Adjunct Professor

School of Information Technology and Engineering

Research

Interests

Current focus

  • Rich Internet Application Crawling, Web Application Security and Accessibility.

Work done in the past

  • Network Security, IDS desig, Feature selection, Simulation of Network Attacks, Data visualization, Alert correlation
  • Data Mining
  • Ontologies

Projects

Distributed Crawling and Security Assessment of Rich Internet Applications (2011 – present)

The objective of this research project is to explore the possibility of increasing the speed of crawling Rich Internet Applications by performing concurrent crawls, that is, executing several crawling programs concurrently on different computers. We note that a web application scan, using current technology, may take several weeks for complex applications. On the other hand, many large organizations have access to easily provisioned throw-away on-demand computing resources. We envision to use concurrent execution platforms, such as cloud computing and/or peer-to-peer networks, for the crawling of RIAs. We plan to explore different concurrent architectures and different distributed algorithms for controlling the concurrent crawling activities. The main research issues are expected to be related to the way the crawling of different parts of the application will be distributed to the different crawling engines and how these engines communicate with one another in order to exchange the necessary information to coordinate their work and to avoid duplication and overloading of the infrastructure.

Modeling Rich Internet Applications for SecurityΒ  (2009 – present)

Web site security is a top priority for protecting sensitive company, customer, and employee data, for meeting regulatory and corporate compliance requirements, and for defending against the high cost of a data breach. The Rich Internet Applications, present additional challenges for security because of the Web pages executed at the client side may contain powerful program fragments that may execute concurrently, asynchronously and may be hidden from the view of the user. The proposed research is directed towards improving the methods and tools for generating test sequences that can uncover security vulnerabilities of such applications. More specifically, we plan to develop paradigms for modeling a given rich internet application and its data flow, to provide algorithms for automatically building such models, and to demonstrate the applicability of our methods by using such a model for generating test sequences to uncover security flaws. The initial focus of our work will be the detection of injection faults. We plan to develop prototype tools that could provide a proof of concept for the security testing methods developed within the project.

Links:

Posted in | Leave a comment