In-progress

Journal Tobey, D. H., Gandhi, R., Assessing secure coding proficiency: Designing a concept inventory. Being developed.

Major Research Products

Journal Gandhi, R., Germonprez, R. M., Link, G., (2021) The Domestication of Open Source Project Engagement: The Role of Routines. Accepted for publication in Communications of the Association for Information Systems

Journal Kale, A., Ricks, B., & Gandhi, R. (2021) New Measure to Understand and Compare Bridge Conditions Based on​ Inspections Time-Series Data. Journal of infrastructure systems, doi:10.1061/(ASCE)IS.1943-555X.0000633.

Journal Avande, M. Gandhi, R., Siy, H., (2020) Understanding User Engagement With Multi-Representational License Comprehension Interfaces, IJOSSP: Volume 11, Issue 4, Article 2, December 2020.

Journal Mandal, S., Gandhi, R. & Siy, H. Modular norm models: practical representation and analysis of contractual rights and obligations, Requirements Eng. (2019). https://doi.org/10.1007/s00766-019-00323-y (Impact Factor 2.761) Accepted 26 July 2019, First Online 05 August 2019.

Conference Gandhi, R., Germonprez, R. M., Link, G. (Graduate), (2018). Open Data Standards for Open Source Software Risk Management Routines: An Examination of SPDX, ACM GROUP 2018, pp. 219-229

Journal Tobey, D. H., Gandhi, R., Watkins, A. B., Casey, O. W., (2018). Competency is Not a Three Letter Word: A Glossary Supporting Competency-based Instructional Design in Cybersecurity, Cybersecurity Skills Journal: Practice and Research

Conference Gandhi, R., Khazanchi, D., Linzell, D., Ricks, B., Sim, C., (2018). The Hidden Crisis: Developing Smart Big Data pipelines to address Grand Challenges of Bridge Infrastructure health in the United States, ISCRAM 2018 Conference Proceedings – 15th International Conference on Information Systems for Crisis Response and Management, pp. 1016-1021

Conference Mandal, S. (Graduate), Gandhi, R., Siy, H., (2017). Modular Norm Models: A Lightweight Approach for Modeling and Reasoning about Legal, 15th IEEE International Conference on Dependable, Autonomic and Secure Computing (DASC 2017), Orlando, Florida, Nov 16-10, 2017.

Research Data Product Chungwook Sim; Robin Gandhi; David M Gee; Ajay Khampariya; Akshay Kale; Dreizan Moore (2017), “Nebraska Bridge Data,” Data Center Hub https://datacenterhub.org/resources/14392.

Research Data Product National bridge inventory compute infrastructure at Labs Workbench, a service of the National Data Service (NDS), a MBDH Infrastructure Partner. (2017) https://github.com/nds-org/nbi-pilot

Research Software Product Germonprez, R. M., Gurney, T., Uday Shankar Korlimarla, S., Gandhi, R. (2016). DoSOCS: A System for SPDX 2.0 Document Creation and Storage. The Journal of Open Source Software, 1(7). http://dx.doi.org/10.21105/joss.00038

Technical Report Gandhi, R. (2016). In NIST 800-160 Systems Security Engineering (Ed.), Appendix I: Software Assurance Considerations in the Systems Security Engineering Lifecycle. Washington D.C.: NIST. csrc.nist.gov/publications/drafts/800-160/sp800_160_second-draft.pdf

Journal Gandhi, R., Crosby, K., Siy, H., Mandal, S. (Graduate), (2016). Driving Secure Software Initiatives Using FISMA: Issues and Opportunities, Crosstalk: The Journal of Defense Software Engineering, vol. 29 (1), pp. 37-41

Workshop Mandal, S. (Graduate), Gandhi, R., Siy, H., (2016). Can I Copy this Code? Extracting Norms from Software Licenses using Frame Semantics, Workshop on the Naturalness of Software in conjunction with International Symposium on the Foundations of Software Engineering

Patent Patent Issued, Co-inventors: Gandhi, R., Siy, H., Crosby, K., (2016) Risk Prioritization and Management Patent No: US20140337982 A1, United States https://www.google.com/patents/US20140337982

Symposium Cooper, K. M., Bastola, D., Gandhi, R., Ghersi, D., Hinrichs, S., Morien, M., Fruhling, A. L., (2016). Forecasting the Spread of Mosquito-Borne Disease using Publicly Accessible Data: A Case Study in Chikungunya, AMIA 2016 Annual Symposium

