Research and Projects

Olivia Gallucci ice skating with RITSEC

2022

(Upcoming) Open Source Security Mentorship Group

Details

Results and links to the GitHub, blog posts, and presentations will be added in January 2023.

During Fall 2022, I will be leading an Open Source Security Mentorship Group with Michael Vaughan! 👩‍💻

Students will choose an open source project and contribute to it throughout the course of the semester. Objectives: 

🖥️ Learn how to use Git 
🤝 Build relationships with maintainers
📝 Create a blog post on their contribution experience 
💬 Present their experience to RITSEC, a student-run cybersecurity club with over 200 regular attendees. 

The mentorship group will consist of incoming freshmen and operate under RITSEC. However, if you want to recreate this group, feel free to reach out. We will also release the materials. 

The mentorship group draws inspiration from our experience in industry and Rochester Institute of Technology’s Humanitarian Free and Open Source Software course by Professor Stephen Jacobs. 

2021

Economics and Ethics Behind Successful Free & Open Source Security Projects

Details

The foundation of this project is Summaries and Annotated Bibliographies of Successful Free & Open Source Projects, which began in January 2021.

Awards and Presentations

Gallucci received a full conference scholarship to present her research at the Women in Cybersecurity International Conference in Cleveland, Ohio, in March 2022. A forty-minute version of this presentation was displayed twice: RITSEC (September 3, 2021) and RITLUG (October 8, 2021).  

WiCyS 2022 Lightning Talk - Economics and Ethics Behind Successful Free and Open Source Security Projects by Olivia Gallucci

Abstract

Many organizations use Free and Open Source Software (FOSS) to build products and implement procedures. Yet, there is a lack of understanding, acknowledgment, and support of the FOSS community in the cybersecurity industry, creating gaps in security knowledge.

This presentation explores the relationship between FOSS and closed-source vulnerabilities, FOSS lifecycles, and FOSS security trends in projects including and excluding Freedom 3 (i.e., the ability to redistribute modified programs). Furthermore, it examines the social workings and economic development behind successful FOSS projects and communities.

The goal of this research was to document the history of FOSS projects, illustrate how organizations use FOSS projects, and determine effective FOSS security practices. The research highlights the importance of FOSS in cybersecurity, including things like documentation, collaboration, and human rights. Research methods include an extensive reading of published research, journal articles, statistics, CVEs, and press articles on security threats and mitigations.

This research began as an independent study approved by RIT’s Honors Program. You can view the initial project outline here (Summaries and Annotated Bibliographies of Successful Free & Open Source Projects) and the final Zotero Collection here. Then, I was paid by Open@RIT to continue the project; you can read about some of my research in Open@RIT: The Birth of an Academic OSPO


Faculty Advisor

Stephen Jacobs is a professor with the School of Interactive Games and Media and an interdisciplinary scholar who works in several areas that often overlap, including FOSS, Free Culture, Digital Humanities, Game Design, and History and Interactive Narrative. His Open Work has been funded by The Ford Foundation, UNICEF Innovation, Red Hat Inc, Northern Telecom, and AT&T. Professor Jacobs received the Provost’s Award for Excellence in Faculty Mentoring for 2019-2020. He has held the position of Visiting Scholar at The Strong National Museum of Play since 2009.

Details

Abstract

Media coverage often highlights malware developed in secret by state actors and advanced persistent threats. However, this coverage does not provide the whole picture, ignoring the abundant amount of Free and or Open-Source (FOSS) malware developed by these groups. By analyzing FOSS malware techniques, developers, and communities, significant trends are apparent across attacks.

This research highlights the importance of FOSS in malware and cybersecurity, including things like documentation and collaboration. It examines the social workings and economic development behind successful FOSS malware projects and communities. The goal of the research is to provide students, university faculty, and organizations with quality FOSS malware analysis to assist in vulnerability mitigation. This complex study of FOSS malware trends explores historical threats and enables future cybersecurity leaders to learn from historical failures. Research methods include extensive reading and analysis of published research, malware, journal articles, statistics, threat databases like MITRE ATT&CK, and press articles on security threats and mitigations.

