• View

Papers and Presentations

Discussing the Use of Deception

• Avery, J., Almeshekah, M., & Spafford, E. (2017). Offensive Deception in Computing. In 12th International Conference on Cyber Warfare and Security 2017 Proceedings (p. 23).
• Deceptive Memory Systems - Countering Anti‐Forensics with Deception, C. N. Gutierrez, E. H. Spafford, and S. Bagchi. 17th Annual CERIAS Information Security Symposium: Poster, West Lafayette, IN, USA, April 2016. Best Poster Award, 3rd Place.
• The Cost of Deception, , J. Avery, C. N. Gutierrez, E. H. Spafford. 17th Annual CERIAS Information Security Symposium: Poster, West Lafayette, IN, USA, April 2016.
• Chapter 2 in Cyber Deception: Building the Scientific Foundation, entitled Cyber Security Deception, by M. Almeshekah and E. H. Spafford. 2016
• Deception in Computing: Where and How it Has Been Used, J. Avery,  C. N. Gutierrez, M. Almeshekah, S. Bagchi, and E. H. Spafford, 16th Annual CERIAS Information Security Symposium: Poster, West Lafayette, IN, USA, March 2015.
• Using Deceptive Information in Computer Security Defenses, M. Almeshekah and E. H. Spafford, International Journal of Cyber Warfare and Terrorism (IJCWT), 4 (3), 46-58, July-September 2014, IGI Global.
• The Case of Using Negative (Deceiving) Information in Data Protection, M. Almeshekah and E. Spafford, in Proceedings of the 9th International Conference on Cyber Warfare and Security ICCWS-2014, ISSN: 2048-9870, Academic Conferences and Publishing International Limited, March 2014.
  [paper] . [15th CERIAS Symposium: poster (Best Poster Award)]
• “Improving Security Using Deception, M. Almeshekah, E. Spafford and M. Atallah, The Center for Education and Research in Information Assurance and Security: Technical Report (CERIAS TR 2013-13).
• A Presentation, Truth and Consequences, that Spaf has given recently in several places, including University of Central Florida and Texas A&M University.

Systemization, Modeling and Integrating of Deception

• A Hypergame Analysis for ErsatzPasswords; Christopher Gutierrez, Mohammed Almeshekah, Eugene Spafford and Saurabh Bagchi; in proceedings of 33rd IFIP TC-11 SEC 2018 International Conference on Information Security and Privacy Protection, Poznan, Poland.
• Modeling Deception In Information Security As A Hypergame – A Primer;  Christopher Gutierrez, Mohammed Almeshekah, Eugene H. Spafford, Saurabh Bagchi, Jeff Avery, and Paul Wood; CERIAS Tech Report CERIAS TR 2016-5; July 2016.
• Modeling Deception In Information Security As A Hypergame — A Primer;  C. N. Gutierrez, M. Almeshekah, J. Avery, S. Bagchi, and E. H.Spafford, 16th Annual CERIAS Information Security Symposium: Poster, West Lafayette, IN, USA, March 2015.
• Planning and Integrating Deception into Computer Security Defenses, M. Almeshekah and E. H. Spafford, New Security Paradigms Workshop (NSPW’14), 15-18 September 2014, Victoria, BC, Canada.

Using Deception in Authentication

• Inhibiting and Detecting Offline Password Cracking Using ErsatzPasswords; Christopher N. Gutierrez, Mohammed H. Almeshekah, Eugene H. Spafford, Mikhail J. Atallah, and Jeff Avery. ACM Trans. Priv. Secur. 19, 3, Article 9 (December 2016), 30 pages. DOI: https://doi.org/10.1145/2996457 [17th CERIAS Symposium Poster, 1st Place] [Video Presentation]
• Deceptive Memory Systems - Countering Anti‐Forensics
• ErsatzPasswords: Ending Password Cracking and Detecting Password Leakage; M. Almeshekah, C. N. Gutierrez, M. Atallah and E.H. Spafford; pp. 311-320; proceedings of ACSAC 2015, Universal City, CA, Dec 2015.
• Enhancing Passwords Security using Deceptive Covert Communication; M. Almeshekah, M. Atallah and E. H. Spafford, International Conference on ICT Systems Security and Privacy Protection, IFIP SEC’15, May 26-28, 2015, Hamburg, Germany (to appear).
• ErsatzPasswords – Ending Passwords Cracking, M. Almeshekah, C. N. Gutierrez, M. Atallah and E.H. Spafford.[Technical Report] .  [16th CERIAS  Symposium: Poster] . [Implementation] . [FAQs]
• Defending against Password Exposure using Deceptive Covert Communication, M. Almeshekah, M. Atallah and E. H. Spafford, The Center for Education and Research in Information Assurance and Security: Technical Report (CERIAS TR 2015-3).

Deceptive Patching

• Jeffrey Avery and John Ross Wallrabenstein. Formally modeling deceptive patches using a game-based approach, in Computers & Security, Elsevier, v75 pp 182-190, March 2018. [Paper]
• Jeff Avery. The Application of Deception to Software Security Patching Purdue University Computer Science, Ph.D. Dissertation and CERIAS TR 2017-03, August 2017. [PhD disseration]
• Avery, J., & Spafford, E. H. (2017, May). Ghost Patches: Fake Patches for Fake Vulnerabilities. In IFIP International Conference on ICT Systems Security and Privacy Protection (pp. 399-412). Springer, . [Paper].
• CERIAS Symposium, “Ghost Patches: Faux Patches for Faux Vulnerabilities”, 2017 [Poster]

Deceptive Memory

• Christopher N. Gutierrez, Eugene H. Spafford, Saurabh Bagchi, Thomas Yurek; Reactive Redundancy for Data Destruction Protection (R2D2); v 72, pp. 184-201; Computers & Security; Elsevier; May 2018.

Dissertations and Theses

• Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses, M. Almeshekah, Purdue University Computer Science, Ph.D. Dissertation and CERIAS TR 2015-11, August 2015.
• The Application of Deception to Software Security Patching, J. Avery. Purdue University Computer Science, Ph.D. Dissertation and CERIAS TR 2017-03, August 2017.
• Deceptive Memory Systems, C. N. Gutierrez. Purdue University Computer Science, Ph.D. Dissertation and CERIAS TR 2017-05, December 2017.