. Communications of the ACM, 2011. Vol. 54, Issue 1, pp 129--131.
> full list...