Journal Claus, B., Gandhi, R.A., Rawnsley, J., Crowe, J., (2015) Using the Oldest Military Force for the Newest National Defense, The Journal of Strategic Security, Dec 2015 Issue. (Impact factor 0.93)

Workshop Mandal, S. (Graduate), Gandhi, R., Siy, H., (2015). Semantic Web Representations for Reasoning about Applicability and Satisfiability of Federal Regulations for Information Security, International Workshop on Requirements Engineering and Law (RELAW ‘15), at the 23rd IEEE International Conference on Requirement Engineering, August 24-28, 2015, Ottawa, Canada. pp. 1-9. Best Paper Award.

Conference Grandgenett, R. (Graduate), Mahoney, W., Gandhi, R., (2015). Authentication Bypass and Remote Escalated I/O Command Attacks, 10th Annual Cyber and Information Security Research Conference, Oak Ridge, Best Paper Award.

Published Abstract/Presentation Hale, M. L., Gandhi, R., (2015). Two perspectives on Securing Big Data at the edge, NATO NIAS Cyber Security Symposium, Mons Belgium

Journal Gandhi, R., Siy, H., Crosby, K., Mandal, S. (Graduate), (2014). Gauging the Impact of FISMA on Software Security, IEEE Computer, vol. 47 (9) (Impact factor 2.945)

Journal Hemmatazad, N. (Graduate), Gandhi, R., Zhu, Q., Bhowmick, S., (2014). The Intelligent Data Brokerage: A Utility-Enhancing Architecture for Algorithmic Anonymity Measures, International Journal of Privacy and Health Information Management (IJPHIM), vol. 2 (1), pp. 22-33

Published Abstract Soule, R., Tobey, D. H., and Gandhi, R. (2014). Assessing Learner Readiness for Tough Cases. Academy of Management Annual Conference, Philadelphia, PA

Conference Grandgenett, R. (Graduate), Gandhi, R., Mahoney, W., (2014). Exploitation of Allen Bradley’s Implementation of EtherNet/IP for Denial of Service Against Industrial Control Systems, 9th International Conference on Cyber Warfare and Security.

Journal Wu, Y., Gandhi, R., & Siy, H. (2013). Semi-Automatic Annotation of Natural Language Vulnerability Reports. International Journal of Secure Software Engineering (IJSSE), 4(3), 18-41. doi:10.4018/jsse.2013070102

Conference Pedersen, J., Bastola D., Dick, K., Gandhi, R., Mahoney, M., (2013) Fingerprinting Malware Using Bioinformatics Tools Building a Classifier for the Zeus Virus, International Conference on Security and Management (SAM’13), Las Vegas, USA, July 22 - 25.

Workshop Gandhi, R.A., Siy, H., Yan, Wu, (2013) Lightweight formalisation of security weaknesses, Workshop on Formal Methods in Software Engineering (FormaliSE): 25 May 2013, San Francisco (USA), in conjunction with International Conference on Software Engineering. 2013.

Book Chapters Sousan, W., Zhu, Q., Gandhi, R.A., Mahoney, W., (2012) Smart Grid Tamper Detection using Learned Event Patterns, Systems and Optimization Aspects of Smart Grid Challenges, Springer, Editors: Dr. Marco Carvalho, Vijay Pappu, Dr. Panos M. Pardalos

Journal Sharma, A., Gandhi, R.A., Mahoney, W., Sousan, W., Zhu, Q., (2012) A Social Dimensional Cyber Threat Model with Formal Concept Analysis and Fact-Proposition Inference, International Journal of Information and Computer Security.

Workshop Gandhi, R.A., Rahmani, M. (2012) Early Security Patterns: A Collection of Constraints to Describe Regulatory Security Requirements, RePa 2012 : Second International Workshop on Requirements Patterns, IEEE International Conference on Requirements Engineering, Chicago, Sept, 2012

Journal Mahoney, W., Gandhi, R.A., (2011) An Integrated Framework for Control System Simulation and Regulatory Compliance Monitoring, Elsevier, International Journal on Critical Infrastructure Protection (IJCIP), vol.4, no.1, April 2011, pp. 41-53, URL: http://dx.doi.org/10.1016/j.ijcip.2011.03.002.

