Michael E. Locasto - Curriculum Vitae

prof [.] locasto [at] gmail [.] com

Academic Positions

Education

PhD, Computer Science, May 2008
   Columbia University, New York City, NY
   Thesis Title: Integrity Postures for Software Self--Defense (awarded with distinction)
   Advisor: Dr. Angelos D. Keromytis

M.Phil., Computer Science, February 2006
   Columbia University, New York City, NY

M.Sc., Computer Science, February 2004
   Columbia University, New York City, NY

B.Sc., Computer Science, May 2002
   The College of New Jersey (TCNJ), Ewing, NJ
   Dean's List, magna cum laude

Teaching Experience

Student Thesis Committee Service

Conference Organization

Program Committee Service

Other Service and Activities

Funding and Support

Patents

  1. US patent 8,763,2013. "Systems and Methods for Inhibiting Attacks on Applications" Michael E. Locasto, Salvatore J. Stolfo, Angelos D. Keromytis, and Ke Wang. Assigned to The Trustees of Columbia University in the City of New York. Filed 21 April 2006. Granted 24 June 2014.
  2. US patent 8,667,588. "Systems and methods for correlating and distributing intrusion alert information among collaborating computer systems " Salvatore J. Stolfo, Angelos D. Keromytis, Vishal Misra, Michael E. Locasto, and Janak Parekh. Assigned to The Trustees of Columbia University in the City of New York. Filed 15 July 2010. Granted 4 March 2014.
  3. US patent 8,613,096. "Automatic Data Patch Generation for Unknown Vulnerabilities" Peinado; Marcus, Cui; Weidong, Wang; Jiahe Helen, and Michael E. Locasto. Assigned to Microsoft Corporation (Redmond, WA). Filed 30 November 2007. Granted 17 December 2013.
  4. US patent 8,407,160. "Systems, methods, and media for generating sanitized data, sanitizing anomaly detection models, and/or generating sanitized anomaly detection models" Gabriela Cretu, Angelos Stavrou, Salvatore J. Stolfo, Angelos D. Keromytis, and Michael E. Locasto. Assigned to the Trustees of Columbia University in the City of New York. Filed 15 November 2007. Granted 26 March 2013.
  5. US patent 8,381,295. "Systems and methods for correlating and distributing intrusion alert information among collaborating computer systems" Salvatore J. Stolfo, Talk Malkin, Angelos D. Keromytis, Vishal Misra, Michael E. Locasto, and Janak Parekh. Assigned to The Trustees of Columbia University in the City of New York. Filed 9 July 2010. Granted 19 February 2013.
  6. US patent 7,962,798. "Methods, systems and media for software self-healing" Michael E. Locasto, Angelos D. Keromytis, Salvatore J. Stolfo, Angelos Stavrou, Gabriela Cretu, Stylianos Sidiroglou, Jason Nieh, and Oren Laadan. Assigned to The Trustees of Columbia University in the City of New York. Filed April 2006. Granted 14 June 2011.
  7. US patent 7,784,097. "Systems and methods for correlating and distributing intrusion alert information among collaborating computer systems" Salvatore J. Stolfo, Angelos D. Keromytis, Vishal Misra, Michael E. Locasto, and Janak Parekh. Assigned to The Trustees of Columbia University in the City of New York. Filed November 2004. Granted 24 August 2010.
  8. US patent 7,779,463. "Systems and methods for correlating and distributing intrusion alert information among collaborating computer systems" Salvatore J. Stolfo, Tal Malkin, Angelos D. Keromytis, Vishal Misra, Michael E. Locasto, and Janak Parekh. Assigned to The Trustees of Columbia University in the City of New York. Filed June 2004. Granted 17 August 2010.
  9. US patent 7,490,268. "Methods and systems for repairing applications." Angelos D. Keromytis, Michael E. Locasto, and Stylianos Sidiroglou. Assigned to The Trustees of Columbia University in the City of New York. Filed June 2004 and June 2005. Granted 10 February 2009.

