Research Projects
IR Vulnerability Analysis
Our team is designing a “domain specific language” to scan compiler intermediate representation (IR) code for specific potential vulnerabilities. By targeting the IR, the vulnerability scanning process is front-end- language agnostic; that is, the language the application is written in does not matter. And by “binary lifting,” converting executable programs back to IR, the project will be able to also scan for weaknesses in existing code. The IR we are using is the popular LLVM infrastructure project, a thriving and current open-source effort.
Activities & Outcomes
- The effort may lead to future funding via the National Science Foundation (NSF) Secure and Trustworthy Cyberspace (SaTC) program
Key Faculty and Collaborators
- Bill Mahoney, Ph.D.
- Adam Spanier, Ph.D. student
Enhancing Cybersecurity Awareness of American Indian Farmers and Food Producers: Nebraska Ponca Tribe
As information technology is increasingly integrated into modern farms, the food and agriculture industry has become a focal point for cybercriminals and nation-state actors. This project aims to create a more secure workforce in the food and agriculture industry through the design and delivery of a cybersecurity educational and workforce initiative that takes into consideration culturally sensitive materials for American Indian farmers and food producers.
Activities & Outcomes
- Sponsored by the National Science Foundation (NSF), Education DCL: EAGER grant (Award Number: 2235812)
Key Faculty and Collaborators
- George Grispos, Ph.D.
- Lawrence Loucks (Ponca Economic Development Corp.)
Identifying and Mitigating Cybersecurity Vulnerabilities in Farm Settings
The integration of IT into agricultural machinery and vehicles introduces a variety of cybersecurity concerns for the farming community: malicious actors gaining control of on-field sensors, changes to farming data, and the potential contamination of food products. Hence, there is a need to develop approaches for identifying and mitigating cybersecurity concerns within agricultural machinery and vehicles.
Activities & Outcomes
- Funded Grant: “Security and Hackability Considerations of Driverless Tractors and Agricultural Robots”, University of Nebraska Collaboration Initiative, Jul 2020 - Jun 2022
- Best Paper Award: M. Freyhof, G. Grispos, S. Pitla, C. Stolle, “Towards a Cybersecurity Testbed for Agricultural Vehicles and Environments”, 17th Midwest Association for Information Systems Conference (MWAIS 2022)
Key Faculty and Collaborators
- George Grispos, Ph.D.
- Santosh Pitla, Ph.D. (UNL)
Digital Forensic Investigations of Medical Devices
Increased frequency and severity of cybersecurity incidents impacting healthcare organizations has prompted the publication of best practices for these organizations, when attempting to respond to incidents in their respective settings.
While these best practices provide a wealth of information on how to respond to a cybersecurity incident impacting medical devices, minimal information is provided related to the digital forensic investigation of the devices themselves.
Activities & Outcomes
- G. Grispos, et al, “Forensic Analysis of an Electrocardiogram Device: A First Look”, WIREs Forensic Science, Under Review
- Publications in Mobile Networks and Applications 2022, 20th International IEEE Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2021), IEEE 33rd International Symposium on Computer Based Medical Systems (CBMS 2020), and 53rd Hawaii International Conference on System Sciences (HICSS 2020)
Key Faculty and Collaborators
- George Grispos, Ph.D.
- William Mahoney, Ph.D.
- Kiran Bastola, Ph.D.
- Kim-Kwang Raymond Choo, Ph.D. (UTSA)
- William Glisson, Ph.D. (Louisiana Tech.)
SMART Analytics for Critical Infrastructure inside a Resilient Data Fabric (SMART-RDF)
This project focuses on integrating multi-source field and historical data to monitor and predict the health of critical structures like bridges. We are creating a scalable technological framework, enabling real-time assessment of structural health and informing decision-makers. We collect continuous monitoring data from diverse sensors using a resilient data fabric, supporting edge computing across multiple locations, and enabling analytics for specialized applications.
