Michael E. Locasto - Curriculum Vitae

Academic Positions

• August 2010 - present
     Assistant Professor: Department of Computer Science, University of Calgary
• August 2008 - July 2010
     I3P Fellow (2008-2009) and Visiting Professor: Department of Computer Science, George Mason University
• January 2008 - August 2008
     ISTS Research Fellow: Institute for Security, Technology, and Society, Dartmouth College
• September 2002 - December 2007
     Graduate Student Research Assistant: Computer Science Department, Columbia University

Education

Teaching Experience

• Instructor, Principles of Operating Systems CPSC 457. University of Calgary (Winter 2013, 44 students)
• Instructor, Principles of Computer Security CPSC 525/625. University of Calgary (Winter 2013, 53 students)
• Instructor, Cyberwar, Cyberterror, and Cyberprotest CPSC 601.65 (graduate seminar). University of Calgary (Fall 2012, 15 students)
• Project Lead and Instructor, SISMAT Security Seminar. ISTS, Dartmouth College (Summer 2012, 13 students)
• Instructor, Principles of Operating Systems CPSC 457. University of Calgary (Winter 2012, 37 students)
• Instructor, Information Systems Security Analysis CPSC 601.29 (graduate seminar). University of Calgary (Fall 2011, 3 students)
• Project Lead and Instructor, SISMAT Security Seminar. ISTS, Dartmouth College (Summer 2011, 11 students)
• Instructor, Information Systems Security Analysis CPSC 601.29 (graduate seminar). University of Calgary (Winter 2011, 4 students)
• Project Lead and Instructor, SISMAT Security Seminar. ISTS, Dartmouth College (Summer 2010, 8 students)
• Project Lead and Instructor, SISMAT Security Seminar. ISTS, Dartmouth College (Summer 2009, 8 students)
• Instructor for ISA 563: Fundamentals of Systems Programming. George Mason University (Fall 2008, 22 students, 4.75 (out of 5.00) Instructor Rating)
• Project Lead and Instructor, SISMAT Security Seminar. ISTS, Dartmouth College (Summer 2008, 7 students)
• Instructor for COMS W1001: Introduction To Computers. Columbia University (Spring 2006, 25 students)
• Instructor for COMS W1003: Introduction To Computer Programming In C. Columbia University (Fall 2005, 46 students)
• Instructor for COMS W1001: Introduction to Computers. Columbia University (Summer 2004, 8 students)
• Instructor for COMS W1001: Introduction to Computers. Columbia University (Summer 2003, 6 students)
• TA for COMS W4180: Network Security. Columbia University (Fall 2003, 61 students)
• TA for COMS W4115: Programming Languages & Translators. Columbia University (Spring 2003, 61 students)
• Substitute Teacher: West Morris Regional High School District, Chester, NJ (January 2002 - June 2002)
• TA for CSC 340: Programming in the Large. Computer Science Department, The College of New Jersey (Fall 2000, 24 students)
• Academic Tutor: The Center for Academic Enhancement, The College of New Jersey (1999 - 2002)

Student Thesis Committee Service

• PhD Candidacy Exam: Towards Implementation of a Privacy--Preserving Database System, Leanne Wu, University of Calgary (11 March 2013)
• PhD Candidacy Exam: Protecting Against Inference Attacks in Social Networks, Seyed Hossein Ahmadinejad, University of Calgary (17 December 2012)
• PhD Candidacy Exam: Program Transformation Extraction and Reuse, Hamidreza Baghi, University of Calgary (31 July 2012)
• MSc Thesis Committee (Co-Supervisor): Anomaly Detection in Edge Networks, Faisal Iqbal, University of Calgary (July 2012)
• MSc Thesis Committee: Towards Cloud-based Anti-malware Protection for Desktop and Mobile Platforms, Chris Jarabek, University of Calgary (April 2012)
• MSc Thesis Committee: Risk Assessment and Management for Efficient Self-Adapting Self-Organizing Emergent Multi-Agent Systems, Jonathon Hudson, University of Calgary (Aug. 2011)
• MSc Thesis Committee: The Good, the Bad, and the Actively Verified: Using Active Packet Probing for Compromise Recovery, John F. Williamson, Dartmouth College (2010-2011)
• PhD Candidacy Exam: Modeling and Enforcing Purpose in Privacy Policies, Mohammad Jafari, University of Calgary (Dec. 2010)
• MSc Thesis Committee: Towards Automatic Generation of Anti-Virus Emulators, Daniel Medeiros Nunes de Castro, University of Calgary (Dec. 2010)
• MSc Thesis Committee: Bounding the Advantage of Network Coding: The Case of Undirected Combination Networks, Shreya Maheshwar, University of Calgary (Nov. 2010)
• MSc Thesis Committee: Detecting Kernel Rootkits, Ashwin Ramaswamy, Dartmouth College (2008-2009)

Conference Organization

• Local Chair, NSPW 2013
• Program co-Chair, ACNS 2013
• Program Chair, ACSAC 2012
• Program co-Chair, ACSAC 2011
• Publicity Co-Chair, 13^th ACM Conference on Computer and Communications Security CCS 2006.
• Submissions, Workshop on Rapid Malcode (WORM) 2005
• Webmaster, ACNS 2005 Conference
• Webmaster, OpenSig 2003 Workshop

