Research

Peer-Reviewed Journals & Conferences | Grants

Peer-Reviewed Journals & Conferences

  1. A. Podhradsky, J. Pauli, K. Streff, P. Engebretson (2012): “A Restructured Information Technology Risk Assessment Model for Small and Medium-Sized Financial Institutions.” Journal of Accounting and Finance. ISSN# 2158-3625. In Press.
  2. R. Woelfel and J. Pauli. "Towards Tool-Driven Penetration Testing for Form-Based Authentication". Proc. of ISCA 27th INTERNATIONAL CONFERENCE ON COMPUTERS AND THEIR APPLICATIONS. March 2012, Las Vegas, NV, USA
  3. A. Klindworth and J. Pauli. "An Introductory Look at Vulnerability Hunting". Proc. of the ISCA 27th INTERNATIONAL CONFERENCE ON COMPUTERS AND THEIR APPLICATIONS. March 2012, Las Vegas, NV, USA
  4. H. Kam and J. Pauli. "Web Penetration Testing: Effectiveness of Student Learning in Web Application Security". Proc. of 2011 IEEE Frontiers in Education (FIE). October 2011. Rapid City, SD, USA
  5. A. Podhradsky, P. Engebretson, J. Pauli, and K. Streff. "A Restructured Information Technology Risk Assessment Model for Small and Medium-sized Financial Institutions". Proc. of 11th Annual Hawaii International Conference on Business. May 2011. Honolulu, HI, USA.
  6. J. Pauli, M. Ham, M. Zautke, and P. Engebretson. "CookieMonster: Automated Session Hijacking Archival and Analysis". Proc. of the 7th International Conference on Information Technology : New Generations (ITNG 2011). April 2011, Las Vegas, NV, USA
  7. P. Engebretson, J. Burroughs, and J. Pauli. “Attack Traffic Libraries for Testing and Teaching Intrusion Detection Systems”. Proc. of Information Systems Analysis and Synthesis: (ISAS 2011). March 2011. Orlando, FL, USA.
  8. J. Windsor and J. Pauli. "Smashing Web Goat for Fun and Research: Static Code Scanner Evaluation", Proc of the 2010 OWASP AppSec DC Conference. Nov. 2010, Washington, DC, USA
  9. J. Pauli and P. Engebretson. "Cradle-To-Grave Approach to Retaining Students in Information Security Programs ". Proc. of the 2010 International Conference on Security and Management (SAM'10). July 2010, Las Vegas, NV, USA
  10. P. Engebretson, J. Pauli, and J. Bosma. "Lessons Learned From an Evolving Information Assurance Lab". Proc. of the 2010 International Conference on Security and Management (SAM'10). July 2010, Las Vegas, NV, USA
  11. P. Engebretson and J. Pauli. "Leveraging Parent Mitigations and Threats for CAPEC-Driven Hierarchies". Proc. of the 6th International Conference on Information Technology : New Generations (ITNG 2009). April 2009, Las Vegas, NV, USA
  12. P. Engebretson and J. Pauli. "Realizing Knock-Out Effect and Parent Mitigation Power for Detailed Attack Patterns: A Case Study". Proc. of the 9th IASTED International Conference on Software Engineering and Applications (SEA 2008). November 2008. Orlando, FL, USA
  13. P. Engebretson, J. Pauli and K. Streff. "Abstracting Parent Mitigations from the CAPEC Attack Pattern Dictionary". Proc. of the 2008 International Conference on Security and Management (SAM'08). July 2008, Las Vegas, NV, USA
  14. J. Pauli, P. Engebretson, and K. Streff. "An Ethical Network Hacking Contest for Undergraduate Student Recruitment". Proc. of the 2008 International Conference on Frontiers in Education: Computer Science and Computer Engineering (FECS'08). July 2008, Las Vegas, NV, USA
  15. J. Pauli. "Incentive-based Technology Start-up Program for Undergraduate Students". Proc. of the 5th International Conference on Information Technology : New Generations (ITNG 2008). April 2008, Las Vegas, NV, USA
  16. P. Engebretson and J. Pauli. "Towards a Specification Prototype for Hierarchy-Driven Attack Patterns". Proc. of the 5th International Conference on Information Technology : New Generations (ITNG 2008). April 2008, Las Vegas, NV, USA
  17. J. Pauli and P. Engebretson. "Hierarchy-Driven Approach for Attack Patterns in Software Security Education". Proc. of the 5th International Conference on Information Technology : New Generations (ITNG 2008). April 2008, Las Vegas, NV, USA
  18. J. Pauli. "Breaking "Extends" Relationships for Use/Misuse/Mitigation Use Case Refinement". Proc. of the 16th International Conference on Software Engineering and Data Engineering (SEDE 2007). July 2007, Las Vegas, NV, USA
  19. J. Pauli. "Leveraging the TabletPC in Systems Analysis and Design Courses". Proc. of the 16th International Conference on Software Engineering and Data Engineering (SEDE 2007). July 2007, Las Vegas, NV, USA
  20. D. Xu and J. Pauli, "Threat-Driven Design and Analysis of Secure Software Architectures", Journal of Information Assurance (JIAS), Issue 3, Volume 1, 2006
  21. J. Pauli. "The Role of Sequence Diagrams in Use/Misuse Case Decomposition for Secure Systems". Proc. of the 7th IASTED International Conference on Software Engineering and Applications (SEA 2006). November 2006. Dallas, TX, USA
  22. J. Pauli and D. Xu, "Integrating Functional and Security Requirements with Use Case Decomposition", Proc. of the 11th International Conference on Engineering of Complex Computer Systems (ICECCS 2006). August 2006, Palo Alto, CA, USA
  23. J. Pauli and D. Xu, "Ensuring Consistent Use/Misuse Case Decomposition for Secure Systems", Proc. of the 18th International Conference on Software Engineering and Knowledge Engineering (SEKE 2006). July 2006, San Francisco, CA, USA
  24. J. Pauli and D. Xu, "Threat-driven Architectural Design of Secure Information Systems", Proc. of the 7th International Conference on Enterprise Information Systems (ICEIS 2005). May 2005, Miami, FL, USA
  25. J. Pauli and D. Xu, "Trade-off Analysis of Misuse Case-based Secure Software Architectures: A Case Study", Proc. of the 3rd International Workshop on Verification & Validation of Enterprise Information Systems (VVEIS 2005). May 2005, Miami, FL, USA
  26. J. Pauli and D. Xu, "Misuse Case-Based Design and Analysis of Secure Software Architecture", Proc. of the International Conference on Information Technology Coding and Computing (ITCC 2005). April 2005, Las Vegas, NV, USA

