David Doss

Learn More
We describe innovative new approaches to teaching information systems security that may be used individually or in combination. Information system security is a difficult course to teach and these approaches provide resources to both novice and experienced educators to enhance their courses. We conclude that more educational development work needs to done(More)
We report a vulnerability to network signature-based IDS which we have tested using Snort and we call " Squealing ". This vulnerability has significant implications since it can easily be generalized to any IDS. The vulnerability of signature-based IDS to high false positive rates has been well-documented but we go further to show (at a high level) how(More)
The poor state of security on the Internet is the direct result of a market failure. Software companies have been able to institute a framework denying them liability for faulty products. In addition, time-to-market (Internet time) pressures compel software companies to release software as early as possible with lower levels of testing, if any testing at(More)
crash is becoming less of an option. Such crashes are becoming increasingly expensive to business and potentially life threatening to those who depend on essential services built on networked software systems. As the makeup of systems is increasingly composed of software relative to hardware, system crashes are more likely to be the result of a software(More)
Whole system assurance is necessary since over-reliance on protection solutions for system components has actually contributed to the fragility of information systems when viewed as a whole. For instance, the use of authentication and encryption to protect networked systems may actually add more vulnerabilities to the system as a whole than they eliminate.(More)
The poor state of security on the Internet calls for more effective ways to protect networked systems from attacks. One solution is to be able to counter attack with offensive capabilities. With attacker information available, companies find themselves in a dilemma – counter attack for immediate self-defense, retaliate for future deterrence, inform the(More)