university of tulsa logo

Mauricio Papa, PhD

Mauricio Papa, PhD
Associate Professor of Computer Science
College of Engineering & Natural Sciences
Computer Science
918-631-2987 Rayzor Hall Room 2155

Education

PhD – The University of Tulsa MS – The University of Tulsa BS – Universidad Central de Venezuela

Research Interests

Network Security
Distributed Process Control
Network Intrusion Detection
Protocol Analysis

Teaching Interests

Operating Systems
Computer Networks
Network Security
Computer Graphics
Cyber Physical Systems
Critical Infrastructure Protection

Publications

Journal Articles

  • Using Hybrid Attack Graphs to Model and Analyze Attacks Against the Critical Information Infrastructure. Critical Information Infrastructure Protection and Resilience in the ICT Sector, 2013, p. 173.
  • Security Risks Associated With Radio Frequency Identification in Medical Environments. Vol. 36, Journal of Medical Systems Special Issue on Radio Frequency Identification in the Healthcare Sector: Applications, Business Models, Drivers and Challenges, 2012, pp. 3491-05.
  • RFID in E-Health: Technology, Implementation. Telemedicine and E-Health Services, Policies, and Applications: Advancements and Developments: Advancements and Developments, 2012, p. 347.
  • Shenoi, S., J. Edmonds, and M. Papa. Security Analysis of Multilayer SCADA Protocols. Vol. 253, IFIP International Federation for Information Processing, 2010.
  • Huitsing, P., R. Chandia, M. Papa, and S. Shenoi. Attack Taxonomies for the Modbus Protocols. Vol. 1, International Journal of Critical Infrastructure Protection, 2008, pp. 37–44.
  • Kilpatrick, T., J. Gonzalez, R. Chandia, M. Papa, and S. Shenoi. Forensic Analysis of SCADA Systems and Networks. Vol. 3, International Journal of Security and Networks, 2008, pp. 95–102.
  • Dawkins, J., K. Clark, G. Manes, and M. Papa. A Framework for Unified Network Security Management: Identifying and Tracking Security Threats on Converged Networks. Vol. 13, Journal of Network and Systems Management, 2005, pp. 253–267.
  • Programmable Access Control. Vol. 11, Journal of Computer Security, 2003, pp. 331–351.
  • Papa, M., J. Wood, and S. Shenoi. Evaluating Controller Robustness Using Cell Mapping. Vol. 121, Fuzzy Sets and Systems, 2001, pp. 3–12.
  • Papa, M. Formal Verification of Cryptographic Protocols. The University of Tulsa, 2001.
  • IEICE/IEEE Joint Special Issue on Autonomous Decentralized Systems and Systems’ Assurance-PAPERS-Electronic Commerce-Formal Analysis of E-Commerce Protocols. Vol. 84, IEICE Transactions on Information and Systems, 2001, pp. 1313–1323.
  • Cell Mapping for Controller Design and Evaluation. Vol. 17, Control Systems, IEEE, 1997, pp. 52–65.
  • Chandia, R., and M. Papa. Access Policy Specification for SCADA Networks.

Conference Proceedings

  • “Automatic Generation of Attack Scripts from Attack Graphs”. 2018 1st International Conference on Data Intelligence and Security (ICDIS), 2018, pp. 267-74.
  • Introducing Priority into Hybrid Attack Graphs”. Proceedings of the 12th Annual Conference on Cyber and Information Security Research, ACM, 2017, pp. 12:1–12:4.
  • Simulation and Analysis Framework for Cyber-Physical Systems”. Proceedings of the 12th Annual Conference on Cyber and Information Security Research, ACM, 2017, pp. 7:1–7:4.
  • Undergraduate Educational Pathways for Developing a High-Performance Computing Workforce”. Proceedings of the Practice and Experience in Advanced Research Computing 2017 on Sustainability, Success and Impact, ACM, 2017, pp. 53:1–53:4.
  • “Verifying Attack Graphs through Simulation”. 2017 Resilience Week (RWS), 2017, pp. 64-67.
  • Chris Reynolds, Charles Bales, Will Nichols, Casey Strong, John Hale, Mauricio Papa, Peter J. Hawrylak, “Cyber-Security Experimentation Platform for Instrumentation and Control Systems in a Nuclear Reactor,” Advances in Nuclear Nonproliferation Technology & Policy Conference, Sept. 25-30, 2016, Santa Fe, NM, US., 4 pages.

