Publications of Interest

SoS Newsletter - Publications of Interest


The Publications of Interest section contains bibliographical citations, abstracts if available and links on specific topics and research problems of interest to the Science of Security community.

These bibliographies include recent scholarly research on topics which have been presented or published within the past year. The specific topics are selected from materials that have been peer reviewed and presented at SoS conferences or referenced in current work. The topics are also chosen for their usefulness for current researchers. Some represent updates from work presented in previous years, others are new topics.

Researchers willing to share their work are welcome to submit a citation, abstract, and URL for consideration and posting, and to identify additional topics of interest to the community. Researchers are also encouraged to share this request with their colleagues and collaborators.

Send submissions to: research (at) SecureDataBank.net

(ID#:14-1547)


Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.


Authentication and Authorization

Authentication and Authorization


Authorization and authentication are cornerstones of computer security. As systems become larger, faster and more complex, authorization and authentication methods and protocols are proving to have limits and challenges. The research cited here explores new methods and techniques for improving security in cloud environments, efficient cryptographic computations, and exascale storage systems.

  • "Explicating SDKs: Uncovering Assumptions Underlying Secure Authentication and Authorization", Rui Wang, Yuchen Zhou , Shuo Chen, Shaz Qadeer, David Evans, and Yuri Gurevich, SEC'13: Proceedings of the 22nd USENIX conference on Security. August 2013. (ID#:14-1219) Available at: http://research.microsoft.com/apps/pubs/?id=193974
  • "Authentication and Authorization for Native Mobile Applications using OAuth 2.0"Aas, Dag-Inge (Student thesis, Norwegian University of Science and Technology, Faculty of Information Technology, Mathematics and Electrical Engineering, Department of Computer and Information Science) (ID#:14-1229) Available at: http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-22969 Given the recent concerns about security and ease-of-use surrounding OAuth 2.0, the author reviews four approaches to mobile authorization using OAuth 2.0, and suggests a solution that, although improved, is still not completely secure.
  • "Visual authentication: a secure single step authentication for user authorization" Luis Roalter, Matthias Kranz, Andreas Moller, Stefan Diewald, Tobias Stockinger, Marion Koelle, Patrick Lindemann. Proceedings of the 12th International Conference on Mobile and Ubiquitous Multimedia December 2013. (ID#:14-1222) Available at: http://dl.acm.org/citation.cfm?id=2541831.2541863&coll=DL&dl=GUIDE&CFID=296356373&CFTOKEN=68261084 (fee required). The authors present a distributed authentication and authorization procedure that can increase security while at the same time providing fast authentication on public networks
  • "A Framework for Authentication and Authorization Credentials in Cloud Computing" Nelson Mimura Gonzalez, Marco Antonio Torrez Rojas, Marcos Vinicius Maciel da Silva, Fernando Redigolo, Tereza Cristina Melo de Brito Carvalho, Charles Christian Miers, Mats Naslund, Abu Shohel Ahmed. TRUSTCOM '13: Proceedings of the 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications July 2013 (ID#:14-1223) Available at: http://dl.acm.org/citation.cfm?id=2554136.2554202&coll=DL&dl=GUIDE&CFID=296356373&CFTOKEN=68261084 (fee required)
  • "An enhanced mechanism with cryptographic computation cost reduction in AAA-mobile IP architecture" Pham Ngoc Thanh, Keecheon Kim. ICUIMC '13: Proceedings of the 7th International Conference on Ubiquitous Information Management and Communication January 2013 (ID#:14-1227) Available at: http://dl.acm.org/citation.cfm?id=2448556.2448662&coll=DL&dl=GUIDE&CFID=296356373&CFTOKEN=68261084 (fee required) This paper proposes a new authentication mechanism which lessens heavy cryptographic to facilitate key distribution.

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.


Automated Response Actions

Automated Response Actions


A recurring problem in cybersecurity is the need to automate systems to reduce human effort and error and to be able to react rapidly and accurately to an intrusion or insertion. The nine articles cited here describe a number of interesting approaches and a novel study using sunglass reflections to reconstruct keypad use on cellphones and other mobile devices.

