Research Focus

The Trustworthy Systems Group (TSG) is engaged in experimental computer science research that investigates cross-layer methods of creating efficient, trustworthy computer systems. We seek to understand why it seems difficult to build trustworthy systems and how we can get better at it. Our areas of research include tools and patterns for trust design and coordination, operating systems and architectural support for security, debugging, intrusion defense, and infosec education. The TSG is affiliated with the University of Calgary's Institute for Security, Privacy, and Information Assurance (ISPIA).

News and Resources

Sept 2014: Joint ISPIA-CMSS workshop to be held at UofC downtown campus
Aug 2014: The Cage project was presented at USENIX WOOT
Aug 2014: EDURange project part of a panel at USENIX CSET
Jun 2014: US Patent 8,763,103 issued.
May 2014: Congratulations to Ashwathi for a successful MSc thesis defense!
May 2014: The LangSec workshop will be held with the IEEE Security and Privacy Workshops.
May 2014: Robin and Sarah presented their research during the poster session of CPSC Industry Day.
Apr 2014: Congrats to Sara, who earned an NSERC USRA to study the semantics of source code comments.
Mar 2014: US Patent 8,667,588 issued.
Dec 2013: US Patent 8,613,096 issued.
Nov 2013: Locasto Talks To SPIE About "Personal Strategies for Staying Safe Online"
Nov 2013: Congratulations to Robin for a successful MSc thesis defense!
Nov 2013: Locasto participates in ISPIA-CMSS workshop
> all news...


Prof. Michael E. Locasto
Sarah Laing (MSc, co-advised with John Aycock)
James Sullivan (BSc, Summer 2013 research)
Benedict Chukuka (MSc)
Stephen Cartwright (MSc)
Mike Clark (BSc, CPSC 502)
Robin Gonzalez (PhD student)
Sara Williamson (BSc, Summer 2014 NSERC USRA)


Evan Ranshaw (BSc, CPSC 502, co-advised by Tony Tang)
Ashwathi S. Shiva (MSc, co-advised with Carey Williamson)
Robin Gonzalez (MSc)
Faisal Iqbal (MSc, co-advised with Carey Williamson)
Taylor Hornby (BSc, Summer 2013 PURE Award)
Eric Fiselier (BSc, Summer 2013 research student)
Aleksandre Gorodetski (BSc, NSERC USRA and 502 Student)
Bogdan Copos (BSc, TCNJ, 2011 summer research intern)
Mateus Oliveria (BSc, TCNJ, 2011 summer research intern)

Research Projects

Robin's MSc thesis was about hot patching data structures.

Ashwathi built an Android app for use in BYOD environments that actively probes networks to help establish their identity.

Sarah has modified the Linux kernel to export memory events to Wireshark.

Mike Clark wrote DAWK, a version of AWK that parses data structures rather than character sequences.

Locasto is collaborating with Richard Weiss, Jens Mache, and their students on the cloud-based EDURange platform for cybersecurity training exercises.

Taylor worked on the Instruction Filters project.

James wrote a network treasure hunt using Scapy to provide the software-defined network infrastructure. He also contributed this to the EDURange project.

Evan performed a study of the interactions that take place during collaborative debugging sessions. His data will help inform the design of UI elements that support such security analysis.

Stephen is researching the problem of measuring and visualizing data integrity in large-scale systems.

Benedict is currently surveying the landscape of ethical agreements governing information security courses.

Sara is working on a number of modules for COMTOR; these modules are focused on evaluating the semantics and natural language properties of source code comments.

Bogdan worked on Trust Distribution Diagrams

Mateus created a Linux kernel framework for measuring the rate of access control decisions in cloud storage systems.

Eric examined the topic of Defensive Weird Machines.

Locasto wrote the libVEI library as an example for injecting packets into pre-existing network capture files.

Locasto co-wrote the SISMAT lab manual ("Hacking the Abacus") to provide a collection of information security exercises. PDF copies for review are available on request.

Misc. Topics

Information Security Education
Deep Introspection
Security Considerations in eHealth
Digital Footprint
Entropy Measurement Library
The Comment Mentor (w/ P. DePasquale & M. Martinovic, TCNJ; NSF funding)
Infosec Topics
We occasionally contribute to the U of C's wiki: And we occasionally find bugs in real software (12 bugs since January 2011).

