Cyberspace Sciences and Information Intelligence Research Group

Navigation

Career Opportunities

Internship Programs

ORNL has lots of opportunities for students to conduct research in scientific fields. Check out our Fellowship and Internship programs.

Internships

Personal Page


Stacy Prowell Ph.D.

Chief Cyber Security Research Scientist

Research Interest

Computationally intensive methods in cyber security, malware analysis, automated reverse engineering, malware detection and classification, formal methods, statistical modeling

Professional Background

Dr. Stacy Prowell's work focuses on applying computationally intensive methods to reason about the semantics of unknown binary programs. While at CERT, Dr. Prowell led the team creating the Function Extraction (FX) system that determines the complete end-to-end behavior of Intel binary programs. At ORNL, Dr. Prowell has been investigating the use of high-performance computing (HPC), coupled with the FX behavior analysis techniques, to quickly and definitively answer questions about vulnerabilities in dynamic content.

Dr. Prowell has also done extensive work on formal software specification, and is the principal inventor of the sequence-based method for deriving a formal specification from imperfect software requirements. This method has been widely taught and adopted by industry. Dr. Prowell has also done extensive work in statistical modeling and automated testing, and lead the team developing the JUMBL software that supports automated statistical testing. Dr. Prowell has been granted a patent on rapid analysis of hierarchical statistical models.

Education

  • BS in Computer Science, The University of Tennessee, 1992
  • MS in Computer Science, The University of Tennessee, 1995
  • Ph.D. in Computer Science, The University of Tennessee, 1996

Professional Memberships

  • Senior Member, IEEE
  • Member, ACM and Sigma Xi

Published Books

S. Prowell, R. Kraus, and M. Borkin, Seven Deadliest Network Attacks, Syngress: Burlington, MA, 2010.

S. Prowell, C. Trammell, R. Linger, and J. Poore, Cleanroom Software Engineering: Technology and Process, Addison-Wesley, 1999.

Recent Journal Publications and Reports

L. Lin, S. Prowell, and J. Poore, An Axiom System for Sequence-Based Specification, Theoretical Computer Science, v. 411, n. 2, February 2010, pp. 360-376.

L. Lin, S. Prowell, J. Poore, The Impact of Requirements Changes on Specifications and State Machines, Software Practice & Experience, v. 39, n. 6, June 2009, pp. 573-610.

A. Hevner, R. Linger, R. Collins, M. Pleszkoch, S. Prowell, and G. Walton. The Impact of Function Extraction Technology on Next Generation Software Engineering, SEI Technical Report CMU/SEI-2005-TR-015, Software Engineering Institute, 2005.

S. Prowell and J. Poore, Reliability Computation for Usage-Based Testing. Modern Statistical and Mathematical Methods in Reliability (Volume 10: Series on Quality, Reliability and Engineering Statistics, A. Wilson, N. Limnios, S. Keller-McNulty, and Y. Armijo, eds.). Hackensack, NJ: World Scientific Publishing, 2005.

R. Linger and S. Prowell, Developing Secure Software with Cleanroom Software Engineering, Improving Security Across the Software Development Lifecycle, (Task Force Report, Volume II, National Cyber Security Summit, S. Redwine and N. Davis, eds.). March 2004.

S. Prowell and J. Poore, Computing System Reliability Using Markov Chain Usage Models, Journal of Systems and Software, v. 73, n. 2, September 2004, pp. 219–225.

S. Prowell and J. Poore, Foundations of Sequence-Based Software Specification, IEEE Transactions on Software Engineering, v. 29, n. 5, May 2003, pp. 417–429.

S. Prowell, Computations for Markov Chain Usage Models, UT Technical Report UT-CS-03-505, the University of Tennessee, 2003.

Conference Presentations and Invited Talks

F. T. Sheldon, S. Prowell, A. W. Krings, and R. K. Abercrombie, Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies, ACM International Conference Proceeding Series, Oak Ridge, TN, April 21-23, 2009 (ACM Digital Library). (link)

R. Bartholomew, L. Burns, T. Daly, R. Linger, and S. Prowell, Function Extraction: Automated Behavior Computation for Aerospace Software Verification and Certification, AIAA Infotech@Aerospace 2007 Conference, Rohnert Park, CA, May 2007.

A. Mili, T. Daly, M. Pleszkoch, and S. Prowell, A Semantic Recognizer Infrastructure for Computing Loop Behavior, 40th Annual Hawaii International Conference on System Sciences (HICSS'40), Kona, HI, January 2007.

S. Prowell, Using Markov Chain Usage Models to Test Complex Systems, 38th Annual Hawaii International Conference on System Sciences (HICSS'38), Kona, HI, January 2005.

F. T. Sheldon, S. G. Batsell, S. J. Prowell, and M. G. Langston, Position Statement: Methodology to Support Dependable Survivable Cyber-Secure Infrastructures, 38th Annual Hawaii International Conference on System Sciences (HICSS'38), Kona, HI, January 2005.

S. Prowell and W. T. Swain, Sequence-Based Software Specification of Critical Software Systems, American Nuclear Society NPIC & HMIT, Columbus, OH, September 2004.

S. Prowell, Dagstuhl Seminar 04371, invited talk, Perspectives on Model-Based Testing, Germany, September 2004.

S. Prowell and J. H. Poore, Computing System Reliability Using Markov Chain Usage Models, Fourth International Conference on Mathematical Methods in Reliability, Santa Fe, NM, June 2004.

S. Prowell, A Cost-Benefit Stopping Criterion for Statistical Testing, 37th Annual Hawaii International Conference on System Sciences (HICSS'37), Kona, HI, January 2004.

S. Prowell and W. T. Swain, A Java Tool Set for Software Testing Based on Markov Chain Usage Models, First European Conference on Model-Driven Software Engineering, Nuremburg, Germany, December 2003.

S. Prowell, JUMBL: A Tool for Model-Based Statistical Testing, 36th Annual Hawaii International Conference on System Sciences (HICSS'36), Kona, HI, January 2003.

S. Prowell, Dagstuhl Seminar 02361, Sequence-Based Specification and Model-Based Testing, Supporting Customer-Supplier Relationships: Requirements Engineering and Quality Assurance, Germany, September 2002.

S. Prowell and W. T. Swain, Tool Support for Model-Based Statistical Testing, Proceedings of the International Software Quality Week, San Francisco, CA, September 2002.

S. Prowell, Tool Support for Model-Based Statistical Testing, Proceedings of the International Software Quality Week Europe, Brussels, Belgium, March 2002.

S. Prowell and J. Poore, Specifying Software Usage Models via Constraints in TML, First Annual McMaster Optimization Conference: Theory and Applications, Hamilton, Ontario, August 2001.

S. Prowell, Markov Chain Usage Models" and Tool Support for Statistical Testing, invited talks, National Academy of Science, Software Engineering Workshop, July 2001.

L. Prados, S. Prowell, and J. Poore, Design for Testability, invited talk, National Academy of Science, Software Engineering Workshop, July 2001.

CSIIR Events

In the News

About ORNL
[CSE Division] [CCS Directorate] [ORNL Home] [Search] [Contact CSIIR] [Disclaimer]

Oak Ridge National Laboratory is a national multi-program research and development facility
managed by UT-Battelle, LLC for the U.S. Department of Energy.
Page last updated: 7/27/2011