Program Committee Service

• Program Committee, The 21^st New Security Paradigms Workshop (NSPW 2012)
• Review Committee, IEEE Systems Journal - Special Issue on Security and Privacy in Complex Systems
• Program Committee, USENIX HotCloud Workshop 2012
• Program Committee, The 10^th Annual Conference on Privacy, Security, and Trust (PST 2012)
• Program Committee, Applied Cryptography and Network Security (ACNS 2012)
• Program Committee, The 20^th New Security Paradigms Workshop (NSPW 2011)
• Program Committee, The 26^th Annual Computer Security Applications Conference (ACSAC 2010)
• Program Committee, The 19^th New Security Paradigms Workshop (NSPW 2010)
• Program Committee, USENIX HotCloud Workshop 2010
• Program Committee, IEEE 2010 International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing
• Program Committee, ACM Conference on Computer and Communications Security (CCS 2010)
• Program Committee, The 2^nd International Conference on Trusted Computing (TRUST 2010)
• Program Committee, USENIX Security Symposium (Security 2010)
• Program Committee, IEEE Security & Privacy Symposium (Oakland 2010)
• Program Committee, The 2^nd Workshop on Virtual Machine Security (VMSec 2009)
• Program Committee, The 17^th Network and Distributed System Security Symposium (NDSS 2010)
• Program Committee, The 10^th International Workshop on Information Security and Applications (WISA 2009)
• Program Committee, 14^th European Symposium on Research in Computer Security (ESORICS 2009)
• Program Committee, The 18^th New Security Paradigms Workshop (NSPW 2009)
• Program Committee, Security and Privacy Track, the 18^th World Wide Web Conference (WWW 2009)
• Program Committee, The 5^th Information Security Practice and Experience Conference (ISPEC 2009)
• Program Committee, The 16^th Network and Distributed System Security Symposium (NDSS 2009)
• Program Committee, The 17^th New Security Paradigms Workshop (NSPW 2008)
• Program Committee, The 15^th Network and Distributed System Security Symposium (NDSS 2008)
• Program Committee, The 8^th International Workshop on Information Security and Applications (WISA 2007)
• Program Committee, The 3^rd International SKLOIS Conference on Information Security and Cryptology (Inscrypt 2007)
• Program Committee, The 16^th New Security Paradigms Workshop (NSPW 2007)
• Program Committee, Communications and Multimedia Security (CMS 2006)
• Program Committee, The 15^th New Security Paradigms Workshop (NSPW 2006)
• Associate Editor, ACM Crossroads (January 2006 - June 2006)

Other Service and Activities

• Neutral Chair, MSc Thesis Defense (Tang Xiahou, University of Calgary, 10 Sept 2012)
• Operations Committee, UofC CPSC (2011 - )
• Graduate Research Award Committee, UofC CPSC (July 2012 - )
• Graduate Recruiting Committee, UofC CPSC (July 2012 - )
• Session Chair, "Usable Security", ACSAC. 8 December 2011
• Organizer, SIGCSE Birds-of-a-Feather Session, "Cybersecurity Education", (with Jens Mache and Richard Weiss). 7 March 2013. Denver, CO.
• Organizer, SIGCSE Workshop, "Cybersecurity Education", (with Vincent Nessler, Brian Hay, Jens Mache, and Richard Weiss). 6 March 2013. Denver, CO.
• Organizer, SIGCSE Birds-of-a-Feather Session, "Identifying Effective Pedagogical Practices for Commenting Computer Source Code", (with Peter J. DePasquale, TCNJ and Lisa C. Kaczmarczyk). 1 March 2012. Raleigh, NC.
• NSPW 2011 Scribe (notes for authors)
• Organizer, SIGCSE Birds-of-a-Feather Session, "Hacking and the Security Curriculum", (with Richard Weiss, Evergreen and Jens Mache, Lewis and Clark). 1 March 2012. Raleigh, NC.
• Organizer, SIGCSE Birds-of-a-Feather Session, "Undergraduate Information Security Curriculum Development", (with Richard Weiss, Evergreen). 10 March 2011. Dallas, TX.
• Session Chair, "Hardware-Assisted Security", ACSAC. December 2010
• Session Chair, "Information Flow", ACM CCS. October 2010
• USENIX Campus Rep, University of Calgary (2010 - present)
• NSPW 2010 Scribe (notes for authors and USENIX login)
• Organizer, Workshop Session at CCSC:SC 2010 (Consortium for Computing Sciences in Colleges - South Central Chapter), "Teaching Students Effective Practices for Commenting Computer Source Code"
• Organizer, SIGCSE Birds-of-a-Feather Session, "How Do We Teach Students Effective Practices for Commenting Computer Source Code?", (with Peter DePasquale, TCNJ). 11 March 2010. Milwaukee, WI.
• Organizer, OSD Invitational Workshop on Software Issues in Advanced Computing, GMU, September 17 and 18, 2009
• USENIX Campus Rep, George Mason University (2009-2010)
• Organizer and Lead: "Working Group: Hacker Curriculum", The 13^th Colloquium for Information Systems Security Education (CISSE) June 1-3, 2009. Seattle, Washington.

