J. Todd McdonaldUniversity of South Alabama | USA · Department of Computer Science
J. Todd Mcdonald
Doctor of Philosophy
About
120
Publications
64,667
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
954
Citations
Introduction
J. Todd McDonald currently works in the School of Computing, Department of Computer Science, University of South Alabama. He does research in Software and Hardware Protection, Secure Software Engineering, and Cyber Security.
Additional affiliations
August 2006 - May 2011
August 2011 - present
Publications
Publications (120)
Protecting software from illegal reverse engineering and malicious hackers is often remedied through either legal or technical means. In the technical domain, software obfuscation provides less than perfect protection against such attacks since there is no perfect obfuscator for all classes of programs. However, semantic preserving transformations...
This paper presents the results of a new method for interleaving CPU instructions in x86-64 machine code, such that one can hide executable code within other valid instructions. The aim is to make it more difficult to reverse-engineer software at a machine code level – to obfuscate instructions. A result is a hidden execution path within a visible...
Medical devices are increasingly the source of cybersecurity exposure in healthcare organizations. Research and media reports demonstrate that the exploitation of cybersecurity vulnerabilities can have significant adverse impacts ranging from the exposure of sensitive and personally identifiable patient information to compromising the integrity and...
Additive Manufacturing (AM) is an important up and coming manufacturing technology which creates three-dimensional objects based on digital design files. While these digital files simplify outsourcing, it also raises security concerns of technical data theft by malicious actors. We propose a novel approach for steganographically embedding validity...
Identifying security concerns is a security activity that can be integrated into the requirements development phase. However, it has been shown that manually identifying concerns is a time-consuming and challenging task. The software engineering community has utilized natural language processing and query systems to automatically find part of the r...
Android devices continue to dominate the market
for global smartphone users, thus making them an ideal target
for malicious software developers. In the past, side-channel
attacks have been used for malicious purposes where attackers
monitor system data such as power consumption, electromagnetic
emissions, and CPU timing to infer sensitive user info...
SCADA and other industrial control systems have been successfully attacked and likely will continue to be attacked. These systems use many different, often proprietary, network application protocols for communications. Our research looks at applying a moving target defense (MTD) to an unsecured ethernetIP protocol used for communicating to a progra...
This paper expands and builds upon previous work reported at the 2021 ICCWS concerning Executable Steganography and software intellectual property protection via fingerprinting. Software fingerprinting hides some type of unique identification into the binary program artifact so that a proof of ownership can be established if the artifact turns up e...
The security of cryptosystems involves preventing an attacker's ability to obtain information about plaintext. Traditionally, this has been done by prioritizing secrecy of the key through complex key selection and secure key exchange. With the emergence of side-channel analysis (SCA) attacks, bits of a secret key may be derived by correlating key v...
Robotic systems are no longer simply built and designed to perform sequential repetitive tasks primarily in a static manufacturing environment. Systems such as autonomous vehicles make use of intricate machine learning algorithms to adapt their behavior to dynamic conditions in their operating environment. These machine learning algorithms provide...
In this paper we present the Program Encryption Toolkit (PET)—a freely available Java-based graphical user interface that supports teaching and instruction for digital logic and advanced computer engineering concepts. PET has provided a vehicle for digital logic instruction and demonstrations targeting high school students that participate in a uni...
Software companies typically embed one or more secrets in their programs to protect their intellectual property (IP) investment. These secrets are most often processed in code through evaluation of point functions, where only the correct password, PIN, or registration/activation code will authorize an end-user to legally install or use a product. M...
As the need for new techniques to analyze obfuscated software has grown, recent work has shown the ability to analyze programs via machine learning in order to perform automated metadata recovery. Often these techniques really on disassembly or other means of direct code analysis. We showcase an approach combining code visualization and image analy...
Modern-day aircraft are flying computer networks, vulnerable to ground station flooding, ghost aircraft injection or flooding, aircraft disappearance, virtual trajectory modifications or false alarm attacks, and aircraft spoofing. This work lays out a data mining process, in the context of big data, to determine flight patterns, including patterns...
Securing applications on untrusted platforms can involve protection
against legitimate end-users who act in the role of malicious
reverse engineers and hackers. Such adversaries have access to
the full execution environment of programs, whether the program
comes in the form of software or hardware. In this paper, we consider
the nature of obfuscati...
Many epileptic patients do not respond to medication or surgery. Recent technology has demonstrated that closed-loop responsive neurostimulation therapy is a realistic treatment for epileptic patients. However, ambulatory care of epileptic patients requires a highly accurate automated seizure detection algorithm. In this research, we implement a me...