  • "RRE: A Game-Theoretic Intrusion Response and Recovery Engine," Zonouz, S.A.; Khurana, H.; Sanders, W.H.; Yardley, T.M., Parallel and Distributed Systems, IEEE Transactions on , vol.25, no.2, pp.395,406, Feb. 2014. (ID#:14-1276) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6583161&isnumber=6689796 Preserving the availability and integrity of networked computing systems in the face of fast-spreading intrusions requires advances not only in detection algorithms, but also in automated response techniques. In this paper, we propose a new approach to automated response called the response and recovery engine (RRE). Our engine employs a game-theoretic response strategy against adversaries modeled as opponents in a two-player Stackelberg stochastic game. The RRE applies attack-response trees (ART) to analyze undesired system-level security events within host computers and their countermeasures using Boolean logic to combine lower level attack consequences. In addition, the RRE accounts for uncertainties in intrusion detection alert notifications. The RRE then chooses optimal response actions by solving a partially observable competitive Markov decision process that is automatically derived from attack-response trees. To support network-level multiobjective response selection and consider possibly conflicting network security properties, we employ fuzzy logic theory to calculate the network-level security metric values, i.e., security levels of the system's current and potentially future states in each stage of the game. In particular, inputs to the network-level game-theoretic response selection engine, are first fed into the fuzzy system that is in charge of a nonlinear inference and quantitative ranking of the possible actions using its previously defined fuzzy rule set. Consequently, the optimal network-level response actions are chosen through a game-theoretic optimization process. Experimental results show that the RRE, using Snort's alerts, can protect large networks for which attack-response trees have more than 500 nodes.
  • "Exploring the prudent limits of automated cyber attack," Caton, J.L., Cyber Conflict (CyCon), 2013 5th International Conference on , vol., no., pp.1,16, 4-7 June 2013. (ID#:14-1277) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6568375&isnumber=6568361 This paper places into conversation the notion of using automated cyber attacks as a part of preliminary defense, as the rates at which cyber conflicts occur far surpass the decision-making capability of world leaders. This paper discusses implementing necessary limits regarding the use of automated cyber attacks in national defense, as well as the implications and criteria considered when developing and deploying these systems. The Gerras critical thinking model is utilized to determine which criteria are necessary, and examines the use of automated cyber attacks in the context of a potential cyber resilience policy.
  • "S-MAIDS: A Semantic Model for Automated Tuning, Correlation, and Response Selection in Intrusion Detection Systems," Strasburg, C.; Basu, S.; Wong, J.S., Computer Software and Applications Conference (COMPSAC), 2013 IEEE 37th Annual , vol., no., pp.319,328, 22-26 July 2013. (ID#:14-1278) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6649844&isnumber=6649781 As cyber threats increasingly utilize automated and adaptive attacks to bypass or overwhelm static defenses, the role of intrusion detection and response systems (IDRS) as an active defense layer is becoming more critical. To remain effective against current attacks IDRS must be capable of automating detection of, and response to, threats in their specific environment. Different operating characteristics, detection capabilities, and response actions all contribute to make each environment unique, complicating this automation. In this work we consider IDRS automation in three areas: detector tuning, detector correlation, and response selection. We motivate and present a novel, more finely-grained model of threats, detectors, and responses called S-MAIDS: A Semantic Model of Automated Intrusion Detection Systems. Based on the concept of a "signal" (an observable indicator of an attack), we show the utility of combining such a model with an existing measure of IDRS performance to facilitate automated tuning, cross-system correlation, and response selection. We support our claims through several case-studies demonstrating the application of this model, and provide the model as an OWL ontology.
  • "Complexity and emergence in ultra-tactical cyberspace operations," Caton, J.L., Cyber Conflict (CyCon), 2013 5th International Conference on , vol., no., pp.1,14, 4-7 June 2013. (ID#:14-1279) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6568384&isnumber=6568361 This paper recognizes the implications of cyber situations that may occur, such as automated cyber attack responses, which can surpass the human ability to respond and intervene. The authors explores the inclusion of the ultra-tactical, similar to human and machine cognition in decision making, into the classic strategic-operational-tactical approach. This paper analyzes attributes that enhance the complexity of cyberspace, the projected impacts on decision making making protocols, future methods to analyze the benefits and challenges of automated cyber responses, and the possible ability of future to correctly and dynamically distinguish between malicious threats and normal occurrences.
  • "RECLAMO: Virtual and Collaborative Honeynets Based on Trust Management and Autonomous Systems Applied to Intrusion Management," Gil Perez, M.; Mateos Lanchas, V.; Fernandez Cambronero, D.; Martinez Perez, G.; Villagra, V.A., Complex, Intelligent, and Software Intensive Systems (CISIS), 2013 Seventh International Conference on, vol., no., pp.219,227, 3-5 July 2013. (ID#:14-1280) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6603893&isnumber=6603811 Security intrusions in large systems is a problem due to its lack of scalability with the current IDS-based approaches. This paper describes the RECLAMO project, where an architecture for an Automated Intrusion Response System (AIRS) is being proposed. This system will infer the most appropriate response for a given attack, taking into account the attack type, context information, and the trust and reputation of the reporting IDSs. RECLAMO is proposing a novel approach: diverting the attack to a specific honey net that has been dynamically built based on the attack information. Among all components forming the RECLAMO's architecture, this paper is mainly focused on defining a trust and reputation management model, essential to recognize if IDSs are exposing an honest behavior in order to accept their alerts as true. Experimental results confirm that our model helps to encourage or discourage the launch of the automatic reaction process.
  • "Cerebro: A platform for collaborative incident response and investigation," Connell, A.; Palko, T.; Yasar, H., Technologies for Homeland Security (HST), 2013 IEEE International Conference on , vol., no., pp.241,245, 12-14 Nov. 2013. (ID#:14-1281) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6699007&isnumber=6698956 Today's incident response training, architectures, and methodologies are all built upon disconnected siloes of domain expertise, but attacks upon an organization's critical information systems are not done in a disjointed way. Attacks on critical information systems and infrastructure are not solely network, or malware, or single disks; they are coordinated, large-scale multisite attacks done in an organized manner. With the increase in frequency and sophistication of these attacks, it is not enough to rely on intrusion detection systems, trusted IT staff, or organizational information security divisions. The velocity of a cyber-attack should be met with an equally coordinated response. There is a need to develop a platform that enables responders to establish trust and develop an effective collaborative response plan and investigation process across multiple organizations and legal bodies to track adversaries, mitigate the threat, get critical systems back online, and pursue legal action against the offenders. In this work we propose such a platform for efficient collaboration. The work is informed by the author's practices in supporting law enforcement organizations dealing with large-scale distributed attacks on critical information systems and infrastructure and by an examination of Stuxnet, a computer worm discovered in June 2010 that is believed to have been created by the United States and Israel to attack Iran's nuclear facilities. Based on these experiences of operational support, the authors propose Cerebro, an Extensible Large-Scale Analysis Platform designed to fuse structured domain specific information, decision support, and collaboration in an automated fashion, to effectively detect and respond to such attacks.
  • "Automated digital forensic technique with intrusion detection systems," Barhate, K.; Jaidhar, C., Advance Computing Conference (IACC), 2013 IEEE 3rd International on , vol., no., pp.185,189, 22-23 Feb. 2013. (ID#:14-1282) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6514218&isnumber=6506800 In today's technology, new attacks are emerging day by day which makes the systems insecure even the system wrapped with number of security measures. Intrusion Detection System (IDS) is used to detect the intrusion. Its prime function is to detect the intrusion and respond in timely manner. In other words, IDS function is limited to detection as well as response. The IDS is unable to capture the state of the system when an intrusion is detected. Hence, it fails to preserve the evidences against the attack in original form. To maintain the completeness and reliability of evidence for later examination, new security strategy is very much needed. In this research work, automated Digital Forensic Technique with Intrusion Detection System is proposed. Once an IDS detects an intrusion, it sends an alert message to administrator followed by invoke the digital forensic tool to capture the state of the system. Captured image can be used as evidence in the court of law to prove the damage.


Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.



Computer Science

Computer Science Logo


This set of citations covers a broad range of articles about research conducted across a wide range of computer science security topics from 2013. These include human factors, software development, trust mechanisms, cloud computing, and more.

