Teaching

CYBR 2250 - Low Level Programming

CYBR 4440 - Industrial Control Security

CYBR 4450 - Host-based Vulnerability Discovery (Reverse Engineering)

CYBR 9460 - Secure Embedded Systems

CSCI 4500 - Operating Systems

CSCI 4700 - Compiler Construction - whenever allowed. Long story.

Interests

Intermediate Representation (IR) vulnerability analysis: Just what the name says, right? Look at IR, see vulnerabilities, call it in. Over! Give me 'Ham' on five and hold the 'Mayo'.

Software Fingerprinting: Static and dynamic fingerprinting of software for intellectual property protection. Software executable steganography. Wrong prints. It happens.

Software Obfuscation: Obfuscation and anti-reverse engineering of binary executables. Binary opcode hiding and mingling. Thwarting reversing tools.

Also - Industrial Control: Various attack methods on industrial control protocols, in particular CIP and EtherNet/IP. Reverse engineering of operating systems and file systems in PLCs. Tamper detection with SCADAHawk. SCADA in the transportation sector - airports in particular. Modeling regulatory compliance in real-time. Development of hardware-in-the-loop devices.

Publications

Journal Publications:

George Grispos, Frank Tursi, William Mahoney, "A Digital Forensic Analysis of An Electrocardiogram (ECG) Medical Device: A First Look", WIREs Forensic Science, awaiting publication.

George Grispos, William Mahoney, "Cyber Pirates Ahoy! An Analysis of Cybersecurity Challenges in the Shipping Industry", International Journal of Information Warfare, Vol. 21 No. 3, July 2022.

William Mahoney, "No Silver Lining: Information Leakage in Cloud Infrastructures" Journal of Information Warfare Vol. 18, No. 1, Winter 2019.

GA Roth, WR Mahoney, ML Hale, "Critical Infrastructure: You Get What You Pay For", Journal of Information Warfare, Vol. 17, No. 2, Spring 2018.

Douglas C. Derrick, Gina Scott Ligon, Mackenzie Harms, William Mahoney, John Crowe, "Cyber Sophistication Assessment Methodology for Public Facing Terrorist Websites", Journal of Information Warfare, Vol. 16, No. 1, Winter 2017, pp 13-30.

Eric Edens, William Mahoney, "Like My Terrorist Site? Pin It!", Journal of Information Warfare, January 2016.

William Mahoney, "Modifications to GCC for Increased Software Privacy", International Journal of Information and Computer Security, Vol. 7, No. 2/3/4, 2015.

NR Arnold, WR Mahoney, DC Derrick, GS Ligon, MM Harms, "Feasibility of a Cyber Attack on National Critical Infrastructure by a Non-State Violent Extremist Organization", Journal of Information Warfare, Volume 14, Number 1, April 2015.

Matthew Battey, Abhishek Parakh and William Mahoney, "Cryptanalysis and Improvements of the Quasigroup Block Cipher", Journal of Information Assurance and Security (JIAS), Volume 10 Issue 1, January 2015, pp 31-39.

John McCarthy, William Mahoney, "SCADA Threats in the Modern Airport", International Journal of Cyber Warfare and Terrorism, Vol. 3 No. 4, October-December 2013.

Sara Shinn, William Mahoney, "Optimal Values for Disrupting x86-64 Reverse Assemblers", International Journal of Computer Science and Network Security, Volume 11, Number 11, November 2011.

Sharma, A., R. A. Gandhi, W. Mahoney, W. Susan, Q. Zhu, "Building a Social Dimensional Cyber Attack Threat Model with Formal Concept Analysis and Fact Proposition Space Inference", Computers & Security, Elsevier, International Journal of Information and Computer Security, Vol. 5, No. 4, 2013, pp 301-333.

Connie Jones, Robin Gandhi, William Mahoney, "A Freshman Level Course on Information Assurance: Can it be Done? Here’s How", Inroads - The SIGCSE Bulletin, Association for Computing Machinery, Volume 3 Issue 3, September 2012, pp. 50-61.

