
Mark GondreeSonoma State University | SSU · Department of Computer Science
Mark Gondree
PhD in Computer Science
About
22
Publications
10,287
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
522
Citations
Introduction
Skills and Expertise
Additional affiliations
June 2012 - August 2016
Education
September 2005 - June 2009
September 1998 - June 2003
Publications
Publications (22)
EtherNet/IP is a TCP/IP-based industrial protocol commonly used in industrial control systems (ICS). TCP/IP connectivity to the outside world has enabled ICS operators to implement more agile practices, but it also has exposed these cyber-physical systems to cyber attacks. Using a custom Scapy-based fuzzer to test for implementation flaws in the Et...
Although advocates promote cybersecurity competitions as beneficial for participants, little research has methodically evaluated these competitions' outcomes and implications. Drawing primarily on Cybersecurity Competition Federation workshops, literature reviews, and outcomes of similar STEM competitions, the authors consider how cybersecurity com...
In this work, we discuss lessons learned over the past three years while supporting a graduate capstone course centered on research projects in industrial control system (ICS) security. Our course considers real-world problems in shipboard ICS posed by external stakeholders: a system-owner and related subject matter experts. We describe the course...
We re-evaluate the kernelized, multilevel secure (MLS) relational database design in the context of cloud-scale distributed data stores. The transactional properties and global integrity properties for schema-less, cloud-scale data stores are significantly relaxed in comparison to relational databases. This is a new and interesting setting for mand...
The Apache Hadoop® framework provides parallel processing and distributed data storage capabilities that data analytics applications can utilize to process massive sets of raw data. These Big Data applications typically run as a set of MapReduce jobs to take advantage of Hadoop's ease of service deployment and large-scale parallelism. Yet, Hadoop h...
The US Naval Postgraduate School and University of Washington each independently developed informal security-themed tabletop games. [d0x3d!] is a board game in which players collaborate as white-hat hackers, tasked to retrieve a set of valuable digital assets held by an adversarial network. Control-Alt-Hack is a card game in which three to six play...
We introduce and analyze a general framework for authen-tically binding data to a location while providing strong assurances against cloud storage providers that (either ac-cidentally or maliciously) attempt to re-locate cloud data. We then evaluate a preliminary solution in this framework that combines constraint-based host geolocation with proofs...
Network-based monitoring and intrusion detection has grown into an essential component of enterprise security management. Monitoring potentially malicious activities across a set of networks classified at different security levels, however, presents subtle and complicated challenges. Analysis of intrusion alerts collected on an individual network o...
In this paper we define the problem and scope of data sovereignty – the coupling of stored data authenticity and geographical location in the cloud. Establishing sovereignty is an especially important concern amid le-gal and policy constraints when data and resources are virtualized and widely distributed. We identify the key challenges that need t...
The Monterey Security Architecture addresses the need to share high-value data across multiple domains of different classification levels while enforcing information flow policies. The architecture allows users with different security authorizations to securely collaborate and exchange information using commodity computers and familiar commercial c...
We design communication efficient two-party and multi-party protocols for the longest common subsequence (LCS) and related
problems. Our protocols achieve privacy with respect to passive adversaries, under reasonable cryptographic assumptions. We
benefit from the somewhat surprising interplay of an efficient block-retrieval PIR (Gentry-Ramzan, ICAL...
At STOC 2006 and CRYPTO 2007, Beimel et. al. introduced a set of privacy requirements for algorithms that solve search problems. In this paper, we consider the longest common subsequence (LCS) problem as a private search problem, where the task is to find a string of (or embedding corresponding to) an LCS. We show that deterministic selection strat...
Mandated requirements to share information across different sensitivity domains necessitate the design of distributed architectures to enforce information flow policies while providing protection from malicious code and attacks devised by highly motivated adversaries. The MYSEA architecture uses component security services and mechanisms to extend...
We develop a new multi-party generalization of Naor-Nissim indirect indexing, making it possible for many participants to
simulate a RAM machine with only poly-logarithmic blow-up. Our most efficient instantiation (built from length-flexible additively
homomorphic public key encryption) improves the communication complexity of secure multi-party co...
The importance of fixing federal voting system standards for electronic voting is discussed. The research in improving the standards and certification process is necessary to ensure the correctness and security of any voting scheme. Improving the standards is the first step toward improving the quality of voting systems for long term for strengthen...
At Financial Crypto 2006, P. Golle [“A private stable matching algorithm”, Lect. Notes Comput. Sci. 4107, 65–80 (2006; Zbl 1152.94420)] presented a novel framework for the privacy preserving computation of a stable matching (stable marriage). We show that the communication complexity of Golle’s main protocol is substantially greater than what was c...
The goal of the standards is to "address what a voting system should reliably do, not how system components should be configured to meet these requirement" [5, Vol I §1.1]. The standards present a certification procedure involving testing by an Independent Testing Authority (ITA) and many jurisdictions cannot use systems that are uncertified. Virtu...
The goal of the standards is to "address what a voting system should reliably do, not how system components should be configured to meet these requirement" [7, Vol I 搂1.1]. The standards present a certification procedure involving testing by Independent Testing Authorities (ITAs or, simply, Testing Authorities), and many jurisdic-tions cannot use s...
This technical report is a preliminary investigation into the use of Support Vector Machines (SVMs) as a method of branch prediction. We present a new dynamic branch predictor based on SVMs. The SVM predictor, at the cost of a much larger hardware budget, can return a greater accuracy than current state-of-the-art predictors by exploiting its abili...