Funding and Support

• PI, NSERC ECA supplement ($5,000)
• PI, "Supporting Software Security by Measuring, Coordinating, and Enforcing Software Trustworthiness" NSERC Discovery Grant 2011-2016 ($145,000 total; $29,000/year)
• PI, "Complex Event Detection in Video and Communications", Phase 1 STTR with ObjectVideo (prime sponsor: US Navy). June 2010 - March 2011 ($33,000)
• PI, "Secure Information Mentoring and Training (SISMAT): Designing and Managing SISMAT 2010", subcontract from the Institute for Security, Technology, and Society, Dartmouth College/US DHS. January 2010 - September 2010. ($14,249).
• PI (co-PIs Angelos Stavrou and Duminda Wijesekera, GMU & Max Pala, Dartmouth College), "Securing the Railway IT Infrastructure", I3P Planning Project Grant, November 2009 - March 2010. ($60,000)
• PI (co-PI Sushil Jajodia and Angelos Stavrou), "Workshop on Software Issues in Advanced Computing", OSD/ARO Workshop Grant, July 2009 - September 2009. ($24,654.81).
• IASP award for Dartmouth ISTS (with Sean Smith and Sergey Bratus), "Strengthening Dartmouth's Information Security Education and Outreach Initiatives" NSA CAE IASP Capacity Building Program. August 2009 - August 2010. ($32,000).
• PI, "SISMAT 2009: Secure Information Systems Mentoring and Training", subcontract from the Institute for Security, Technology, and Society, Dartmouth College. March 2009 - July 2009. ($21,963).
• Co-PI (with Duminda Wijesekera and Angelos Stavrou), "Secure, Patient-Specified Policy-Based Dissemination of Health Records", Bioengineering Seed Grant, Volgenau School of Information Technology and Engineering, GMU. January 2009 - January 2010. ($42,500).
• Cisco Equipment Gift (with Sean Smith). Institute for Security, Technology, and Society, Dartmouth College. November 2008. ($201,000).
• I3P Fellow. "Flexible and Automatic Dataflow Tagging and Control for User--Level Programs", Institute for Information Infrastructure Protection (I3P), August 2008 - August 2009. ($150,000).
• Co-PI (with David August at Princeton, and Sal Stolfo and Simha Sethumadhavan at Columbia), "Automatically Parallelizing Legacy Binary Code for Multi-Core Architectures via Extraction of Self-Similarity" DARPA, June 2008 - May 2009 ($300,000)
• USENIX Student Stipend, USENIX Security 2006
• USENIX Student Stipend, USENIX Annual Technical Conference 2005
• Charles H. Goldberg Award for Academic Excellence and Graduate Study in Computer Science, May 2002

Patents

1. US patent 8,381,295. "Systems and methods for correlating and distributing intrusion alert information among collaborating computer systems" Salvatore J. Stolfo, Talk Malkin, Angelos D. Keromytis, Vishal Misra, Michael E. Locasto, and Janak Parekh. Assigned to The Trustees of Columbia University in the City of New York. Filed 9 July 2010. Granted 19 February 2013.
2. US patent 7,962,798. "Methods, systems and media for software self-healing" Michael E. Locasto, Angelos D. Keromytis, Salvatore J. Stolfo, Angelos Stavrou, Gabriela Cretu, Stylianos Sidiroglou, Jason Nieh, and Oren Laadan. Assigned to The Trustees of Columbia University in the City of New York. Filed April 2006. Granted 14 June 2011.
3. US patent 7,784,097. "Systems and methods for correlating and distributing intrusion alert information among collaborating computer systems" Salvatore J. Stolfo, Angelos D. Keromytis, Vishal Misra, Michael E. Locasto, and Janak Parekh. Assigned to The Trustees of Columbia University in the City of New York. Filed November 2004. Granted 24 August 2010.
4. US patent 7,779,463. "Systems and methods for correlating and distributing intrusion alert information among collaborating computer systems" Salvatore J. Stolfo, Tal Malkin, Angelos D. Keromytis, Vishal Misra, Michael E. Locasto, and Janak Parekh. Assigned to The Trustees of Columbia University in the City of New York. Filed June 2004. Granted 17 August 2010.
5. US patent 7,490,268. "Methods and systems for repairing applications." Angelos D. Keromytis, Michael E. Locasto, and Stylianos Sidiroglou. Assigned to The Trustees of Columbia University in the City of New York. Filed June 2004 and June 2005. Granted 10 February 2009.

Journal Publications (refereed)

1. Security Applications of Formal Language Theory.

   Len Sassaman, Meredith L. Patterson, Sergey Bratus, and Michael Locasto. IEEE Systems Journal: Special Issue on Security and Privacy in Complex Systems. Sushil Jajodia and Pierangela Samarati, Ed. 2012. (to appear)

2. Intrusion Detection For Resource-constrained Embedded Control Systems in the Power Grid.

   Jason Reeves, Ashwin Ramaswamy, Michael Locasto, Sergey Bratus and Sean Smith. International Journal of Critical Infrastructure Protection. Vol. 5, Issue 2. pp 74--83. (July 2012) doi:10.1016/j.ijcip.2012.02.002
   (official journal link)

3. Katana: Towards Patching as a Runtime Part of the Compiler-Linker-Loader Toolchain..

   Sergey Bratus, James Oakley, Ashwin Ramaswamy, Sean W. Smith, and Michael E. Locasto. International Journal of Secure Software Engineering. (to appear)

4. On the Infeasibility of Modeling Polymorphic Shellcode: Re-thinking the Role of Learning in Intrusion Detection Systems.

