MARK STAMP
stamp@cs.sjsu.edu
Department of Computer Science
San Jose State University
One Washington Square
San Jose, California  95192

Education

PhD    Mathematics Texas Tech University 1/89–5/92
Lubbock, Texas
MS Mathematics Texas Tech University 8/86–8/88
Lubbock, Texas
BS Computer Science    Morningside College 8/79–5/83
Sioux City, Iowa
High School Harlan Community High School    8/75–5/79
Harlan, Iowa


Employment



Personal Data



Expertise and Experience



Professional Organizations



Selected Academic Referee Experience



Selected Consulting Experience



Grants



Recent Conferences and Presentations



Publications

  1. Automating NFC message sending for good and evil, with N. B. Brandt (student), to appear in Journal of Computer Virology and Hacking Techniques.

  2. Hunting for metamorphic JavaScript malware, with M. Musale (student) and T. H. Austin, to appear in Journal of Computer Virology and Hacking Techniques.

  3. Hunting for pirated software using metamorphic analysis, with H. Rana (student), submitted.

  4. Metamorphic detection using function call graph analysis, with P. Deshpande (student), submitted.

  5. Singular value decomposition and metamorphic detection, with R. K. Jidigam (student) and T. H. Austin, to appear in Journal of Computer Virology and Hacking Techniques.

  6. Compression-based analysis of metamorphic malware, with J. Lee (student) and T. H. Austin, submitted.

  7. Hidden Markov models for malware classification, with C. Annachhatre (student) and T. H. Austin, to appear in Journal of Computer Virology and Hacking Techniques.

  8. Deriving common malware behavior through graph clustering, with Y. Park and D. S. Reeves, Computers & Security, 39(B):419–430, November 2013.

  9. Masquerade detection for GUI-based Windows systems, with A. Agrawal (student), submitted.

  10. Kullback-Leibler divergence for masquerade detection, with G. R. Viswanathan (student) and R. M. Low, Journal of Network and Information Security, 1(1):44–53, June 2013.

  11. Metamorphic code from LLVM bytecode, with T. Tamboli (student) and T. H. Austin, Journal of Computer Virology and Hacking Techniques, 10(3):177–187, August 2014.

  12. HTTP attack detection using n-gram analysis, with A. Oza (student), K. Ross (student), and R. M. Low, Computers & Security, 45:242–254, September 2014.

  13. Eigenvalue analysis for metamorphic detection, with S. Deshpande (student) and Y. Park, Journal of Computer Virology and Hacking Techniques, 10(1):53–65, February 2014.

  14. Simple substitution distance and metamorphic detection, with G. Shanmugam (student) and R. M. Low, Journal of Computer Virology and Hacking Techniques, 9(3):159–170, August 2013.

  15. Structural entropy and metamorphic malware, with D. Baysa (student) and R. M. Low, Journal of Computer Virology and Hacking Techniques, 9(4):179–192, November 2013.

  16. Social networking for botnet command and control, with A. Singh (student), A. H. Toderici (student), and K. Ross (student), International Journal of Computer Network and Information Security, 5(6):11–17, May 2013.

  17. Java design pattern obfuscation, with P. K. Gone (student), Proceedings of the 2013 International Conference on Security & Management (SAM'13), July 22–25, 2013.

  18. Chi-squared distance and metamorphic virus detection, with A. H. Toderici (student), Journal of Computer Virology and Hacking Techniques, 9(1):1–14, February 2013.

  19. Cryptanalysis of Typex, with K. Chang (student) and R. M. Low, Cryptologia, 38(2):116–132, 2014.

  20. Metamorphic worm that carries its own morphing engine, with S. M. Sridhara (student), Journal of Computer Virology and Hacking Techniques, 9(2):49–58, May 2013.

  21. Hidden Markov models for software piracy detection, with S. Kazi (student), Information Security Journal: A Global Perspective, 22(3):140–149, 2013.

  22. Exploring hidden Markov models for virus analysis: A semantic approach, with T. H. Austin, E. Filiol, and S. Josse, Proceedings of 46th Hawaii International Conference on System Sciences (HICSS 46), January 7–10, 2013.

  23. Efficient cryptanalysis of homophonic substitution ciphers, with A. Dhavare (student) and R. M. Low, Cryptologia, 37(3):250–281, 2013.

  24. Opcode graph similarity and metamorphic detection, with N. Runwal (student) and R. M. Low, Journal in Computer Virology, 8(1-2):37–52, May 2012.

  25. Software similarity and metamorphic detection, with M. Mungale (student), in Proceedings of 2012 International Conference on Security & Management (SAM '12).

  26. Masquerade detection using profile hidden Markov models, with L. Huang (student), Computers & Security, 30(8):732–747, November 2011.