  • "Expectation-Oriented Framework for Automating Approximate Programming", Esmaeilzadeh, H., Ni, K., Naik,M., Georgia Institute of Technology, 2013 This paper discusses ExpAX, the concept of automated, approximate programming based on error expectations as detailed by the programmer. ExpAX falls under the domain of general-purpose approximate computing, which explores the necessary concession of absolute computational accuracy in order to advance energy efficiency and performance. (ID#:14-1067 See: https://smartech.gatech.edu/handle/1853/49755
  • "Approximating the AND-OR tree" A. A. Sherstov, Theory of Computing, 9(20):653-663, 2013. This article explores the role representations of Boolean functions by real polynomials have played in theoretical computer science. The main result of this paper, according to the author, translates into lower bounds on communication complexity. (ID#:14-1068) Available at: http://www.cs.ucla.edu/~sherstov/pdf/and-or.pdf
  • "Candidate Indistinguishability Obfuscation and Functional Encryption for all circuits". Sanjam Garg, Craig Gentry, Shai Halevi, Mariana Raykova, Amit Sahai, Brent Waters. July 21, 2013. This study examines indistinguishability obfuscation and functional encryption for general circuits and give constructions that support all polynomial-size circuits. They further how to use indistinguishability obfuscation for circuits, public-key encryption,and non-interactive zero knowledge to achieve functional encryption for all circuits. The functional encryption scheme they construct includes succinct ciphertexts, which enable several other applications. (ID#:14-1069) Available at: http://eprint.iacr.org/2013/451.pdf
  • "How to Use Indistinguishability Obfuscation: Deniable Encryption, and More", Amit Sahai and Brent Waters. n.p. 2013. This paper details a novel cryptographic obfuscation approach referred to as "punctured programs", with a view to resolve challenges in Deniable Encryption. Deniable Encryption is a technique by which false, yet plausible, plaintext is generated from the decryption of encrypted text, enabling the sender to purposely misinform those who seek to decrypt confidential information. This implementation of indistinguishability obfuscation uses two algorithms concurrently, programs called Encrypt and Explain, respectively. (ID#:14-1070) Available at: http://eprint.iacr.org/2013/454.pdf
  • "Abstract Acceleration of General Linear Loops" Peter Schrammel, Bertrand Jeannet and Sriram Sankaranarayanan. ACM SIGPLAN Principles of Programming Languages (POPL), 2014. To Appear. (ID#:14-1071)
  • "Regular Real Analysis", Swarat Chaudhuri, Sriram Sankaranarayanan, and Moshe Vardi. ACM/IEEE Symposium on Logic in Computer Science. 2013. This study is about the analysis of real functions that can be encoded by automata on infinite words. It is known that !-automata can be used to represent relations between real vectors, reals being represented in exact precision as infinite streams. The regular functions studied here constitute the functional subset of such relations. The authors present an automata-theoretic technique for reasoning about limit behaviors of regular functions, and a decision procedure to verify the continuity of a regular function. (ID#:14-1072) Available at: http://www.cs.colorado.edu/~srirams/papers/lics2013-automata.pdf
  • "Scrum + Engineering Practices: Experiences of Three Microsoft Teams", Williams, L., Brown, G., Meltzer, A., Nagappan, N , International Symposium on Empirical Software Engineering and Measurement (ESEM) 2011, Banff, Canada, to appear. IEEE Software Best Experience Paper Award. This article should be of interest to software developers concerned about quality control when using Scrum. Scrum works as a project management tool for agile development. But it has been criticized for its short term focus without the checks and balances of sound engineering processes. This analysis identifies and tests nine engineering practices which, when used, enhance the quality and security of software development managed using scrum. (ID#:14-1073) Available at: http://collaboration.csc.ncsu.edu/laurie/Papers/ESEM11_SCRUM_Experience_CameraReady.pdf
  • "Generating request streams on Big Data using clustered renewal processes", Cristina L. Abada, Mindi Yuana, Chris X. Cai a, Yi Lua, Nathan Roberts , Roy H. Campbell, August 2013. This article discusses Big Data trace characteristics, especially the challenges in evaluating large-scale systems on an individual object basis. The article introduces a trace generator model, with capabilities for testing projected workloads and hypothetical cases, focused on the characteristics of popularity and temporal locality in object requests, such as files or Web documents. The authors discuss the importance of dynamic models that can support object distinction, in order to accurately determine the behavior of individual objects, and scalability, to support analysis of various workload sizes as opposed to standard workload sizes. (ID#:14-1074) http://assured-cloud-computing.illinois.edu/paper%20links/CAbad.pdf
  • "Juggle: addressing extrinsic load imbalances in SPMD applications on multicore computers". Steven A. Hofmeyr, Juan A. Colmenares, Costin Iancu, John Kubiatowicz, Appears in Cluster Computing. Vol. 16, No. 2, pp 299-319, June 2013. This study investigates proactive dynamic load balancing on multicore systems, in which threads are continually migrated to reduce the impact of processor/thread mismatches. (ID#:14-1075) Available at: http://www.cs.berkeley.edu/~kubitron/papers/parlab/juggle-cluster-computer-journal-2012.pdf
  • "A Multicore Operating System with QoS Guarantees for Network Audio Applications". Juan A. Colmenares, Nils Peters, Gage Eads, Ian Saxton, Israel Jacquez, John D. Kubiatowicz, and David Wessel. Appears in Journal of Audio Engineering, Vol 61, No. 4, April 2013. The authors explore the role of the operating system (OS) within computer nodes of network audio systems. They highlight the importance of the OS for network audio applications and present Tessellation, an experimental OS tailored to multicore processors. The article may be of interest in signal processing. (ID#:14-1076) Available at: http://www.cs.berkeley.edu/~kubitron/papers/parlab/JAES-1163-tess.pdf
  • "A Case Study on the Lightweight Verification of a Multi-Threaded Task Server" N'estor Cata~no,_, Ijaz Ahmed, Radu I. Siminiceanu, Jonathan Aldrich,. Preprint submitted to Science of Computer Programming December 1, 2013. This article should be of interest in massive parallelizing of computational tasks. The authors developed a methodology and tool for verifying the design of a commercial multi-threaded task server (MTTS). Their method uses a Data Flow Analysis in the first phase. In a second phase, they developed a Pulse tool that enhances the analysis they performed. They conclude exhaustive model-checking approach scales reasonably well and is efficient at finding errors in specifications that were not previously detected with the Data Flow Analysis (DFA) alone. (ID#:14-1077) See http://www.cs.cmu.edu/~aldrich/papers/main-pulse-scp.pdf

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.


Cryptography and Security

Cryptography and Security


Cryptography is the core practice and study of techniques for secure communication in the presence of third parties called adversaries. Cryptography intersects the disciplines of mathematics, computer science, and electrical engineering. The two dozen articles cited in this list were presented and published in 2013 and cover a range of specific topics such as single key encryption, blind keys, density estimation, and other items of specific interest.

