Can he think?
At one time I did a little research in the security and computer graphics worlds. My graphics research in graduate school looked into combining texture synthesis with human perception. The broad idea was to use synthesis in 3D graphics to more quickly generate backgrounds like forests when they went past the human eye's ability to discern details. Really fun stuff, but I left grad school before completing anything but the basics. In security I was more successful and have two publications to my name.
Recipient of the Greg Mellen Memorial Cryptology Scholarship award
Cryptologia, October 2007
When attacking the German Enigma cipher machine during the 1930s, the Polish mathematician Marian Rejewski developed a catalog of disjoint cycles of permutations generated by Enigma indicators. By comparing patterns that resulted from message indicators with his catalog, Rejewski was able to determine the ground settings. Well, not quite--the mapping from the disjoint cycles to the ground settings is not one-to-one. Rejewski's catalog no longer exists. This article reports on the output of a program that "recreates" the catalog and answers the question "How far from being one-to-one is the mapping?" [pdf download]
James Walden, Adam Messer, and Alex Kuhl
Measuring the Effect of Code Complexity on Static Analysis Results
To understand the effect of code complexity on static analysis, thirty-five format string vulnerabilities were studied. We analyzed two code samples for each vulnerability, one containing the vulnerability and one in which the vulnerability was fixed. We examined the effect of code complexity on the quality of static analysis results, including successful detection and false positive rates. Static analysis detected 63% of the format string vulnerabilities, with detection rates decreasing with increasing code complexity. When the tool failed to detect a bug, it was for one of two reasons: the absence of security rules specifying the vulnerable function or the presence of a bug in the static analysis tool. Complex code is more likely to contain complicated code constructs and obscure format string functions, resulting in lower detection rates. [pdf download] or the longer version [pdf download]
Can he teach?
America believes in education: the average professor earns more money in a year than a professional athlete earns in a whole week.- Evan Esar
Teaching is another aspect of my life that seems to have withered. I thoroughly enjoy teaching, but since leaving my full-time lecturer gig at NKU I have not done any adjunct teaching. I hope to get back to it someday. I used to host files for old classes on my site, but those are materials from early in my teaching career and probably not ones I really want exposed to the world anymore. One day I would like to go through everything I have and put together some open source materials. Keep an eye on this page or my GitHub Gists where they may appear. I currently do have my Computer Science Cheat Sheet hosted there (which also needs updating, help me improve it!).