Josh Pauli, Ph.D.

Professor
College of Computing
Dakota State University

Research

Grants

  1. Aug. 2015: PI on $142,784 Department of Defense Information Assurance Scholarship Program (DoD IASP) grant. [awarded]
  2. Aug. 2014: PI on $4,853,212 National Science Foundation Scholarship for Service (NSF-SFS) grant titled "DSU Cyber Corps Renewal". [awarded DGE-1423208]
  3. May 2014: PI on $98,566 Department of Defense Information Assurance Scholarship Program (DoD IASP) grant. [awarded]
  4. Jan. 2014: PI on $18,170 National Science Foundation grant titled "Expansion of CyberSTARS Summer Camp for 10-12 graders". [awarded DUE-1026114]
  5. Aug. 2013: PI on $99,346 National Science Foundation grant titled "CyberSTARS Summer Camp for 10-12 graders". [awarded NSF award DUE-1026114]
  6. Feb. 2013: PI on $98,079.33 Department of Defense Information Assurance Scholarship Program (DoD IASP) grant. [awarded]
  7. Feb. 2012: PI on $46,081.41 Department of Defense Information Assurance Scholarship Program (DoD IASP) grant. [awarded]
  8. Jan. 2012: PI on $15,000 US Air Force Research Laboratory & University of Texas - San Antonio sub-award for administering the 2012 North Central Region of the Collegiate Cyber Defense Competition. [awarded]
  9. Aug. 2011: PI on $93,000 National Science Foundation grant titled "Online Banking Systems Security Research". [awarded NSF award DUE-1153336]
  10. Aug. 2011: Co-PI on $642,728 National Science Foundation grant titled "MRI: Acquisition of an Online Banking System for Information Assurance Research". [awarded NSF award CNS-1123220]
  11. Feb. 2011: PI on $70,926 Department of Defense Information Assurance Scholarship Program (DoD IASP) grant. [awarded]
  12. Jan. 2011: PI on $1,514,913 National Science Foundation - Scholarship for Service (NSF-SFS) grant titled "Dakota Defenders Information Assurance Scholarship Program". [awarded NSF award DUE-1026114]
  13. Oct. 2010: PI on $10,000 Department of Homeland Security (DHS) grant for administering the 2010 North Central Region of the Collegiate Cyber Defense Competition. [awarded]
  14. Oct. 2010: PI on $14,050 Department of Homeland Security (DHS) grant for administering the 2011 North Central Region of the Collegiate Cyber Defense Competition. [awarded]
  15. Mar. 2010: Co-PI on $328,427 National Science Foundation - Research Experience for Undergraduates titled "REU Site: Information Assurance and Security". [awarded NSF award CNS-1004843]
  16. Jan. 2010: PI on $35,291.13 Department of Defense Information Assurance Scholarship Program (DoD IASP) grant. [awarded

