The combination of competitive security exercises and hands-on learning represents a powerful approach for teaching information system security. Although creating and maintaining such a course can be difficult, the benefits to learning are worthwhile. Our research explores countering enrollment decline via a curriculum that carefully exposes students to computer security as a means of teaching core computer science concepts, including algorithms, networks, compilers, programming languages, and operating systems.
TJ OConnor, Carl Mann, Tiffanie Petersen, Isaiah Thomas and Chris Stricklan. Toward an Automatic Exploit Generation Competition for an Undergraduate Binary Reverse Engineering Course. In Innovation and Technology in Computer Science Education (ITiCSE), Dublin, Ireland, July 2022. ACM. [bib] [pdf]
TJ OConnor. HELO DarkSide: Breaking free from katas and embracing the adversarial mindset in cybersecurity education. In Special Interest Group on Computer Science Education (SIGCSE), Providence, RI, March 2022. ACM. [bib] [pdf]
Chris Stricklan, TJ OConnor. Towards Binary Diversified Challenges For A Hands-On Reverse Engineering Course. ACM Innovation and Technology in Computer Science Education (ITiCSE). June 2021. [bib] [pdf]
Robert Fanelli and TJ OConnor. “Experiences with Practice-Focused Undergraduate Security Education”, 3rd Workshop on Cyber Security Experimentation and Test (CSET), USENIX, August 2010. [bib] [pdf]
TJ OConnor, Ben Sangster and Erik Dean. “Using Hacking to Teach Computer Science Fundamentals,” American Society for Engineering Education (ASEE), March 2010. [bib] [pdf]
Internet of Things Security and Privacy
The always-on, always-connected nature of smart-home devices complicates Internet-of-Things (IoT) security and privacy. Unlike traditional hosts, IoT devices constantly send sensor, state, and heartbeat data to cloud-based servers. These data channels require reliable, routine communication, which is often at odds with an IoT device's storage and power constraints. Although recent efforts such as pervasive encryption have addressed protecting data in-transit, there remains little insight into designing mechanisms for protecting integrity and availability for always-connected devices. We seek to better understand smart-home security by studying vendor and design decision IoT telemetry messaging protocols and behaviors.
Ahmed Alhazm, Khulud Alawaji, and TJ OConnor. MPO: MQTT-Based Privacy Orchestrator for Smart Home Users. In Computers, Software, and Applications Conference (COMPSAC), Virtual Event, July 2022. IEEE. [bib] [pdf]
Ahmed Alhazmi, Ghassen Kilani, William Allen, and TJ OConnor. A replication study for IoT privacy preferences. In Conference on Omni-Layer Intelligent Systems (COINS), Virtual Event, August 2021. IEEE. [bib] [pdf]
TJ OConnor, Dylan Jesse, and Daniel Camps. Through the spyglass: Toward IoT companion app man-in-the-middle attacks. In Cyber Security Experimentation and Test (CSET), Virtual Event, August 2021. USENIX. [bib] [pdf]
Blake Janes, Heather Crawford, and TJ OConnor. Never ending story: Authentication and access control design flaws in shared IoT devices. In Security and Privacy SafeThings Workshop (SafeThings), Virtual Event, May 2020. IEEE. [bib] [pdf]
Network Access Control
We focus our investigation on adding context to empower fine-grained network access control for elaborate attacks. To this end, we examine the introduction of software designed networking (SDN) and the new opportunities it offers for network defense systems. SDN offers flexibility, transparency, and distributed control to enable novel security mechanisms not feasible in traditional networks. Our work examines if network-based access control can evolve to prevent elaborate attacks and application behaviors under varying context. To this end, we examine the various design and telemetry decisions for IoT devices as they offer an emerging and complex threat.
TJ OConnor, William Enck, and Bradley Reaves. Blinded and Confused: Uncovering Systemic Flaws in Device Telemetry for Smart-Home Internet of Things, Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), May, 2019. Miami, FL. (Best Paper WiSec 2019) [bib] [pdf]
TJ OConnor, Reham Mohamed, Markus Miettinen, William Enck, Bradley Reaves, and Ahmad-Reza Sadeghi. HomeSnitch: Behavior Transparency and Control for Smart Home IoT Devices, Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), May, 2019. Miami, FL. [bib] [pdf]
TJ OConnor, William Enck, W.M. Petullo, and Akash Verma. Pivotwall: Sdn-based information flow control. In Symposium on SDN Research (SoSR), San Francisco, CA, March 2018. ACM. [bib] [pdf]
Bluetooth, a protocol designed to replace peripheral cables, has grown steadily and includes a variety of applications. In near ubiquity now, the Bluetooth protocol operates on a wide variety of mobile and wireless devices. Several attacks exist that successfully target and exploit Bluetooth enabled devices. Our research implements a network intrusion detection system for discovering malicious Bluetooth traffic.
O'Connor, T.J., "Bluetooth Intrusion Detection," (Graduate Thesis)
O’Connor, T.J., and Sangster, B., “honeyM: A Framework for Implementing Virtual Honeyclients for Mobile Devices,” WISEC 2010 Conference Proceedings, 2010 ACM Conference on Wireless Network Security, March 2010. [bib] [pdf]
O’Connor, T.J., and Reeves, D., “Bluetooth Network-Based Misuse Detection,” ACSAC 2008 Conference Proceedings, pp. 377–391, 2008 Annual Computer Security Applications Conference, December 2008. [bib] [pdf]