Research

My research interests include software security, access control, software testing, digital forensics, data analytics, software-defined networks and intelligent agents.

Software Security Engineering: A Threat-Driven Approach

coding Software is a major source of security risks. Sufficient protection of software applications from attacks is beyond the capabilities of network-level and operating system-level security approaches (e.g. cryptography, firewall, and intrusion detection, to name a few) because they lack knowledge of application semantics.

Our research explores the threat-driven approach to addressing various issues of secure software engineering. At the core of this approach is the identification and mitigation of security threats, which are potential misuses and anomalies that violate security goals or policies. Security threats determine where and how to apply security features or assurance techniques. Different from traditional security modeling and analysis methods that rely on the formalization of security properties, the threat-driven approach explicitly identifies the behaviors of security threats.

Access Control

coding Access control is a fundamental security mechanism for managing sensitive information and resources. An access control policy defines the conditions under which access to resources can be granted and to whom. Our research focuses on verification and validation of attribute-based access control (ABAC) policies, role-based access control (RBAC) policies, and obligations (i.e., strings attached to access privileges).

Software Testing

coding MISTA supports automated generation of executable test code. It is suitable for function testing, acceptance testing, GUI testing, security testing, and programmer testing. It uses visual notations for building test models, such as function nets and finite state machines. Function nets, which are lightweight high-level Petri nets, can specify both control-oriented and data-oriented test models. They can be animated and verified. It provides test generators for comprehensive coverage criteria of test models, including reachability coverage, reachability with sneak paths, state coverage, transition coverage, depth coverage, goal coverage, random walk, counterexamples of model checking, deadlock/termination state coverage, and given sequences. Pairwise and partial order techniques are options for reducing the size of test suites. It supports a number of languages (Java, C, C++, C#, PHP, Python, HTML, and VB) and test frameworks (e.g., xUnit, Selenium IDE, and Robot Framework) for offline test execution. It supports on-the-fly testing and online execution of generated tests through Selenium WebDriver or a RPC protocol (JSON-RPC or XML-RPC).

MISTA 1.0: Executable, Source Code

Github

Data Analytics

coding Our research focuses on applications of data analytics and machine learning to various problem domains, such as blockchain (e.g., bitcoin) transactions, social networks (e.g., LinkedIn and Facebook), network intrusion detection, source code analysis, and software vulnerability prediction.

Alumni

Ph.D. Graduates

Dr. Omar El Ariss, Associate Professor, Texas A&M Commerce

Dr. Samer Khamaiseh, Assistant Professor, Miami University

Dr. Josh Pauli, Professor, University of Arizona

Dr. Weifeng Xu, Professor, University of Baltimore

Postdocs

Dr. Izzat Alsmadi, Associate Professor, Texas A&M San Antonio

Dr. Zhiyuan Li, Jiangsu University

Dr. Yan Wu, Jiangsu University

Dr. Yupeng Zhang, Associate Professor, University of Houston