Ryan Farley, in summary

• Systems security researcher (network and host based) since 1999.
• Focus is on: Cyber (Malware detection and defense, Shellcode, Privacy), Binary instrumentation (Dynamic analysis, S2E, Forensics), VoIP (SIP security), Networking (Parallel firewalls, Packet filtering).
• Currently at the MITRE Corporation.
• Previously employed as a researcher at SRI International, IBM Research Zurich, and Wake Forest University.
• Involved in two start-ups: GreatWall Systems and BuddyGopher.
• Academic metrics: 11 publications (7 proceedings, 2 journal articles, 1 book chapter, 1 thesis) since 2005, 6 conference presentations (1 best paper award), 3 invited talks, and 1 patent.
• For more information: Google Scholar - LinkedIn

Curriculum Vitae

Education:

• Ph.D. Computer Science, George Mason University
  Dissertation entitled "Towards Automated Forensic Analysis of Obfuscated Malware" defended April 2015.
  Dissertation proposal entitled "Live Malware Forensics with Dynamically Assigned Sense of Self" defended January 2013.
  Current research topic is Malware analysis; previously VoIP security and mobile device privacy. 3.75 GPA.
  

• December 2005 M.S. Computer Science, Wake Forest University
  Thesis: "Parallel Firewall Designs For High-Speed Networks." [pdf, bib, slides] 3.58 GPA.
  Vice President of Upsilon Pi Epsilon.
  

• December 2002 B.S. Computer Science, Wake Forest University
  3.33 GPA in Major.
  

Patent:

• Errin W. Fulp and Ryan J. Farley. "Method, Systems, and Computer Program Products for Implementing Function-Parallel Network Firewall." US Patent 8037517, Oct. 2011; EP 1839188; WO 2006093557. [link]
  

Publications:

• Ryan J. Farley. "Toward Automated Forensic Analysis of Obfuscated Malware." Ph.D. Dissertation, George Mason University. Defended in Fairfax, Virginia, May 2015.
  

• Ryan Farley and Xinyuan Wang. "CodeXt: Automatic Extraction of Obfuscated Attack Code from Memory Dump." In Proceedings of the 17th Information Security and Forensics Society Information Security Conference (ISC 2014). Presented in Hong Kong, October 2014. 34% Acceptance Rate. [pdf, bib, slides, sourcecode]
  

• Ryan Farley and Xinyuan Wang. "Exploiting VoIP Softphone Vulnerabilities to Disable Host Computers: Attacks and Mitigation." In the International Journal of Critical Infrastructure Protection. Elsevier. July 2014. DOI: 10.1016/j.ijcip.2014.07.001. 0.784 Impact Factor, 2.261 Source Normalized Impact Factor per Paper.
  

• Ryan Farley and Xinyuan Wang. "Disabling a Computer by Exploiting Softphone Vulnerabilities: Threat and Mitigation." In Proceedings of the 9th International Conference on Security and Privacy in Communication Networks (SecureComm '13). Presented in Sydney, Australia, September 2013. ERA2010 Ranking 'A' Conference. Recipient of Best Paper Award. [pdf, bib, slides]
  

• Ryan Farley and Xinyuan Wang. "VoIP shield: A Transparent Protection of Deployed VoIP Systems from SIP-based Exploits." In Proceedings of the 24th year of the IEEE/IFIP Network Operations and Management Symposium (NOMS ’12). Presented in Maui, Hawaii, April 2012. 26% Acceptance Rate. Recipient of IEEE COMSOC Student Travel Grant. [pdf, bib]
  

• Ryan Farley and Xinyuan Wang. "Roving Bugnet: Distributed Surveillance Threat and Mitigation." In Computers & Security: Challenges for Security, Privacy and Trust, vol. 29, no. 5, pp. 592-602, July 2010. 1.439 Impact Factor. http://dx.doi.org/10.1016/j.cose.2009.12.002. [bib]
  

• Ryan Farley and Xinyuan Wang. "Roving Bugnet: Distributed Surveillance Threat and Mitigation" in Emerging Challenges for Security, Privacy and Trust, IFIP Advances in Information and Communication Technology series, vol. 297/2009. Dimitris Gritzalis and Javier Lopez, Boston: Springer-Verlag, 2009, pp. 39-50. http://dx.doi.org/10.1007/978-3-642-01244-0_4. Presented at the 24th IFIP TC 11 International Information Security Conference (IFIP SEC-2009) by me in Paphos, Cyprus, May 2009. 22% Acceptance Rate. [pdf, bib, slides]
  

• Ruishan Zhang, Xinyuan Wang, Xiaohui Yang, Ryan Farley, and Xuxian Jiang. "An Empirical Investigation into the Security of Phone Features in SIP-based VoIP Systems." In Proceedings of the 5th International Conference on Information Security Practice and Experience (ISPEC ’09), Xi’an, China, April 2009. Springer. 23% Acceptance Rate. [pdf, bib]
  