  27. Information Security: Principles and Practice, 2nd edition, Wiley, May 2011, ISBN: 978-0-470-62639-9.

  28. Improved software activation using multithreading, with J. Zhang (student), International Journal of Computer Network and Information Security, 4(12):1–17, November 2012.

  29. Hunting for undetectable metamorphic viruses, with D. Lin (student), Journal in Computer Virology, 7(3):201–214, August 2011.

  30. Detecting undetectable metamorphic viruses, with S. Venkatachalam (student), Proceedings of 2011 International Conference on Security & Management (SAM '11), pp. 340–345.

  31. A highly metamorphic virus generator, with P. Desai (student), International Journal of Multimedia Intelligence and Security, 1(4):402–427, 2010.

  32. iPhone security analysis, with V. Pandya (student), Journal of Information Security, 1(2):73–86, October 2010.

  33. Handbook of Information and Communication Security, editor, with P. Stavroulakis, Springer, March 2010, ISBN: 978-3-642-04116-7.

  34. An introduction to software reverse engineering, with T. Cipresso (student), in Handbook of Information and Communication Security, Springer, March 2010.

  35. QuickPay online payment protocol, with J. Dai (student), Proceedings of SEKE '08.

  36. Profile hidden Markov models and metamorphic virus detection, with S. Attaluri (student) and S. McGhee (student), Journal in Computer Virology, 5(2):151–169, May 2009.

  37. Digital rights management for streaming media, with D. Brahmbhatt (student), Handbook of Research on Secure Multimedia Distribution, IGI Global, March 2009, ISBN: 978-1-60566-262-6.

  38. Digital rights management for untrusted peer-to-peer networks, with P. Priyadarshini (student), Handbook of Research on Secure Multimedia Distribution, IGI Global, March 2009, ISBN: 978-1-60566-262-6.

  39. An agent-based privacy enhancing model, with H.-H. Lee (student), Information Management & Computer Security, 16(3):305–319, 2008.

  40. P2PTunes: A peer-to-peer digital rights management system, with R. Venkataramu (student), Handbook of Research on Secure Multimedia Distribution, IGI Global, March 2009, ISBN: 978-1-60566-262-6.

  41. SIGABA: Cryptanalysis of the full keyspace, with W. O. Chan (student), Cryptologia, 31(3):201–222, July 2007.

  42. P3P privacy enhancing agent, with H.-H. Lee (student), Proceedings of the 3rd ACM Workshop on Secure Web Services (SWS'06), Alexandria, Virginia, November 3, 2006, pp. 109–110.

  43. Hunting for metamorphic engines, with W. Wong (student), Journal in Computer Virology, 2(3):211–229, December 2006.

  44. Applied Cryptanalysis: Breaking Ciphers in the Real World, with R. M. Low, Wiley-IEEE Press, April 2007, ISBN: 978-0-470-11486-5.

  45. King and rook vs. king on a quarter-infinite board, with R. M. Low, Integers: The Electronic Journal of Combinatorial Number Theory, 6:Article G3, 2006.

  46. Information theory, with D. Blockus, invited book chapter, The Handbook of Computer Networks, H. Bidgoli, editor, John Wiley & Sons, Inc., November 2007, ISBN: 978-0-471-64833-8.

  47. Role based access control and the JXTA peer-to-peer framework, with A. Mathur (student) and S. Kim, Proceedings of 2006 International Conference on Security & Management (SAM '06), Las Vegas, Nevada, June 26–29, 2006.

  48. Metamorphic software for buffer overflow mitigation, with X. Gao (student), Proceedings of 3rd Conference on Computer Science and its Applications, P. P. Dey and M. N. Amin, editors, San Diego, California, June 28–30, 2005.

  49. On using mouse movements as a biometric, with S. Hashia (student) and C. Pollett, Proceedings of 3rd Conference on Computer Science and its Applications, P. P. Dey and M. N. Amin, editors, San Diego, California, June 28–30, 2005.

  50. Stealthy ciphertext, with M. Simova (student) and C. Pollett, Proceedings of 3rd International Conference on Internet Computing (ICOMP '05), Las Vegas, Nevada, June 27–30, 2005.

  51. Unpredictable binary strings, with R. M. Low, R. Craigen, and G. Faucher, Congressus Numerantium 177, 2005, pp. 65–75, MR2198651.

  52. Information Security: Principles and Practice, Wiley Interscience, September 2005, ISBN: 0-471-73848-4.

  53. Software watermarking via assembly code transformations, with S. Thaker (student), Proceedings of 2nd Conference on Computer Science and its Applications, P. P. Dey, M. N. Amin, and T. M. Gatton, editors, San Diego, California, June 2004, pp. 205–209.

