CS Department Faculty Publications



Books & Chapters

Asset Publisher

Tallinn Manual on the International Law Applicable to Cyber Warfare

James Bret Michael, Member of the Editorial Committee

Tallinn ManualThe product of a three-year project by twenty renowned international law scholars and practitioners, the Tallinn Manual identifies the international law applicable to cyber warfare and sets out ninety-five 'black-letter rules' governing such conflicts. It addresses topics including sovereignty, State responsibility, the jus ad bellum, international humanitarian law, and the law of neutrality. An extensive commentary accompanies each rule, which sets forth the rule's basis in treaty and customary law, explains how the group of experts interpreted applicable norms in the cyber context, and outlines any disagreements within the group as to each rule's application.

Great Principles of Computing

Great Principles of ComputingComputing is usually viewed as a technology field that advances at the breakneck speed of Moore's Law. If we turn away even for a moment, we might miss a game-changing technological breakthrough or an earthshaking theoretical development. This book takes a different perspective, presenting computing as a science governed by fundamental principles that span all technologies. Computer science is a science of information processes. We need a new language to describe the science, and in this book Peter Denning and Craig Martell offer the great principles framework as just such a language. This is a book about the whole of computing -- its algorithms, architectures, and designs.

Handbook of FPGA Design Security

FPGA Design SecurityThe purpose of this book is to provide a practical approach to managing security in FPGA designs for researchers and practitioners in the electronic design automation (EDA) and FPGA communities, including corporations, industrial and government research labs, and academics. This book combines theoretical underpinnings with a practical design approach and worked examples for combating real world threats. To address the spectrum of lifecycle and operational threats against FPGA systems, a holistic view of FPGA security is presented, from formal top level speci?cation to low level policy enforcement mechanisms, which integrates recent advances in the fields of computer security theory, languages, compilers, and hardware.


Technical Reports


See all CS Department Technical Reports


Behavior models for software architecture
Auguston, Mikhail

Monterey Phoenix (MP) is an approach to formal software system architecture specification based on behavior models. Architecture modeling focuses not only on the activities and interactions within the system, but also on the interactions between the system and its environment, providing an abstraction for interaction specification. The behavior of the system is defined as a set of events (event trace) with two basic relations: precedence and inclusion. The structure of possible event traces is specified using event grammars and other constraints organized into schemas. The separation of the interaction description from the components behavior is an essential MP feature. The schema framework is amenable to stepwise architecture refinement, reuse, composition, visualization, and multiple view extraction. The approach yields a basis for executable architecture specification supporting early testing and verification, systematic use case generation, and performance estimates with automated tools.

Semantic Web and inferencing technologies for Department of Defense systems
Duane Davis

Operational commanders and intelligence professionals are provided with a continually-increasing volume of data from numerous sources. Effective utilization of this data can be hampered by difficulties in fusing different data streams for presentation, correlating related data from various sources and developing reliable summary and predictive products. An opportunity presently exists to improve this situation through the incorporation of Semantic Web technologies into Department of Defense (DOD) systems. This report provides a didactic overview of Description Logics (DL) and their implementation in Semantic Web languages and technologies to include the mathematical properties supporting robust knowledge representation. Subsequently, the algorithms for automated reasoning and inferencing with DLs are discussed. Included in this discussion is a comparison of available Semantic Web applications for ontology development and realization or DL reasoning capabilities with real-world knowledge bases. Finally, mechanisms for applying artificial intelligence techniques to ontological DL information are presented.


