This page contains presentations and papers I have given or authored that relate to various topics, mostly security-related. All are unpublished, and have not been thoroughly peer-reviewed. You may use these documents for any academic or research purposes provided credit is given where appropriate. I also welcome any feedback you may have.
| A General Overview of Information Security (2003). This presentation was assembled specifically for a joint student-professional chapter meeting of IEEE at the University of Dayton in 2003. The purpose was to give an overview of Information Security goals and challenges, with a more detailed look at Intrusion Detection and Malware Analysis. | A Component Design Approach to Vulnerability Assessment Software with CORBA (2005). This paper gives an overview of a few of the challenges in designing enterprise-class vulnerability assessment software, how CORBA works, and how CORBA can be employed to improve the design of VA products. Also see the presentation I gave at GWU outlining the paper from a bit of a higher level. |
| My GCIA practical (2002), which discusses, amongst other things, DNS and IP ID covert command-and-control channels. | Tuning for cryptographic hashing algorithms (2006). This paper investigates processor configurations optimal for RIPEMD-160, SHA-1, and MD5 algorithms. It provides detailed information on CPU design, cache organization, and compiler optimizations for each of the algorithms, and draws some conclusions on the cryptographic hashing application domain as a whole. Feel free to analyze the data for yourself, if you desire. This information would be helpful to an engineer desinging an FPGA for hardware-accelerated hashing, and could also be of use in choosing a general-purpose CPU that would be performing intensive cryptographic hashing. |
| A presentation I gave (2006) on Ors, et. al.'s Power-Analysis Attack on an ASIC AES Implementation, which can be downloaded here for ACM members. | ASLR: An Effective Implementation (2006). This paper is a defense of ASLR as an effective mechanism for the prevention of arbitrary code execution. Grsecurity and PaX's address-space randomization has come under fire as being an imperfect solution; some have even claimed its protections offer no additional security whatsoever. In this paper, I discuss an implementation which shows that, while not perfect, ASLR can be deployed with a simple watcher process and achieve effective arbitrary code execution. A presentation discussing the problem, and my findings, is available as well. |
| Scalable CLA Strategies in Snafu (2007). A fun paper investigating scalable collective learning automata in the game Snafu. Snafu, also known by the name Snakes (amongst others, I suspect), was a popular 8-bit video game in the early 80's manifested in virtual reality as "Light Cycles" in the movie Tron. |