Journal Gandhi, R.A., Sharma, A., Mahoney, W., Sousan, W., Zhu, Q., Laplante, P., (2011) “Dimensions of Cyber-Attacks: Cultural, Social, Economic, and Political,” IEEE Technology and Society, vol.30, no.1, pp.28-38, Spring 2011, URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5725605&isnumber=5725598

Workshop Sousan, W., Gandhi, R.A., Zhu, Q., Mahoney, W., (2011) Using Anomalous Event Patterns in Control Systems for Tamper Detection, 7th Annual Cyber Security and Information Intelligence Research Workshop, CSIIRW 2011, Oak Ridge National Laboratory, Oak Ridge, TN, 2011.

Journal Gandhi, R.A., Lee, S.W. (2011) Discovering Multidimensional Correlations among Regulatory Requirements to Understand Risk. ACM Transactions on Software Engineering Methodology 20, 4, Article 16 (September 2011), 37 pages. URL: http://doi.acm.org/10.1145/2000799.2000802,

Conference Wertzberger, N., Glatter, C., Mahoney, W., Gandhi, R.A., Dick, K., (2011) Towards a Low-Cost SCADA Test Bed: An Open-Source Platform for Hardware-in-the-Loop Simulation, The 2011 International Conference on Security and Management, Special Track on Mission Assurance and Critical Infrastructure Protection (STMACIP’11), Las Vegas, Nevada, 2011.

Conference Wu, Y., Siy, H., Gandhi, R.A., (2011) Empirical Results on the Study of Software Vulnerabilities (NIER Track). In proceedings of the 33rd International Conference on Software Engineering (ICSE 2011), Waikiki, Honolulu, Hawaii, May 21-28, 2011, ACM, New York, NY, USA, pp.964-967, URL: http://doi.acm.org/10.1145/1985793.1985960

Book Chapters Lee, S. W., Gandhi, R. A., Park, S., (2010) Tracing Requirements, Book chapter in The Encyclopedia of Software Engineering, Taylor and Francis Group, LLC, Edited by Phillip A. Laplante, ISBN: 978-1-4200597-7-9, Publish Date: December 14th 2010

Journal Gandhi, R.A., Siy, H., Wu, Y., (2010) Studying Security Vulnerabilities, CrossTalk, The Journal of Defense Software Engineering, Sept/Oct issue, pp. 16-20, URL: http://www.crosstalkonline.org/storage/issue-archives/2010/201009/201009-Gandhi.pdf

Conference Sharma, A., Gandhi, R.A., Mahoney, W., Sousan, W., Zhu, Q., (2010) Building a Social Dimensional Threat Model from Current and Historic Events of Cyber Attacks, Social Computing (SocialCom), IEEE International Conference on Privacy, Security, Risk and Trust, pp. 981-986, URL: http://www.computer.org/portal/web/csdl/doi/10.1109/SocialCom.2010.145

Conference Walnez, B., Gandhi, R.A., Mahoney, Zhu, Q., (2010) Exploring Social Contexts along the Time Dimension: Temporal Analysis of Named Entities, Social Computing (SocialCom), IEEE International Conference on Privacy, Security, Risk and Trust, pp.508-512, URL: http://www.computer.org/portal/web/csdl/doi/10.1109/SocialCom.2010.80

Conference Sousan, W., Gandhi, R.A., Mahoney, W., Zhu, Q., Sharma, A., (2010) Using Term Extraction Patterns to Discover Coherent Relationships from Open Source Intelligence, Social Computing (SocialCom), IEEE International Conference on Privacy, Security, Risk and Trust, pp.967-972, 20-22 Aug. 2010, URL: http://www.computer.org/portal/web/csdl/doi/10.1109/SocialCom.2010.143

Workshop Yan, W., Gandhi, R.A, and Siy, H., (2010) Using semantic templates to study vulnerabilities recorded in large software repositories. In Proceedings of the 2010 ICSE Workshop on Software Engineering For Secure Systems, at the 32nd ACM/IEEE International Conference on Software Engineering (ICSE 2010), Cape Town, South Africa, May 02 - 02, 2010. SESS/ICSE ‘10. ACM, New York, NY, 22-28. DOI= http://doi.acm.org/10.1145/1809100.1809104

Conference Gandhi, R.A., Mahoney, W., Dick, K., and Wilson, Z., (2010) Language-driven Assurance for Regulatory Compliance of Control Systems, In Proceedings of the 5th International Conference on Information Warfare and Security, The Air Force Institute of Technology, Wright-Patterson Air Force Base, Ohio, USA, 8-9 April 2010