   Yingbo Song, Michael E. Locasto, Angelos Stavrou, Angelos D. Keromytis, and Salvatore J. Stolfo. Machine Learning, Volume 81 Issue 2. November 2010. Publisher: Kluwer Academic Publishers

5. On The General Applicability of Instruction-Set Randomization.

   Stephen W. Boyd, Gaurav S. Kc, Michael E. Locasto, Angelos D. Keromytis, and Vassilis Prevelakis. IEEE Transactions on Dependable and Secure Computing. Volume 7 Issue 3, July 2010. Publisher: IEEE Computer Society Press, Los Alamitos, CA, USA.

6. Hardware Support For Self-Healing Software Services.

   Stelios Sidiroglou, Michael E. Locasto, and Angelos D. Keromytis. In ACM SIGARCH Computer Architecture News, vol. 33, no. 1, pp. 42--47. March 2005. Also appeared in the Proceedings of the Workshop on Architectural Support for Security and Anti-Virus (WASSA), held in conjunction with the 11^th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS-XI), pp. 37--43. October 2004. Boston, MA.

Articles and Viewpoints (edited; non-refereed)

1. Exploit Programming: From Buffer Overflows to "Weird Machines" and Theory of Computation.

   Sergey Bratus, Michael E. Locasto, Meredith L. Patterson, Len Sassaman, and Anna Shubina. USENIX ;login: vol. 36, no. 6, pp. 13--21 December 2011.

2. A Failure-based Discipline of Trustworthy Computer Systems.

   Michael E. Locasto and Matthew C. Little. IEEE Security and Privacy, vol. 9, no. 4, pp. 71-75 July/Aug. 2011, doi:.

3. The Ephemeral Legion: Producing an Expert Cyber-security Workforce from Thin Air.

   Michael E. Locasto, Anup Ghosh, Sushil Jajodia, and Angelos Stavrou. Communications of the ACM, 2011. Vol. 54, Issue 1, pp 129--131. DOI

4. Bickering-in-Depth: Rethinking the Composition of Competing Security Systems.

   Michael E. Locasto, Sergey Bratus, and Brian Schulte. IEEE Security and Privacy, vol. 7, no. 6, pp. 77-81, Nov./Dec. 2009, doi:10.1109/MSP.2009.189.

5. Helping Students 0wn Their Own Code.

   Michael E. Locasto. IEEE Security and Privacy, vol. 7, no. 3, pp. 53-56, May/June 2009.

6. The Hidden Difficulties of Watching and Rebuilding Networks.

   Michael E. Locasto and Angelos Stavrou. IEEE Security and Privacy, vol. 6, no. 2, pp. 79-82, Mar/Apr, 2008.

7. Using the Web to Enhance and Transform Education.

   Michael J. Hulme and Michael E. Locasto. ACM Crossroads 10.1. Fall 2003.

Conference Publications (refereed)

1. // TODO: Help Students Improve Commenting Practices

   Peter J. DePasquale, Michael E. Locasto, Lisa Kaczmarczyk, and Mike Martinovic. Proceedings of the IEEE Frontiers in Education Conference (FIE 2012). October 2012. (ieee-explore link)
   

2. Using Active Intrusion Detection to Recover Network Trust

   John F. Williamson, Sergey Bratus, Michael E. Locasto, and Sean W. Smith. Proceedings of the 25^th Large Installation System Administration Conference (LISA). USENIX Association. December 2011.
   (acceptance rate: 46.8%)

3. Lightweight Intrusion Detection for Resource-Constrained Embedded Control Systems

   Jason Reeves, Ashwin Ramaswamy, Michael E. Locasto, Sergey Bratus, and Sean W. Smith. Proceedings of the Fifth Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, 2011.
   

4. SegSlice: Towards a New Class of Secure Programming Primitives for Trustworthy Platforms.

   Sergey Bratus, Michael E. Locasto, and Brian R. Schulte. Proceedings of the 3^rd International Conference on Trust and Trustworthy Computing (TRUST 2010). 21-23 June 2010. Berlin, Germany.
   

5. Teaching the Principles of the Hacker Curriculum to Undergraduates.

   Sergey Bratus, Anya Shubina, and Michael E. Locasto. In Proceedings of the 41^st ACM Technical Symposium on Computer Science Education (SIGCSE 2010). Milwaukee, WI, USA. March 10--14, 2010.
   

6. Pushing Boulders Uphill: The Difficulty of Network Intrusion Recovery.

   Michael E. Locasto, Matthew Burnside, and Darrell Bethea. The 23^rd Large Installation System Administration Conference (LISA 2009). Baltimore, MD, USA. November 1--6, 2009.
   