  • "Clustering Large Probabilistic Graphs". G. Kollios, M. Potamias, and E. Terzi. IEEE TKDE, Vol. 25, No. 2, February 2013. This research should be of interest for those wanting to discover groups of users in affiliation networks. The authors demonstrated their method using a large social network of Yahoo! users consisting of one billion edges. (ID#:14-1023) Available at: http://www.cs.bu.edu/groups/dblab/pub_pdfs/PGClustering.pdf
  • "Anonymous Credentials Light." Foteini Baldimtsi, Anna Lysyanskaya. ACM CCS 2013. This research should be of interest for those interested in constructing efficient and provably secure blind signatures with attributes. Suggests a method that can work in the elliptic group setting without bilinear pairings and is based on the DDH assumption. (ID#:14-1024) Available at: http://cs.brown.edu/~anna/papers/bl13a.pdf
  • "Spiral in Scala: Towards the Systematic Construction of Generators for Performance Libraries", Georg Ofenbeck, Tiark Rompf, Alen Stojanov, Martin Odersky and Markus Puschel Proc. International Conference on Generative Programming: Concepts & Experiences (GPCE), 2013 This research covers program generators and offers a systematic method for creating effective generators. (ID#:14-1025) Available at: http://spiral.ece.cmu.edu:8080/pub-spiral/abstract.jsp?id=170
  • "A polynomial time approximation scheme for fault-tolerant distributed storage", C. Daskalakis, A. De, I. Diakonikolas, A. Moitra, and R. Servedio. ACM-SIAM Symposium on Discrete Algorithms (SODA), October 2013 conference presentation. Of interest mainly due to the subject matter. (ID#:14-1027) PDF available at: http://www1.cs.columbia.edu/~rocco/Public/soda14-stochastic.pdf
  • "Testing equivalence between distributions using conditional samples." C. Canonne, D. Ron, and R. Servedio, ACM-SIAM Symposium on Discrete Algorithms (SODA), 2014, to appear. In this paper, the authors focus on algorithms for two fundamental distribution testing problems: testing whether D = D- for an explicitly provided D-, and testing whether two unknown distributions D1 and D2 are equivalent. (ID#:14-1028) Available at: http://www1.cs.columbia.edu/~rocco/Public/soda14-cond-camera.pdf
  • "Learning Sums of Independent Integer Random Variables.", Daskalakis, I. Diakonikolas, R. O'Donnell, R. Servedio, and L.-Y. Tan. 54th Annual Symposium on Foundations of Computer Science (FOCS), 2013. This work studies the problem of learning an unknown random variable given access to independent samples drawn from it, essentially the problem of density estimation. (ID#:14-1029) Available at: http://www1.cs.columbia.edu/~rocco/Public/siirv.pdf
  • "A robust Khintchine inequality, and algorithms for computing optimal constants in Fourier analysis and high-dimensional geometry." De and I. Diakonikolas and R. Servedio. 39th International Conference on Automata, Languages and Programming (ICALP), 2013. This paper makes two contributions towards determining some well-studied optimal constants in Fourier analysis of Boolean functions and high-dimensional geometry. (ID#:14-1030) Available at: http://www1.cs.columbia.edu/~rocco/Public/dds-khintchine-journal.pdf
  • "Self-Updatable Encryption: Time Constrained Access Control with Hidden Attributes and Better Efficiency "Kwangsu Lee, Seung Geol Choi, Dong Hoon Lee, Jong Hwan Park, and Moti Yung. Asiacrypt 2013. Of interest mainly due to subject matter. (ID#:14-1032) Available at: http://www.usna.edu/Users/cs/choi/pub/lclpy13.pdf
  • "Amplification of Chosen-Ciphertext Security." Lin, H., and Tessaro, S. Advances in Cryptology -- EUROCRYPT 2013. May 2013. This research should be of interest to those looking at public key encryption scheme and security against chosen-ciphertext attacks. (ID#:14-1033) Available at: http://people.csail.mit.edu/tessaro/papers/encampl.pdf
  • "Succinct Functional Encryption and Applications: Reusable Garbled Circuits and Beyond." Goldwasser, S., Kalai, Y., Popa, R., Vaikuntanathan, V., and Zeldovich, N. The authors construct a succinct single-key functional encryption scheme for general functions that can be used to address the long-standing open problem in cryptography of reusing garbled circuits. (ID#:14-1034) IACR Cryptology ePrint Archive 2012: 733, Updated March 24, 2013.
  • "On the Lattice Isomorphism Problem". Ishay Haviv and Oded Regev. To be presented 2014 SODA. 2 Nov 2013. Of interest to those in the area SVP and related lattice problems are for polynomial approximation factors, and its relationship to lattice-based cryptography. (ID#:14-1035) Available at: http://arxiv.org/pdf/1311.0366v1.pdf
  • "A Note on Discrete Gaussian Combinations of Lattice Vectors". Divesh Aggarwal, Oded Regev. Submitted for publication and revised 10 Jan 2014. (ID#:14-1036) Available at: http://arxiv.org/abs/1308.2405
  • "The Power of Linear Reconstruction Attacks." S. P. Kasiviswanathan, M. Rudelson, A. Smith. 24th Annual ACM Symposium on Discrete Algorithms (SODA), January 2013. Considers the power of "linear reconstruction attacks" in statistical data privacy, showing that they can be applied to a much wider range of settings than previously understood. (ID#:14-1037) Available at: http://arxiv.org/pdf/1210.2381.pdf
  • "Highly-Scalable Searchable Symmetric Encryption with Support for Boolean Queries" David Cash, Stanislaw Jarecki, Charanjit Jutla, Hugo Krawczyk, Marcel Rosu, Michael Steiner. CRYPTO 2013 Of interest due to subject matter. (ID#:14-1039) Available at: http://eprint.iacr.org/2013/169
  • "Dynamic Proofs of Retrievability via Oblivious RAM." David Cash, Alptekin Kupcu, Daniel Wichs. EUROCRYPT 2013 The authors offer a solution providing proofs of retrievability for dynamic storage, where the client can perform arbitrary reads/writes on any location within her data by running an efficient protocol with the server. Keywords: cryptographic protocols / Proofs of Retrievability, PoR, Oblivious RAM, ORAM . (ID#:14-1040) Available at: http://eprint.iacr.org/2012/550
  • "Fundamentals of Arabic cryptology and covert communication networks". Adam Miles. Unpublished Masters thesis (Applied mathematics). Of interest due to subject matter. Analysis of covert communications methods from open sources. (ID#:14-1041) Available at: https://scholarcommons.scu.edu/handle/11123/128
  • "Attribute-Based Encryption for Arithmetic Circuits". D. Boneh, V. Nikolaenko, and G. Segev. Cryptology ePrint Archive: Report 2013/669. Presents an Attribute Based Encryption system where access policies are expressed as polynomial size arithmetic circuits. (ID#:14-1042) Available at: http://eprint.iacr.org/2013/669.pdf
  • "Multiparty Key Exchange, Efficient Traitor Tracing, and More from Indistinguishability Obfuscation". D. Boneh and M. Zhandry. Cryptology ePrint Archive: Report 2013/642. The authors show how to use indistinguishability obfuscation (iO) to build multiparty key exchange, efficient broadcast encryption, and efficient traitor tracing. (ID#:14-1043) Available at: http://eprint.iacr.org/2013/642.pdf