Journal Publications (refereed)

  1. Security Applications of Formal Language Theory.
    Len Sassaman, Meredith L. Patterson, Sergey Bratus, and Michael Locasto. IEEE Systems Journal: Special Issue on Security and Privacy in Complex Systems. Sushil Jajodia and Pierangela Samarati, Ed. Volume 7, Issue 3. September 2013. pp489--500.
  2. Intrusion Detection For Resource-constrained Embedded Control Systems in the Power Grid.
    Jason Reeves, Ashwin Ramaswamy, Michael Locasto, Sergey Bratus and Sean Smith. International Journal of Critical Infrastructure Protection. Vol. 5, Issue 2. pp 74--83. (July 2012) doi:10.1016/j.ijcip.2012.02.002
    (official journal link)
  3. Katana: Towards Patching as a Runtime Part of the Compiler-Linker-Loader Toolchain..
    Sergey Bratus, James Oakley, Ashwin Ramaswamy, Sean W. Smith, and Michael E. Locasto. International Journal of Secure Software Engineering. Volume 1, Issue 3. 2010. 17 pages.
  4. On the Infeasibility of Modeling Polymorphic Shellcode: Re-thinking the Role of Learning in Intrusion Detection Systems.
    Yingbo Song, Michael E. Locasto, Angelos Stavrou, Angelos D. Keromytis, and Salvatore J. Stolfo. Machine Learning, Volume 81 Issue 2. November 2010. Publisher: Kluwer Academic Publishers
  5. On The General Applicability of Instruction-Set Randomization.
    Stephen W. Boyd, Gaurav S. Kc, Michael E. Locasto, Angelos D. Keromytis, and Vassilis Prevelakis. IEEE Transactions on Dependable and Secure Computing. Volume 7 Issue 3, July 2010. Publisher: IEEE Computer Society Press, Los Alamitos, CA, USA.
  6. Hardware Support For Self-Healing Software Services.
    Stelios Sidiroglou, Michael E. Locasto, and Angelos D. Keromytis. In ACM SIGARCH Computer Architecture News, vol. 33, no. 1, pp. 42--47. March 2005. Also appeared in the Proceedings of the Workshop on Architectural Support for Security and Anti-Virus (WASSA), held in conjunction with the 11th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS-XI), pp. 37--43. October 2004. Boston, MA.

Articles and Viewpoints (edited; non-refereed)

  1. Why Offensive Security Needs Engineering Textbooks: Or, How to Avoid a Replay of 'Crypto Wars' in Security Research.
    Sergey Bratus, Ivan Arce, Michael E. Locasto, and Stefano Zanero. USENIX ;login: vol. 39, Issue 4, pp. 6--11. August 2014.
  2. Beyond Planted Bugs in 'Trusting Trust': The Input-Processing Frontier.
    Sergey Bratus, Trey Darley, Michael E. Locasto, Meredith L. Patternson, R.B. Shapiro, and Anna Shubina. IEEE Security and Privacy, vol. 12, Issue 1, pp. 83-87 Jan/Feb 2014. doi:.
  3. Exploit Programming: From Buffer Overflows to "Weird Machines" and Theory of Computation.
    Sergey Bratus, Michael E. Locasto, Meredith L. Patterson, Len Sassaman, and Anna Shubina. USENIX ;login: vol. 36, no. 6, pp. 13--21 December 2011.
  4. A Failure-based Discipline of Trustworthy Computer Systems.
    Michael E. Locasto and Matthew C. Little. IEEE Security and Privacy, vol. 9, no. 4, pp. 71-75 July/Aug. 2011, doi:.
  5. The Ephemeral Legion: Producing an Expert Cyber-security Workforce from Thin Air.
    Michael E. Locasto, Anup Ghosh, Sushil Jajodia, and Angelos Stavrou. Communications of the ACM, 2011. Vol. 54, Issue 1, pp 129--131. DOI
  6. Bickering-in-Depth: Rethinking the Composition of Competing Security Systems.
    Michael E. Locasto, Sergey Bratus, and Brian Schulte. IEEE Security and Privacy, vol. 7, no. 6, pp. 77-81, Nov./Dec. 2009, doi:10.1109/MSP.2009.189.
  7. Helping Students 0wn Their Own Code.
    Michael E. Locasto. IEEE Security and Privacy, vol. 7, no. 3, pp. 53-56, May/June 2009.
  8. The Hidden Difficulties of Watching and Rebuilding Networks.
    Michael E. Locasto and Angelos Stavrou. IEEE Security and Privacy, vol. 6, no. 2, pp. 79-82, Mar/Apr, 2008.
  9. Using the Web to Enhance and Transform Education.
    Michael J. Hulme and Michael E. Locasto. ACM Crossroads 10.1. Fall 2003.