7. Adaptive Anomaly Detection via Self-Calibration and Dynamic Updating.

   Gabriela F. Cretu-Ciocarlie, Angelos Stavrou, Michael E. Locasto, and Salvatore J. Stolfo. The 12^th International Symposium on Recent Advances in Intrusion Detection (RAID 2009). Saint-Malo, Brittany, France. September 23-25, 2009.
   

8. An Experience Report on Undergraduate Cyber-Security Education and Outreach.

   Michael E. Locasto and Sara Sinclair. The Second Annual Conference on Education in Information Security (ACEIS 2009). February 2009. Ames, IA, USA.
   (best paper award)

9. New Directions for Hardware-assisted Trusted Computing Policies.

   Sergey Bratus, Michael E. Locasto, Ashwin Ramaswamy, and Sean W. Smith. Conference on the Future of Trust in Computing (FTC 2008). DOI 10.1007/978-3-8348-9324-6_3. June 2008. Berlin, Germany.
   

10. Pushback for Overlay Networks: Protecting against Malicious Insiders.

    Angelos Stavrou, Michael E. Locasto, and Angelos D. Keromytis. In the Proceedings of the 6^th Applied Cryptography and Network Security Conference (ACNS 2008). June 3--6, 2008. New York, NY.

11. Casting Out Demons: Sanitizing Training Data for Anomaly Sensors.

    Gabriela F. Cretu, Angelos Stavrou, Michael E. Locasto, Salvatore J. Stolfo, and Angelos D. Keromytis. In the Proceedings of the IEEE Symposium on Security and Privacy. May 2008, Oakland, California, USA.
    (Acceptance Rate: 11.2%)

12. SSARES: Secure Searchable Automated Remote Email Storage.

    Adam J. Aviv, Michael E. Locasto, Shaya Potter, and Angelos D. Keromytis. In the Proceedings of the 23^rd Annual Computer Security Applications Conference (ACSAC 2007). December 2007, Miami Beach, FL.
    (Acceptance rate: 22%)

13. Defending Against Next Generation Attacks Through Network/Endpoint Collaboration and Interaction.

    Spiros Antonatos, Michael E. Locasto, Stelios Sidiroglou, Angelos D. Keromytis, and Evangelos Markatos. In the Proceedings of the 3^rd European Conference on Computer Network Defense (EC2ND). October 2007, Heraclion, Greece.
    (invited paper)

14. On the Infeasibility of Modeling Polymorphic Shellcode.

    Yingbo Song, Michael E. Locasto, Angelos Stavrou, Angelos D. Keromytis, and Salvatore J. Stolfo. In the Proceedings of the 14^th ACM Conference on Computer and Communications Security (CCS 2007). pp. 541--551. October 2007, Alexandria, VA. A portion of the material in this paper appears in an exploratory form in the Columbia University CS Tech Report CUCS-007-07.
    (Acceptance rate: 18.15%)

15. From STEM to SEAD: Speculative Execution for Automated Defense.

    Michael E. Locasto, Angelos Stavrou, Gabriela F. Cretu, and Angelos D. Keromytis. In Proceedings of the USENIX Annual Technical Conference (USENIX ATC 2007). pp. 219--232. June 2007, Santa Clara, CA. An early draft of this work is available as Columbia University CS Tech Report CUCS-004-07.
    (Acceptance rate: 18.75%)

16. ShieldGen: Automated Data Patch Generation for Unknown Vulnerabilities with Informed Probing.

    Weidong Cui, Marcus Peinado, Helen J. Wang, and Michael E. Locasto. In Proceedings of the IEEE Symposium on Security and Privacy. May 2007, Oakland, California, USA.
    (Acceptance Rate: 11.7%)

17. W3Bcrypt: Encryption as a Stylesheet.

    Angelos Stavrou, Michael E. Locasto, and Angelos D. Keromytis. In Proceedings of the 4^th Applied Cryptography and Network Security Conference (ACNS 2006). pp. 349--364. June 6--9, 2006, Singapore. An earlier draft of this work is available as Columbia University CS Tech Report CUCS-003-06.
    (Acceptance Rate: 15.1%)

18. Software Self-Healing Using Collaborative Application Communities.

    Michael E. Locasto, Stelios Sidiroglou, and Angelos D. Keromytis. In the Proceedings of the Internet Society (ISOC) Symposium on Network and Distributed Systems Security (NDSS 2006). pp. 95--106. February 2006, San Diego, CA.
    (Acceptance Rate: 13.6%)

19. FLIPS: Hybrid Adaptive Intrusion Prevention.

    Michael E. Locasto, Ke Wang, Angelos D. Keromytis, and Salvatore J. Stolfo. In Proceedings of the 8^th International Symposium on Recent Advances in Intrusion Detection (RAID 2005). pp. 82--101. Sept. 7-9, 2005. Seattle, WA.
    (Acceptance rate: 20.4%)

20. Building A Reactive Immune System for Software Services.

    Stelios Sidiroglou, Michael E. Locasto, Stephen W. Boyd, and Angelos D. Keromytis. In Proceedings of the USENIX Annual Technical Conference, pp. 149--161. April 2005. An earlier version of this paper is available as Columbia University CS Tech Report CUCS-038-04.
    (Acceptance rate: 20.3%)

21. CamouflageFS: Increasing the Effective Key Length in Cryptographic Filesystems on the Cheap.

    Michael E. Locasto and Angelos D. Keromytis. In Proceedings of the 2^nd Applied Cryptography and Network Security Conference (ACNS 2004), pp. 1--15. June 2004. Yellow Mountain, China.
    (Acceptance rate: 12.1%)

Workshop Publications (refereed)

1. Babel: A Secure Computer is a Polyglot.

   John Aycock, Daniel Medeiros Nunes de Castro, Michael E. Locasto, and Chris Jarabek. Proceedings of the ACM Cloud Computing Security Workshop (CCSW) October 2012.

