Mark Stamp

Work place: San Jose State University , San Jose, California

E-mail: stamp@cs.sjsu.edu

Website:

Research Interests: Information Security, Network Security, Information Systems, Information Retrieval

Biography

Mark Stamp is Professor of Computer Science at San Jose State University. His research interests include malware, cryptography, other aspects of information security, and applications of machine learning. Professor Stamp has authored (or co-authored) more than 80 research papers and 2 textbooks.

Author Articles
Social Networking for Botnet Command and Control

By Ashutosh Singh Annie H. Toderici Kevin Ross Mark Stamp

DOI: https://doi.org/10.5815/ijcnis.2013.06.02, Pub. Date: 8 May 2013

A botnet is a group of compromised computers—often a large group—under the command and control of a malicious botmaster. Botnets can be used for a wide variety of malicious attacks, including spamming, distributed denial of service, and identity theft. Botnets are generally recognized as a serious threat on the Internet. This paper discusses SocialNetworkingBot, a botnet we have developed that uses Twitter for command and control. In SocialNetworkingBot, the botmaster tweets commands that are acted on by the individual bots. We discuss the functionality and implementation of SocialNetworkingBot, as well as a small-scale experiment that we have conducted. The botnet presented here is intended to serve as a proof of concept and a platform to facilitate further research.

[...] Read more.
Software Activation Using Multithreading

By Jianrui Zhang Mark Stamp

DOI: https://doi.org/10.5815/ijcnis.2012.12.01, Pub. Date: 8 Nov. 2012

Software activation is an anti-piracy technology designed to verify that software products have been legitimately licensed. Activation should be quick and simple while simultaneously being secure and protecting customer privacy. The most common form of software activation is for the user to enter a legitimate product serial number. However, software activation based on serial numbers appears to be weak, since cracks for many programs are readily available on the Internet. Users can employ such cracks to bypass software activation.
Serial number verification logic usually executes sequentially in a single thread. Such an approach is relatively easy to break since attackers can trace the code to understand how the logic works. In this paper, we develop a practical multi-threaded verification design. Our results show that by proper use of multi-threading, the amount of traceable code in a debugger can be reduced to a low percentage of the total and the traceable code in each run can differ as well. This makes it significantly more difficult for an attacker to reverse engineer the code as a means of bypassing a security check. Finally, we attempt to quantify the increased effort needed to break our verification logic.

[...] Read more.
Other Articles