Conference Publications (refereed)

  1. Teaching Cybersecurity Analysis Skills in the Cloud
    Stefan Boeson, Richard Weiss, James Sullivan, Michael E. Locasto, Jens Mache, and Erik Nilsen. to appear in Proceedings of the ACM Symposium on Computer Science Education (SIGCSE 2015). March 2015.
  2. // TODO: Help Students Improve Commenting Practices
    Peter J. DePasquale, Michael E. Locasto, Lisa Kaczmarczyk, and Mike Martinovic. Proceedings of the IEEE Frontiers in Education Conference (FIE 2012). October 2012. (ieee-explore link)
  3. Using Active Intrusion Detection to Recover Network Trust
    John F. Williamson, Sergey Bratus, Michael E. Locasto, and Sean W. Smith. Proceedings of the 25th Large Installation System Administration Conference (LISA). USENIX Association. December 2011.
    (acceptance rate: 46.8%)
  4. Lightweight Intrusion Detection for Resource-Constrained Embedded Control Systems
    Jason Reeves, Ashwin Ramaswamy, Michael E. Locasto, Sergey Bratus, and Sean W. Smith. Proceedings of the Fifth Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, 2011.
  5. SegSlice: Towards a New Class of Secure Programming Primitives for Trustworthy Platforms.
    Sergey Bratus, Michael E. Locasto, and Brian R. Schulte. Proceedings of the 3rd International Conference on Trust and Trustworthy Computing (TRUST 2010). 21-23 June 2010. Berlin, Germany.
  6. Teaching the Principles of the Hacker Curriculum to Undergraduates.
    Sergey Bratus, Anya Shubina, and Michael E. Locasto. In Proceedings of the 41st ACM Technical Symposium on Computer Science Education (SIGCSE 2010). Milwaukee, WI, USA. March 10--14, 2010.
  7. Pushing Boulders Uphill: The Difficulty of Network Intrusion Recovery.
    Michael E. Locasto, Matthew Burnside, and Darrell Bethea. The 23rd Large Installation System Administration Conference (LISA 2009). Baltimore, MD, USA. November 1--6, 2009.
  8. Adaptive Anomaly Detection via Self-Calibration and Dynamic Updating.
    Gabriela F. Cretu-Ciocarlie, Angelos Stavrou, Michael E. Locasto, and Salvatore J. Stolfo. The 12th International Symposium on Recent Advances in Intrusion Detection (RAID 2009). Saint-Malo, Brittany, France. September 23-25, 2009.
  9. An Experience Report on Undergraduate Cyber-Security Education and Outreach.
    Michael E. Locasto and Sara Sinclair. The Second Annual Conference on Education in Information Security (ACEIS 2009). February 2009. Ames, IA, USA.
    (best paper award)
  10. New Directions for Hardware-assisted Trusted Computing Policies.
    Sergey Bratus, Michael E. Locasto, Ashwin Ramaswamy, and Sean W. Smith. Conference on the Future of Trust in Computing (FTC 2008). DOI 10.1007/978-3-8348-9324-6_3. June 2008. Berlin, Germany.
  11. Pushback for Overlay Networks: Protecting against Malicious Insiders.
    Angelos Stavrou, Michael E. Locasto, and Angelos D. Keromytis. In the Proceedings of the 6th Applied Cryptography and Network Security Conference (ACNS 2008). June 3--6, 2008. New York, NY.
  12. Casting Out Demons: Sanitizing Training Data for Anomaly Sensors.
    Gabriela F. Cretu, Angelos Stavrou, Michael E. Locasto, Salvatore J. Stolfo, and Angelos D. Keromytis. In the Proceedings of the IEEE Symposium on Security and Privacy. May 2008, Oakland, California, USA.
    (Acceptance Rate: 11.2%)
  13. SSARES: Secure Searchable Automated Remote Email Storage.