Recent Publications

  1. Models for Regulating the Software Development Industry
    Ben Edwards and Michael E. Locasto. NSPW 2014 Panel.
  2. An Experience Report on Extracting and Viewing Memory Events via Wireshark
    Sarah Laing, Michael E. Locasto, and John Aycock
  3. EDURange: Meeting the Pedagogical Challenges of Student Participation in Cybertraining Environments
    Stefan Boesen and Richard Weiss, The Evergreen State College; James Sullivan and Michael E. Locasto, University of Calgary; Jens Mache and Erik Nilsen, Lewis and Clark College
  4. Reflections on Re-Balancing the Attacker's Asymmetric Advantage
    Michael E. Locasto
  5. Analyzing the Data Semantics of Security Patches
    Robin Gonzalez and Michael E. Locasto. Poster for IEEE Security and Privacy 2014.
  6. Beyond Planted Bugs in "Trusting Trust": The Input-Processing Frontier
    Bratus, S. and Darley, T. and Locasto, M. and Patterson, M.L. and Shapiro, R.B. and Shubina, A. IEEE Security and Privacy Magazine. January 2014.
  7. "Security Applications of Formal Language Theory." Len Sassaman, Meredith L. Patterson, Sergey Bratus, and Michael Locasto. IEEE Systems Journal: Special Issue on Security and Privacy in Complex Systems. Sushil Jajodia and Pierangela Samarati, Ed. 2012. September 2013.
  8. Classifying the Data Semantics of Patches Robin Gonzalez and Michael E. Locasto. CPSC Tech Report 2013-1047-14.
  9. "Babel: A Secure Computer is a Polyglot." John Aycock, Daniel Medeiros Nunes de Castro, Michael E. Locasto, and Chris Jarabek. Proceedings of the ACM Cloud Computing Security Workshop (CCSW) October 2012.
  10. "LoSt: Location Based Storage." Gaven J. Watson, Reihaneh Safavi-Naini, Mohsen Alimomeni, Michael E. Locasto, and Shivaramakrishnan Narayan. Proceedings of the ACM Cloud Computing Security Workshop (CCSW) October 2012.
  11. "// TODO: Help Students Improve Commenting Practices" Peter J. DePasquale, Michael E. Locasto, Lisa Kaczmarczyk, and Mike Martinovic. Proceedings of the IEEE Frontiers in Education Conference (FIE 2012). October 2012.
  12. "Empirical Evaluation and Pushback of Malicious Web Advertisements" Robin Gonzalez. (Poster, USENIX Security 2012)
  13. "Software diversity: Security, Entropy and Game Theory." Saran Neti, Anil Somayaji, and Michael E. Locasto. Proceedings of the 7th USENIX Workshop on Hot Topics in Security August 2012. Bellvue, WA, USA.
  14. "Composition Patterns of Hacking." Sergey Bratus, Julian Bangert, Alexandar Gabrovsky, Anna Shubina, Daniel Bilar, and Michael E. Locasto. Proceedings of the 1st International Workshop on Cyber Patterns. pp. 80-85. 9-10 July 2012, Abingdon, Oxfordshire, UK
  15. "Intrusion Detection For Resource-constrained Embedded Control Systems in the Power Grid." Jason Reeves, Ashwin Ramaswamy, Michael Locasto, Sergey Bratus and Sean Smith. International Journal of Critical Infrastructure Protection. (2012)
  16. "Exploit Programming: From Buffer Overflows to 'Weird Machines' and Theory of Computation". Sergey Bratus, Michael E. Locasto, Meredith L. Patterson, Len Sassaman, and Anna Shubina. USENIX ;login: vol. 36, no. 6, pp. 13--21 December 2011.
  17. "Using Active Intrusion Detection to Recover Network Trust" John F. Williamson, Sergey Bratus, Michael E. Locasto, Sean W. Smith. Proceedings of USENIX LISA 2011
  18. "Security and Privacy Considerations in Digital Death." Michael E. Locasto, Michael Massimi, and Peter J. DePasquale. Proceedings of the 20th New Security Paradigms Workshop (NSPW 2011). September 12-15 2011. Marin County, CA, USA. [pre-proceedings version]
  19. "A Failure-based Discipline of Trustworthy Computing" Michael E. Locasto and Matthew Little. IEEE Security and Privacy, vol. 9, no. 4, July/Aug. 2011
  20. "The Ephemeral Legion: Producing an Expert Cyber-security Workforce from Thin Air." Michael E. Locasto, Anup Ghosh, Sushil Jajodia, and Angelos Stavrou. Communications of the ACM, 2011. Vol. 54, Issue 1, pp 129--131.
> full list...