2. LoSt: Location Based Storage.

   Gaven J. Watson, Reihaneh Safavi-Naini, Mohsen Alimomeni, Michael E. Locasto, and Shivaramakrishnan Narayan. Proceedings of the ACM Cloud Computing Security Workshop (CCSW) October 2012.

3. Software diversity: Security, Entropy and Game Theory.

   Saran Neti, Anil Somayaji, and Michael E. Locasto. Proceedings of the 7^th USENIX Workshop on Hot Topics in Security August 2012. Bellvue, WA, USA.

4. Composition Patterns of Hacking.

   Sergey Bratus, Julian Bangert, Alexandar Gabrovsky, Anna Shubina, Daniel Bilar, and Michael E. Locasto. Proceedings of the 1^st International Workshop on Cyber Patterns. pp. 80-85. 9-10 July 2012, Abingdon, Oxfordshire, UK

5. Security and Privacy Considerations in Digital Death.

   Michael E. Locasto, Michael Massimi, and Peter J. DePasquale. Proceedings of the 20^th New Security Paradigms Workshop (NSPW 2011). September 12-15 2011. Marin County, CA, USA.

6. Multimodal Complex Event Detection Framework for Wide Area Surveillance.

   Himaanshu Gupta, Li Yu, Asaad Hakeem, Tae Eun Choe, Niels Haering, and Michael E. Locasto. Proceedings of the 1^st IEEE Workshop on Camera Networks and Wide Area Scene Analysis (held with CVPR 2011). 20 June 2011. Colorado, USA.

7. Trust Distribution Diagrams: Theory and Applications.

   Michael E. Locasto, Steven J. Greenwald, and Sergey Bratus. Proceedings of the 4^th Layered Assurance Workshop (LAW 2010). December 2010. Austin, TX, USA.

8. VM-based Security Overkill: A Lament for Applied Systems Security Research.

   Sergey Bratus, Michael E. Locasto, Ashwin Ramaswamy, and Sean W. Smith. Proceedings of the 19^th New Security Paradigms Workshop (NSPW 2010). September 2010. Concord, MA, USA.

9. Katana: A Hot Patching Framework for ELF Executables.

   Ashwin Ramaswamy, Sergey Bratus, Michael E. Locasto, and Sean W. Smith. In Proceedings of the 4^th International Workshop on Secure Software Engineering (SecSE 2010), held in conjunction with ARES 2010. February, 15-18, 2010. Andrzej Frycz Modrzewski Cracow College, Krakow, Poland.
   

10. The Cake is a Lie: Privilege Rings as a Policy Resource.

    Sergey Bratus, Peter Johnson, Michael E. Locasto, Ashwin Ramaswamy, and Sean W. Smith. In Proceedings of the 2^nd Workshop on Virtual Machine Security (VMSec 2009), held in conjunction with ACM CCS 2009.
    (position paper)

11. Keep Your Friends Close: The Necessity for Updating an Anomaly Sensor with Legitimate Environment Changes.

    Angelos Stavrou, Gabriela F. Cretu-Ciocarlie, Michael E. Locasto, and Salvatore J. Stolfo. In Proceedings of the 2^nd Workshop on Artificial Intelligence and Security (AISec 2009), held in conjunction with ACM CCS 2009.
    (position paper)

12. Dartmouth Internet Security Testbed (DIST): Building a Campus-wide Wireless Testbed.

    Sergey Bratus, David Kotz, Michael E. Locasto, Keren Tan, William Taylor, Anna Shubina, and Bennet Vance. In Proceedings of the 2^nd Workshop on Cyber-Security Experimentation and Test (CSET 2009), held in conjunction with USENIX Security 2009. October 31, 2009. Montreal, CA.
    

13. Traps, Events, Emulation, and Enforcement: Managing the Yin and Yang of Virtualization-based Security.

    Sergey Bratus, Michael E. Locasto, Ashwin Ramaswamy, and Sean W. Smith. In Proceedings of the 1^st Workshop on Virtual Machine Security (VMSec 2008), held in conjunction with ACM CCS 2008. October 31, 2008. Alexandria, VA.

14. Online Network Forensics for Automatic Repair Validation.

    Michael E. Locasto, Matthew Burnside, and Angelos D. Keromytis. In Proceedings of the 3^rd International Workshop on Security (IWSEC 2008), pp. 136-151. November 25-27, 2008, Kagawa, Japan.

15. Return Value Predictability Profiles for Self-Healing.

    Michael E. Locasto, Angelos Stavrou, Gabriela F. Cretu, Angelos D. Keromytis, and Salvatore J. Stolfo. In Proceedings of the 3^rd International Workshop on Security (IWSEC 2008), pp. 152-166. November 25-27, 2008, Kagawa, Japan.