  54. Hamptonese and hidden Markov models, with E. Le (student), Lecture Notes in Control and Information Sciences, Vol. 321, Springer 2005, W. P. Dayawansa, A. Lindquist, and Y. Zhou, editors, pp. 367–378.

  55. Enterprise digital rights management: Ready for primetime?, with E. J. Sebes, Business Communications Review, March 2004, pp. 52–55.

  56. Risks of monoculture, Inside Risks 165, Communications of the ACM, 47(3):120, March 2004.

  57. Multilevel security models, with A. Hushyar (student), invited chapter, The Handbook of Information Security, H. Bidgoli, editor, John Wiley & Sons, Inc., January 2006, ISBN: 0-471-64833-7.

  58. A characterization of a class of discrete nonlinear feedback systems, with D. I. Wallace, and C. F. Martin, Communications in Information and Systems, 5(3):305–310, 2005.

  59. Solvable problems in enterprise digital rights management, with E. J. Sebes, Information Management & Computer Security, 15(1):33–45, 2007.

  60. Secure streaming media and digital rights management, with D. Holankar (student), Proceedings of the 2004 Hawaii International Conference on Computer Science, Honolulu, Hawaii, January 2004, pp. 85–97.

  61. Digital rights management: For better or for worse?, ExtremeTech, May 20, 2003. Also appeared on eWEEK, May 1, 2003.

  62. The MediaSnap® digital rights management system, with P. Sabadra (student), Proceedings of Conference on Computer Science and its Applications, P. P. Dey, M. N. Amin, and T. M. Gatton, editors, San Diego, California, July 2003.

  63. Software uniqueness: How and why, with P. Mishra (student), Proceedings of Conference on Computer Science and its Applications, P. P. Dey, M. N. Amin, and T. M. Gatton, editors, San Diego, California, July 2003.

  64. Pokémon® cards and the shortest common superstring, with A. E Stamp, Graph Theory Notes of New York, XLVII:19–24, 2004, MR2134214.

  65. Risks of digital rights management, Inside Risks 147, Communications of the ACM, 45(9):120, September 2002.

  66. Digital rights management: The technology behind the hype, Journal of Electronic Commerce Research, 4(3):102–112, 2003.

  67. NSA paper, A stroll through WOK THROUGH, status unknown.

  68. Rush Hour® and Dijkstra's algorithm, with B. Engel (student), M. Ewell (student), and V. Morrow (student), Graph Theory Notes of New York XL:23–30, 2001, MR1823243. Expanded tables of results.

  69. NSA paper, Let me count the ways..., status unknown.

  70. NSA paper, Hitchhiker's guide to dynamic programming, status unknown.

  71. NSA paper, STA PUF is no marshmallow, status unknown.

  72. Random walks on wheels, with M. Lee (student), Graph Theory Notes of New York XXXIII, 1997, pp. 24–25.

  73. NSA paper R51/TECH/038/93, S-243,676, November 1996: Title and subject classified.

  74. NSA paper Z52 TSR-007-95, August 1995: Title and subject classified.

  75. NSA paper Z21 TSR-21-94, December 1994: Title and subject classified.

  76. NSA paper Z52 ITN-004-94, February 1994: Title and subject classified.

  77. A model for the optimal control of a measles epidemic, with C. F. Martin, L. Allen, M. Jones, and R. Carpio, Computation and Control III: Proceedings of the Third Bozeman Conference, Progress in Systems and Control Theory, Vol. 15, K. Bowers and J. Lund, editors, Boston: Birkhäuser, 1993, MR1247482.

  78. Urn model simulations of a sexually transmitted disease epidemic, with C. F. Martin, and L. J. S. Allen, Applied Mathematics and Computation, 71:179–199, 1995.

  79. Pseudo-random sequences in secret key cryptography, with C. F. Martin, Proceedings of the 1992 International Computer Symposium, Vol. 1, Feng Chia University, Taichung, Taiwan, 1992, pp. 166–173.

  80. Stochastic analysis of vaccination strategies, with L. Allen, T. Lewis, C. Martin, R. Carpio, M. Jones, G. Mundel, and A. Way, Stochastic Theory and Adaptive Control, Proceedings of a workshop held in Lawrence, Kansas, September 26–28, 1991, Lecture Notes in Control and Information Sciences 184, T. E. Duncan and B. Pasik-Duncan, editors, Springer-Verlag, 1992, pp. 1–11.

  81. An analysis of the transmission of Chlamydia in a closed population, with C. F. Martin and L. J. S. Allen, Journal of Difference Equations and Applications, 2(1):1–29, 1996, MR1375593.

  82. An algorithm for the k-error linear complexity of binary sequences with period 2n, with C. F. Martin, IEEE Transactions on Information Theory, 39(4):1398–1401, July 1993, MR1267161.