  • Dawkins, Jerald et al. “A Framework for Unified Network Security Management: Identifying and Tracking Security Threats on Converged Networks.” Journal of Network and Systems Management 13.3 (2005): 253–267. Print.

  • Modeling and Simulation of Electric Power Substation Employing an IEC 61850 Network”. Proceedings of the 9th Annual Cyber and Information Security Research Conference, ACM, 2014, pp. 89–92.
  • Estimating Link Availability and Timing Delays in Ethernet-Based Networks”. Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop, ACM, 2013, pp. 46:1–46:4.
  • “Using Hybrid Attack Graphs to Model Cyber-Physical Attacks in the Smart Grid”. Resilient Control Systems (ISRCS), 2012 5th International Symposium on, 2012, pp. 161-4.
  • “Applying Data Mining of Fuzzy Association Rules to Network Intrusion Detection”. Information Assurance Workshop, 2006 IEEE, 2006, pp. 100–107.
  • “Attribute Selection Using Information Gain for a Fuzzy Logic Intrusion Detection System”. Defense and Security Symposium, 2006, p. 62410D–62410D.
  • “A Framework for Hybrid Fuzzy Logic Intrusion Detection Systems”. Fuzzy Systems, 2005. FUZZ’05. The 14th IEEE International Conference on, 2005, pp. 325–330.
  • J. Edmonds, A. el-Semary, J. González-Pino, and M. Papa, “Implementation of a Hybrid Intrusion Detection System using FuzzyJess,” Proceedings of the Seventh International Conference on Enterprise Information Systems (ICEIS), Miami, Florida, May 2005.

  • “Cryptographic Protocol Analysis Using Goal Extraction”. Null, 2004, p. 75.
  • J. Edmonds, M. Papa, J. Hale, and S. Shenoi, “Modeling and Verifying Protocols with Key Chaining,” Proceedings of the Third Annual Institute of Electrical and Electronics Engineering (IEEE) Information Assurance Workshop, West Point, New York, June 2001.

  • “Extending Java for Package Based Access Control”. Computer Security Applications, 2000. ACSAC’00. 16th Annual Conference, 2000, pp. 67–76.
  • “Security Policy Coordination for Heterogeneous Information Systems”. Acsac, 1999, p. 219.
  • “An Environment for Developing Securely Interoperable Heterogeneous Distributed Objects”. Proceedings of the IFIP TC11 WG11. 3 Eleventh International Conference on Database Securty XI: Status and Prospects, 1997, pp. 385–388.
  • “Effect of Cell Map Granularity on Fuzzy Control System Analysis”. Fuzzy Systems, 1996., Proceedings of the Fifth IEEE International Conference on, Vol. 1, 1996, pp. 411–415.
  • “On Global Analysis and Design of Fuzzy Control Systems”. Industrial Electronics, Control, and Instrumentation, 1996., Proceedings of the 1996 IEEE IECON 22nd International Conference on, Vol. 1, 1996, pp. 372–377.
  • “Evaluation of Cell State Techniques for Optimal Controller Design”. Fuzzy Systems, 1995. International Joint Conference of the Fourth IEEE International Conference on Fuzzy Systems and The Second International Fuzzy Engineering Symposium., Proceedings of 1995 IEEE Int, Vol. 3, 1995, pp. 1331–1338.

Books

  • Shenoi, Sujeet, and Mauricio Papa. Critical Infrastructure Protection IV. IFIP International Federation for Information Processing, 2010. Print.