Activities & Outcomes
- This work has received over $10M in funding from the NSF and the US Army Corps of Engineers (USACE)
- Private and public collaborators include NDOT, Union Pacific and several others
- This work has funded several students at all levels, including postdocs
Key Faculty and Collaborators
- Robin Gandhi, Ph.D. (UNO)
- Deepak Khazanchi, Ph.D. (UNO)
- Brian Ricks, Ph.D. (UNO)
- Dan Linzell, Ph.D. (UNL)
- Chungwook Sim, Ph.D. (UNL)
- Yashar Azam, Ph.D. (UNH)
- James Burke (Kinnami)
Automated Program Repair for Intelligent Tutoring Systems
Insecure program practices seriously threaten software security. Misusing security primitives in application level code is not unusual. One big challenge is the lack of automated guidance on how to utilize existing libraries for secure coding. In this research, we present an Intelligent Tutoring System that automatically flags common cryptographic misuses and suggests possible repairs.
Activities & Outcomes
- Publications – SEET '22, COMPSAC '21, SIGITE '20, MobileSoft '19, the first place at MobileSoft SRC '19
- Student Support – 2 Master theses, GRACA '19, GRACA '22
- Funding – NU Collaboration Initiative '20 with $150K, UCRCA '19 with $6K
- Software tool demo at CS workshop '19, a cyberinfrastructure with improved resilience to vulnerabilities
Key Faculty and Collaborators
- Rui Zhao, Ph.D. (UNO)
- Harvey Siy, Ph.D. (UNO)
- Myoungkyu Song, Ph.D. (UNO)
- Leek-Kiat Seo, Ph.D. (UNL)
Nebraska Deterrence Lab
Nebraska Deterrence Lab (NDL) is a multi-discipline that explores the complex multi-actor relationships that threats have on private, public and government sectors. Our focus areas of deterrence, quantitative risk, and analysis of data align with the needs of a wide variety of stakeholders. We educate the future workforce to innovate and think critically.
We explore mechanisms to provide trustworthy, timely, and accurate information to facilitate decision making. We seek to understand the complex system of integrated, interacting, and rapidly evolving challenges enabled by emerging technologies and unconstrained by traditional domains. We build our software from research driven perspectives and utilize agile methodology to meet the needs of our stakeholders and researchers.
Activities & Outcomes
- '23-25 NU Collaboration Initiative, $147,149 over 2 yrs. D House PI); Multi-Actor Risk Analysis Methodology
- '20-22 NU Collaboration Initiative, $149,959 over 2 yrs. M Black PI); Multi-Actor Deterrence Analysis Methodology; 2021 $25,000 NSRI IRAD grant
- 15+ students (PhD, Graduate, and Undergraduate)
- Actively submitting grants and seeking funding for MADAM, MARAM, and Profile building and analysis
Key Faculty and Collaborators
- Deanna House, Ph.D. (Co-Director, NDL)
- Michelle Black, Ph.D. (Co-Director, NDL)
- Lana Obradovic, Ph.D.
- Tyler White (UNL)
- Elsbeth Magilton (UNL)
Congruent Threat Hunting
Threat hunting is utilized by private, public, and government entities to proactively search for threats that typically evade normal detection mechanisms. Threat hunting has evolved quickly in the cybersecurity industry, but the research surrounding the most effective methods for hunting are still maturing.
Understanding and building new processes for threat hunters can not only improve how threat hunting is conducted, but also create new knowledge and response mechanisms for incidents. This research is ongoing with plans for an initial case study as the first phase and a broader study after phase one is completed. This research will change how threat hunting is conducted and will have societal impact that improves detection and response to cybersecurity incidents.
Activities & Outcomes
- Currently preparing literature and research plan for a long-term research project targeting private sector and government entities
- One Ph.D. student (University of Alabama) also on the project
Key Faculty and Collaborators
- Deanna House, Ph.D.