William Mahoney, Robin Gandhi, "Reverse Engineering: Is it Art?" Inroads - The SIGCSE Bulletin, Association for Computing Machinery, Volume 3 Issue 1, March 2012, pp. 56-61.

Gandhi, R.A., Sharma, A. Mahoney, W., Susan, W., Quiming, Z., Laplante, P., (2011) "The Cultural, Social, Economic, and Political Dimensions of Cyber Attacks" IEEE Technology and Society Magazine, Volume 30, Number 1, Spring 2011 Issue.

Mahoney, W., Gandhi, R.A., "An Integrated Framework for Control System Simulation and Regulatory Compliance Monitoring", International Journal of Critical Infrastructure Protection (IJCIP), Vol. 4, 2011.

William Mahoney and James Harr (2010) "A Linux Implementation of Windows ACLs", International Journal of Computer Science and Network Security, Volume 10, Number 7, July 2010.

William Mahoney and Jay Pederson, "Teaching Compiler Code Generation – Simpler Is Better", Inroads - The SIGCSE Bulletin, Association for Computing Machinery, Volume 41, Number 4, December 2009.

William Mahoney, Peter Hospodka, William Sousan, Ryan Nickell, and Qiuming Zhu (2009), "A Coherent Measurement of Web Search Relevance", IEEE Transactions on Systems, Man, and Cybernetics, Volume 39, Number 6, November.

William Mahoney, Bradley Haas, Alex Nicoll, "1-E-4: Café Mocha with Sugar; An Investigation into the Security of a Closed Debit System", accepted and then redacted (UNO request) from Journal of Information Assurance and Security.

William Mahoney and Craig A. Pokorny (2009), "Do-It-Yourself Guide to Cell Phone Malware", International Journal of Computer Science and Network Security, 9(1), January.

William L. Sousan, Qiuming Zhu, Ryan Nickell, William Mahoney, and Pete Hospodka (2008), "Collecting Open Source Intelligence via Tailored Information Delivery Services", Journal of Information Warfare, 7(2).

William Mahoney and William Sousan (2007), "Instrumentation of Open-Source Software for Intrusion Detection", Seventh Workshop on Runtime Verification, Lecture Notes in Computer Science, Number 4839, pp 151-163.

William Mahoney and William Sousan (2007), "Using Common Off-The-Shelf Tools to Implement Dynamic Aspects", SIGPLAN Notices, February, No. 6-38.

Paul Hultquist and William Mahoney (1998), "Using Simulation to Solve a Conveyor System Controller Design Problem", Simulation (Transactions of The Society for Modeling and Simulation International), Volume 71 Number 1, July, 31-37.

Selected Conference/Workshop Publications:

William Mahoney, Adam Spanier, "Can You Give Me a Lift?" Proceedings of the 19th International Conference on Cyber Warfare and Security, 26 - 27 March 2024, Johannesburg, South Africa.

Adam Spanier and William Mahoney, "Static Analysis Using Intermediate Representations: A Literature Review", Proceedings of the 22nd European Conference on Cyber Warfare and Security, Athens Greece, June 22 and 23, 2023.

William Mahoney, J. Todd McDonald, George Grispos, Sayonnha Mandal, "Improvements on Hiding x86-64 Instructions by Interleaving", 18th International Conference on Cyber Warfare and Security, March 9-10, 2023, Towson University, Towson, Maryland.

George Grispos, William Mahoney, Sayonnha Mandal, "Search and CompAre Reverse (SCAR): A Bioinformatics–Inspired Methodology for Detecting File Remnants in Digital Forensics", 18th International Conference on Cyber Warfare and Security, March 9-10, 2023, Towson University, Towson, Maryland.