  • "Constrained Pseudorandom Functions and Their Applications". D. Boneh and B. Waters. Proceedings of Asiacrypt 2013, LNCS 8270, pp. 280-300. Authors offer a new construct of pseudorandom functions (PRFs) they call constrained PRFs. (ID#:14-1044) Available at: http://eprint.iacr.org/2013/352.pdf
  • "Virtual Black-Box Obfuscation for All Circuits via Generic Graded Encoding", Zvika Brakerski and Guy Rothblum. TCC 2014. Presents a new general-purpose obfuscator for all polynomial-size circuits. (ID#:14-1045) Available at: http://eprint.iacr.org/2013/563.pdf
  • "A Secure Submission System for Online Whistleblowing Platforms", Volker Roth, Benjamin Gueldenring, Eleanor Rieffel, Sven Dietrich and Lars Ries Proceedings of Financial Cryptography and Data Security 2013, 8 pp, Springer LNCS 7859, April 2013. The authors suggest a submission system for online whistleblowing platforms that they call AdLeaks. Their objective of is to make whistleblower submissions unobservable even if the adversary sees the entire network traffic. (ID#:14-1046) Available at: http://fc13.ifca.ai/proc/10-2.pdf
  • "Set-Difference Range Queries". David Eppstein, Michael T. Goodrich, Joseph A. Simons. June, 2013. n.p. Introduces the problem of performing set-difference range queries, where answers to queries are set-theoretic symmetric differences between sets of items in two geometric ranges. Keywords: Data Structures and Algorithms. (ID#:14-1047) Available at: http://arxiv.org/pdf/1306.3482.pdf
  • "Message-Locked Encryption and Secure Deduplication". M. Bellare, S. Keelveedhi and T. Ristenpart. Advances in Cryptology - Eurocrypt 2013 Proceedings, Lecture Notes in Computer Science Vol. XXXX, T. Johansson and P. Nguyen eds, Springer, 2013 Formalizes a new cryptographic primitive, Message-Locked Encryption (MLE), where the key under which encryption and decryption are performed is itself derived from the message. (ID#:14-1048) Available at: http://eprint.iacr.org/2012/631.pdf
  • "Adaptive and Concurrent Secure Computation from New Adaptive, Non-Malleable Commitments." D. Dachman-Soled, T. Malkin, M. Raykova and M. Venkitasubramaniam . Asiacrypt 2013. Provides conceptual simplicity and insight into what is required for adaptive and concurrent security, as well as yielding improvements to set-up assumptions and/or computational assumptions. (ID#:14-1049) Available at: http://eprint.iacr.org/2011/611.pdf
  • "Anon-Pass: Practical Anonymous Subscriptions," Jonathan Katz, Michael Lee, Alan Dunn, Brent Waters, and Emmett Witchel. IEEE Security & Privacy, to appear. (Invited to a special issue for selected papers from the 2013 IEEE Symposium on Security & Privacy.) Presents the design, security proof, and implementation of an anonymous subscription service. (ID#:14-1050) Available at: http://www.cs.umd.edu/~jkatz/ Source code link also available at: http://www.cs.umd.edu/~jkatz/
  • "ZMap: Fast Internet-wide Scanning and its Security Applications." Zakir Durumeric, Eric Wustrow, and J. Alex Halderman. Proc. 22nd USENIX Security Symposium Sec '13, Washington, D.C., August 2013. The authors introduce ZMap, a modular, open-source network scanner specifically architected to perform Internet-wide scans and capable of surveying the entire IPv4 address space in under 45 minutes from user space on a single machine, approaching the theoretical maximum speed of gigabit Ethernet. (ID#:14-1051) Available at: https://zmap.io/paper.html
  • "Analysis of Reusability of Secure Sketches and Fuzzy Extractors", M. Blanton and M. Aliasgari, IEEE Transactions on Information Forensics and Security (TIFS), Vol. 8, No. 9, pp. 1433-1445, Sep. 2013. According to the authors, secure sketches and fuzzy extractors enable the use of biometric data in cryptographic applications by correcting errors in noisy biometric readings and producing cryptographic materials suitable for authentication, encryption, and other purposes. (ID#:14-1052) Available at: http://www.cse.nd.edu/~mblanton/papers/tifs13.pdf
  • " Explicating SDKs: Uncovering Assumptions Underlying Secure Authentication and Authorization." Rui Wang, Yuchen Zhou, Shuo Chen, Shaz Qadeer, David Evans, and Yuri Gurevich. 22nd USENIX Security Symposium, Washington DC, 14-16 August 2013. Major online providers, such as Facebook and Microsoft, provide SDKs for incorporating authentication services. This paper considers whether those SDKs enable typical developers to build secure apps. (ID#:14-1053) Available at: http://www.cs.virginia.edu/~evans/pubs/usenix2013/
  • "Dynamic task allocation in asynchronous shared memory". Dan Alistarh, James Aspnes , Michael Bender, Rati Gelashvili, and Seth Gilbert . To appear, SODA 2014. Task allocation is a classic distributed problem in which a set of potentially faulty processes must cooperate to perform a set of tasks. This paper considers a new dynamic version of the problem, in which tasks are injected adversarially during an asynchronous execution. (ID#:14-1054) Available at: http://www.cs.yale.edu/homes/aspnes/papers/soda2014-proceedings.pdf
  • "Secure Configuration of Intrusion Detection Sensors for Dynamic Enterprise-Class Distributed Systems", Gaspar Modelo-Howard, PhD thesis, Purdue 2013. In order to secure current computer systems it is necessary to have sensors included to monitor their performance against security goals. This paper discusses how to evaluate by using a Bayesian model various configurations of detectors to achieve these goals. Results of a successful attack are compared to the detector alerts. (ID#:14-1055) See: http://www.cerias.purdue.edu/apps/reports_and_papers/view/4663
  • "Social Influences on Secure Development Tool Adoption: Why Security Tools Spread", Shundan Xiao, Jim Witschey, Emerson Murphy-Hill. Proceedings of Computer Supported Cooperative Work, 2014. This article should be of interest to those interested in human factors. The research studies the social factors related to why individuals fail to use tools available to them to ensure software quality and security. (ID#:14-1056) See http://people.engr.ncsu.edu/ermurph3/papers/cscw13.pdf
  • "Trust mechanisms for cloud computing". Jingwei Huang and David M. Nicol. Journal of Cloud Computing, 2(1), April 2013 This article should be of interest to those concerned about establishing trust in cloud computing. The authors critically analyze "trust" and its basis for cloud computing users. Their analysis ranges from perceptual to semantic to engineering methods for formal accreditation, auditing and standards, and specific tools and their utility and limitations. (ID#:14-1057) See http://www.journalofcloudcomputing.com/content/2/1/9
  • "PHANTOM: Practical Oblivious Computation in a Secure Processor", Martin Maas, Eric Love, Emil Stefanov, Mohit Tiwari, Elaine Shi, Krste Asanovic, John Kubiatowicz, Dawn Song. Proceedings of the 20th ACM Conference on Computer and Communications Security (CCS), November 2013. This study introduces PHANTOM, a new secure processor that obfuscates its memory access trace. The authors achieve obliviousness through a cryptographic construct known as Oblivious RAM or ORAM. (ID#:14-1058) Available at: http://www.cs.berkeley.edu/~kubitron/papers/parlab/phantom-ccs.pdf