    Adam J. Aviv, Michael E. Locasto, Shaya Potter, and Angelos D. Keromytis. In the Proceedings of the 23rd Annual Computer Security Applications Conference (ACSAC 2007). December 2007, Miami Beach, FL.
    (Acceptance rate: 22%)
  14. Defending Against Next Generation Attacks Through Network/Endpoint Collaboration and Interaction.
    Spiros Antonatos, Michael E. Locasto, Stelios Sidiroglou, Angelos D. Keromytis, and Evangelos Markatos. In the Proceedings of the 3rd European Conference on Computer Network Defense (EC2ND). October 2007, Heraclion, Greece.
    (invited paper)
  15. On the Infeasibility of Modeling Polymorphic Shellcode.
    Yingbo Song, Michael E. Locasto, Angelos Stavrou, Angelos D. Keromytis, and Salvatore J. Stolfo. In the Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS 2007). pp. 541--551. October 2007, Alexandria, VA. A portion of the material in this paper appears in an exploratory form in the Columbia University CS Tech Report CUCS-007-07.
    (Acceptance rate: 18.15%)
  16. From STEM to SEAD: Speculative Execution for Automated Defense.
    Michael E. Locasto, Angelos Stavrou, Gabriela F. Cretu, and Angelos D. Keromytis. In Proceedings of the USENIX Annual Technical Conference (USENIX ATC 2007). pp. 219--232. June 2007, Santa Clara, CA. An early draft of this work is available as Columbia University CS Tech Report CUCS-004-07.
    (Acceptance rate: 18.75%)
  17. ShieldGen: Automated Data Patch Generation for Unknown Vulnerabilities with Informed Probing.
    Weidong Cui, Marcus Peinado, Helen J. Wang, and Michael E. Locasto. In Proceedings of the IEEE Symposium on Security and Privacy. May 2007, Oakland, California, USA.
    (Acceptance Rate: 11.7%)
  18. W3Bcrypt: Encryption as a Stylesheet.
    Angelos Stavrou, Michael E. Locasto, and Angelos D. Keromytis. In Proceedings of the 4th Applied Cryptography and Network Security Conference (ACNS 2006). pp. 349--364. June 6--9, 2006, Singapore. An earlier draft of this work is available as Columbia University CS Tech Report CUCS-003-06.
    (Acceptance Rate: 15.1%)
  19. Software Self-Healing Using Collaborative Application Communities.
    Michael E. Locasto, Stelios Sidiroglou, and Angelos D. Keromytis. In the Proceedings of the Internet Society (ISOC) Symposium on Network and Distributed Systems Security (NDSS 2006). pp. 95--106. February 2006, San Diego, CA.
    (Acceptance Rate: 13.6%)
  20. FLIPS: Hybrid Adaptive Intrusion Prevention.
    Michael E. Locasto, Ke Wang, Angelos D. Keromytis, and Salvatore J. Stolfo. In Proceedings of the 8th International Symposium on Recent Advances in Intrusion Detection (RAID 2005). pp. 82--101. Sept. 7-9, 2005. Seattle, WA.
    (Acceptance rate: 20.4%)
  21. Building A Reactive Immune System for Software Services.
    Stelios Sidiroglou, Michael E. Locasto, Stephen W. Boyd, and Angelos D. Keromytis. In Proceedings of the USENIX Annual Technical Conference, pp. 149--161. April 2005. An earlier version of this paper is available as Columbia University CS Tech Report CUCS-038-04.
    (Acceptance rate: 20.3%)
  22. CamouflageFS: Increasing the Effective Key Length in Cryptographic Filesystems on the Cheap.
    Michael E. Locasto and Angelos D. Keromytis. In Proceedings of the 2nd Applied Cryptography and Network Security Conference (ACNS 2004), pp. 1--15. June 2004. Yellow Mountain, China.
    (Acceptance rate: 12.1%)

