J. Todd Mcdonald

J. Todd Mcdonald
University of South Alabama | USA · Department of Computer Science

Doctor of Philosophy

About

120
Publications
64,667
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
954
Citations
Introduction
J. Todd McDonald currently works in the School of Computing, Department of Computer Science, University of South Alabama. He does research in Software and Hardware Protection, Secure Software Engineering, and Cyber Security.
Additional affiliations
August 2006 - May 2011
Air Force Institute of Technology
Position
  • Professor (Assistant)
August 2011 - present
University of South Alabama
Position
  • Professor

Publications

Publications (120)
Chapter
Protecting software from illegal reverse engineering and malicious hackers is often remedied through either legal or technical means. In the technical domain, software obfuscation provides less than perfect protection against such attacks since there is no perfect obfuscator for all classes of programs. However, semantic preserving transformations...
Article
Full-text available
This paper presents the results of a new method for interleaving CPU instructions in x86-64 machine code, such that one can hide executable code within other valid instructions. The aim is to make it more difficult to reverse-engineer software at a machine code level – to obfuscate instructions. A result is a hidden execution path within a visible...
Article
Full-text available
Medical devices are increasingly the source of cybersecurity exposure in healthcare organizations. Research and media reports demonstrate that the exploitation of cybersecurity vulnerabilities can have significant adverse impacts ranging from the exposure of sensitive and personally identifiable patient information to compromising the integrity and...
Chapter
Additive Manufacturing (AM) is an important up and coming manufacturing technology which creates three-dimensional objects based on digital design files. While these digital files simplify outsourcing, it also raises security concerns of technical data theft by malicious actors. We propose a novel approach for steganographically embedding validity...
Article
Full-text available
Identifying security concerns is a security activity that can be integrated into the requirements development phase. However, it has been shown that manually identifying concerns is a time-consuming and challenging task. The software engineering community has utilized natural language processing and query systems to automatically find part of the r...
Conference Paper
Full-text available
Android devices continue to dominate the market for global smartphone users, thus making them an ideal target for malicious software developers. In the past, side-channel attacks have been used for malicious purposes where attackers monitor system data such as power consumption, electromagnetic emissions, and CPU timing to infer sensitive user info...
Conference Paper
SCADA and other industrial control systems have been successfully attacked and likely will continue to be attacked. These systems use many different, often proprietary, network application protocols for communications. Our research looks at applying a moving target defense (MTD) to an unsecured ethernetIP protocol used for communicating to a progra...
Article
Full-text available
This paper expands and builds upon previous work reported at the 2021 ICCWS concerning Executable Steganography and software intellectual property protection via fingerprinting. Software fingerprinting hides some type of unique identification into the binary program artifact so that a proof of ownership can be established if the artifact turns up e...
Article
Full-text available
The security of cryptosystems involves preventing an attacker's ability to obtain information about plaintext. Traditionally, this has been done by prioritizing secrecy of the key through complex key selection and secure key exchange. With the emergence of side-channel analysis (SCA) attacks, bits of a secret key may be derived by correlating key v...
Article
Robotic systems are no longer simply built and designed to perform sequential repetitive tasks primarily in a static manufacturing environment. Systems such as autonomous vehicles make use of intricate machine learning algorithms to adapt their behavior to dynamic conditions in their operating environment. These machine learning algorithms provide...
Conference Paper
In this paper we present the Program Encryption Toolkit (PET)—a freely available Java-based graphical user interface that supports teaching and instruction for digital logic and advanced computer engineering concepts. PET has provided a vehicle for digital logic instruction and demonstrations targeting high school students that participate in a uni...
Conference Paper
Software companies typically embed one or more secrets in their programs to protect their intellectual property (IP) investment. These secrets are most often processed in code through evaluation of point functions, where only the correct password, PIN, or registration/activation code will authorize an end-user to legally install or use a product. M...
Conference Paper
Full-text available
As the need for new techniques to analyze obfuscated software has grown, recent work has shown the ability to analyze programs via machine learning in order to perform automated metadata recovery. Often these techniques really on disassembly or other means of direct code analysis. We showcase an approach combining code visualization and image analy...
Article
Full-text available
Modern-day aircraft are flying computer networks, vulnerable to ground station flooding, ghost aircraft injection or flooding, aircraft disappearance, virtual trajectory modifications or false alarm attacks, and aircraft spoofing. This work lays out a data mining process, in the context of big data, to determine flight patterns, including patterns...
Conference Paper
Securing applications on untrusted platforms can involve protection against legitimate end-users who act in the role of malicious reverse engineers and hackers. Such adversaries have access to the full execution environment of programs, whether the program comes in the form of software or hardware. In this paper, we consider the nature of obfuscati...
Conference Paper
Full-text available
Many epileptic patients do not respond to medication or surgery. Recent technology has demonstrated that closed-loop responsive neurostimulation therapy is a realistic treatment for epileptic patients. However, ambulatory care of epileptic patients requires a highly accurate automated seizure detection algorithm. In this research, we implement a me...
