Dr. Richard Enbody
Department of Computer Science and Engineering,
College of Engineering,
Michigan State University.
I have been a professor at MSU since 1987.
My research interests include computer security, computer architecture,
web-based distance education and parallel processing.
- CS1 Text:
The Practice of Computing using Python
with Dr. Punch. We wrote this book
for MSU's CS1 course CSE 231
which must prepare students for the CS2 course in C++ (see our SIGCSE 2009 paper on how well we did).
We are finding that non-majors
gain useful programming skills and majors are better problem solvers.
It was published by Addison-Wesley (Pearson) in 2010.
It is also listed on
Amazon.com. A Python 3 version is in the works.
- Computer Security Research:
- Fault Localization:
Fault localization is a process of identifying where bugs are in code.
The best fault localization tools assume they have access to source code, and that a suite of
test cases for good and bad runs exist. They can find flow-control bugs, but not data flow bugs.
We have developed a technique that starts with a binary, automatically creates a test suite, and
finds both flow-control and data-flow bugs. Our technique finds vulnerabilities, a critically
important class of bugs, and has been tested on industrial-strength binaries such as Firefox.
We begin with a binary and finish with the basic block containing the bug highlighted in IDA Pro.
A critical ingredient is
the technique of fuzzing.
- Browser Security:
Online banking and other financial transactions are popular targets for hackers: get an account and password
to a financial institution and you can clean someone out.
We begin with an assumption that a client's machine is already infected, and from the server side (bank's side)
we can determine if the banking session has had malicious code injected.
If a bank knows that fact, they can terminate the session and by doing so can protect the client.
- Secure Bit:
- We designed a
hardware buffer-overflow prevention scheme,
, which maintains binary compatibility with legacy code while preventing buffer-overflow
attacks. Implemented using the BOCHS emulator, we booted Linux and ran Apache as well as
JVM and other applications on Secure Bit. A patent is pending. Computers with this
hardware would be protected from the most virulent computer worms and viruses.
- In an NSF-funded collaboration with two faculty from the College of Communication
Arts and Sciences named iSafety
we extend online privacy research to develop a theoretical model of online safety
behavior, evaluate and test that model in the context of current security interventions,
and develop and test a consumer online safety tool. The human element
is essential for computer security.
There is growing interest at MSU on RFID issues both inside and outside
of Engineering. The security, supply chain, agriculture, privacy, legal,
and social issues are compelling. A multidisciplinary internal-to-MSU workshop
considering those issues plus more took place in October 2006 with discussions
- Integrating Security into the CS major:
With support from Microsoft Research we are incorporating security and privacy throughout the CS curriculum
at MSU, and developing resources that will enable other universities to do the same.
We see threat modeling as the current best practice to build upon in developing
security so we plan to integrate threat modeling and general security
principles into three levels of our curriculum: freshmen, sophomore, and
upper-school (juniors & seniors). See plans.
- Stopping the Warhol Worm:
The Warhol Worm is a worm which can spread
through the Internet in 15 minutes. Is there any way to stop it?
We investigate such fast-spreading
worms, and find that it is possible to protect large parts of the Internet.
- Virus dissections:
A wonderful article in IEEE Spectrum had a pictorial dissection of the Melissa
virus. As a class exercise my students
dissected additional viruses.
- We created a kernel-level intrusion-prevention system with nearly zero false positives
which protects against privilege-raising attacks. No matter how the attacker got there,
if they attempt to spawn a shell without authentication, the attack is halted.
See Tech Report MSU-CSE-05-16
- We built a honeynet, and wrote a HoneyNet Handbook
describing how to build a honeynet from discarded computers and free software.
- Security Advice:
- Here is some simple advice on online safety
and on identity theft.
- Smartphone Applications for People with Disabilities:
- With support from the Dean of Engineering, a pair of engineers and a physician are working with MSU's
Resource Center for Persons with Disabilities (RCPD) to develop smartphone applications for
people with disabilities. Initially we are targeting applications for blind people -- an interesting
challenge since smartphones such as the iPhone have a visual interface.
- In collaboration with Physics
on Buckyballs and Nanotubes I have two
awarded (one sold)
on nanoscale devices; a third
pending on our hardware buffer-overflow
prevention scheme. A fourth pending patent extends the buffer-overflow protection to all data. A fifth pending patent deals with segmenting groups of people for
targeted education, i-safety in particular.
- Distance Education:
- I developed and offered for six semesters starting in 1996 a web-based version of our introductory course CSE 231 using free software that a former
student developed, Sync-O-Matic, but the course
has been discontinued for budgetary reasons.
- I have broad teaching interests and have taught a dozen different
courses within the department.
I have been taught the
graduate computer security course I created,
an undergraduate cybersecurity
course I created
which is a collaboration among faculty from six colleges
(law, business, communication, criminal justice, medicine, engineering)
and the introduction
to programming course, CSE 231.
I also teach the graduate Advanced Computer Architecture course
CSE 820 and the undergraduate Computer Architecture course CSE 420.
Depending on teaching needs, I am likely to appear in almost any course since I have taught over fifteen different courses here at MSU.
I am proud to have won the College's Withrow
Excellence in Teaching award twice (1992 and 2008), especially since the
nomination and selection is done by students.
Before earning my Ph.D. at Minnesota I taught high school mathematics for six years
in an elite prep school SPS,
a rural high school HHS,
an inner-city junior high Bryant (famous for Prince),
and a suburban senior high Jefferson.
I grew up in Concord, New Hampshire and
Kittery Point, Maine. My B.A. is in Mathematics from
My Miata in the picture is a 1991 A-pkg (short crank) that I bought in 2001. The picture at the top of the page is me boiling down sap to make maple syrup. You need to boil down over 40 gallons of sap to make 1 gallon of maple syrup. For exercise, I commute
on my bicycle, and play squash and ice hockey.
enbody < AT > cse.msu.edu