Mullins, J.Alex, McDonald, J. Todd, Mahoney, William R., Andel, Todd R., "Evaluating Security of Executable Steganography for Digital Software Watermarking", IEEE SoutheastCon 2022, Mobile, AL, March 31 – April 3, 2022.

Mahoney, W., Sigillito1, P., Smolinski, J., McDonald, J. T., Grispos, (2021). "Analyzing the Performance of Block-Splitting in LLVM Fingerprinting", 17th International Conference on Cyber Warfare and Security, March 17-18, 2022, Albany, New York, USA.

George Grispos, Frank Tursi, Kim-Kwang Raymond Choo, William Mahoney  and William Bradley Glisson, "A Digital Forensics Investigation of a Smart Scale IoT Ecosystem" 20th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom 2021).

William Mahoney, Gregory Hoff, J. Todd McDonald, George Grispos, "Software Fingerprinting in LLVM", 16th International Conference on Cyber Warfare and Security, 2021.

Chinguun Purevdagva, Rui Zhao, Pei-Chi Huang, William Mahoney, "A Machine-Learning Based Framework for Detection of Fake Political Speech", 19th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom 2020).

J. Alex Mullins, J. Todd McDonald, William R. Mahoney, Todd R. Andel, "Evaluating Security of Executable Steganography for Digital Software Watermarking", 2020 Cybersecurity Symposium, Moscow, Idaho.

Talon Flynn, George Grispos, William Glisson, William Mahoney, "Knock! Knock! Who is There? Investigating Data Leakage from a Medical Internet of Things Hijacking Attack", Hawaii International Conference on System Sciences, 2020.

William Mahoney, Joseph Franco, Greg Hoff, J. Todd McDonald, "Leave it to Weaver", 8th Software Security, Protection, and Reverse Engineering Workshop, Puerto Rico, December 3-4 2018.

Ramya Manikyam, Todd McDonald, William Mahoney, Todd Andel and Samuel Russ, “Comparing the Effectiveness of Commercial Obfuscators against MATE Attacks”, Software Security, Protection, and Reverse Engineering Workshop (SSPREW), December 2016.

William Mahoney, Abhishek Parakh, "Towards a New Quasigroup Block Cipher for a Single-Chip FPGA Implementation", The 24th International Conference on Computer Communications and Networks, ICCCN 2015, Las Vegas, Nevada, USA, August 3 – August 6, 2015

Hardware Implementation of Quasigroup Encryption for SCADA Networks, William Mahoney, Abhishek Parakh and Matthew Battey, The 13th IEEE International Symposium on Network Computing and Applications (IEEE NCA14), August 2014, Cambridge, MA.

Authentication Bypass and Remote Escalated I/O Command Attacks, Ryan Grandgenett, William Mahoney, Robin Gandhi, 10th Cyber and Information Security Research Conference, Oak Rdige, Tennessee, April 2015.

Exploitation of Allen Bradley's Implementation of EtherNet/IP for Denial of Service Against Industrial Control Systems, Ryan Grandgenett, Robin Gandhi and William Mahoney, 9th International Confernce on Cyber Warfare and Security, Purdue University, March 2014.

My PLC Makes an Excellent Web Server, William Mahoney, 9th International Conference on Cyber Warfare and Security, Purdue University, March 2014.

Privacy Preserving Computations using Implicit Security; Abhishek Parakh, William Mahoney, Third International Workshop on Privacy, Security and Trust in Mobile and Wireless Systems (MobiPST 2013), Nassau, Bahamas, July 30.

Fingerprinting Malware using Bioinformatics Tools Building a Classifier for the Zeus Virus; Jay Pedersen, Dhundy Bastola, Ken Dick, Robin Gandhi, William Mahoney, 2013 International Conference on Security and Management (SAM'13), Las Vegas, USA, July 22-25.

A New Quasigroup Based Random Number Generator; Matthew Battey, Abhishek Parakh, William Mahoney, 2013 International Conference on Security and Management (SAM'13), Las Vegas, USA, July 22-25.

