Terrence Oconnor

Florida Institute of Technology · Department of Computer Science

The availability and usage of the Internet of Things (IoT) have grown significantly over the last decade. This growth in ubiquitous computing has enabled continuous observation, decision-making, and execution of actions to improve the livelihood of millions. However, IoT also has an increased cybersecurity risk by making the user vulnerable to atta...

To support the workforce gap of skilled cybersecurity professionals, gamified pedagogical approaches for teaching cybersecurity have exponentially grown over the last two decades. During this same period, e-sports developed into a multi-billion dollar industry and became a staple on college campuses. In this work, we explore the opportunity to inte...

Analyzing binary programs without source code is critical for cyber-security professionals. This paper presents an undergraduate binary reverse engineering course design that culminates with a comprehensive binary exploitation competition. Our approach challenges students to develop tools that automatically detect and exploit program vulnerabilitie...

The pedagogy of cybersecurity education presents an exciting challenge. Although cyber-warfare has existed for nearly four decades, we fail to adequately model the chaos of offensive cyber attacks in the classroom. Instead, coursework focuses on studying chore-ographed cyber-attack patterns. In this paper, we present an undergraduate cybersecurity...

Security and privacy concerns present the most significant obstacles to consumer adoption of Internet-of-Things (IoT) devices. A lack of transparency and control complicates user trust in IoT. Additionally, a growing history of misuse and abuse exists in IoT. Notably, smart TVs have periodically scanned and collected users' private information with...

The always-on, always-connected nature of smart home devices complicates Internet-of-Things (IoT) security and privacy. Unlike traditional hosts, IoT devices constantly send sensor, state, and heartbeat data to cloud-based servers. These data channels require reliable, routine communication, which is often at odds with an IoT device's storage and p...

The widespread adoption of smart home IoT devices has led to a broad and heterogeneous market with flawed security designs and privacy concerns. While the quality of IoT device software is unlikely to be fixed soon, there is great potential for a network-based solution that helps protect and inform consumers. Unfortunately, the encrypted and propri...

Advanced Persistent Threats (APTs) commonly use stepping stone attacks that allow the adversary to move laterally undetected within an enterprise network towards a target. Existing network security techniques provide limited protection against such attacks, because they lack intra-network mediation and the context of information semantics. We propo...

Advanced Persistent Threat (APT) exhibits discernible attributes or patterns that can be monitored by readily available, open source tools. Tools such as OSSEC, Snort, Splunk, Sguil, and Squert may allow early detection of APT behavior. The assumption is that attackers are regularly attempting to compromise enterprises,from basic service abuse to c...

The combination of competitive security exercises and hands-on learning represents a powerful approach for teaching information system security. Although creating and maintaining such a course can be difficult, the benefits to learning are worthwhile. Our undergraduate Information Assurance course is practice-focused and makes substantial use of co...

This paper presents honeyM, a framework for deploying virtual mobile device honeyclients. Honeyclients provide the ability discover early warnings about novel attacks and ex- ploitations and are typically deployed to protect wired infrastructure. In a wireless environment, honeyclients usually record attacks against the wireless access point. To id...

Unlabeled network traffic data is readily available to the security research community, but there is a severe shortage of labeled datasets that allow validation of experimental results. The labeled DARPA datasets of 1998 and 1999, while innovative at the time, are of only marginal utility in today's threat environment. In this paper we demonstrate...

Bluetooth, a protocol designed to replace peripheral cables, has grown steadily over the last five years and includes a variety of applications. The Bluetooth protocol operates on a wide variety of mobile and wireless devices and is nearly ubiquitous. Several attacks exist that successfully target and exploit Bluetooth enabled devices. This paper d...