Techniques for the detection of faulty packet header modifications
Ryan Craven, Robert Beverly, Mark Allman

Understanding, measuring, and debugging IP networks, particularly across administrative domains, is challenging.Compounding the problem are transparent in-path appliances and middleboxes that can be difficult to manage and sometimes left out-of-date or misconfigured.As a result, packet headers can be modified in unexpected ways, negatively impacting end-to-end performance.We discuss the impact of such packet header modifications, present an array of techniques for their detection, and define strategies to add tamper-evident protection to our detection techniques.We select a solution for implementation into the Linux TCP stack and use it to examine real-world Internet paths.We discover various instances of in-path modifications and extract lessons learned from them to help drive future design efforts.
CS Dept Pubs

2021 CS Department Publications


B. Hale. Escaping the Innovation Bunker. In Proceedings of U.S. Naval Institute (USNI) 2021. 

C. Cremers, B. Hale, K. Kohbrok. The Complexities of Healing in Secure Group Messaging: Why Cross-Group Effects Matter. In Proceedings of USENIX 2021. 

B. Dowling and B. Hale. Secure Messaging Authentication against Active Man-in-the-Middle Attacks. In Proceedings of IEEE EuroS&P 2021. 

B. Hale, D. J. Van Bossuyt, N. Papakonstantinou, and O’Halloran. A Zero-Trust Methodology for Security of Complex Systems With Machine Learning Components. In Proceedings of the ASME 2021 IDETC/CIE2021. 

M. Sjoholmsierchio, B. Hale, D. Lukaszewski, and G. Xie. Strengthening SDN Security: Protocol Dialecting and Downgrade Attacks. In IEEE NetSoft. 2021. 

N. Papakonstantinou, D. J. Van Bossuyt, J. Linnosmaa, B. Hale, B. and O’Halloran. A Zero Trust Hybrid Security and Safety Risk Analysis Method. In Proceedings of the Journal of Computing and Information Science in Engineering (JCISE) 2021. 

D. Brutzman, T. Norbraten, J. Culbert, and B. Hale. Blockchain Mergence for Distributed Ledgers Supporting Fleet Logistics and Maintenance. In Acquisition Research Symposium 2021. 

M. Troncoso and B. Hale. The Bluetooth CYBORG: Analysis of the Full Human-Machine Passkey Entry AKE Protocol. In NDSS 2021. 

D. Drusinsky, Who Is Authenticating My E-Commerce Logins? Computer 54 (04), 49-54. 

P. Denning, D. Drusinsky, J. B. Michael, Military Intelligent Systems Pose Strategic Dilemmas, In Proceedings of U.S. Naval Institute, Vol. 147/4/1,418 April 27, 2021 

Kroll, J.A., 2021, March. Outlining Traceability: A Principle for Operationalizing Accountability in Computing Systems. In Proceedings of the 2021 ACM Conference on Fairness, Accountability, and Transparency (pp. 758-771). 

J. A. Kroll, J. B. Michael, D. B. Thaw. “Enhancing Cybersecurity via Artificial Intelligence: Risks, Rewards, and Frameworks”, Computer, June 2021. 

T. Carter, J. B. Michael, J. A. Kroll, “Lessons Learned from Applying the NIST Privacy Framework”, IT Professional, July 2021. 

Blais, C., "Extending the Command and Control System to Simulation System Interoperation (C2SIM) Standard to Address Exchange of Cybersecurity Information," 2021-SIW-010, Simulation Innovation Workshop, Simulation Interoperability Standards Organization. February 2021. 

Blais, C., Dechand, M., Dembach, M., and Singapogu, S., "The Use of Automated Reasoning with the Command and Control System to Simulation System Interoperation (C2SIM) Standard," 2021-SIW-010, Simulation Innovation Workshop, Simulation Interoperability Standards Organization, February 2021. 


2020 CS Department Publications


Brett Rajchel, John V. Monaco, Gurminder Singh, Angela Hu, Jarrod Shingleton and Thomas Anderson. Temporal Behavior in Network Traffic as a Basis for Insider Threat Detection. 2020 IEEE Symposium Series on Computational Intelligence (SSCI 2020). 

Alejandro Acien, John V. Monaco, Aythami Morales, Ruben Vera-Rodriguez, Julian Fierrez. TypeNet: Scaling up Keystroke Biometrics. 2020 International Joint Conference on Biometrics (IJCB 2020). 