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.


Cyber-Physical Systems

Cyber-Physical Systems


Cyber-Physical systems generally are systems where computers control physical entities. They exist in areas as diverse as automobiles, manufacturing, energy, transportation, chemistry, and computer appliances. In this bibliography, the primary focus of published research is in smart grid technologies--the use of cyber-physical systems to coordinate the generation, transmission, and use of electrical power and its sources. Because of its strategic importance and the consequences of intrusion, smart grid is of particular importance to the Science of Security.

  • "Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems," Mitchell, R.; Chen, I., Reliability, IEEE Transactions on , vol.62, no.1, pp.199,210, March 2013 (ID#:14-1169) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6423246&isnumber=6471782 The authors analyze the effect of intrusion detection and response on the reliability of a cyber physical system (CPS) comprising sensors, actuators, control units, and physical objects for controlling and protecting a physical infrastructure. They develop a probability model based on stochastic Petri nets to describe the behavior of the CPS in the presence of both malicious nodes exhibiting a range of attacker behaviors, and an intrusion detection and response system (IDRS) for detecting and responding to malicious events at runtime. Their results indicate that adjusting detection and response strength in response to attacker strength and behavior detected can significantly improve the reliability of the CPS. They report numerical data for a CPS subject to persistent, random and insidious attacks with physical interpretations given.
  • "Smart Grid Communications: Overview of Research Challenges, Solutions, and Standardization Activities," Zhong Fan; Kulkarni, P.; Gormus, S.; Efthymiou, C.; Kalogridis, G.; Sooriyabandara, M.; Ziming Zhu; Lambotharan, S.; Woon Hau Chin. Communications Surveys & Tutorials, IEEE , vol.15, no.1, pp.21,38, First Quarter 2013. (ID#:14-1170) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6129368&isnumber=6449396 According to the authors, optimization of energy consumption in future intelligent energy networks (or Smart Grids) will be based on grid-integrated near-real-time communications between various grid elements in generation, transmission, distribution and loads. Their paper discusses the challenges and opportunities of communications research in the areas of smart grid and smart metering. In particular, they focus on some of the key communications challenges for realizing interoperable and future-proof smart grid/metering networks, smart grid security and privacy, and how some of the existing networking technologies can be applied to energy management. Finally, they discuss the coordinated standardization efforts in Europe to harmonize communications standards and protocols.
  • "Cyber-Physical Security Testbeds: Architecture, Application, and Evaluation for Smart Grid," Hahn, A.; Ashok, A.; Sridhar, S.; Govindarasu, M., Smart Grid, IEEE Transactions on , vol.4, no.2, pp.847,855, June 2013. (ID#:14-1171) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6473865&isnumber=6517533 According to the authors, the development of a smarter electric grid will depend on increased deployments of information and communication technology (ICT) to support novel communication and control functions. This additional dependency also expands the risk from cyber attacks. Designing systems with adequate cyber security depends heavily on the availability of representative environments, such as testbeds, where current issues and future ideas can be evaluated. This paper provides an overview of a smart grid security testbed, including the set of control, communication, and physical system components required to provide an accurate cyber-physical environment. It then identifies various testbed research applications and also identifies how various components support these applications. The PowerCyber testbed at Iowa State University is then introduced, including the architecture, applications, and novel capabilities, such as virtualization, Real Time Digital Simulators (RTDS), and ISEAGE WAN emulation. Finally, several attack scenarios are evaluated using the testbed to explore cyber-physical impacts. In particular, availability and integrity attacks are demonstrated with both isolated and coordinated approaches, these attacks are then evaluated based on the physical system's voltage and rotor angle stability.
  • "Future Research on Cyber-Physical Emergency Management Systems", Erol Gelenbe , Fang-Jing Wu. Future Internet 2013, 5(3), 336-354. (ID#:14-1172) Available at: http://www.mdpi.com/1999-5903/5/3/336
  • "Game theory meets network security and privacy", Mohammad Hossein Manshaei , Quanyan Zhu, Tansu Alpcan, Tamer Bacsar, Jean-Pierre Hubaux . ACM Computing Surveys (CSUR) Volume 45 Issue 3, June 2013. (ID#:14-1174) Available at: http://dl.acm.org/citation.cfm?id=2480742 (fee required)
  • "Energy management systems: state of the art and emerging trends," Aman, S.; Simmhan, Y.; Prasanna, V.K., Communications Magazine, IEEE , vol.51, no.1, pp.114,119, January 2013. (ID#:14-1176) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6400447&isnumber=6400427 According to the authors, the electric grid is radically evolving and transforming into the smart grid, which is characterized by improved energy efficiency and manageability of available resources. Energy management (EM) systems, often integrated with home automation systems, play an important role in the control of home energy consumption and enable increased consumer participation. These systems provide consumers with information about their energy consumption patterns and help them adopt energy-efficient behavior. The new generation EM systems leverage advanced analytics and communication technologies to offer consumers actionable information and control features, while ensuring ease of use, availability, security, and privacy. In this article, the authors present a survey of the state of the art in EM systems, applications, and frameworks. We define a set of requirements for EM systems and evaluate several EM systems in this context. They also discuss emerging trends in this area.
  • "Trustworthiness analysis of sensor data in cyber-physical systems",Lu-An Tanga, Xiao Yua, Sangkyum Kima, Quanquan Gua, Jiawei Hana, Alice Leungb, Thomas La Portac. Journal of Computer and System Sciences Volume 79, Issue 3, May 2013, Pages 383-401. (ID#:14-1178) Available at: http://www.sciencedirect.com/science/article/pii/S0022000012001481 (fee required)
  • "An Online Optimization Approach for Control and Communication Codesign in Networked Cyber-Physical Systems," Xianghui Cao; Peng Cheng; Jiming Chen; Youxian Sun, Industrial Informatics, IEEE Transactions on , vol.9, no.1, pp.439,450, Feb. 2013. (ID#:14-1179) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6293884&isnumber=6387656 According to the authors, networked cyber-physical systems (NCPS), where control and communication are closely integrated, have been envisioned to have a large number of high-impact applications. In this paper, a joint optimization framework is presented, which combines the objective of control as well as other relevant system objectives and constraints such as communication errors, delays and the limited capabilities (e.g., energy capacities) of devices. The problem is solved by an online optimization approach, which consists of a communication protocol and a simulated annealing based control algorithm. Meanwhile, by taking into account the communication cost, the authors optimize the control intervals by integrating two kinds of acceptances, i.e., cyber and physical acceptances, into the control algorithm. Numerical results show the effectiveness of their proposed approach.

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.


Dynamic Execution

Dynamic Execution


Dynamic execution is the subject of a new IEEE international standard draft. The draft document was published in April 2014 "IEEE Draft International Standard for Software and Systems Engineering--Software Testing--Part 4: Test Techniques," IEEE P29119-4/DIS2-Feb2014 , vol., no., pp.1,139, Feb. 21 2014 Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6746628&isnumber=6746627 Articles cited cover describe research on run-time task allocation, debugging state anomalies, deceptive virtual hosts for industrial control networks, and malware dynamic recompilation.