16. Research Directions for Network Intrusion Recovery.

    Michael E. Locasto, Matthew Burnside, and Darrell Bethea. SOUPS Workshop on Usable IT Security Management (USM) 2008. July 23, 2008, Pittsburgh, PA USA.
    (invited, unpublished position paper; see our LISA 2009 paper for a full treatment of this topic)

17. Online Training and Sanitization of AD Systems (poster/extended abstract).

    Gabriela F. Cretu, Angelos Stavrou, Michael E. Locasto, and Salvatore J. Stolfo. NIPS 2007 Workshop on Machine Learning in Adversarial Environments for Computer Security. December 2007. Whistler, B.C., Canada.

18. Panel: The Future of Biologically-Inspired Security: Is There Anything Left to Learn?.

    Anil Somayaji, Michael Locasto, and Jan Feyereisl. In Proceedings of the 16^th New Security Paradigms Workshop (NSPW 2007). September 2007, White Mountain Hotel and Resort, New Hampshire, USA.
    (invited panel)

19. Self-Healing: Science, Engineering, and Fiction.

    Michael E. Locasto. In proceedings of the 16^th New Security Paradigms Workshop (NSPW 2007). September 2007, White Mountain Hotel and Resort, New Hampshire, USA.

20. Dark Application Communities.

    Michael E. Locasto, Angelos Stavrou, and Angelos D. Keromytis. In the proceedings of the 15^th New Security Paradigms Workshop (NSPW 2006). September 2006, Schloss Dagstuhl, Germany.

21. PalProtect: A Collaborative Security Approach to Comment Spam.

    Benny Wong, Michael E. Locasto, and Angelos D. Keromytis. In Proceedings of the IEEE Information Assurance Workshop (IAW 2006). June 2006, West Point, NY. An earlier draft of this work is available as Columbia University CS Tech Report CUCS-014-06.

22. Speculative Virtual Verification: Policy-Constrained Speculative Execution.

    Michael E. Locasto, Stelios Sidiroglou, and Angelos D. Keromytis. In Proceedings of the 14^th New Security Paradigms Workshop (NSPW 2005). pp. 119--124. Sept. 20-23, 2005. Lake Arrowhead, CA.

23. Application Communities: Using Monoculture for Dependability.

    Michael E. Locasto, Stelios Sidiroglou, and Angelos D. Keromytis. In Proceedings of the 1^st Workshop on Hot Topics in System Dependability (HotDep-05), held in conjunction with the International Conference on Dependable Systems and Networks (DSN 2005). pp. 288--292. June 30, 2005. Yokohama, Japan.

24. Towards Collaborative Security and P2P Intrusion Detection.

    Michael E. Locasto, Janak Parekh, Angelos D. Keromytis, and Salvatore J. Stolfo. In Proceedings of the IEEE Information Assurance Workshop (IAW). pp. 333--339. June 15-17, 2005. West Point, NY. An earlier form of this paper appeared as Columbia University CS Tech Report CUCS-012-04.

Books/Chapters

1. CPU Exhaustion Denial-of-Service

   Michael E. Locasto. In Henk C.A. van Tilborg and Sushil Jajodia, editors, Encyclopedia of Cryptography and Security, 2nd Edition. Springer, 2010.
   

2. Catch, Clean, and Release: A Survey of Obstacles and Opportunities for Network Trace Sanitization.

   Keren Tan, Jihwang Yeo, Michael E. Locasto and David Kotz. In Francesco Bonchi and Elena Ferrari, editors, Privacy-Aware Knowledge Discovery: Novel Applications and New Techniques, Chapman and Hall/CRC Press, February, 2009. Copyright © 2009 by Chapman and Hall/CRC Press.
   

3. Integrity Postures for Software Self-Defense.

   Michael Locasto. PhD Thesis. Columbia University. 2008.