SCADA Threats in the Modern Airport, John McCarthy, and William Mahoney, International Conference on Information Warfare, Denver CO, March 2013.

Jay Pedersen, Dhundy Bastola, Ken Dick, Robin Gandhi, William Mahoney, "BLAST Your Way Through Malware", 2012 International Conference on Security and Management (SAM'12)

William Sousan, Robin Gandhi, Qiuming Zhu, William Mahoney (2011), "Using Anomalous Event Patterns in Control Systems for Tamper Detection", CSIIRW-7 Cyber Security and Information Intelligence Research Workshop, Oct 12-14, 2011, Oak Ridge, Tennessee.

Nicholas Wertzberger, Casey Glatter, William Mahoney, Robin Gandhi, Kenneth Dick (2011), "Towards a Low-Cost SCADA Test Bed: An Open-Source Platform for Hardware-in-the-Loop Simulation", The 2011 International Conference on Security and Management, Special Track on Mission Assurance and Critical Infrastructure Protection (STMACIP'11), Las Vegas, Nevada.

Brett Walenz, Robin Gandhi, William Mahoney, Quiming Zhu (2010), "Exploring Social Contexts along the Time Dimension: Temporal Analysis of Named Entities"; Second IEEE International Conference on Social Computing (SocialCom10).

Anup Sharma, Robin A. Gandhi, William Mahoney, William Sousan, Qiuming Zhu (2010), "Building a Social Dimensional Threat Model from Current and Historic Events of Cyber Attacks"; Second IEEE International Conference on Information Privacy, Security, Risk and Trust, Symposium on Secure Computing (SecureCom-10).

William Sousan, Anup Sharma, Robin A. Gandhi, William Mahoney, Qiuming Zhu (2010), "Using Term Extraction Patterns to Discover Coherent Relationships from Open Source Intelligence"; Second IEEE International Conference on Information Privacy, Security, Risk and Trust, Symposium on Secure Computing (SecureCom-10).

Robin Gandhi, William Mahoney, Ken Dick, Zachary Wilson (2010), "Language-driven Assurance for Regulatory Compliance of Control Systems", Proceedings of the International Conference on Information Warfare and Security, April 2010.

Robin Gandhi, William Mahoney, Ken Dick (2009), "ADACS – A Language for Monitoring Regulatory Compliance in Control Systems"; Second Workshop on Compiler and Architectural Techniques for Application Reliability and Security, the 39th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, Estoril, Portugal.

William Mahoney and William Sousan (2008), "Intrusion Detection via Instrumented Software"; First Workshop on Compiler and Architectural Techniques for Application Reliability and Security, the 38th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, June 24-27, 2008, Anchorage, Alaska.

Dan Cotton, Steve Nugen, William Mahoney (2008), "The Impact of the Federal Desktop Core Configuration on Incident Response"; Proceedings of the International Conference on Information Warfare and Security, April, 2008.

William Mahoney and William Sousan (2008), "IDEA: A New Intrusion Detection Data Source"; Second International Conference on Information Security and Assurance, April 24-26, Busan, Korea.

William Mahoney and William Sousan (2007), "Intrusion Detection in Open Source Software Via Dynamic Aspects"; Proceedings of the International Conference on Information Warfare and Security, March 8-9, Naval Postgraduate School, Monterey, California.

William Mahoney (2006), "Compiler Assisted Tracking of Hacker Assaults"; Proceedings of the International Conference on Information Warfare and Security, University of Maryland Eastern Shore, March 15-16.

Book Chapters:

Sousan, W., Zhu, Q., Gandhi, R.A., Mahoney, W., (2013) Smart Grid Tamper Detection using Learned Event Patterns, Systems and Optimization Aspects of Smart Grid Challenges, Springer, Editors: Dr. Marco Carvalho, Vijay Pappu, Dr. Panos M. Pardalos, Optimization and Security Challenges in Smart Power Grids Energy Systems, 2013, pp 99-115