• Ruishan Zhang, Xinyuan Wang, Ryan Farley, Xiaohui Yang, and Xuxian Jiang. "On the Feasibility of Launching the Man-In-The-Middle Attacks on VoIP from Remote Attackers." In Proceedings of the 4th International Symposium on Information, Computer, and Communications Security (ASIACCS ’09), pages 61–69, Sydney, Australia, March 2009. ACM. 27% Acceptance Rate. [pdf, bib]
  

• Errin W. Fulp and Ryan J. Farley. "A Function-Parallel Architecture for High-Speed Firewalls." In Proceedings of the 42nd IEEE International Conference on Communications (ICC ’06), vol. 5, pp. 2213–2218. IEEE Press (Wiley-IEEE). Presented in Istanbul, Turkey, June 2006. IEEE COMSOC Flagship Conference. [pdf, bib]
  

• Ryan J. Farley and Errin W. Fulp. "Effects of Processing Delay on Function-Parallel Firewalls." In Proceedings of the 4th IASTED International Conference on Parallel and Distributed Computing and Networks (PDCN ’06), pp. 136–141. ACTA Press. Presented in Innsbruck, Austria, February 2006. [pdf, bib, slides]
  

• Ryan J. Farley. "Parallel Firewall Designs for High-Speed Networks." M.S. Thesis, Wake Forest University. Defended in Winston-Salem, North Carolina, December 2005. [pdf, bib, slides]
  

Invited Talks and Seminars:

• "CodeXt: Automatic Extraction of Obfuscated Code." The MITRE Corporation, McLean, Virginia, February 2014.
  

• “Live Malware Forensics with Dynamically Assigned Sense of Self.” George Mason University Ph.D. Proposal, Fairfax, Virginia, January 2013.
  

• “How Not to be a Mark: An Introduction to Computer Security.” Culpeper County Civilian Law Enforcement Academy Alumni Association Community Seminar, Culpeper, Virginia, May 2010.
  

• “Deconstructing Exploits for Better Defense: Taxonomy, Toolset, and Origin Tracking.” George Mason University Research Workshop, Fairfax, Virginia, April 2010.
  

• “Roving Bugnet: Distributed Surveillance Threat and Mitigation.” George Mason University System and Networking Research Seminar, Fairfax, Virginia, April 2008.
  

• “BuddyGopher.” Wake Forest University Brown Bag Seminar, Winston-Salem, North Carolina, April 2004.
  

Teaching and Mentorship:

• Guest lectured on “Digital Forensics.” As a part of George Mason University Department of Information and Security Assurance course 674, Fairfax, Virginia, October 2010.
  

• Proctored exams for George Mason University Department of Information and Security Assurance course 674, Fairfax, Virginia, Fall 2010.
  

• Served as a Counselor for an underprivileged youth summer camp at the FSU Reservation at Lake Bradford, Tallahassee, Florida, 2000.
  

Honors, Grants, and Awards:

• Best Paper Award at SecureComm, 2013.
  

• IEEE COMSOC Student Travel Grant, 2012.
  

• Research and conference travel supported by NSF grants awarded to Dr. Xinyuan Wang (Ph.D. advisor, GMU) and DoE grant awarded to Dr. Errin Fulp (M.S. advisor, WFU).
  

Professional Participation:

• Member of ACM and IEEE, 2002–Present.
  

• Reviewer for IEEE Transactions on Dependable and Secure Computing (TDSC), 2013.
  

• Reviewer for IEEE Global Communications Conference (GLOBECOM), 2010.
  

• Participant of Mid-Atlantic Regional Collegiate Cyber Defense Competition, 2008.
  

• Student Advisor to the WFU Computer Science Technology Acquisition Board, 2005.
  

Experience:

• After Graduation: Senior Cyber Security Engineer at the MITRE Corporation, McLean, VA
• Will assist a broader mission of information analysis and engineering for sponsor projects.
• Developed network and host based security evaluation tools for internal programs.


• May 2010–August 2010: Researcher at SRI International, Washington, DC
• Developed proof of concept toolchain for use in future proposals.
• Gained information operations experience and exposure to government contracting and grant proposal workflows.


• August 2007–August 2014: Research Assistant at George Mason University, Fairfax, VA
• Created a forensics binary extraction and observation tool called CodeXt based on symbolic analysis and emulation.
• Researched malware defense mechanism through binary injection and another sense of self.
• Developed exploits and defense mechanisms for VoIP software.
• Investigated methods for filtering and augmenting SIP traffic in order to protect end user.
• Developed and published Windows and iOS mobile device security tools that prevent audio bugging software from capturing microphone data.
• Research sponsored by a NSF CAREER Award.