This research began as an independent study approved by RIT’s Honors Program. You can view the initial project outline here.


Faculty Advisor

Dr. Amit Ray is an Associate Professor in the Department of English at RIT. He received his Ph.D. from the University of Michigan, Ann Arbor, in Postcolonial Studies. Dr. Ray is co-author of RIT’s minor and immersion in Free and Open Source Software and Culture, and he has taught a course on Open and Closed Source cultures for the last decade. His current interests lie in examining power, corruption, and the digital divide on computational platforms like Facebook and Wikipedia. 

Effectiveness of Threat Mitigation in Layers of the Open Systems Interconnection Model

Details

Awards and Presentations

Gallucci received a full conference scholarship to present her research at the Women in Cybersecurity International Conference in Denver, Colorado, in September 2021. A forty-minute version of this presentation was displayed twice: RITSEC (September 24, 2021) and RIT’s Spring Semester Networking and Administration Class (May 5, 2021).  


Abstract

Security risks and mitigations are often covered by the press after large data breaches at large companies. Smaller companies, however, are also at risk, but do not have the resources to implement high-end cybersecurity protection or the resources to survive a hack. This presentation critically examines past networking research that evaluates the effectiveness of security mitigations for each layer of the Open Systems Interconnection model (OSI model) and how small businesses can implement cost-effective security mitigations. Research methods include an extensive reading of published research, journal articles, statistics, and press articles on security threats and mitigations.

The goal of this research is to provide a detailed understanding of networking and assist in hands-on applications of vulnerability mitigation. This complex study of security mitigation explores historical threats and enables future cybersecurity leaders to learn from historical failures. This presentation details the results of cost-effective security mitigations for each layer of the OSI Model.

This research began as an independent study approved by RIT’s Honors Program. You can view the initial project outline here.


Faculty Advisor

Sylvia Perez-Hardy, a professor in the School of Information in the Golisano College of Computing and Information Sciences at RIT, earned her Bachelors of Science and Masters of Business Administration at Cornell University. Before joining RIT’s faculty in 1998, she was a systems engineer at IBM for over 23 years, focusing on midrange and large system design and specialization deployment in data communications and computer networks. Her current interests include the use of technology and active learning techniques in teaching, the integration of information assurance concepts and their applications throughout the computing curriculum, and the design and deployment of secure, high-performance switches and routed networks. Sylvia has published research on security issues on networks, as well as experiential learning.

2020

Rubber Ducky Mentorship Group

Details

RITSEC is a student club dedicated to teaching “Security Through Community.” RITSEC educates and prepares RIT students to compete in offensive and defensive security competitions. It is the largest academic club at RIT and the second largest club on campus. The Rubber Ducky project was started by Shannon McHale (’20) and Jon Bauer’s (’20) RITSEC Rubber Ducky Mentorship Group.

This research project focused on exploiting Windows machines with Hak5 USB Rubber Duckies, a keystroke injection tool disguised as a generic flash drive. Computers recognize the Rubber Ducky as a regular keyboard and automatically accept its pre-programmed keystroke payloads at over 1000 words per minute. The techniques used by the 2020 Group consist of reverse shells, file transfers, installing malware, changing backgrounds, and blasting loud music on Windows machines. You can view a presentation of the 2020 Rubber Ducky Research here

2019

Harvard University
  • Advanced Placement Computer Science Principles
  • Computer Science 50
Charles III University of Madrid / Universidad Carlos III de Madrid
  • Cyber-Security Basics
Linux Foundation
  • Introduction to Ubuntu Linux
  • Introduction to Command Line Interface
Microsoft
  • Introduction to Data Science

2018

Charles III University of Madrid / Universidad Carlos III de Madrid
  • Introduction to Java
  • Advanced Java
Ohio State University
  • Student Personal Finance
Missouri State University
  • Money and Banking
  • Personal Finance
Harrisburg Area Community College
  • English Composition