Article
Full-text available
Networks are naturally occurring phenomena that are studied across many disciplines. The topological features of a network can provide insight into the dynamics of a system as it evolves, and can be used to predict changes in state. The brain is a complex network whose temporal and spatial behavior can be measured using electroencephalography (EEG)...
Preprint
Full-text available
The continued adoption of Additive Manufacturing technologies is raising concerns in the security, forensics, and intelligence gathering communities. These concerns range from identifying and mitigating compromised devices, to theft of intellectual property, to sabotage, to the production of prohibited objects. Previous research has provided insigh...
Conference Paper
Full-text available
The continued adoption of Additive Manufacturing (AM) technologies is raising concerns in the security, forensics, and intelligence gathering communities. These concerns range from identifying and mitigating compromised devices, to theft of intellectual property, to sabotage, to the production of prohibited objects. Previous research has provided i...
Conference Paper
Malware authors make use of several techniques to obfuscate code from reverse engineering tools such as IdaPro. Typically, these techniques tend to be effective for about three to six instructions, but eventually the tools can properly disassemble the remaining code once the tool is again synchronized with the operation codes. But this loss of sync...
Preprint
Full-text available
The proliferation of Bluetooth mobile device communications into all aspects of modern society raises security questions by both academicians and practitioners. This environment prompted an investigation into the real-world use of Bluetooth protocols along with an analysis of documented security attacks. The experiment discussed in this paper colle...
Article
With the increased assimilation of technology into all aspects of everyday life, rootkits pose a credible threat to individuals, corporations, and governments. Using various techniques, rootkits can infect systems and remain undetected for extended periods of time. This threat necessitates the careful consideration of real-time detection solutions....
Article
With the increased assimilation of technology into all aspects of everyday life, rootkits pose a credible threat to individuals, corporations, and governments. Using various techniques, rootkits can infect systems and remain undetected for extended periods of time. This threat necessitates the careful consideration of real-time detection solutions....
Conference Paper
Full-text available
Epilepsy is a chronic disorder characterized by recurrent seizures. Prolonged seizure can evolve into status epilepticus, which can lead to injury or death. We propose a seizure prediction algorithm using a hyper-graph approach to phase-space analysis. Objective indications of seizure onset are derived via time delay embedding of minimally invasive...
Conference Paper
Full-text available
Supervisory Control and Data Acquisition (SCADA) and other industrial control systems (ICS) are used to monitor and control industrial systems such as refineries, trains, water and sewage systems, plants, factories, and the electric grid. Typically, they are dispersed over a wide geographical area and managed from a centralized supervisory site. Th...
Conference Paper
Full-text available
The prolific integration of technology into medical environments is continuously generating new attack vectors. This continuous amalgamation of technology into the medical field prompted the idea that risk assessment models can be utilized to identify cyber security vulnerabilities in medical settings. This research presents an initial investigatio...
Conference Paper
Full-text available
Obfuscation is a software protection technique that aims to increase the difficulty and amount of resources required to understand programs from the perspective of a malicious end user. The order and number of obfuscating transformations is determined by an obfuscation executive and the optimal arrangement of transformation defines the phase orderi...
Conference Paper
Full-text available
Rootkits are powerful and dangerous pieces of malware that use stealth and administrative privilege to maintain a persistent, covert foothold for a cyber attacker on compromised systems. These capabilities make them popular with a wide range of cyber attackers, including the instigators of advanced persistent threat attacks like the Stuxnet, Flame,...
Conference Paper
Digital forensic investigators today are faced with numerous problems when recovering footprints of criminal activity that involve the use of computer systems. Investigators need the ability to recover evidence in a forensically sound manner, even when criminals actively work to alter the integrity, veracity, and provenance of data, applications an...
Article
Full-text available
Electroencephalogram (EEG) data has been used in a variety of linear and nonlinear time series analysis techniques for predicting epileptic seizures. We examine phase-space dissimilarity measures for forewarning of seizure events based on time-delay embedding and state space recreation of the underlying brain dynamics. Given novel states which form...
Conference Paper
Full-text available
The continued integration of technology into all aspects of society stresses the need to identify and understand the risk associated with assimilating new technologies. This necessity is heightened when technology is used for medical purposes like ambulatory devices that monitor a patient’s vital signs. This integration creates environments that ar...
Conference Paper
Full-text available
The ability to protect software from malicious reverse engineering remains a challenge faced by commercial software companies who invest a large amount of resources in the development of their software product. In order to protect their investment from potential attacks such as illegal copying, tampering, and malicious reverse engineering, most com...
Conference Paper
Embedded Systems (ES) are an integral part of Cyber-Physical Systems (CPS), the Internet of Things (IoT), and consumer devices like smartphones. ES often have limited resources, and - if used in CPS and IoT - have to satisfy real time requirements. Therefore, ES rarely employ the security measures established for computer systems and networks. Due...
