Timothy J. Shimeall

Learn More
The increased use of botnets as an attack tool and the awareness attackers have of blocking lists leads to the question of whether we can effectively predict future bot locations. To that end, we introduce a network quality that we term uncleanliness: an indicator of the propensity for hosts in a network to be compromised by outside parties. We hypothesize(More)
The software fault-tree analysis technique is explained. It is then extended to allow its use on a more complex language involving such features as concurrency and exception handling. Ada is used as the example language because many safety-critical projects are using or planning to use Ada. It also contains complex, real-time programming facilities found in(More)
This paper presents the results of a n empirical study of software e r r o r detection using self checks and N-version voting. A total of 24 graduate students in computer science a t the University of Virginia and the University of California, Irvine, were hired a s programmers. Working independently, each first prepared a set of self checks using just the(More)
Dawn M. Cappelli CERT/CC Software Engineering Institute dmc@cert.org Andrew P. Moore CERT/CC Software Engineering Institute apm@cert.org Timothy J. Shimeall CERT/CC Software Engineering Institute, USA, tjs@cert.org David F. Andersen University at Albany State University of New York david.andersen@albany.edu Jose J. Gonzalez Agder University College Norway(More)
MURPHY is a language-independent, experimental methodology for building safety-critical, real time software, which will include an integrated tool set. Using Ada as an example, this paper presents a technique for verifying the safety of complex, real-time software using Software Fault Tree Analysis. The templates for Ada are presented along with an example(More)
The Insider Threat Study, conducted by the U.S. Secret Service and Carnegie Mellon University’s Software Engineering Institute CERT Program, analyzed insider cyber crimes across U.S. critical infrastructure sectors. The study indicates that management decisions related to organizational and employee performance sometimes yield unintended consequences(More)
ion [16]. None of the readers had practiced any systematic code reading prior to this experiment. The readers had levels of experience comparable to the programmers. The readers were each assigned one version and provided hard copy of only that version. They were required to annotate the version with abstractions of the purpose of each code section and to(More)