Book Chapters Gandhi, R. A., Lee, S. W., (2009) Ontology guided risk analysis: from informal specifications to formal metrics. Advances in Information and Intelligent Systems, Studies in Computational Intelligence, 2009, Volume 251/2009, 227-249, DOI: 10.1007/978-3-642-04141-9_11 (http://www.springer.com/series/7092; http://www.springerlink.com/content/f17221quu3077758/)

Workshop Cooper, J, Lee, S.W., Gandhi, R.A., Gotel, O., (2009) Requirements Engineering Visualization: A Survey on the State-of-the-Art, In Proceedings of the Fourth International Workshop on Requirements Engineering Visualization (REV’09), at the 17th International IEEE Conference on Requirements Engineering, Atlanta, Georgia, USA.

Conference Gandhi, R.A., Mahoney, W., Dick, K. (2009) ADACS – A Language for Monitoring Regulatory Compliance in Control Systems, In Proceedings of the 2nd Workshop on Compiler and Architectural Techniques for Application Reliability and Security at the 39th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2009), Lisbon, Portugal.

Conference Gandhi R.A. and Lee, S.W., (2009) Assurance Case driven Case Study Design in Requirements Engineering Research, In: 15th International Conference on Requirements Engineering: Foundations for Software Quality, REFSQ 2009. LNCS Springer.

Journal Lee, S.W, Gandhi R.A., Wagle, S.J. (2009) Ontology Guided Service –Oriented Architecture Composition to Support Complex and Tailorable Process Definitions. In the International Journal of Software Engineering and Knowledge Engineering, Vol. 19, Issue 6, 2009, p. 791-821, DOI: 10.1142/S0218194009004386.

Journal Lee, S. W., Gandhi, R. A., and Ahn, G. (2007) Certification Process Artifacts Defined as Measurable Units for Software-intensive Systems Lifecycle, International Journal on Software Process: Improvement and Practice, 12(2), pp. 165-189, John Wiley & Sons, Ltd., DOI: http://dx.doi.org/10.1002/spip.313.

Conference Gandhi, R.A., Lee, S.W. (2007) Discovering and Understanding Multi-dimensional Correlations among Certification Requirements with application to Risk Assessment, In Proceedings of the 15th IEEE International Requirements Engineering Conference (RE 07), October 15-19, Delhi, India, pp. 231-240, (Acceptance ratio 35/172 ≈ 20%), URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=4384186&isnumber=4384150

Workshop Gandhi, R.A., Lee, S.W. (2007) Visual Analytics for Requirements-driven Risk Assessment, In Proceedings of the 2nd International Workshop on Requirements Engineering Visualization (REV 07) at the 15th IEEE International Requirements Engineering Conference (RE 07), October 15-19, Delhi, India, 2007, pp: 6-12, URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=4473006&isnumber=4473000

Workshop Lee, S.W, Gandhi R.A., Wagle, S.J. (2007) Towards Requirements-driven Workbench for Supporting Software Certification and Accreditation, In Proceedings of the 3rd International Workshop on Software Engineering for Software Systems (SESS 07), at the 29th International Conference on Software Engineering (ICSE 07), Minneapolis, MN, USA, URL: http://dx.doi.org/10.1109/ICSEW.2007.212

Journal Lee, S. W., Muthurajan, D., Gandhi, R. A., Yavagal, D., and Ahn, G. (2006) Building Decision Support Problem Domain Ontology from Security Requirements to Engineer Software-intensive Systems, International Journal on Software Engineering and Knowledge Engineering, 16(6), pp.851-884, World Scientific Publishing Company. URL: http://dx.doi.org/10.1142/S0218194006003051

Journal Lee, S. W., and Gandhi, R. A. (2006) Requirements as Enablers for Software Assurance, CrossTalk: The Journal of Defense Software Engineering, United States Department of Defense, December, Vol. 19, No. 12, pp. 20-24, 2006, URL: http://www.stsc.hill.af.mil/CrossTalk/2006/12/0612LeeGandhi.html

Workshop Gandhi, R.A., Wagle, S.J., Lee, S.W. (2006) Process Artifacts Defined as an Aspectual Service to System Models, In Proceedings of the 2nd International Workshop on Service-Oriented Computing: Consequences for Engineering Requirements (SOCCER 06), 14th IEEE International Requirements Engineering Conference (RE 06), Minneapolis, MN, USA, September 11-15, 2006, URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=4027098&isnumber=4027091