  83. Gaussian quadrature and linear systems, with C. F. Martin, Computation and Control II: Proceedings of the Second Bozeman Conference, Progress in Systems and Control Theory, Vol. 11, K. Bowers and J. Lund, editors, Boston: Birkhäuser, 1991, pp. 263–277, MR1140027.

  84. Analysis of a measles epidemic, with L. J. S. Allen, T. Lewis, C. F. Martin, G. Mundel, A. B. Way, C. K. Lo, and M. A. Jones, Statistics in Medicine, 12:229–239, 1993.

  85. A note on the error in Gaussian quadrature, with C. F. Martin, Applied Mathematics and Computation, 47:25–35, 1992, MR1137059.

  86. A generalized linear complexity, Ph.D. dissertation, Department of Mathematics, Texas Tech University, May 1992.

  87. Analysis of infinite dimensional dynamic systems with nonlinear observation over a finite field, with C. F. Martin, Modeling, Estimation and Control of Systems with Uncertainty, Progress in Systems and Control Theory, Vol. 10, G. B. DiMasi, A. Gombani, and A. B. Kurzhansky, editors, Boston: Birkhäuser, 1991, pp. 301–323, MR1133379.

  88. Discrete observability and numerical quadrature, with C. F. Martin and X. Wang, IEEE Transacations on Automatic Control, 36(11):1337–1340, November 1991, MR1130511.

  89. Mathematical analyses and simulations of a measles epidemic, with L. Allen, T. Lewis, C. Martin, M. Jones, C. Lo, G. Mundel, and A. Way Proceedings of the American Statistical Association Biometric Society-Eastern North American Region (ENAR) Spring Meeting, March 24–27, 1991, Houston, Texas.

  90. A mathematical analysis and simulation of a localized measles epidemic, with L. J. S. Allen, T. Lewis, and C. F. Martin, Applied Mathematics and Computation, 39:61–77, 1990.

  91. Classification and realization of pseudo-random number generators, with C. F. Martin, Systems and Control Letters, 14:169–175, 1990, MR1044323.

  92. Constructing polynomials over finite fields, with C. F. Martin, Computation and Control: Proceedings of the Bozeman Conference, Progress in Systems and Control Theory, Vol. 1, K. Bowers and J. Lund, editors, Boston: Birkhäuser, 1989, pp. 233–252, MR1046854.

  93. Constructing polynomials over finite fields, Master's thesis, Department of Mathematics, Texas Tech University, December 1988.


Cryptanalysis Challenge Problems

  1. Typex — Part 1 (known plaintext, recover key), with K. Chang and R. M. Low. Level II challenge at MysteryTwister C3: The Crypto Challenge Contest.

  2. Typex — Part 2 (known plaintext, recover rotor wirings), with K. Chang and R. M. Low, submitted.

  3. Substitution Cipher with Non-Prefix Codes (ciphertext only), with R. Muralidhar. Level III challenge at MysteryTwister C3: The Crypto Challenge Contest.

  4. Zodiac Cipher (homophonic substitution). Level I challenge at MysteryTwister C3: The Crypto Challenge Contest.

  5. CMEA 1 (known plaintext). Level II challenge at MysteryTwister C3: The Crypto Challenge Contest.

  6. CMEA 2 (known plaintext with limited data). Level III challenge at MysteryTwister C3: The Crypto Challenge Contest.

  7. Akelarre Part 1 (known plaintext). Level II challenge at MysteryTwister C3: The Crypto Challenge Contest.

  8. Purple 1 (ciphertext only). Level II challenge at MysteryTwister C3: The Crypto Challenge Contest.

  9. ORYX Stream Cipher Part I (known keystream). Level II challenge at MysteryTwister C3: The Crypto Challenge Contest.

  10. ORYX Stream Cipher Part II (known keystream with non-standard "L" table). Level II challenge at MysteryTwister C3: The Crypto Challenge Contest.

  11. ORYX Stream Cipher Part III (known keystream with unknown "L" table), submitted.

  12. Enigma Part 1 (ciphertext only, determine rotor settings). Level II challenge at MysteryTwister C3: The Crypto Challenge Contest.

  13. Enigma Part 2 (ciphertext only, determine stecker). Level II challenge at MysteryTwister C3: The Crypto Challenge Contest.

  14. Sigaba Part 1 (known plaintext, restricted keyspace). Level II challenge at MysteryTwister C3: The Crypto Challenge Contest.

  15. Sigaba Part 2 (known plaintext). Level III challenge at MysteryTwister C3: The Crypto Challenge Contest.


Unpublished Writings

  1. Efficient cryptanalysis of homophonic substitution ciphers, 2011.

  2. A revealing introduction to hidden Markov models, 2004.

  3. Once upon a time-memory tradeoff, 2003.

  4. Pokémon® trading card sequences, with A. E Stamp, 2002.


Students



Autobiography