- Allen Johnston, Ph.D. (University of Alabama)
Behavioral Information Security
The majority of cyberattacks can be attributed to the human element (with over 74% of data breaches involving the human element, according to the Verizon Data Breach Investigations Report – DBIR 2023).
This research investigates the human factors and motivations that influence behaviors such as clicking on links and opening and/or downloading files that increase organizations likelihood of an attack or data breach. The research is ongoing; with factors such as politeness, fear appeals, trust, source credibility, and suspicion as key areas of study.
Activities & Outcomes
- Working on larger “Suspicion in Phishing” project (with Meg Harris), presented at Midwest AIS, 2023
- Working on “Phishing Timing as a Mechanism for Reduction of Suspicion” (with Steve Saunders)
- Telehealth Security from a Patient’s Perspective: A Study of Cyber Hygiene in a Health-Specific Context (with G Nandy, MS MIS) presented at workshop in Oct 2022; chaired thesis and funded by GRACA grant
Key Faculty and Collaborators
- Deanna House, Ph.D.
- Ph.D. Students Steve Saunders and Meg Harris
Nebraska Gencyber Camps
NGC hosts around 75 students per year from diverse backgrounds and experiences in the 6th to 8th grade band to increase their interest in STEM and cybersecurity. NGC is structured around immersing students in hands-on curricular activities associated with bite-sized integrable cybersecurity modules.
Activities & Outcomes
- Content from NGC has at minimum reached 90 teachers and over 3,000 students across at least 13 states since 2016
- Since 2016, NGC curricular content has been accessed by over 90,000 users across 120,000 sessions according to Google analytics on our website
- Our camps have led numerous students to pursue interests in cybersecurity and computing careers
Key Faculty and Collaborators
- Matt Hale, Ph.D. (POC)
- Robin Gandhi, Ph.D.
- Deanna House, Ph.D.
- Derek Babb. MA, M.Ed.
- Kristeen Shabram (Westside school district)
- Area community partners (Girls Inc / Kids Can)
MATRIX: ML, AI, and Threat Response Initiative for Cybersecurity eXcellence in Nebraska
Enhance Nebraska’s positioning in AI, ML, and Cybersecurity by developing an AI-enabled Security Operations Center (SOC) to monitor and respond to cyber threats in real time. Create a Lab to research new cybersecurity detective, preventative, and corrective techniques and tools based on large-scale data models.
This project will enhance cybersecurity operations across the state by providing SOC services to defense, industry, and K-12 partners.
Key Faculty and Collaborators
- Matt Hale, Ph.D. (POC)
- 13 collaborators from UNO IS&T
- One collaborator from UNO A&S
- NU ITS / OmniSOC
- Defense partners
Mobile Sensing/IoT and their Security and Privacy
We conduct research in applications of Mobile Sensing and the Internet of Things while also researching how to secure and protect the privacy of these systems. Research in this area includes mobile malware (e.g., COVID-19 malware), formal methods, Bluetooth security, multiple factor authentication, biometrics, intrusion detection, usable privacy, privacy policies, facial and bystanders’ privacy, and secure sensor data storage in Blockchain.
Activities & Outcomes
- $600K supported by the NSF while also training undergraduate students in research
- 54 students have participated in summer undergraduate research experiences, more than 30 publications in conferences and journals
- 20+ publications with undergraduates as coauthors
Key Faculty and Collaborators
- Alfredo J. Perez, Ph.D. (POC)
- Harvey Siy, Ph.D. (UNO)
- Pei-Chi Huang, Ph.D. (UNO)
- Jon Young, Ph.D. (UNO)
- Sayonnha Mandal, Ph.D.
- Mahadevan Subramaniam, Ph.D. (UNO)
- Sherali Zeadally, Ph.D. (University of Kentucky)
- Mustafa Al Lail, Ph.D. (Texas A&M International)
- Yesem Peker, Ph.D. (Columbus State University)
- Lydia Ray, Ph.D. (Columbus State University)
- Suk Jin Lee, Ph.D. (James Madison University)