  • Papa, Mauricio, and Sujeet Shenoi. Critical Infrastructure Protection II. Vol. 290. Springer, 2008. Print.

Book Chapters

  • Automating Electric Substations Using IEC 61850”. Optimization and Security Challenges in Smart Power Grids, Springer Berlin Heidelberg, 2013, pp. 117-40.
  • Distributed Monitoring: A Framework for Securing Data Acquisition. Securing Critical Infrastructures and Critical Control Systems: Approaches for Threat Protection, 2013, pp. 144-67.
  • Mavridou, Anastasia, and Mauricio Papa. “A Situational Awareness Architecture for the Smart Grid.” Global Security, Safety and Sustainability & e-Democracy. Springer, 2012. 229–236. Print.

  • “RFID in E-Health: Technology, Implementation, and Security Issues”. Telemedicine and E-Health Services, Policies and Applications: Advancements and Developments, IGI Global, 2012, pp. 347-68.
  • “Security Issues for ISO 18000-6 Type C RFID: Identification and Solutions”. Developments in Wireless Network Prototyping, Design and Deployment: Future Generations, IGI Global, 2012, pp. 38-55.
  • G. Louthan, J. Daily, J. Hale, M. Papa, and P. Hawrylak, “Attack Graphs and Scenario Driven Wireless Computer Network Defense,” to appear in Situational Awareness in Computer Network Defense: Principles, Methods and Applications, IGI Global, Hershey, PA, 2011.

  • East, S., J. Butts, M. Papa, and S. Shenoi. “A Taxonomy of Attacks on the DNP3 Protocol”. Critical Infrastructure Protection III, Springer, 2009, pp. 67–81.
  • Butts, J., H. Kleinhans, R. Chandia, M. Papa, and S. Shenoi. “Providing Situational Awareness for Pipeline Control Operations”. Critical Infrastructure Protection III, Springer, 2009, pp. 97–111.
  • Shayto, R., B. Porter, R. Chandia, M. Papa, and S. Shenoi. “Assessing the Integrity of Field Devices in Modbus Networks”. Critical Infrastructure Protection II, Springer, 2008, pp. 115–128.
  • Gonzalez, J., and M. Papa. “Passive Scanning in Modbus Networks”. Critical Infrastructure Protection, Springer, 2008, pp. 175–187.
  • Chandia, R., J. Gonzalez, T. Kilpatrick, M. Papa, and S. Shenoi. “Security Strategies for SCADA Networks”. Critical Infrastructure Protection, Springer, 2008, pp. 117–131.
  • Kilpatrick, T., J. Gonzalez, R. Chandia, M. Papa, and S. Shenoi. “An Architecture for SCADA Network Forensics”. Advances in Digital Forensics II, Springer, 2006, pp. 273–285.
  • “Implementation and Verification of Programmable Security”. Research Directions in Data and Applications Security, Springer US, 2003, pp. 285–299.
  • “Integrating Logics and Process Calculi for Cryptographic Protocol Analysis”. Security and Privacy in the Age of Uncertainty, Springer US, 2003, pp. 349–360.
  • “On Modeling Computer Networks for Vulnerability Analysis”. Research Directions in Data and Applications Security, Springer US, 2003, pp. 233–244.
  • “Simulation and Analysis of Cryptographic Protocols”. Data and Application Security, Springer US, 2001, pp. 89–100.
  • “Language Extensions for Programmable Security”. Data and Application Security, Springer US, 2001, pp. 221–232.
  • “Programmable Security for Object-Oriented Systems”. Database Security XII, Springer US, 1999, pp. 109–123.

Technical Reports

  • Assessing the Accuracy of Vehicle Event Data Based on CAN Messages. SAE Technical Paper, 2012.

Courses Taught

  • Special Topics in Mechanical Engineering
  • Special Topics
  • Special Topics in Computer Science
  • Research and Dissertation