• January 2007–June 2007: Student Researcher at IBM Zurich Research Laboratory, Rüschlikon, Switzerland
• Investigated Snort IDS rule pattern optimization methods.
• Programmed support for converting patterns and inter-pattern relationships from the Snort rule set to a FPGA-based parallel finite-state machine pattern-matching engine.
• Assisted verification of engine integrity during expansion of patterns.


• March 2006–December 2006: Engineering Consultant at GreatWall Systems, Winston-Salem, NC
• Headed performance testing using a Spirent SmartBits chassis to analyze high-speed network security technologies developed during M.S. thesis research.
• Created a working demo prototype of the function-parallel design and the data-parallel design for a basis of comparison using OpenBSD.
• Created QA tools regarding automation and control of the various systems under test using Perl, C, and bash scripting.
• Served as a technical advisor to the board and met with potential investors.
• Company successfully exited by sale to Centripetal Networks.


• January 2004–December 2005: Research Assistant at Wake Forest University, Winston-Salem, NC
• Research sponsored by a U.S. Department of Energy STTR Phase I and II grant to improve security between research laboratories.
• Investigated methods for optimizing firewalls, security policies, and intrusion detection in high-speed networks.
• Developed theory and tested implementations of distributed firewall architectures which were laid out during undergraduate research.
• Created theoretical groundwork for function-parallel rule distribution.
• Developed discrete event simulator for modeling.
• Created initial prototype from off the shelf components for experimental results.
• Analyzed and presented research at flagship conference.


• March 2003–August 2004: Software Engineer at BuddyGopher, Winston-Salem, NC
• Essentially Twitter for AOL Instant Messenger.
• Internet startup used by over 12,000 people to aggregate data from over 500,000 user profiles.
• Considered "extraordinarily prescient" by technology commentator Anil Dash.
• Designed and implemented a user-friendly LAMP front-end and highly scalable parallel Perl/MySQL back end to store and analyze data in real-time.
• Data was used to determine trends and advertising strategies.
• Created and administrated data-mining modules, security policies, database schema, DNS, and web server setup.


• May 2002–January 2003: Independent Researcher at WFU Network Security Group, Winston-Salem, NC
• Developed intelligent QoS firewall system with open-source applications.
• Designed hierarchical firewall system that led to graduate research.


• May 2002–December 2002: Knowledge to Work Student Webmaster Intern at WFU Information Systems, Winston-Salem, NC
• Created site-wide templates to simplify migration of old pages and prepare for future re-organizations.
• Restructured directory layout, and coordinated the web team on how to best manage their responsible areas.
• Created and managed test site for editing and approval of updated pages in a group project environment.
• Redesigned the flow of linked pages and information presentation for the various audiences.
• Reduced the overall size of web site by 25% by coordinating departments and centralizing information for efficiency.


• February 2000–March 2003: Business Computing Support Student Consultant at WFU Information Systems, Winston-Salem, NC
• Provided support and assistance to faculty, staff, and student users in person and over the phone.
• Assigned to provide personal support for the Associate Dean of the College.
• Communicated with university staff for development of various projects.


• May 1999–August 1999: Network Services Summer Intern at Collier County Public Schools, Naples, FL
• Maintained Token Ring and Ethernet LAN/WAN physical infrastructure along with monitoring and using Novell and NT servers.
• Provided face-to-face general computing support and assistance to staff.
• Designed, maintained, and administrated school system web site.

Press:

• Paul Marks. "'Bugnets' Eavesdrop on You Wherever You Go." New Scientist issue 2743 (16 January 2010). p. 17. [link]
  Discusses proof of concept roving bugnet through implications of privacy in an era of ubiqitous computing.

• Laura Sessions Stepp. "Posting Their Lives, Moment By Moment." Washington Post (9 July 2004). sec. C, pp. 1-2. [link]
  Provides an introduction to micro-blogging featuring BuddyGopher.

• Mary Beth Marklein. "Students Have 'Away' With Words." USA Today (29 March 2004). sec. D, p. 7. [link]
  Overviews popularity of micro-blogging and presents BuddyGopher.

• Sarah Mansell. "New Software Reveals Popularity of 'Away' Messages on College Campuses." Wake Forest University News Service (12 February 2004). [link]
  Introduces BuddyGopher service that was launched at WFU.

Community Engagement:

• Attended ShmooCon, an industry security conference, 2010–2014.
  

• Attended B-Sides DC, an industry security conference, 2013.
  

• Alumnus of invitation-only FBI Citizens' Academy, Quantico, VA, 2012.
  

• Alumnus of Culpeper County Civilian Law Enforcement Academy, 2009.
  

• Attended invitation-only National Sheriffs' Association Community Awareness and Partnership Training course, 2009.
  

• Technical Advisor to Board of Directors for Scrubadoo, Inc., 2009–2010.
  

• Studied abroad at Waseda University in Tokyo, Japan, 2005.
  

• Vice President of WFU chapter of Upsilon Pi Epsilon, computer science honor society, 2002.