  • "IEEE Draft International Standard for Software and Systems Engineering--Software Testing--Part 4: Test Techniques," IEEE P29119-4/DIS2-Feb2014 , vol., no., pp.1,139, Feb. 21 2014 (ID#:14-1283) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6746628&isnumber=6746627 This part of ISO/IEC 29119 defines software testing techniques that can be used by any organization, project or smaller testing activity. The test techniques in this International Standard are used to derive the test cases executed as part of the dynamic testing process specified in part two of this standard. This International Standard is applicable to the testing in all software development lifecycle models. This document is intended for, but not limited to, testers, test managers, developers, project managers, particularly those responsible for governing, managing and implementing software testing.
  • "Techniques to Minimize State Transfer Costs for Dynamic Execution Offloading in Mobile Cloud Computing," Yang, S.; Kwon, D.; Yi, H.; Cho, Y.; Kwon, Y.; Paek, Y. Mobile Computing, IEEE Transactions on , vol. PP, no.99, pp.1,1 2014. (ID#:14-1284) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6746190&isnumber=4358975 In order to meet the increasing demand for high performance in smartphones, recent studies suggested mobile cloud computing techniques that aim to connect the phones to adjacent powerful cloud servers to throw their computational burden to the servers. These techniques often employ execution offloading schemes that migrate a process between machines during its execution. In execution offloading, code regions to be executed on the server are decided statically or dynamically based on the complex analysis on execution time and process state transfer costs of every region. Expectedly, the transfer cost is a deciding factor for the success of execution offloading. According to our analysis, it is dominated by the total size of heap objects transferred over the network. But previous work did not try hard to minimize this size. Thus in this paper, we introduce novel techniques based on compiler code analysis that effectively reduce the transferred data size by transferring only the essential heap objects and the stack frames actually referenced in the server. The experiments exhibit that the reduced size positively influences not only the transfer time itself but also the overall effectiveness of execution offloading, and ultimately, improves the performance of our mobile cloud computing significantly in terms of execution time and energy consumption.
  • "Adjustable contiguity of run-time task allocation in networked many-core systems," Fattah, Mohammad; Liljeberg, Pasi; Plosila, Juha; Tenhunen, Hannu, Design Automation Conference (ASP-DAC), 2014 19th Asia and South Pacific , vol., no., pp.349,354, 20-23 Jan. 2014 (ID#:14-1285) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6742914&isnumber=6742831 The authors propose a run-time mapping algorithm, CASqA, for networked many-core systems. In this algorithm, the level of contiguousness of the allocated processors (a) can be adjusted in a fine-grained fashion. A strictly contiguous allocation (a = 0) decreases the latency and power dissipation of the network and improves the applications execution time. However, it limits the achievable throughput and increases the turnaround time of the applications. As a result, recent works consider non-contiguous allocation (a = 1) to improve the throughput traded off against applications execution time and network metrics. In contradiction, their experiments show that a higher throughput (by 3%) with improved network performance can be achieved when using intermediate a values. More precisely, up to 35% drop in the network costs can be gained by adjusting the level of contiguity compared to non-contiguous cases, while the achieved throughput is kept constant. Moreover, CASqA provides at least 32% energy saving in the network compared to other works.
  • "Follow the path: Debugging state anomalies along execution histories," Perscheid, Michael; Felgentreff, Tim; Hirschfeld, Robert, Software Maintenance, Reengineering and Reverse Engineering (CSMR-WCRE), 2014 Software Evolution Week - IEEE Conference on , vol., no., pp.124,133, 3-6 Feb. 2014. (ID#:14-1286) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6747162&isnumber=6747152 To understand how observable failures come into being, back-in-time debuggers help developers by providing full access to past executions. However, such potentially large execution histories do not include any hints to failure causes. For that reason, developers are forced to ascertain unexpected state properties and wrong behavior completely on their own. Without deep program understanding, back-in-time debugging can end in countless and difficult questions about possible failure causes that consume a lot of time for following failures back to their root causes. In this paper, we present state navigation as a debugging guide that highlights unexpected state properties along execution histories. After deriving common object properties from the expected behavior of passing test cases, we generate likely invariants, compare them with the failing run, and map differences as state anomalies to the past execution. So, developers obtain a common thread through the large amount of run-time data which helps them to answer what causes the observable failure. We implement our completely automatic state navigation as part of our test-driven fault navigation and its Path tools framework. To evaluate our approach, we observe eight developers during debugging four non-trivial failures. As a result, we find out that our state navigation is able to aid developers and to decrease the required time for localizing the root cause of a failure.
  • "Cyber-Physical System Security with Deceptive Virtual Hosts for Industrial Control Networks," Vollmer, D.; Manic, M., Industrial Informatics, IEEE Transactions on , vol. PP, no.99, pp.1,1 2014. (ID#:14-1287) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6750078&isnumber=4389054 A challenge facing industrial control network administrators is protecting the typically large number of connected assets for which they are responsible. These cyber devices may be tightly coupled with the physical processes they control and human induced failures risk dire real world consequences. Dynamic virtual honeypots are effective tools for observing and attracting network intruder activity. This paper presents a design and implementation for self-configuring honeypots that passively examines control system network traffic and actively adapts to the observed environment. In contrast to prior work in the field, six tools were analyzed for suitability of network entity information gathering. Ettercap, an established network security tool not commonly used in this capacity, outperformed the other tools and was chosen for implementation. Utilizing Ettercap XML output, a novel four-step algorithm was developed for autonomous creation and update of a Honeyd configuration. This algorithm was tested on an existing small campus grid and sensor network by execution of a collaborative usage scenario. Automatically created virtual hosts were deployed in concert with an Anomaly Behavior (AB) system in an attack scenario. Virtual hosts were automatically configured with unique emulated network stack behaviors for 92% of the targeted devices. The AB system alerted on 100% of the monitored emulated devices.
  • "Malware Dynamic Recompilation," Josse, Sebastien, System Sciences (HICSS), 2014 47th Hawaii International Conference on , vol., no., pp.5080,5089, 6-9 Jan. 2014. (ID#:14-1288) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6759227&isnumber=6758592 This paper addresses the increasing difficulty of analyzing and understanding protected malware code using traditional static and dynamic analysis tools. The concept of multi-targets in introduced, a proposed general, automatic rewriting tool used to analyze protected, malicious binary programs. In broad scope, the tool begins by noting the malicious program is execution environment, in order to subsequently glean and interpret its representation. This method follows the conventional methods of de-obfuscation and extraction.
  • "Potent and Stealthy Control Flow Obfuscation by Stack Based Self-Modifying Code," Balachandran, V.; Emmanuel, S., Information Forensics and Security, IEEE Transactions on , vol.8, no.4, pp.669,681, April 2013. (ID#:14-1289) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6473885&isnumber=6475985 Software code released to the user has the risk of reverse engineering attacks. Software obfuscation techniques can be employed to make the reverse engineering of software programs harder. In this paper, we propose a potent, stealthy, and cost-effective algorithm to obfuscate software programs. The main idea of the algorithm is to remove control flow information from the code area and hide them in the data area. During execution time, these instructions are reconstructed, thereby preserving the semantics of the program. Experimental results indicate that the algorithm performs well against static and dynamic attacks. Also the obfuscated program is hard to be differentiated from normal binary programs demonstrating the obfuscations good stealth measure.
  • "Security-enhanced 3D communication structure for dynamic 3D-MPSoCs protection," Sepulveda, J.; Gogniat, G.; Pires, R.; Wang Chau; Strum, M., Integrated Circuits and Systems Design (SBCCI), 2013 26th Symposium on , vol., no., pp.1,6, 2-6 Sept. 2013. (ID#:14-1290) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6644851&isnumber=6644849 This article addresses the security challenges accompanying the use of 3D Multiprocessors System-on-Chip (3D-MPSoCs). 3D communication structures (3D-HoCs), with their use of buses and network-on-chip, are considered by the authors of this paper as an apt solution to the current 3D-MPSoC vulnerabilities. The authors go further to suggest the use of Quality of Security Service (QoSS), meaning agile and dynamic firewalls, in 3D-HoC as a method of exploitation detection and prevention.
  • "Binary-Level Testing of Embedded Programs," Bardin, S.; Baufreton, P.; Cornuet, N.; Herrmann, P.; Labbe, S., Quality Software (QSIC), 2013 13th International Conference on , vol., no., pp.11,20, 29-30 July 2013. (ID#:14-1291) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6605904&isnumber=6605889 This article details the implementation of Dynamic Symbolic Execution (DSE), used for automated test data generation and vulnerability detection in desktop programs, in testing critical embedded systems. The authors also discuss novel characteristics featured in OSMOSE, their DSE tool.
  • "A Late Treatment of C Precondition in Dynamic Symbolic Execution," Delahaye, M.; Kosmatov, N., Software Testing, Verification and Validation Workshops (ICSTW), 2013 IEEE Sixth International Conference on , vol., no., pp.230,231, 18-22 March 2013. (ID#:14-1292) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6571636&isnumber=6571592 Relevance of automatically generated test cases depends on an appropriate definition of a test context, or precondition. This paper presents a novel method for handling a precondition in dynamic symbolic execution (DSE) testing tools. This method allows PathCrawler, a DSE tool for C programs, to accept a precondition defined as a C function. It provides a simple way to express a precondition even for developers who are not familiar with specification formalisms. It has also proven useful when combining static and dynamic analysis


Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.



End to End Computing

End to End Computing



End to end computing security focuses on the concept of uninterrupted protection of data traveling between two communicating partners. Generally, encryption is the method of choice. The research cited here addresses mobile cloud, human factors, and geo-social networks.

