Dr. Richard Enbody
Associate Professor
Department of Computer Science and Engineering,
College of Engineering,
Michigan State University.

I have been a professor at MSU since 1987. My research interests include computer security, computer architecture, web-based distance education and parallel processing.

Blog: I now have a blog

Python:

CS1 Text:

The Practice of Computing using Python, 3rd Ed (Python 3) with Dr. Punch. We wrote this book for MSU's CS1 course CSE 231 which must prepare students for the CS2 course in C++ (see our SIGCSE 2009 paper on how well we did). We are finding that non-majors gain useful programming skills and majors are better problem solvers.

Computer Security Research:

Ransomware:

Ransomware can be viewed a key-management problem: it generates keys to encrypt user files and then holds the keys for ransom. Protection of the keys is paramount for their success. Our Pickpocket process exploits a weakness to steal the keys. The weakness is based on the observation that cryptographic systems assume that the process doing the encryption has control of the computer, but ransomware does cryptography on the user's system so that assumption doesn't hold which creates an exploitable weakness.

In-Vehicle Security:

Starting in 2015 I have begun working with Ford on in-vehicle security. How do the bad guys get in and how do we keep them out!

Targeted Cyber Attacks Book:

Targeted Cyber Attacks: Multi-staged Attacks Driven by Exploits and Malware with Dr. Aditya Sood. According to C. Elisan of RSA: "The most complete text in targeted cyber attacks to date."

Browser Security:

Online banking and other financial transactions are popular targets for hackers: get an account and password to a financial institution and you can clean someone out. Formgrabbing grabs the login form upon submission before it is posted so the bad guys not only get it before network encryption, but they also get the data nicely labeled with "account" and "password." Web injects add extra fields into target pages so that the user might be asked for their PIN along with password and account. Since it is the bank's page, they are likely to provide it. The attack is done in user space using hooking. After analyzing the attack binaries we figured out the limitations of this attack, both the capabilities and the timing of attack phases. With the limitations in hand we came up with a server side defense that encrypts the form and signs the page so the server can determine if the page (including encryption) has been tampered with. Encryption protects the information, and signing allows the server to know that something bad has happened so the account can be suspended.

Fault Localization:

Fault localization is a process of identifying where bugs are in code. The best fault localization tools assume they have access to source code, and that a suite of test cases for good and bad runs exist. They can find flow-control bugs, but not data flow bugs. We have developed a technique that starts with a binary, automatically creates a test suite, and finds both flow-control and data-flow bugs. Our technique finds vulnerabilities, a critically important class of bugs, and has been tested on industrial-strength binaries such as Firefox. We begin with a binary and finish with the basic block containing the bug highlighted in IDA Pro. A critical ingredient is the technique of fuzzing.

Secure Bit:

We designed a hardware buffer-overflow prevention scheme, Secure Bit , which maintains binary compatibility with legacy code while preventing buffer-overflow attacks. Implemented using the BOCHS emulator, we booted Linux and ran Apache as well as JVM and other applications on Secure Bit. A patent is pending. Computers with this hardware would be protected from the most virulent computer worms and viruses.

iSafety:

In an NSF-funded collaboration with two faculty from the College of Communication Arts and Sciences named iSafety we extend online privacy research to develop a theoretical model of online safety behavior, evaluate and test that model in the context of current security interventions, and develop and test a consumer online safety tool. The human element is essential for computer security.

RFID:

There is growing interest at MSU on RFID issues both inside and outside of Engineering. The security, supply chain, agriculture, privacy, legal, and social issues are compelling. A multidisciplinary internal-to-MSU workshop considering those issues plus more took place in October 2006 with discussions continuing.

Integrating Security into the CS major:

With support from Microsoft Research we are incorporating security and privacy throughout the CS curriculum at MSU, and developing resources that will enable other universities to do the same. We see threat modeling as the current best practice to build upon in developing security so we plan to integrate threat modeling and general security principles into three levels of our curriculum: freshmen, sophomore, and upper-school (juniors & seniors). See plans.

Stopping the Warhol Worm:

The Warhol Worm is a worm which can spread through the Internet in 15 minutes. Is there any way to stop it? We investigate such fast-spreading worms, and find that it is possible to protect large parts of the Internet.