Workshop Richter, H, Gandhi, R.A., Liu, L., Lee, S.W. (2006) Incorporating Multimedia Source Materials into a Traceability Framework, In Proceedings of the 1st International Workshop on Multimedia Requirements Engineering - Beyond Mere Descriptions (MERE 06), 14th IEEE International Requirements Engineering Conference (RE 06), September 11-15, Minneapolis, USA, pp: 7-13, URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=4022124&isnumber=4022117

Workshop Lee, S.W, Gandhi, R.A, Muthurajan, D., Yavagal, D.S., Ahn, G. (2006) Building problem domain ontology from security requirements in regulatory documents, In Proceedings of the 2nd International Workshop on Software Engineering For Secure Systems (SESS 06), at the 28th ACM/IEEE International Conference on Software Engineering (ICSE 06), Shanghai, China, May 20 – 21, ACM Press, New York, NY, pp. 43-50, DOI: http://doi.acm.org/10.1145/1137627.1137635

Conference Lee, S.W., Gandhi, R.A. (2005) Ontology-based Active Requirements Engineering Framework, In Proceedings of the 12th Asia-Pacific Software Engineering Conference (APSEC 05), Taipei, Taiwan, IEEE Computer Society Press, pp. 481-490, URL: http://doi.ieeecomputersociety.org/10.1109/APSEC.2005.86

Workshop Lee, S.W., Gandhi, R.A., Ahn, G. (2005) Security Requirements Driven Risk Assessment for Critical Infrastructure Information Systems, In Proceedings of the Symposium on Requirements Engineering for Information Security (SREIS 05) at the 13th IEEE International Requirements Engineering Conference (RE 05), 8/29-9/2, Paris, France, IEEE Press.

Workshop Lee, S.W., Gandhi, R.A. (2005) Engineering Dependability Requirements for Software-intensive Systems through the Definition of a Common Language, In Proceedings of the Workshop on Requirements Engineering for High-Availability Systems (RHAS), at the 13th IEEE International Requirements Engineering Conference (RE 05), pp. 40-48, 8/29 - 9/2, Paris, France. Software Engineering Institute (SEI), Carnegie Mellon University & IEEE Press.

Workshop Lee, S.W., Gandhi, R.A (2005) Ontology-based Active Requirements Engineering Framework” Accepted to the Eleventh International Workshop on Requirements Engineering: Foundation for Software Quality (REFSQ 05), at the 17th Conference on Advanced Information Systems Engineering (CAiSE ‘05), June 13 - 17, Porto, Portugal.

Workshop Lee, S.W., Gandhi, R.A, Ahn, G. (2005) Establishing Trustworthiness in Services of the Critical Infrastructure through Certification and Accreditation,” In Proceedings of the 1st International Workshop on Software Engineering for Secure Systems (SESS 05) at the 27th IEEE International Conference on Software Engineering (ICSE 05), pp. 43-49, St. Louis, Missouri, May 15-21, URL: http://doi.acm.org/10.1145/1083200.1083205

Conference Lee, S.W., Ahn, G., Gandhi, R.A. (2005) Engineering Information Assurance for Critical Infrastructures: The DITSCAP Automation Study, In Proceedings of the 15th Annual International Symposium of the International Council on Systems Engineering (INCOSE 05), - Systems Engineering, Rochester, NY, July 10-15.

Conference Yavagal, D.S., Lee, S.W., Ahn, G., Gandhi, R.A. (2005) Common Criteria Requirements Modeling and its Uses for Quality of Information Assurance (QoIA), In Proceedings of the 43rd Annual ACM Southeast Conference (ACMSE 05), March 18-20, Kennesaw, Georgia, pp. 130-135, DOI: http://doi.acm.org/10.1145/1167253.1167287

Conference Lee, S.W., Gandhi, R.A, Ahn, G., Yavagal, D. (2005) Active Automation of the DITSCAP, In Proceedings of the IEEE International Conference on Intelligence and Security Informatics (IEEE ISI-2005), Atlanta, Georgia, May 19-20, 2005, A Book Chapter in Lecture Notes in Computer Science, Volume 3495, pp. 479-485, Springer, URL: http://dx.doi.org/10.1007/11427995_46

Conference Tolone, W.J., Gandhi, R.A., Ahn, G. (2003) Locale-based access control: placing collaborative authorization decisions in context, In Proceedings of the IEEE International Conference on Systems, Man and Cybernetics, Vol. 5, pp. 4120- 4127, URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=1245632&isnumber=27913