Aythami Morales, Alejandro Acien, Julian Fierrez, John V. Monaco, Ruben Tolosana, Ruben Vera-Rodriguez, Javier Ortega-Garcia. Keystroke Biometrics in Response to Fake News Propagation in a Global Pandemic. 2020 IEEE Annual Computers, Software, and Applications Conference (COMPSAC 2020). 

John V. Monaco, Ryad B Benosman. General Purpose Computation with Spiking Neural Networks: Programming, Design Principles, and Patterns. 2020 Neuro-inspired Computational Elements Workshop (NICE 2020). 

John V. Monaco. Bug or Feature? Covert Impairments to Human Computer Interaction. 2020 ACM Conference on Human Factors in Computing Systems (CHI 2020). 

Kroll, Joshua A. “Accountability in Computer Systems” In Oxford Handbook of the Ethics of AI, Markus Dubber, Frank Pasquale, and Sunit Das, Eds. Oxford University Press, 2020.  

Matthew Timmerman, Amela Sadagic, and Cynthia E. Irvine, “Peering Under the Hull: Enhanced Decision Making via an Augmented Environment.” IEEE Conference on Virtual Reality and 3D User Interfaces - IEEE VR 2020, Atlanta, GA, USA, March 2020, DOI: 10.1109/VR46266.2020.00093 

Kayla N. Afanador and Cynthia E. Irvine, Representativeness in the Benchmark for Vulnerability Analysis Tools (B-VAT). In 13th USENIX Workshop on Cyber Security Experimentation and Test (CSET 20). USENIX Association. https://www. Usenix.org/conference/cset20/presentation/afanador 

L. E. Peitso and J. B. Michael, “The Promise of Interactive Shared Augmented Reality,” Computer, vol. 53, no. 1, Jan. 2020, pp. 45-52 

D. Drusinsky and J. B. Michael, “Obtaining Trust in Executable Derivatives Using Crowdsourced Critiques with Blind Signatures,” Computer, vol. 53, no. 4, April 2020, pp. 51-56 

J. B. Michael, G. W. Dinolt, and D. Drusinsky, “Open Questions in Formal Methods,” Computer, vol. 53, no. 5, May 2020, pp. 81-84  

J. B. Michael, R. Kuhn, and J. Voas, “Cyberthreats in 2025,” Computer, vol 53, no. 6, June 2020, pp. 16-27. 

J. B. Michael, R. Kuhn, and J. Voas, “Security or Privacy:  Can You Have Both?” Computer, vol. 53, no. 9, Sept. 2020, pp. 20-30. 

S. Miller, C. Blais, and J. Green, Modeling the Operational Value of Data Fusion on ASW and Other Missions, Technical Report NPS-IS-20-004, Naval Postgraduate School, Oct. 2020. 

P. Denning and D. Denning. Dilemmas of artificial intelligence.  Communications of ACM 63, 3 (March 2020), 26-28. 

P. Denning.  Technology Adoption (with Ted Lewis).  Communications of ACM 63, 6 (June 2020), 27-29. 

P. Denning. Avalanches make us all innovators.  Communications of ACM 63, 9 (September 2020), 32-34. 

P. Denning.  Navigating in real-time environments (with Jim Selman).  Communications of ACM 63, 12 (December 2020), 26-28. 


2019 CS Department Publications


T. D. Nguyen, S. C. Austin, and C. E. Irvine, “A strategy for security testing industrial firewalls,” in Proceedings of the Fifth Annual Industrial Control System Security (ICSS) Workshop, ICSS, (New York, NY, USA), pp. 38–47, Association for Computing Machinery, December 2019.

P. Denning and Ted Lewis.  Uncertainty. In Best Writings in Mathematics 2020, (Mircea Pitici, ed.) Princeton University Press 2020.  Original paper in Communications of ACM 62, 12 (Dec 2019), 26-28.   

Luckie, Matthew, Robert Beverly, Ryan Koga, Ken Keys, Joshua A. Kroll, and K. Claffy. "Network hygiene, incentives, and regulation: deployment of source address validation in the Internet." In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 465-480. 2019.