Research Focus

The Trustworthy Systems Group (TSG) is engaged in experimental computer science research that investigates cross-layer methods of creating efficient, trustworthy computer systems. We seek to understand why it seems difficult to build trustworthy systems and how we can get better at it. Our areas of research include tools and patterns for trust design and coordination, operating systems and architectural support for security, debugging, intrusion defense, and infosec education. The TSG is affiliated with the University of Calgary's Institute for Security, Privacy, and Information Assurance (ISPIA).


Prof. Michael E. Locasto
Robin Gonzalez (PhD student)
Benedict Chukuka (MSc)
Stephen Cartwright (MSc)
Katie Underwood (BSc, CPSC 503 F15)
Shawn Norton (BSc, CPSC 502 F15-W16)
Caitlin Ryan (BSc, CPSC 502 F15-W16)
Mackenzie Haffey (MSc)
Michael Clark (MSc, starting Winter 2016)


Katie Underwood (BSc, CPSC 599, Summer 2015)
Sarah Laing (MSc, co-advised with John Aycock)
Mike Clark (BSc, CPSC 502, Summer 2014 research)
James Sullivan (BSc, Summer 2014 research)
Sara Williamson (BSc, Summer 2014 NSERC USRA, Summer 2015 NSERC USRA)
Evan Ranshaw (BSc, CPSC 502, co-advised by Tony Tang)
Ashwathi S. Shiva (MSc, co-advised with Carey Williamson)
Robin Gonzalez (MSc)
Faisal Iqbal (MSc, co-advised with Carey Williamson)
Taylor Hornby (BSc, Summer 2013 PURE Award)
Eric Fiselier (BSc, Summer 2013 research student)
Aleksandre Gorodetski (BSc, NSERC USRA and 502 Student)
Bogdan Copos (BSc, TCNJ, 2011 summer research intern)
Mateus Oliveria (BSc, TCNJ, 2011 summer research intern)

News and Resources

Sept 2015: US Patent 9,135,438 issued.
June 2015: Congratulations to Sarah, who successfully defended her MSc thesis.
June 2015: James will present his paper on how students find bugs at CISSE (best studentn paper award!).
June 2015: Congratulations to Robin on his talk at the workshop on Usable Privacy and Security Education.
May 2015: Locasto will be speaking at CPSC Industry Day
May 2015: Robin wins the Computer Science TA Excellence Award for 2014 (3rd year courses)
March 2015: Security Education BOF at SIGCSE
March 2015: EDURange project presented at SIGCSE
Dec 2014: US Patent 8,924,782 issued.
Oct 2014: The 2nd LangSec workshop has been accepted for IEEE SP2015
Sept 2014: Joint ISPIA-CMSS workshop to be held at UofC downtown campus
Aug 2014: The Cage project was presented at USENIX WOOT
Aug 2014: EDURange project part of a panel at USENIX CSET
Jun 2014: US Patent 8,763,103 issued.
May 2014: Congratulations to Ashwathi for a successful MSc thesis defense!
> all news...

Research Projects

Robin's MSc thesis was about hot patching data structures.

Ashwathi built an Android app for use in BYOD environments that actively probes networks to help establish their identity.

Sarah has modified the Linux kernel to export memory events to Wireshark.

Mike Clark wrote DAWK, a version of AWK that parses data structures rather than character sequences.

Locasto is collaborating with Richard Weiss, Jens Mache, and their students on the cloud-based EDURange platform for cybersecurity training exercises.

Taylor worked on the Instruction Filters project.

James wrote a network treasure hunt using Scapy to provide the software-defined network infrastructure. He also contributed this to the EDURange project.

Evan performed a study of the interactions that take place during collaborative debugging sessions. His data will help inform the design of UI elements that support such security analysis.

Stephen is researching the problem of measuring and visualizing data integrity in large-scale systems.

Benedict is currently surveying the landscape of ethical agreements governing information security courses.

Sara is working on a number of modules for COMTOR; these modules are focused on evaluating the semantics and natural language properties of source code comments.

Bogdan worked on Trust Distribution Diagrams

Mateus created a Linux kernel framework for measuring the rate of access control decisions in cloud storage systems.

Eric examined the topic of Defensive Weird Machines.

Locasto wrote the libVEI library as an example for injecting packets into pre-existing network capture files.

Locasto co-wrote the SISMAT lab manual ("Hacking the Abacus") to provide a collection of information security exercises. PDF copies for review are available on request.

Misc. Topics

Information Security Education
Deep Introspection
Security Considerations in eHealth
Digital Footprint
Entropy Measurement Library
The Comment Mentor (w/ P. DePasquale & M. Martinovic, TCNJ; NSF funding)
Infosec Topics
We occasionally contribute to the U of C's wiki: And we occasionally find bugs in real software (12 bugs since January 2011).