Selected Talks

• "Studying Risk, Wreckage, and Errors" ISPIA Community Engagement Workshop, 20 Feb 2013.
• "The Virtues of Bolt-on Security" ISPIA Research Day Talk, 1 Dec 2012.
• "21st Centurary Privacy" ISPIA Research Day Talk, 1 Dec 2012.
• "Studying Risk, Wreckage, and Errors" UofC Computer Science Undergraduate Society "Directions in Computer Science", 3 Feb 2012.
• "Deep Introspection"Invited speaker, Computer Science Dept., Purdue University 26 Sept 2011.
• "Reflections from the Afterlife of a University Startup", CPSC Industry Day, 3 March 2011. Calgary, AB.
• "VM-Based Security Overkill", Calgary SPIE Group, 24 Febrary 2011. Calgary, AB
• "VM-Based Security Overkill", ACSAC 2010, NSPW Panel, December 2010. Austin, TX
• "Design Tools and Patterns for Trust Migration" GMU Workshop on Moving Target Defense, October 2010. Fairfax, VA.
• "Trust ^ Verify: How to Avoid Bickering-in-Depth", BAE-GMU Seminar, November 6, 2009. Reston, VA.
• "Trust ^ Verify: How to Avoid Bickering-in-Depth", CSIS Seminar, July 9, 2009. Fairfax, VA.
• "Data-Oriented Debugging", I3P Meeting. University of Tulsa, 6-7 April 2009.
• "On Reviewing", NDSS 2009 Works-in-Progress Session. Feburuary 2009.
• "SISMAT: Secure Information Systems Mentoring and Training", Panel Moderator, Securing the eCampus 2008. Dartmouth College, 12 November 2008.
• "Virtualization Security Panel Discussion", ACM VMSec 2008 Workshop.
• "Preparing the Agile Cyber Defender at Dartmouth", SAFTAS Workshop on Preparing the Agile Cyber Defender, 28 & 29 May 2008.
• "Research Directions for Network Intrusion Recovery", UBC LERSSE Group, 7 May 2008
• "ARV: Automatic Repair Validation", USENIX Security Work-in-Progress (WIP) Report, 4 August 2006
• "W3Bcrypt: Encryption as a Stylesheet", Stony Brook University SecLab seminar, 14 December 2005
• "SVV: Policy-Constrained Speculative Execution", ACSAC 2005, NSPW Panel, 8 December 2005
• "Host and Network Defense Systems for Intrusion Reaction", PhD Candidacy Exam. 30 November 2004, Columbia University.
• "Collaborative Security: P2P Intrusion Detection", 23 September 2004, TCNJ FACTS Seminar
• "Code Red Worm Propagation Modeling and Analysis", 21 March 2003, TCNJ FACTS Seminar

Honors, Awards, Professional Memberships

• I3P Fellow, August 2008 - August 2009
• Member of the USENIX Association
• Phi Kappa Phi National Honor Society
• Upsilon Pi Epsilon (UPE) CS Honor Society
• 1^st Place in Student Poster competition, Consortium for Computing in Small Colleges Northeast (CCSCNE), April 2002
• TCNJ Merit Scholarship, Fall 1998 - Spring 2002
• Edward J. Blounstein Distinguished Scholar (Garden State Scholar), Fall 1998 - Spring 2002
• Finalist, National Merit Scholarship Competition

Technical Reports & Work In Progress

1. Babel: A Secure Computer is a Polyglot.

   John Aycock, Daniel Medeiros Nunes de Castro, Michael E. Locasto, and Chris Jarabek. Technical Report TR2012-1026-09. Department of Computer Science, University of Calgary. June 2012.

2. Beyond SELinux: the Case for Behavior-Based Policy and Trust Languages.

   Sergey Bratus, Michael E. Locasto, Boris Otto, Rebecca Shapiro, Sean W. Smith, and Gabriel Weaver. Technical Report TR2011-701. Department of Computer Science, Dartmouth College. August 2011.

3. Katana: A Hot Patching Framework for ELF Executables.

   Ashwin Ramaswamy, Sergey Bratus, Michael E. Locasto, and Sean W. Smith. Technical Report TR2009-657. Department of Computer Science, Dartmouth College. Septemeber 2009.

4. Life After Self-Healing: Assessing Post-Repair Program Behavior.

   Michael E. Locasto, Angelos Stavrou, and Grabriela F. Cretu. Tech Report GMU-CS-TR-2008-3. Department of Computer Science, George Mason University. Septemeber 2008.

5. Building a Better Mousetrap: Scriptable and Semantically Expressive Hardware-assisted Memory Trapping.

   Sergey Bratus, Michael E. Locasto, Ashwin Ramaswamy, and Sean W. Smith. Tech Report TR2008-627. Department of Computer Science, Dartmouth College. July 2008.

6. Post-Patch Retraining for Host-Based Anomaly Detection.

   Michael E. Locasto, Gabriela F. Cretu, Shlomo Hershkop, and Angelos Stavrou. Tech Report CUCS-035-07. Department of Computer Science, Columbia University. October 2007.

7. Speculative Execution as an Operating System Service.

   Michael E. Locasto and Angelos D. Keromytis. Tech Report CUCS-024-06. Department of Computer Science, Columbia University. May 2006.

8. Quantifying Application Behavior Space for Detection and Self-Healing.

   Michael E. Locasto, Angelos Stavrou, Gabriela F. Cretu, Angelos D. Keromytis and Salvatore J. Stolfo. Tech Report CUCS-017-06. Department of Computer Science, Columbia University. April 2006.

9. Bloodhound: Searching Out Malicious Input in Network Flows for Automatic Repair Validation.

   Michael E. Locasto, Matthew Burnside, and Angelos D. Keromytis. Tech Report CUCS-016-06. Department of Computer Science, Columbia University. April 2006.

10. PachyRand: SQL Randomization for the PostgreSQL JDBC Driver.

    Michael E. Locasto and Angelos D. Keromytis. Tech Report CUCS-033-05. Department of Computer Science, Columbia University. October 2004.

11. AIMEncrypt: A Case Study of the Dangers of Cryptographic Urban Legends.

    Michael E. Locasto. Technical Report CUCS-030-03. Department of Computer Science, Columbia University, Fall 2003.

12. SPCL: Structured Policy Command Language

    Michael E. Locasto, M. Burnside, C. Li, A. Wahl. Spring 2003.

13. PCXSES: Protocol for Code Exchange in Survivable Embedded Systems

    Michael E. Locasto. Fall 2002.