Papers

  1. J. Pauli. "Refining Use/Misuse/Mitigation Use Cases for Security Requirements". Journal of Software Engineering and Applications (JSEA) Volume 7 No. 8 2014.
  2. J. Pauli and K. Haubris. "Improving the Efficiency and Effectiveness of Penetration Test Automation". Proc. of the 9th International Conference on Information Technology : New Generations (ITNG'13). April 2013, Las Vegas, NV, USA
  3. T. Perez and J. Pauli: "Municipal E-Government Security: Insights from Municipalities in Orange County, California". Proc. of the The 2012 International Conference on e-Learning, e-Business, Enterprise Information Systems, and e-Government (EEE'12). July 2012, Las Vegas, NV, USA
  4. A. Podhradsky, J. Pauli, K. Streff, and P. Engebretson (2012): “A Restructured Information Technology Risk Assessment Model for Small and Medium-Sized Financial Institutions.” Journal of Accounting and Finance. ISSN# 2158-3625. In Press.
  5. R. Woelfel and J. Pauli. "Towards Tool-Driven Penetration Testing for Form-Based Authentication". Proc. of ISCA 27th INTERNATIONAL CONFERENCE ON COMPUTERS AND THEIR APPLICATIONS. March 2012, Las Vegas, NV, USA
  6. A. Klindworth and J. Pauli. "An Introductory Look at Vulnerability Hunting". Proc. of the ISCA 27th INTERNATIONAL CONFERENCE ON COMPUTERS AND THEIR APPLICATIONS. March 2012, Las Vegas, NV, USA
  7. H. Kam and J. Pauli. "Web Penetration Testing: Effectiveness of Student Learning in Web Application Security". Proc. of 2011 IEEE Frontiers in Education (FIE). October 2011. Rapid City, SD, USA
  8. A. Podhradsky, P. Engebretson, J. Pauli, and K. Streff. "A Restructured Information Technology Risk Assessment Model for Small and Medium-sized Financial Institutions". Proc. of 11th Annual Hawaii International Conference on Business. May 2011. Honolulu, HI, USA.
  9. J. Pauli, M. Ham, M. Zautke, and P. Engebretson. "CookieMonster: Automated Session Hijacking Archival and Analysis". Proc. of the 7th International Conference on Information Technology : New Generations (ITNG 2011). April 2011, Las Vegas, NV, USA
  10. P. Engebretson, J. Burroughs, and J. Pauli. “Attack Traffic Libraries for Testing and Teaching Intrusion Detection Systems”. Proc. of Information Systems Analysis and Synthesis: (ISAS 2011). March 2011. Orlando, FL, USA.
  11. J. Windsor and J. Pauli. "Smashing Web Goat for Fun and Research: Static Code Scanner Evaluation", Proc of the 2010 OWASP AppSec DC Conference. Nov. 2010, Washington, DC, USA
  12. J. Pauli and P. Engebretson. "Cradle-To-Grave Approach to Retaining Students in Information Security Programs ". Proc. of the 2010 International Conference on Security and Management (SAM'10). July 2010, Las Vegas, NV, USA
  13. P. Engebretson, J. Pauli, and J. Bosma. "Lessons Learned From an Evolving Information Assurance Lab". Proc. of the 2010 International Conference on Security and Management (SAM'10). July 2010, Las Vegas, NV, USA
  14. P. Engebretson and J. Pauli. "Leveraging Parent Mitigations and Threats for CAPEC-Driven Hierarchies". Proc. of the 6th International Conference on Information Technology : New Generations (ITNG 2009). April 2009, Las Vegas, NV, USA
  15. P. Engebretson and J. Pauli. "Realizing Knock-Out Effect and Parent Mitigation Power for Detailed Attack Patterns: A Case Study". Proc. of the 9th IASTED International Conference on Software Engineering and Applications (SEA 2008). November 2008. Orlando, FL, USA
  16. P. Engebretson, J. Pauli and K. Streff. "Abstracting Parent Mitigations from the CAPEC Attack Pattern Dictionary". Proc. of the 2008 International Conference on Security and Management (SAM'08). July 2008, Las Vegas, NV, USA
  17. J. Pauli, P. Engebretson, and K. Streff. "An Ethical Network Hacking Contest for Undergraduate Student Recruitment". Proc. of the 2008 International Conference on Frontiers in Education: Computer Science and Computer Engineering (FECS'08). July 2008, Las Vegas, NV, USA
  18. J. Pauli. "Incentive-based Technology Start-up Program for Undergraduate Students". Proc. of the 5th International Conference on Information Technology : New Generations (ITNG 2008). April 2008, Las Vegas, NV, USA
  19. P. Engebretson and J. Pauli. "Towards a Specification Prototype for Hierarchy-Driven Attack Patterns". Proc. of the 5th International Conference on Information Technology : New Generations (ITNG 2008). April 2008, Las Vegas, NV, USA
  20. J. Pauli and P. Engebretson. "Hierarchy-Driven Approach for Attack Patterns in Software Security Education". Proc. of the 5th International Conference on Information Technology : New Generations (ITNG 2008). April 2008, Las Vegas, NV, USA
  21. J. Pauli. "Breaking "Extends" Relationships for Use/Misuse/Mitigation Use Case Refinement". Proc. of the 16th International Conference on Software Engineering and Data Engineering (SEDE 2007). July 2007, Las Vegas, NV, USA
  22. J. Pauli. "Leveraging the TabletPC in Systems Analysis and Design Courses". Proc. of the 16th International Conference on Software Engineering and Data Engineering (SEDE 2007). July 2007, Las Vegas, NV, USA
  23. D. Xu and J. Pauli, "Threat-Driven Design and Analysis of Secure Software Architectures", Journal of Information Assurance (JIAS), Issue 3, Volume 1, 2006
  24. J. Pauli. "The Role of Sequence Diagrams in Use/Misuse Case Decomposition for Secure Systems". Proc. of the 7th IASTED International Conference on Software Engineering and Applications (SEA 2006). November 2006. Dallas, TX, USA
  25. J. Pauli and D. Xu, "Integrating Functional and Security Requirements with Use Case Decomposition", Proc. of the 11th International Conference on Engineering of Complex Computer Systems (ICECCS 2006). August 2006, Palo Alto, CA, USA
  26. J. Pauli and D. Xu, "Ensuring Consistent Use/Misuse Case Decomposition for Secure Systems", Proc. of the 18th International Conference on Software Engineering and Knowledge Engineering (SEKE 2006). July 2006, San Francisco, CA, USA
  27. J. Pauli and D. Xu, "Threat-driven Architectural Design of Secure Information Systems", Proc. of the 7th International Conference on Enterprise Information Systems (ICEIS 2005). May 2005, Miami, FL, USA
  28. J. Pauli and D. Xu, "Trade-off Analysis of Misuse Case-based Secure Software Architectures: A Case Study", Proc. of the 3rd International Workshop on Verification & Validation of Enterprise Information Systems (VVEIS 2005). May 2005, Miami, FL, USA
  29. J. Pauli and D. Xu, "Misuse Case-Based Design and Analysis of Secure Software Architecture", Proc. of the International Conference on Information Technology Coding and Computing (ITCC 2005). April 2005, Las Vegas, NV, USA

Courses

CSC 245

Information Assurance Fundamentals

CSC 434

Application Security

CSC 470

Software Engineering

INFA 729

Advanced Web Hacking

CSC 840

Full Scope Security Testing

CSC 842

Rapid Security Tool Development

Contact

Electronic

Josh.Pauli@dsu.edu
p) 605-256-5181
f) 605-256-5060

Mail

820 N. Washington Ave.
DSU - East Hall 104A
Madison, SD 57042