    [TOP]

Grants

  1. Feb. 2012: PI on $468, 081.41 Department of Defense Information Assurance Scholarship Program (DoD IASP) grant.
  2. Jan. 2012: PI on $15,000 Department of Homeland Security (DHS) grant for administering the 2012 North Central Region of the Collegiate Cyber Defense Competition. [awarded]
  3. Aug. 2011: PI on $93,000 National Science Foundation grant titled "Online Banking Systems Security Research". [awarded NSF award DUE-1153336]
  4. Aug. 2011: Co-PI on $400,000 National Science Foundation grant titled "MRI: Acquisition of an Online Banking System for Information Assurance Research". [awarded NSF award CNS-1123220]
  5. Feb. 2011: PI on $305,389 Department of Defense Information Assurance Scholarship Program (DoD IASP) grant. [$70,926 awarded]
  6. Jan. 2011: PI on $1,305,565 National Science Foundation - Scholarship for Service (NSF-SFS) grant titled "Dakota Defenders Information Assurance Scholarship Program". [awarded NSF award DUE-1026114]
  7. Oct. 2010: PI on $10,000 Department of Homeland Security (DHS) grant for administering the 2010 North Central Region of the Collegiate Cyber Defense Competition. [awarded]
  8. Oct. 2010: PI on $14,050 Department of Homeland Security (DHS) grant for administering the 2011 North Central Region of the Collegiate Cyber Defense Competition. [awarded]
  9. Mar. 2010: Co-PI on $328,427 National Science Foundation - Research Experience for Undergraduates titled "REU Site: Information Assurance and Security". [awarded NSF award CNS-1004843]
  10. Jan. 2010: PI on $227,642 Department of Defense Information Assurance Scholarship Program (DoD IASP) grant. [$35,291.13 awarded]

    [TOP]