Virus dissections:

A wonderful article in IEEE Spectrum had a pictorial dissection of the Melissa virus. As a class exercise my students dissected additional viruses.

IDS:

We created a kernel-level intrusion-prevention system with nearly zero false positives which protects against privilege-raising attacks. No matter how the attacker got there, if they attempt to spawn a shell without authentication, the attack is halted. See Tech Report MSU-CSE-05-16

Honeynet:

We built a honeynet, and wrote a HoneyNet Handbook describing how to build a honeynet from discarded computers and free software.

Security Advice:

I am often asked where to start on security. I suggest a broad background on security and risk by reading Bruce Schneier who writes for general audiences, but has serious security credentials. A second read is The Risks Digest a moderated discussion on risk moderated by Peter Neumann dating back to 1985. I recommend the digests -- the signal-to-noise ratio is high. The topic is risk in general, but the discussions often cover computing and, in any case, the principles apply.

Defense Against the Dark Arts (DAtDA):

In Spring 2013 I formed an informal group of students to investigate the details of how cyber attacks occur and how to defend against them. The goal is hands-on experience. We meet bi-weekly with a goal of everyone working an attack, followed with a discussion on defense. Contact me if interested.

Smartphone Applications for People with Disabilities:

With support from the Dean of Engineering, a pair of engineers and a physician are working with MSU's Resource Center for Persons with Disabilities (RCPD) to develop smartphone applications for people with disabilities. Initially we are targeting applications for blind people -- an interesting challenge since smartphones such as the iPhone have a visual interface.

Patents:

In collaboration with Physics on Buckyballs and Nanotubes I have two patents awarded (one sold) on nanoscale devices; a third patent is pending on our hardware buffer-overflow prevention scheme. A fourth pending patent extends the buffer-overflow protection to all data. A fifth pending patent deals with segmenting groups of people for targeted education, i-safety in particular.

Distance Education:

Our CS1 course, Introduction to Programming using Python (CSE 231), added online sections starting in Spring 2013. Earlier I developed and offered for six semesters starting in 1996 a web-based version of the course using free software that a former student developed, Sync-O-Matic -- the online version was discontinued for budgetary reasons.

Teaching:

I have broad teaching interests and have taught a dozen different courses within the department. I have taught the graduate computer security course I created, CSE 825, an undergraduate cybersecurity course for non-majors I created, CSE 429, which is a collaboration among faculty from six colleges (law, business, communication, criminal justice, medicine, engineering) and the introduction to programming course, CSE 231. I also teach the graduate Advanced Computer Architecture course CSE 820 and the undergraduate Computer Architecture course CSE 420. Depending on teaching needs, I am likely to appear in almost any course since I have taught over fifteen different courses here at MSU.

I am proud to have won the College's Withrow Excellence in Teaching award twice (1992 and 2008), especially since the nomination and selection is done by students.

Before earning my Ph.D. at Minnesota I taught high school mathematics for six years in an elite prep school SPS, a rural high school HHS, an inner-city junior high Bryant (famous for Prince), and a suburban senior high Jefferson. I grew up in Concord, New Hampshire and Kittery Point, Maine. My B.A. is in Mathematics from Carleton College.

My Miata in the picture is a 2007 Grand Turing PRHT that I bought in 2014. The picture at the top of the page is me boiling down sap to make maple syrup. You need to boil down over 40 gallons of sap to make 1 gallon of maple syrup. For exercise, I commute on my bicycle, and play squash and ice hockey.

My Pages Contact information Biography Teaching and Office Hours Publications Patents Curriculum Vitae HoneyNet Handbook Carbon Nanomemory (ONR) Beyond RISC -- The Post-RISC Architecture Sailing a Tall Ship Chichen Itza and Isla Mujeres, Mexico Chasing Monarch Butterflies while touring Michoacán, Mexico Miata Autocross Interview for the MSU News Hotline Perfmon Performance Monitor Maple Syruping 2006 Enbody Jumble Puzzle

Useful Pages Sync-O-Matic 3000 Getting Started with Tcl/Tk Example of Tcl/Tk with C/C++ Dr. Fun Member of the Society of Childlike Adults