Download PDF

Education

The Pennsylvania State University
  Ph.D., Computer Science and Engineering, December 2011
  Advisor: Dr. Patrick McDaniel
  Dissertation: Building Scalable Document Integrity Systems

The Pennsylvania State University
  M.S., Computer Science and Engineering, December 2009
  Advisor: Dr. Patrick McDaniel
  Thesis: Scalable Web Content Attestation

The Pennsylvania State University
  B.S., Computer Engineering, May 2006

Academic Appointments

Assistant Professor, August 2017 to present
University of North Carolina at Charlotte, Department of Software and Information Systems, Charlotte, NC

Research Assistant, Summer 2007 to Fall 2011
Systems and Internet Infrastructure Security Lab, The Pennsylvania State University, University Park, PA
Advisor: Dr. Patrick McDaniel

  • Explored trusted computing and virtual machine integrity

Instructor, Spring 2007
Computer Science and Engineering Department, The Pennsylvania State University, University Park, PA

  • Taught Introduction to Algorithmic Processes (CMPSC 101) using the Microsoft Visual Basic programming language

Industrial Appointments

Research Scientist, Fall 2011 to Summer 2017
Secure Resilient Systems and Technology Group, MIT Lincoln Laboratory, Lexington, MA

  • Explored trusted computing and secure data provenance to address critical national security needs

Research Intern, Summer 2007
Internet and Networking Systems Research Center, AT&T Labs Research, Florham Park, NJ
Mentor: Shubho Sen

  • Developed tools to support automated configuration management of networking infrastructure

Systems Administrator, Spring 2004 to Summer 2007
Geodynamics Research Group, The Pennsylvania State University, University Park, PA
Supervisor: Dr. Kevin P. Furlong

Professional Activities

Organizing Committees

  • 2020: IEEE Secure Development Conference (SecDev, Treasurer)
  • 2019: IEEE Symposium on Security and Privacy (Oakland, Student PC Chair), USENIX Workshop on the Theory and Practice of Provenance (TaPP, Co-Chair)
  • 2018: IEEE Symposium on Security and Privacy (Oakland, Treasurer), Annual Computer Security Applications Conference (ACSAC)
  • 2017: IEEE Symposium on Security and Privacy (Oakland, Treasurer), Annual Computer Security Applications Conference (ACSAC, Poster and WiP Chair)
  • 2016: Annual Computer Security Applications Conference (ACSAC, Poster and WiP Chair)
  • 2015: Annual Computer Security Applications Conference (ACSAC, Poster and WiP Chair)

Program Committees

  • 2018: Network and Distributed System Security Symposium (NDSS), USENIX Security (Security), International Workshop on Theory and Practice of Provenance (TaPP), International Conference on Science of Cyber Security (SciSec), IEEE Secure Development Conference (SecDev), Premier International Conference for Military Communications (MILCOM)
  • 2017: International Conference on Availability, Reliability and Security (ARES), International Workshop on Theory and Practice of Provenance (TaPP), International Symposium on Stabilization, Safety, and Security of Distributed Systems (SSS), Premier International Conference for Military Communications (MILCOM), IEEE Secure Development Conference (SecDev)
  • 2016: Annual Computer Security Applications Conference (ACSAC), International Conference on Availability, Reliability and Security (ARES), Premier International Conference for Military Communications (MILCOM)
  • 2015: Annual Computer Security Applications Conference (ACSAC), International Conference on Availability, Reliability and Security (ARES), Premier International Conference for Military Communications (MILCOM)
  • 2014: Annual Computer Security Applications Conference (ACSAC), International Conference on Availability, Reliability and Security (ARES)
  • 2013: Annual Computer Security Applications Conference (ACSAC), International Conference on Availability, Reliability and Security (ARES)
  • 2012: Annual Computer Security Applications Conference (ACSAC), International Conference on Availability, Reliability and Security (ARES)

Reviewer

(Years removed for brevity)

  • ACM Cloud Computing Security Workshop (CCSW)
  • ACM Computer and Communications Security Conference (CCS)
  • ACM Symposium on Access Control Models and Technologies (SACMAT)
  • ACM Transactions on Internet Technology (TOIT)
  • ACM Transactions on Privacy and Security (TOPS)
  • Annual Computer Security Applications Conference (ACSAC)
  • IEEE International Conference on Computer Communications (INFOCOM)
  • IEEE International Symposium on Hardware Oriented Security and Trust (HOST)
  • IEEE Security and Privacy Magazine(S&P)
  • IEEE Symposium on Security and Privacy (Oakland)
  • IEEE Transactions on Big Data (TBD)
  • IEEE Transactions on Dependable and Secure Computing (TDSC)
  • IEEE Transactions on Software Engineering (TSE)
  • International Conference on Information Security and Assurance (ISA)
  • International Conference on Information Systems Security (ICISS)
  • Packt Publishing
  • Springer-Verlag Transactions on Computational Science (TCS)
  • USENIX Security Symposium (USENIX Security)
  • USENIX Workshop on Hot Topics in Security (HotSec)
  • Wiley Software Practice and Experience (SPE)
  • Workshop on Virtual Machine Security (VMSec)