Recent Publications

  1. "A Reflective Approach to Assessing Student Performance in Cybersecurity Exercises"
    Richard Weiss, Michael E. Locasto, Jens Mache.
    ACM SIGCSE 2016 (to appear March 2016)
  2. "A Survey of Ethical Agreements in Information Security Courses"
    Benedict Chukuka and Michael E. Locasto
    ACM SIGCSE 2016 (to appear March 2016)
  3. "Defining a Model for Defense in Depth"
    James F. Sullivan and Michael E. Locasto
    Layered Assurance Workshop (to appear December 2015)
  4. "A Survey of Student-Discovered Bugs and Vulnerability Disclosure"
    James F. Sullivan and Michael E. Locasto
    (19th Annual Colloquium for Information System Security Education)
    (The Erich Spengler Student Paper Award Winner)
  5. Teaching Cybersecurity Analysis Skills in the Cloud
    Richard Weiss (The Evergreen State College); Stefan Boesen (Dartmouth College); James Sullivan (Univ. of Calgary); Michael Locasto (Univ. of Calgary); Jens Mache (Lewis & Clark College); Erik Nilsen (Lewis & Clark College)
    ACM SIGCSE 2015.
  6. Verifying Security Patches
    Jonathan Gallagher, Robin Gonzalez, and Michael Locasto. October 2014. PSP 2014.
  7. Models for Regulating the Software Development Industry
    Ben Edwards and Michael E. Locasto. NSPW 2014 Panel.
  8. An Experience Report on Extracting and Viewing Memory Events via Wireshark
    Sarah Laing, Michael E. Locasto, and John Aycock
  9. EDURange: Meeting the Pedagogical Challenges of Student Participation in Cybertraining Environments
    Stefan Boesen and Richard Weiss, The Evergreen State College; James Sullivan and Michael E. Locasto, University of Calgary; Jens Mache and Erik Nilsen, Lewis and Clark College
  10. Reflections on Re-Balancing the Attacker's Asymmetric Advantage
    Michael E. Locasto
  11. Analyzing the Data Semantics of Security Patches
    Robin Gonzalez and Michael E. Locasto. Poster for IEEE Security and Privacy 2014.
  12. Beyond Planted Bugs in "Trusting Trust": The Input-Processing Frontier
    Bratus, S. and Darley, T. and Locasto, M. and Patterson, M.L. and Shapiro, R.B. and Shubina, A. IEEE Security and Privacy Magazine. January 2014.
  13. "Security Applications of Formal Language Theory." Len Sassaman, Meredith L. Patterson, Sergey Bratus, and Michael Locasto. IEEE Systems Journal: Special Issue on Security and Privacy in Complex Systems. Sushil Jajodia and Pierangela Samarati, Ed. 2012. September 2013.
  14. Classifying the Data Semantics of Patches Robin Gonzalez and Michael E. Locasto. CPSC Tech Report 2013-1047-14.
  15. "Babel: A Secure Computer is a Polyglot." John Aycock, Daniel Medeiros Nunes de Castro, Michael E. Locasto, and Chris Jarabek. Proceedings of the ACM Cloud Computing Security Workshop (CCSW) October 2012.
  16. "LoSt: Location Based Storage." Gaven J. Watson, Reihaneh Safavi-Naini, Mohsen Alimomeni, Michael E. Locasto, and Shivaramakrishnan Narayan. Proceedings of the ACM Cloud Computing Security Workshop (CCSW) October 2012.
  17. "// TODO: Help Students Improve Commenting Practices" Peter J. DePasquale, Michael E. Locasto, Lisa Kaczmarczyk, and Mike Martinovic. Proceedings of the IEEE Frontiers in Education Conference (FIE 2012). October 2012.
  18. "Empirical Evaluation and Pushback of Malicious Web Advertisements" Robin Gonzalez. (Poster, USENIX Security 2012)
  19. "Software diversity: Security, Entropy and Game Theory." Saran Neti, Anil Somayaji, and Michael E. Locasto. Proceedings of the 7th USENIX Workshop on Hot Topics in Security August 2012. Bellvue, WA, USA.
  20. "Composition Patterns of Hacking." Sergey Bratus, Julian Bangert, Alexandar Gabrovsky, Anna Shubina, Daniel Bilar, and Michael E. Locasto. Proceedings of the 1st International Workshop on Cyber Patterns. pp. 80-85. 9-10 July 2012, Abingdon, Oxfordshire, UK
  21. "Intrusion Detection For Resource-constrained Embedded Control Systems in the Power Grid." Jason Reeves, Ashwin Ramaswamy, Michael Locasto, Sergey Bratus and Sean Smith. International Journal of Critical Infrastructure Protection. (2012)
  22. "Exploit Programming: From Buffer Overflows to 'Weird Machines' and Theory of Computation". Sergey Bratus, Michael E. Locasto, Meredith L. Patterson, Len Sassaman, and Anna Shubina. USENIX ;login: vol. 36, no. 6, pp. 13--21 December 2011.
  23. "Using Active Intrusion Detection to Recover Network Trust" John F. Williamson, Sergey Bratus, Michael E. Locasto, Sean W. Smith. Proceedings of USENIX LISA 2011
  24. "Security and Privacy Considerations in Digital Death." Michael E. Locasto, Michael Massimi, and Peter J. DePasquale. Proceedings of the 20th New Security Paradigms Workshop (NSPW 2011). September 12-15 2011. Marin County, CA, USA. [pre-proceedings version]
  25. "A Failure-based Discipline of Trustworthy Computing" Michael E. Locasto and Matthew Little. IEEE Security and Privacy, vol. 9, no. 4, July/Aug. 2011
  26. "The Ephemeral Legion: Producing an Expert Cyber-security Workforce from Thin Air." Michael E. Locasto, Anup Ghosh, Sushil Jajodia, and Angelos Stavrou. Communications of the ACM, 2011. Vol. 54, Issue 1, pp 129--131.
> full list...