Networks are naturally occurring phenomena that are studied across many disciplines. The topological features of a network can provide insight into the dynamics of a system as it evolves, and can be used to predict changes in state. The brain is a complex network whose temporal and spatial behavior can be measured using electroencephalography (EEG)...
The continued adoption of Additive Manufacturing technologies is raising concerns in the security, forensics, and intelligence gathering communities. These concerns range from identifying and mitigating compromised devices, to theft of intellectual property, to sabotage, to the production of prohibited objects. Previous research has provided insigh...
The continued adoption of Additive Manufacturing (AM) technologies is raising concerns in the security, forensics, and intelligence gathering communities. These concerns range from identifying and mitigating compromised devices, to theft of intellectual property, to sabotage, to the production of prohibited objects. Previous research has provided i...
Malware authors make use of several techniques to obfuscate code from reverse engineering tools such as IdaPro. Typically, these techniques tend to be effective for about three to six instructions, but eventually the tools can properly disassemble the remaining code once the tool is again synchronized with the operation codes. But this loss of sync...
The proliferation of Bluetooth mobile device communications into all aspects of modern society raises security questions by both academicians and practitioners. This environment prompted an investigation into the real-world use of Bluetooth protocols along with an analysis of documented security attacks. The experiment discussed in this paper colle...
With the increased assimilation of technology into all aspects of everyday life, rootkits pose a credible threat to individuals, corporations, and governments. Using various techniques, rootkits can infect systems and remain undetected for extended periods of time. This threat necessitates the careful consideration of real-time detection solutions....
With the increased assimilation of technology into all aspects of everyday life, rootkits pose a credible threat to individuals, corporations, and governments. Using various techniques, rootkits can infect systems and remain undetected for extended periods of time. This threat necessitates the careful consideration of real-time detection solutions....
Epilepsy is a chronic disorder characterized by recurrent seizures. Prolonged seizure can evolve into status epilepticus, which can lead to injury or death. We propose a seizure prediction algorithm using a hyper-graph approach to phase-space analysis.
Objective indications of seizure onset are derived via time delay embedding of minimally invasive...
Supervisory Control and Data Acquisition (SCADA) and other industrial control systems (ICS) are used to monitor and control industrial systems such as refineries, trains, water and sewage systems, plants, factories, and the electric grid. Typically, they are dispersed over a wide geographical area and managed from a centralized supervisory site. Th...
The prolific integration of technology into medical environments is continuously generating new attack vectors. This continuous amalgamation of technology into the medical field prompted the idea that risk assessment models can be utilized to identify cyber security vulnerabilities in medical settings. This research presents an initial investigatio...
Obfuscation is a software protection technique that aims to increase the difficulty and amount of resources required to understand programs from the perspective of a malicious end user. The order and number of obfuscating transformations is determined by an obfuscation executive and the optimal arrangement of transformation defines the phase orderi...
Rootkits are powerful and dangerous pieces of malware that use stealth and administrative privilege to maintain a persistent, covert foothold for a cyber attacker on compromised systems. These capabilities make them popular with a wide range of cyber attackers, including the instigators of advanced persistent threat attacks like the Stuxnet, Flame,...
Digital forensic investigators today are faced with numerous problems when recovering footprints of criminal activity that involve the use of computer systems. Investigators need the ability to recover evidence in a forensically sound manner, even when criminals actively work to alter the integrity, veracity, and provenance of data, applications an...
Electroencephalogram (EEG) data has been used in a variety of linear and nonlinear time series analysis techniques for predicting epileptic seizures. We examine phase-space dissimilarity measures for forewarning of seizure events based on time-delay embedding and state space recreation of the underlying brain dynamics. Given novel states which form...
The continued integration of technology into all aspects of society stresses the need to identify and understand the risk associated with assimilating new technologies. This necessity is heightened when technology is used for medical purposes like ambulatory devices that monitor a patient’s vital signs. This integration creates environments that ar...
The ability to protect software from malicious reverse engineering remains a challenge faced by commercial software companies who invest a large amount of resources in the development of their software product. In order to protect their investment from potential attacks such as illegal copying, tampering, and malicious reverse engineering, most com...
Embedded Systems (ES) are an integral part of Cyber-Physical Systems (CPS), the Internet of Things (IoT), and consumer devices like smartphones. ES often have limited resources, and - if used in CPS and IoT - have to satisfy real time requirements. Therefore, ES rarely employ the security measures established for computer systems and networks. Due...