Teaching

  • ITIS 3110 – IT Infrastructure II: Design and Practice – Fall 2017, Spring 2018, Fall 2018, Spring 2019
  • ITIS 4010 – Topics in SIS: “Competitive Cyber Defense” – Spring 2018, Spring 2019

Students

Current PhD Students

  • Abdullah Al Farooq, expected Spring 2020

Current MS Students

  • Jessica Marquard, expected Summer 2019
  • Trevon Williams, expected Summer 2019

PhD Alumni

MS Alumni

  • Anibal J. Robles Perez, Fall 2018, now PhD Student at UNC Charlotte

Publications

Journal Publications

  • A. Bates, D. (J. Tian, G. Hernandez, T. Moyer, K. R. B. Butler, and T. Jaeger, “Taming the Costs of Trustworthy Provenance through Policy Reduction,” Transactions on Internet Technology, 2017.
  • T. Moyer, K. Butler, J. Schiffman, P. McDaniel, and T. Jaeger, “Scalable Web Content Attestation,” IEEE Transactions on Computers, vol. 61, no. 5, pp. 686–699, May 2012.
  • J. Schiffman, T. Moyer, T. Jaeger, and P. McDaniel, “Network-based Root of Trust for Installation,” IEEE Security & Privacy Magazine, Jan. 2011.
  • K. Butler, S. McLaughlin, T. Moyer, and P. McDaniel, “New Security Architectures Based on Emerging Disk Functionality,” IEEE Security & Privacy Magazine, Sep. 2010.
  • W. Enck, T. Moyer, P. McDaniel, S. Sen, P. Sebos, S. Spoerel, A. Greenberg, Y.-W. E. Sung, S. Rao, and W. Aiello, “Configuration Management at Massive Scale: System Design and Experience,” IEEE Journal on Selected Areas in Communications (JSAC), Apr. 2009.

Conference Publications

  • A. A. Farooq, E. Al-Shaer, T. Moyer, and K. Kant, “IoTC^2: A Formal Method Approach for Detecting Conflicts in Large Scale IoT Systems,” in 2019 IFIP/IEEE Symposium on Integrated Network and Service Management (IM), 2019.
  • W. U. Hassan, A. Bates, and T. Moyer, “Towards Scalable Cluster Auditing through Grammatical Inference over Provenance Graphs,” in Network and Distributed System Security Symposium, NDSS 2018, 2018.
  • T. Pasquier, X. Han, M. Goldstein, M. Seltzer, T. Moyer, D. Eyers, and J. Bacon, “Practical Whole-System Provenance Capture,” in Proceedings of the 8th ACM Symposium on Cloud Computing, Sep. 2017.
  • A. Bates, K. Butler, A. Dobra, B. Reaves, P. Cable, T. Moyer, and N. Schear, “Transparent Web Service Auditing via Network Provenance Functions,” in Proceedings of the 26th International Conference on World Wide Web, Apr. 2017.
  • N. Schear, P. T. C. II, T. Moyer, B. Richard, and R. Rudd, “Bootstrapping and Maintaining Trust in the Cloud,” in Proceedings of the 32nd Annual Computer Security Applications Conference, New York, NY, USA, Dec. 2016, pp. 1–10.
  • T. Moyer, P. T. Cable, K. Chadha, R. Cunningham, N. Schear, W. Smith, A. Bates, K. Butler, F. Capobianco, and T. Jaeger, “Leveraging Data Provenance to Enhance Cyber Resilience,” in 1st IEEE Cybersecurity Development (SecDev), Nov. 2016.
  • T. Moyer and V. Gadepally, “High-throughput Ingest of Data Provenance Records into Accumulo,” in 2016 IEEE High Performance Extreme Computing Conference, HPEC, Sep. 2016.
  • A. Bates, D. Tian, K. R. B. Butler, and T. Moyer, “Trustworthy Whole-System Provenance for the Linux Kernel,” in 24th USENIX Security Symposium (USENIX Security 15), Washington, D.C., Aug. 2015.
  • T. Moyer, T. Jaeger, and P. McDaniel, “Scalable Integrity-Guaranteed AJAX,” in Proceedings of the 14th Asia-Pacific Web Conference (APWeb), Kunming, China, Apr. 2012.
  • B. Hicks, S. Rueda, D. King, T. Moyer, J. Schiffman, Y. Sreenivasan, P. McDaniel, and T. Jaeger, “An Architecture for Enforcing End-to-End Access Control Over Web Applications,” in Proceedings of the 2010 Symposium on Access Control Models and Technologies, SACMAT ’10, Jun. 2010.
  • T. Moyer, K. Butler, J. Schiffman, P. McDaniel, and T. Jaeger, “Scalable Web Content Attestation,” in ACSAC ’09: Proceedings of the 2009 Annual Computer Security Applications Conference, Dec. 2009.
  • J. Schiffman, T. Moyer, C. Shal, T. Jaeger, and P. McDaniel, “Justifying Integrity Using a Virtual Machine Verifier,” in Proceedings of the 2009 Annual Computer Security Applications Conference, ACSAC ’09, Dec. 2009.