Workshop Publications (refereed)

  1. Verifying Security Patches.
    Jonathan Gallagher, Robin Gonzalez, and Michael E. Locasto. Privacy and Security in Programming (PSP) October 2014.
  2. Panel: Models for Regulating the Software Development Industry.
    Ben Edwards, Michael E. Locasto, and Jeremy Epstein. New Security Paradigms Workshop (NSPW). September 2014
  3. EDURange: Meeting the Pedagogical Challenges of Student Participation in Cybertraining Environments.
    Stefan Boesen, Richard Weiss, James Sullivan, Michael E. Locasto, Jens Mache, and Erik Nilsen. USENIX Workshop on Cybersecurity Experimentation and Test (CSET). August 2014.
  4. An Experience Report Extracting and Viewing Memory Events via Wireshark.
    Sarah Laing, Michael E. Locasto, and John Aycock. USENIX Workshop on Offensive Technologies (WOOT). August 2014.
  5. Babel: A Secure Computer is a Polyglot.
    John Aycock, Daniel Medeiros Nunes de Castro, Michael E. Locasto, and Chris Jarabek. Proceedings of the ACM Cloud Computing Security Workshop (CCSW) October 2012.
  6. LoSt: Location Based Storage.
    Gaven J. Watson, Reihaneh Safavi-Naini, Mohsen Alimomeni, Michael E. Locasto, and Shivaramakrishnan Narayan. Proceedings of the ACM Cloud Computing Security Workshop (CCSW) October 2012.
  7. Software diversity: Security, Entropy and Game Theory.
    Saran Neti, Anil Somayaji, and Michael E. Locasto. Proceedings of the 7th USENIX Workshop on Hot Topics in Security August 2012. Bellvue, WA, USA.
  8. Composition Patterns of Hacking.
    Sergey Bratus, Julian Bangert, Alexandar Gabrovsky, Anna Shubina, Daniel Bilar, and Michael E. Locasto. Proceedings of the 1st International Workshop on Cyber Patterns. pp. 80-85. 9-10 July 2012, Abingdon, Oxfordshire, UK
  9. Security and Privacy Considerations in Digital Death.
    Michael E. Locasto, Michael Massimi, and Peter J. DePasquale. Proceedings of the 20th New Security Paradigms Workshop (NSPW 2011). September 12-15 2011. Marin County, CA, USA.
  10. Multimodal Complex Event Detection Framework for Wide Area Surveillance.
    Himaanshu Gupta, Li Yu, Asaad Hakeem, Tae Eun Choe, Niels Haering, and Michael E. Locasto. Proceedings of the 1st IEEE Workshop on Camera Networks and Wide Area Scene Analysis (held with CVPR 2011). 20 June 2011. Colorado, USA.
  11. Trust Distribution Diagrams: Theory and Applications.
    Michael E. Locasto, Steven J. Greenwald, and Sergey Bratus. Proceedings of the 4th Layered Assurance Workshop (LAW 2010). December 2010. Austin, TX, USA.
  12. VM-based Security Overkill: A Lament for Applied Systems Security Research.
    Sergey Bratus, Michael E. Locasto, Ashwin Ramaswamy, and Sean W. Smith. Proceedings of the 19th New Security Paradigms Workshop (NSPW 2010). September 2010. Concord, MA, USA.
  13. Katana: A Hot Patching Framework for ELF Executables.
    Ashwin Ramaswamy, Sergey Bratus, Michael E. Locasto, and Sean W. Smith. In Proceedings of the 4th International Workshop on Secure Software Engineering (SecSE 2010), held in conjunction with ARES 2010. February, 15-18, 2010. Andrzej Frycz Modrzewski Cracow College, Krakow, Poland.
  14. The Cake is a Lie: Privilege Rings as a Policy Resource.
    Sergey Bratus, Peter Johnson, Michael E. Locasto, Ashwin Ramaswamy, and Sean W. Smith. In Proceedings of the 2nd Workshop on Virtual Machine Security (VMSec 2009), held in conjunction with ACM CCS 2009.
    (position paper)
  15. Keep Your Friends Close: The Necessity for Updating an Anomaly Sensor with Legitimate Environment Changes.
    Angelos Stavrou, Gabriela F. Cretu-Ciocarlie, Michael E. Locasto, and Salvatore J. Stolfo. In Proceedings of the 2nd Workshop on Artificial Intelligence and Security (AISec 2009), held in conjunction with ACM CCS 2009.
    (position paper)
  16. Dartmouth Internet Security Testbed (DIST): Building a Campus-wide Wireless Testbed.
