the unknown

Can he think?

Research Projects

At one time I did a little research in the security and computer graphics worlds. My graphics research in graduate school looked into combining texture synthesis with human perception. The broad idea was to use synthesis in 3D graphics to more quickly generate backgrounds like forests when they went past the human eye's ability to discern details. Really fun stuff, but I left grad school before completing anything but the basics. In security I was more successful and have two publications to my name.

Alex Kuhl

Rejewski's Catalog

Recipient of the Greg Mellen Memorial Cryptology Scholarship award
Cryptologia, October 2007

When attacking the German Enigma cipher machine during the 1930s, the Polish mathematician Marian Rejewski developed a catalog of disjoint cycles of permutations generated by Enigma indicators. By comparing patterns that resulted from message indicators with his catalog, Rejewski was able to determine the ground settings. Well, not quite--the mapping from the disjoint cycles to the ground settings is not one-to-one. Rejewski's catalog no longer exists. This article reports on the output of a program that "recreates" the catalog and answers the question "How far from being one-to-one is the mapping?" [pdf download]

James Walden, Adam Messer, and Alex Kuhl

Measuring the Effect of Code Complexity on Static Analysis Results

ESSoS 2009

To understand the effect of code complexity on static analysis, thirty-five format string vulnerabilities were studied. We analyzed two code samples for each vulnerability, one containing the vulnerability and one in which the vulnerability was fixed. We examined the effect of code complexity on the quality of static analysis results, including successful detection and false positive rates. Static analysis detected 63% of the format string vulnerabilities, with detection rates decreasing with increasing code complexity. When the tool failed to detect a bug, it was for one of two reasons: the absence of security rules specifying the vulnerable function or the presence of a bug in the static analysis tool. Complex code is more likely to contain complicated code constructs and obscure format string functions, resulting in lower detection rates. [pdf download] or the longer version [pdf download]

import *

Can he write code?

Programming Projects

I do not get to do as much coding for fun as I used to, unfortunately. Currently I have nothing to host here, all of my projects that are still relevant have been moved to Github or into a GitHub Gist.


Can he teach?

Teaching Materials

America believes in education: the average professor earns more money in a year than a professional athlete earns in a whole week.

- Evan Esar

Teaching is another aspect of my life that seems to have withered. I thoroughly enjoy teaching, but since leaving my full-time lecturer gig at NKU I have not done any adjunct teaching. I hope to get back to it someday. I used to host files for old classes on my site, but those are materials from early in my teaching career and probably not ones I really want exposed to the world anymore. One day I would like to go through everything I have and put together some open source materials. Keep an eye on this page or my GitHub Gists where they may appear. I currently do have my Computer Science Cheat Sheet hosted there (which also needs updating, help me improve it!).

Lots of words

Can he write stuff no one reads?


I have two blogs that have a wealth of dated content. As is the theme on this page, I am currently thinking about ways to revive them.


Is there anything else?

The Rest

Design Links