Workshop Publications

  • W. Smith, T. Moyer, and C. Munson, “Curator: Provenance Management for Modern Distributed Systems,” in 10th USENIX Workshop on the Theory and Practice of Provenance (TaPP’18), London, UK, Jul. 2018.
  • M. Lemay, W. U. Hassan, T. Moyer, N. Schear, and W. Smith, “Automated Provenance Analytics: A Regular Grammar Based Approach with Applications in Security,” in 9th USENIX Workshop on the Theory and Practice of Provenance (TaPP 2017), Seattle, WA, 2017.
  • A. Bates, K. R. B. Butler, and T. Moyer, “Take Only What You Need: Leveraging Mandatory Access Control Policy to Reduce Provenance Storage Costs,” in 7th USENIX Workshop on the Theory and Practice of Provenance (TaPP 15), Edinburgh, Scotland, Jul. 2015.
  • J. Schiffman, T. Moyer, H. Vijayakumar, T. Jaeger, and P. McDaniel, “Seeding Clouds with Trust Anchors,” in CCSW ’10: Proceedings of the 2010 ACM workshop on Cloud computing security, Oct. 2010.

Technical Reports

  • A. Bates, K. Butler, A. Dobra, B. Reaves, P. Cable, T. Moyer, and N. Schear, “Retrofitting Applications with Provenance-Based Security Monitoring,” Sep-2016.
  • T. Moyer and P. McDaniel, “Scalable Integrity-Guaranteed AJAX,” Network and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA, NAS-TR-0149-2011, Mar. 2011.
  • T. Moyer, “USENIX Security Symposium Session Summaries.” ;login: The USENIX Magazine, Aug-2010.
  • T. Moyer, “USENIX Conference on Web Application Developement Session Summaries.” ;login: The USENIX Magazine, Oct-2010.
  • J. Schiffman, T. Moyer, H. Vijayakumar, T. Jaeger, and P. McDaniel, “Seeding Clouds with Trust Anchors,” Network and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA, NAS-TR-0127-2010, Apr. 2010.
  • K. Butler, S. McLaughlin, T. Moyer, J. Schiffman, P. McDaniel, and T. Jaeger, “Firma: Disk-Based Foundations for Trusted Operating Systems,” Network and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA, NAS-TR-0114-2009, Apr. 2009.
  • J. Schiffman, T. Moyer, C. Shal, T. Jaeger, and P. McDaniel, “No Node Is an Island: Shamon Integrity Monitoring Approach,” Network and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA, NAS-TR-0103-2009, Feb. 2009.
  • K. Butler, S. McLaughlin, T. Moyer, T. Jaeger, and P. McDaniel, “SwitchBlade: Policy-Driven Disk Segmentation,” Network and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA, NAS-TR-0098-2008, Nov. 2008.
  • T. Moyer, K. Butler, J. Schiffman, P. McDaniel, and T. Jaeger, “Scalable Asynchronous Web Content Attestation,” Network and Security Research Center, Department of Computer Science and Engineering, Pennslyvania State University, University Park, PA, USA, NAS-TR-0095-2008, Sep. 2008.

Presentations and Invited Talks

  • “Scalable Cluster Auditing for Resilient Systems,” CSE Dept., PSU, University Park, PA, Sep-2018.
  • “Transparent Web Service Auditing via Network Provenance Functions,” Perth, AU, Apr-2017.
  • “Building Resilient Systems with Secure End-to-End Data Provenance,” CS Dept., Cornell, Ithica, NY, Jan-2017.
  • “Building Resilient Systems with Secure End-to-End Data Provenance,” CS Dept., WPI, Worcester, MA, Jan-2017.
  • “Leveraging Data Provenance to Enhance Cyber Resilience,” SecDev 2016, Boston, MA, Nov-2016.
  • “Building Resilient Systems with Secure End-to-End Data Provenance,” CSE Dept., UConn, Storrs, CT, Oct-2016.
  • “High-throughput Ingest of Data Provenance Records into Accumulo,” HPEC’16, Waltham, MA, Sep-2016.
  • “Building Resilient Systems with Secure End-to-End Data Provenance,” CNW’16, Lexington, MA, Jun-2016.
  • “Scalable Web Content Attestation,” MIT Lincoln Laboratory, Lexington, MA, Jan-2011.
  • “Building Document Integrity Systems,” CSE Dept., PSU, University Park, PA, Aug-2011.
  • “Scalable Web Content Attestation,” ACSAC’09, Honolulu, HI, Dec-2009.
  • “Scalable Web Content Attestation,” CSE Dept., PSU, University Park, PA, May-2009.

Download PDF