    Sergey Bratus, David Kotz, Michael E. Locasto, Keren Tan, William Taylor, Anna Shubina, and Bennet Vance. In Proceedings of the 2nd Workshop on Cyber-Security Experimentation and Test (CSET 2009), held in conjunction with USENIX Security 2009. October 31, 2009. Montreal, CA.
  17. Traps, Events, Emulation, and Enforcement: Managing the Yin and Yang of Virtualization-based Security.
    Sergey Bratus, Michael E. Locasto, Ashwin Ramaswamy, and Sean W. Smith. In Proceedings of the 1st Workshop on Virtual Machine Security (VMSec 2008), held in conjunction with ACM CCS 2008. October 31, 2008. Alexandria, VA.
  18. Online Network Forensics for Automatic Repair Validation.
    Michael E. Locasto, Matthew Burnside, and Angelos D. Keromytis. In Proceedings of the 3rd International Workshop on Security (IWSEC 2008), pp. 136-151. November 25-27, 2008, Kagawa, Japan.
  19. Return Value Predictability Profiles for Self-Healing.
    Michael E. Locasto, Angelos Stavrou, Gabriela F. Cretu, Angelos D. Keromytis, and Salvatore J. Stolfo. In Proceedings of the 3rd International Workshop on Security (IWSEC 2008), pp. 152-166. November 25-27, 2008, Kagawa, Japan.
  20. Research Directions for Network Intrusion Recovery.
    Michael E. Locasto, Matthew Burnside, and Darrell Bethea. SOUPS Workshop on Usable IT Security Management (USM) 2008. July 23, 2008, Pittsburgh, PA USA.
    (invited, unpublished position paper; see our LISA 2009 paper for a full treatment of this topic)
  21. Online Training and Sanitization of AD Systems (poster/extended abstract).
    Gabriela F. Cretu, Angelos Stavrou, Michael E. Locasto, and Salvatore J. Stolfo. NIPS 2007 Workshop on Machine Learning in Adversarial Environments for Computer Security. December 2007. Whistler, B.C., Canada.
  22. Panel: The Future of Biologically-Inspired Security: Is There Anything Left to Learn?.
    Anil Somayaji, Michael Locasto, and Jan Feyereisl. In Proceedings of the 16th New Security Paradigms Workshop (NSPW 2007). September 2007, White Mountain Hotel and Resort, New Hampshire, USA.
    (invited panel)
  23. Self-Healing: Science, Engineering, and Fiction.
    Michael E. Locasto. In proceedings of the 16th New Security Paradigms Workshop (NSPW 2007). September 2007, White Mountain Hotel and Resort, New Hampshire, USA.
  24. Dark Application Communities.
    Michael E. Locasto, Angelos Stavrou, and Angelos D. Keromytis. In the proceedings of the 15th New Security Paradigms Workshop (NSPW 2006). September 2006, Schloss Dagstuhl, Germany.
  25. PalProtect: A Collaborative Security Approach to Comment Spam.
    Benny Wong, Michael E. Locasto, and Angelos D. Keromytis. In Proceedings of the IEEE Information Assurance Workshop (IAW 2006). June 2006, West Point, NY. An earlier draft of this work is available as Columbia University CS Tech Report CUCS-014-06.
  26. Speculative Virtual Verification: Policy-Constrained Speculative Execution.
    Michael E. Locasto, Stelios Sidiroglou, and Angelos D. Keromytis. In Proceedings of the 14th New Security Paradigms Workshop (NSPW 2005). pp. 119--124. Sept. 20-23, 2005. Lake Arrowhead, CA.
  27. Application Communities: Using Monoculture for Dependability.
    Michael E. Locasto, Stelios Sidiroglou, and Angelos D. Keromytis. In Proceedings of the 1st Workshop on Hot Topics in System Dependability (HotDep-05), held in conjunction with the International Conference on Dependable Systems and Networks (DSN 2005). pp. 288--292. June 30, 2005. Yokohama, Japan.
  28. Towards Collaborative Security and P2P Intrusion Detection.
    Michael E. Locasto, Janak Parekh, Angelos D. Keromytis, and Salvatore J. Stolfo. In Proceedings of the IEEE Information Assurance Workshop (IAW). pp. 333--339. June 15-17, 2005. West Point, NY. An earlier form of this paper appeared as Columbia University CS Tech Report CUCS-012-04.