Conference Paper
Full-text available
Polymorphic gates and circuits have been used in the past to design evolutionary components that can sense the environment. In general, polymorphic gates can change their function based on environmental properties such as temperature and power. In the modern digital logic threat landscape, adversarial reverse engineering and illegal cloning pose tw...
Conference Paper
Full-text available
In the realm of cybersecurity, rootkits pose a credible threat to individuals, corporations, and governments. Through various techniques, rootkits are not only able to infect computer systems, but often times are able to remain undetected in a host for an extended amount of time by manipulating system software. The purpose of this paper is to descr...
Conference Paper
Field Programmable Gate Arrays (FPGAs) are powerful and flexible pieces of hardware used in a variety of applications. These chips are used in monitoring network traffic, guidance systems, cryptographic calculations, medical devices, embedded systems, as well as many other varied uses. They can be used in a large number of ways as well as in a larg...
Conference Paper
Full-text available
We propose epileptic seizure detection via the application of phase-space dissimilarity analysis of scalp EEG data. Specifically, we measure the total distance traversed through a d-dimensional phase-space graph. We find that this distance increases abruptly during the seizure event. This change is consistent with the view that an epileptic event i...
Conference Paper
Full-text available
Integrating agile software methodologies can be fraught with risk for many software development organizations, but the potential rewards in terms of productivity, delivered functionality, and overall success rate are promising. Agile integration may be hard in certain organizational structures, but integrating security into such an approach can pos...
Article
Full-text available
Medical training devices are becoming increasingly dependent on technology, creating opportunities that are inherently conducive to security breaches. Previous medical device research has focused on individual device security breaches and the technical aspects involved with these breaches. This research examines the viability of breaching a product...
Research
Full-text available
WiP Paper Presented at the 30st Annual Computer Security Applications Conference (ACSAC)
Conference Paper
Full-text available
Vehicles made within the past years have gradually become more and more complex. As a result, the embedded computer systems that monitor and control these systems have also grown in size and complexity. Unfortunately, the technology that protects them from external attackers has not improved at a similar rate. In this paper we discuss the vulnerabi...
Article
Full-text available
Additive Layer Manufacturing (ALM), also broadly known as 3D printing, is a new technology to produce 3D objects. As an opposite approach to the conventional subtractive manufacturing process, 3D objects are created by adding thin material layers over layers. Until recently, they have been used, mainly, for plastic models. However, the technology h...
Conference Paper
Full-text available
Virtualization is becoming a prominent field of research not only in distributed systems, but also in software protection and obfuscation. Software virtualization has given rise to advanced techniques that may provide intellectual property protection and anti-cloning resilience. We present results of an empirical study that answers whether integrit...
Conference Paper
Full-text available
Additive Layer Manufacturing (ALM) is a new technology to produce 3D objects adding layer by layer. Agencies and companies like NASA, ESA, and SpaceX are exploring a broad range of application areas of ALM, which includes printing of device components, replacement parts, houses, and even food. They expect that this technology will greatly reduce pr...
Article
The commodity status of Field Programmable Gate Arrays (FPGAs) has allowed computationally intensive algorithms, such as cryptographic protocols, to take advantage of faster hardware speed while simultaneously leveraging the reconfigurability and lower cost of software. Numerous security applications have been transitioned into FPGA implementations...
Conference Paper
Full-text available
The 9th Annual Cyber and Information Security Research (CISR) Conference (CISRC, formerly CSIIR Workshop [CSIRW]) was held at Oak Ridge National Laboratory. The aim of this year's conference is to present, discuss and publish novel theoretical and empirical research focused on one or more of the Federal Cybersecurity themes. Cyberspace is fundament...
Article
ZigBee networks have become popular for their low cost, low power, and ease of implementation. The ZigBee protocol has particularly become prevalent for home automation and controlling devices such as door locks and garage door openers. Preventing attacks and reducing vulnerabilities is imperative in cases where there can be high financial losses d...
Article
The 9th Annual Cyber and Information Security Research (CISR) Conference (CISRC, formerly CSIIR Workshop [CSIRW]) was held at Oak Ridge National Laboratory. The aim of this year's conference is to present, discuss and publish novel theoretical and empirical research focused on one or more of the Federal Cybersecurity themes. Cyberspace is fundament...
Article
Full-text available
Many tools and methods for steganalysis are prevalent in the research field. While no technique is 100% effective, combining multiple techniques is common practice. Techniques reliant on the same basis are often found to be less computationally efficient when used in combination as opposed to the combined use of techniques in separate categories. I...
Conference Paper
The demand for cybersecurity professions faces continual shortages. Real-world cyber threats continue to drive this demand as we face a daily barrage of attacks on our critical infrastructure, national, and private industry assets. To meet this demand, many cybersecurity and information assurance educational programs have emerged. These programs ra...
Conference Paper
Full-text available
This paper addresses epileptic event forewarning. One novel contribution is the use of graph theoretic measures to detect condition change from time-delay-embedding states. Another novel contribution is better forewarning of the epileptic events from two channels of scalp EEG, with a total true rate of 58/60 (sensitivity = 39/40, specificity = 19/2...