Polymorphic gates and circuits have been used in the past to design evolutionary components that can sense the environment. In general, polymorphic gates can change their function based on environmental properties such as temperature and power. In the modern digital logic threat landscape, adversarial reverse engineering and illegal cloning pose tw...
In the realm of cybersecurity, rootkits pose a credible threat to individuals, corporations, and governments. Through various techniques, rootkits are not only able to infect computer systems, but often times are able to remain undetected in a host for an extended amount of time by manipulating system software. The purpose of this paper is to descr...
Field Programmable Gate Arrays (FPGAs) are powerful and flexible pieces of hardware used in a variety of applications. These chips are used in monitoring network traffic, guidance systems, cryptographic calculations, medical devices, embedded systems, as well as many other varied uses. They can be used in a large number of ways as well as in a larg...
We propose epileptic seizure detection via the application of phase-space dissimilarity analysis of scalp EEG data. Specifically, we measure the total distance traversed through a d-dimensional phase-space graph. We find that this distance increases abruptly during the seizure event. This change is consistent with the view that an epileptic event i...
Integrating agile software methodologies can be fraught with risk for many software development organizations, but the potential rewards in terms of productivity, delivered functionality, and overall success rate are promising. Agile integration may be hard in certain organizational structures, but integrating security into such an approach can pos...
Medical training devices are becoming increasingly dependent on technology,
creating opportunities that are inherently conducive to security breaches.
Previous medical device research has focused on individual device security
breaches and the technical aspects involved with these breaches. This research
examines the viability of breaching a product...
WiP Paper Presented at the 30st Annual Computer Security Applications Conference (ACSAC)
Vehicles made within the past years have gradually become more and more complex. As a result, the embedded computer systems that monitor and control these systems have also grown in size and complexity. Unfortunately, the technology that protects them from external attackers has not improved at a similar rate. In this paper we discuss the vulnerabi...
Additive Layer Manufacturing (ALM), also broadly known as 3D printing, is a new technology to produce 3D objects. As an opposite approach to the conventional subtractive manufacturing process, 3D objects are created by adding thin material layers over layers. Until recently, they have been used, mainly, for plastic models. However, the technology h...
Virtualization is becoming a prominent field of research not only in distributed systems, but also in software protection and obfuscation. Software virtualization has given rise to advanced techniques that may provide intellectual property protection and anti-cloning resilience. We present results of an empirical study that answers whether integrit...
Additive Layer Manufacturing (ALM) is a new technology to produce 3D objects adding layer by layer. Agencies and companies like NASA, ESA, and SpaceX are exploring a broad range of application areas of ALM, which includes printing of device components, replacement parts, houses, and even food. They expect that this technology will greatly reduce pr...
The commodity status of Field Programmable Gate Arrays (FPGAs) has allowed computationally intensive algorithms, such as cryptographic protocols, to take advantage of faster hardware speed while simultaneously leveraging the reconfigurability and lower cost of software. Numerous security applications have been transitioned into FPGA implementations...
The 9th Annual Cyber and Information Security Research (CISR) Conference (CISRC, formerly CSIIR Workshop [CSIRW]) was held at Oak Ridge National Laboratory. The aim of this year's conference is to present, discuss and publish novel theoretical and empirical research focused on one or more of the Federal Cybersecurity themes. Cyberspace is fundament...
ZigBee networks have become popular for their low cost, low power, and ease of implementation. The ZigBee protocol has particularly become prevalent for home automation and controlling devices such as door locks and garage door openers. Preventing attacks and reducing vulnerabilities is imperative in cases where there can be high financial losses d...
The 9th Annual Cyber and Information Security Research (CISR) Conference (CISRC, formerly CSIIR Workshop [CSIRW]) was held at Oak Ridge National Laboratory. The aim of this year's conference is to present, discuss and publish novel theoretical and empirical research focused on one or more of the Federal Cybersecurity themes. Cyberspace is fundament...
Many tools and methods for steganalysis are prevalent in the research field. While no technique is 100% effective, combining multiple techniques is common practice. Techniques reliant on the same basis are often found to be less computationally efficient when used in combination as opposed to the combined use of techniques in separate categories. I...
The demand for cybersecurity professions faces continual shortages. Real-world cyber threats continue to drive this demand as we face a daily barrage of attacks on our critical infrastructure, national, and private industry assets. To meet this demand, many cybersecurity and information assurance educational programs have emerged. These programs ra...
This paper addresses epileptic event forewarning. One novel contribution is the use of graph theoretic measures to detect condition change from time-delay-embedding states. Another novel contribution is better forewarning of the epileptic events from two channels of scalp EEG, with a total true rate of 58/60 (sensitivity = 39/40, specificity = 19/2...