Books/Chapters

  1. 'Weird Machines' Patterns
    Sergey Bratus, Julian Bangert, Alexandar Gabrovsky, Anna Shubina, Michael E. Locasto, Daniel Bilar. In ``Cyberpatterns: Unifying Design Patterns with Security and Attack Patterns.'' Clive Blackwell and Hong Zhu, editors. ISBN: 978-3-319-04446-0 Springer, 2014.
  2. CPU Exhaustion Denial-of-Service
    Michael E. Locasto. In Henk C.A. van Tilborg and Sushil Jajodia, editors, Encyclopedia of Cryptography and Security, 2nd Edition. Springer, 2010.
  3. Catch, Clean, and Release: A Survey of Obstacles and Opportunities for Network Trace Sanitization.
    Keren Tan, Jihwang Yeo, Michael E. Locasto and David Kotz. In Francesco Bonchi and Elena Ferrari, editors, Privacy-Aware Knowledge Discovery: Novel Applications and New Techniques, Chapman and Hall/CRC Press, February, 2009. Copyright © 2009 by Chapman and Hall/CRC Press.
  4. Integrity Postures for Software Self-Defense.
    Michael Locasto. PhD Thesis. Columbia University. 2008.

Selected Talks

Honors, Awards, Professional Memberships

Technical Reports & Work In Progress

  1. Classifying the Data Semantics of Patches.
    Robin Gonzalez and Michael E. Locasto. Technical Report TR2013-1047-14. Department of Computer Science, University of Calgary. September 3, 2013.
  2. Babel: A Secure Computer is a Polyglot.
    John Aycock, Daniel Medeiros Nunes de Castro, Michael E. Locasto, and Chris Jarabek. Technical Report TR2012-1026-09. Department of Computer Science, University of Calgary. June 2012.
  3. Beyond SELinux: the Case for Behavior-Based Policy and Trust Languages.
    Sergey Bratus, Michael E. Locasto, Boris Otto, Rebecca Shapiro, Sean W. Smith, and Gabriel Weaver. Technical Report TR2011-701. Department of Computer Science, Dartmouth College. August 2011.
  4. Katana: A Hot Patching Framework for ELF Executables.
    Ashwin Ramaswamy, Sergey Bratus, Michael E. Locasto, and Sean W. Smith. Technical Report TR2009-657. Department of Computer Science, Dartmouth College. Septemeber 2009.
  5. Life After Self-Healing: Assessing Post-Repair Program Behavior.
    Michael E. Locasto, Angelos Stavrou, and Grabriela F. Cretu. Tech Report GMU-CS-TR-2008-3. Department of Computer Science, George Mason University. Septemeber 2008.
  6. Building a Better Mousetrap: Scriptable and Semantically Expressive Hardware-assisted Memory Trapping.
    Sergey Bratus, Michael E. Locasto, Ashwin Ramaswamy, and Sean W. Smith. Tech Report TR2008-627. Department of Computer Science, Dartmouth College. July 2008.
  7. Post-Patch Retraining for Host-Based Anomaly Detection.
    Michael E. Locasto, Gabriela F. Cretu, Shlomo Hershkop, and Angelos Stavrou. Tech Report CUCS-035-07. Department of Computer Science, Columbia University. October 2007.
  8. Speculative Execution as an Operating System Service.
    Michael E. Locasto and Angelos D. Keromytis. Tech Report CUCS-024-06. Department of Computer Science, Columbia University. May 2006.
  9. Quantifying Application Behavior Space for Detection and Self-Healing.
    Michael E. Locasto, Angelos Stavrou, Gabriela F. Cretu, Angelos D. Keromytis and Salvatore J. Stolfo. Tech Report CUCS-017-06. Department of Computer Science, Columbia University. April 2006.
  10. Bloodhound: Searching Out Malicious Input in Network Flows for Automatic Repair Validation.
    Michael E. Locasto, Matthew Burnside, and Angelos D. Keromytis. Tech Report CUCS-016-06. Department of Computer Science, Columbia University. April 2006.
  11. PachyRand: SQL Randomization for the PostgreSQL JDBC Driver.
    Michael E. Locasto and Angelos D. Keromytis. Tech Report CUCS-033-05. Department of Computer Science, Columbia University. October 2004.
  12. AIMEncrypt: A Case Study of the Dangers of Cryptographic Urban Legends.
    Michael E. Locasto. Technical Report CUCS-030-03. Department of Computer Science, Columbia University, Fall 2003.
  13. SPCL: Structured Policy Command Language
    Michael E. Locasto, M. Burnside, C. Li, A. Wahl. Spring 2003.
  14. PCXSES: Protocol for Code Exchange in Survivable Embedded Systems
    Michael E. Locasto. Fall 2002.