Security

Describes automated methods and tools for discovering information systems through network and host analysis to create high-fidelity emulation models, demonstrated on SCinet with 5 routers and 10,000 endpoints.

Sandia LDRD report summarizing a three-year project to quantify behavioral (not performance) differences between emulations and real-world systems by running representative workloads on both and comparing collected metrics.

Research infrastructure that executed over 10,000 experiments processing half a petabyte of data to quantify behavioral differences between virtual and physical testbeds for cyber security research validation.

Documents lessons learned from running over 10,000 experiments and processing half a petabyte of data to quantify behavioral (not just performance) differences between virtual and physical testbeds for cyber security research.

Comparative analysis quantifying behavioral differences between physical and virtual testbeds for cyber security research to assess the fidelity of virtualized environments for experimentation.

Automated toolset that transforms network and host discovery data into high-fidelity emulation models, demonstrated by modeling SCinet’s 10,000 endpoints and enabling rapid Emulytics experimentation.

Fast, lightweight distributed VM orchestration platform that scales from laptops to massive clusters with virtually no setup, enabling large-scale cyber security experiments and emulation testbeds.

Proposes Mobile Trusted-Origin Policy to authenticate mobile apps accessing network APIs by annotating HTTP requests with app provenance, preventing click fraud and API abuse through code isolation and origin verification.

Demonstrates how adversaries can subvert DBSCAN clustering by injecting bridge points to merge arbitrary clusters, degrading system performance, and proposes machine learning-based remediation using outlier detection.

PhD dissertation presenting scalable semantics-based approaches for detecting similar Android applications, with applications to clone detection, malware analysis, and security assessment.