  • "An Anonymous End-to-End Communication Protocol for Mobile Cloud Environments," Ardagna, C.A.; Conti, M.; Leone, M.; STEFA, J., Services Computing, IEEE Transactions on, vol.PP, no.99, pp.1,1 2014. (ID#:14-1245) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6732964&isnumber=4629387 The increasing spread of mobile cloud computing paradigm is changing the traditional mobile communication infrastructure. Today, smartphones can rely on virtual (software) "clones" in the cloud, offering backup/recovery solutions as well as the possibility to offload computations. As a result, clones increase the communication and computation capabilities of smartphones, making their limited batteries last longer. Unfortunately, mobile cloud introduces new privacy risks, since personal information of the communicating users is distributed among several parties (e.g., cellular network operator, cloud provider). In this paper, the authors propose a solution implementing an end-to-end anonymous communication protocol between two users in the network, which leverages properties of social networks and ad hoc wireless networks. They consider an adversary model where each party observing a portion of the communication possibly colludes with others to uncover the identity of communicating users. They then extensively analyze and assess the performance of their solution by comparing it to Tor on a real testbed of 36 smartphones and relative clones running on Amazon EC2 platform.
  • "Modeling Human-in-the-Loop Security Analysis and Decision-Making Processes," Schumann, M.A.; Drusinsky, D.; Michael, J.B.; Wijesekera, D., Software Engineering, IEEE Transactions on, vol.40, no.2, pp.154,166, Feb. 2014. (ID#:14-1246) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6727512&isnumber=6755497 This paper presents a novel application of computer-assisted formal methods for systematically specifying, documenting, statically and dynamically checking, and maintaining human-centered workflow processes. This approach provides for end-to-end verification and validation of process workflows, which is needed for process workflows that are intended for use in developing and maintaining high-integrity systems. We demonstrate the technical feasibility of our approach by applying it on the development of the US government's process workflow for implementing, certifying, and accrediting cross-domain computer security solutions. Our approach involves identifying human-in-the-loop decision points in the process activities and then modeling these via statechart assertions. We developed techniques to specify and enforce workflow hierarchies, which was a challenge due to the existence of concurrent activities within complex workflow processes. Some of the key advantages of our approach are: it results in development of a model that is executable, supporting both upfront and runtime checking of process-workflow requirements; aids comprehension and communication among stakeholders and process engineers; and provides for incorporating accountability and risk management into the engineering of process workflows.
  • Carbunar, B.; Rahman, M.; Ballesteros, J.; Rishe, N.; Vasilakos, A.V., "${rm PROFIL}_{R}$: Toward Preserving Privacy and Functionality in Geosocial Networks," Information Forensics and Security, IEEE Transactions on , vol.9, no.4, pp.709,718, April 2014. (ID#:14-1247) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6747317&isnumber=6755552 Profit is the main participation incentive for social network providers. Its reliance on user profiles, built from a wealth of voluntarily revealed personal information, exposes users to a variety of privacy vulnerabilities. In this paper, the authors propose to take first steps toward addressing the conflict between profit and privacy in geosocial networks. They introduce ${rm PROFIL}_{R}$, a framework for constructing location centric profiles (LCPs), aggregates built over the profiles of users that have visited discrete locations (i.e., venues). ${rm PROFIL}_{R}$ endows users with strong privacy guarantees and providers with correctness assurances. In addition to a venue centric approach, they propose a decentralized solution for computing real time LCP snapshots over the profiles of colocated users. An Android implementation shows that ${rm PROFIL}_{R}$ is efficient; the end-to-end overhead is small even under strong privacy and correctness assurances.
  • "Software Crash Analysis for Automatic Exploit Generation on Binary Programs," Shih-Kun Huang; Min-Hsiang Huang; Po-Yen Huang; Han-Lin Lu; Chung-Wei Lai, Reliability, IEEE Transactions on, vol.63, no.1, pp.270,289, March 2014. (ID#:14-1248) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6717039&isnumber=6750070 This paper presents a new method, capable of automatically generating attacks on binary programs from software crashes. The authors analyze software crashes with a symbolic failure model by performing concolic executions following the failure directed paths, using a whole system environment model and concrete address mapped symbolic memory in S2 E. They propose a new selective symbolic input method and lazy evaluation on pseudo symbolic variables to handle symbolic pointers and speed up the process. This is an end-to-end approach able to create exploits from crash inputs or existing exploits for various applications, including most of the existing benchmark programs, and several large scale applications, such as a word processor (Microsoft office word), a media player (mpalyer), an archiver (unrar), or a pdf reader (foxit). They can deal with vulnerability types including stack and heap overflows, format string, and the use of uninitialized variables. Notably, these applications have become software fuzz testing targets, but still require a manual process with security knowledge to produce mitigation-hardened exploits. Using this method to generate exploits is an automated process for software failures without source code. The proposed method is simpler, more general, faster, and can be scaled to larger programs than existing systems. We produce the exploits within one minute for most of the benchmark programs, including mplayer. They also transform existing exploits of Microsoft office word into new exploits within four minutes. The best speedup is 7,211 times faster than the initial attempt. For heap overflow vulnerability, we can automatically exploit the unlink() macro of glibc, which formerly requires sophisticated hacking efforts.

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.




Game Theoretic Approaches

Game Theoretic Approaches


Game theory has historically been the provenance of social sciences such as economics, political science, and psychology. Game theory has developed into an umbrella term for the logical side of science that includes both human and non-human actors like computers. It has been used extensively in wireless networks research to develop understanding of stable operation points for networks made of autonomous/selfish nodes. The nodes are considered as the players. Utility functions are often chosen to correspond to achieved connection rate or similar technical metrics. In security, the computer game framework is used to anticipate and analyze intruder and administrator concurrent interactions within the network. Research cited here includes articles on attacker-defender strategies and in modeling behaviors in a range of applications.

  • "DGM approach to network attacker and defender strategies," Kayode, Alese Boniface; Babatunde, Iwasokun Gabriel; Haruna Danjuma Israel, Information Science and Technology (ICIST), 2013 International Conference on , pp.313,320, 23-25 March 2013. (ID#:14-1316) Available at: http://ieeexplore.ieee.org/xpl/abstractSimilar.jsp?tp=&arnumber=6750213&isnumber=6747486&url=http%3A%2F%2Fieeexplore.ieee.org%2Fstamp%2Fstamp.jsp%3Ftp%3D%26arnumber%3D6750213%26isnumber%3D6747486 This paper addresses the present problem with using a computer game framework to predict and interpret both malicious and authorized parties activity within the network, a challenge largely because this method requires prior knowledge of the network services. The authors of this paper propose their method of computer network security analysis, based on Deterministic Game-Theoretic Modeling (DGM). In this method, a two-person game is simulated, with attacker and defender displaying likely attacks and counterattacks, with the value of the game determined by using a saddle-point solution.
  • "Towards mathematical modelling in security risk management in system engineering," Hird, J.; Koelle, R.; Kolev, D., Integrated Communications, Navigation and Surveillance Conference (ICNS), 2013 pp.1,13, 22-25 April 2013. (ID#:14-1317) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6548565&isnumber=6548506 This paper proposes the potential use of mathematical modeling as a solution to SESAR is current security risk management method. For security control implementation with limited resources, only top priority actors and concepts will be allotted resource-intensive security risk assessment. This paper's proposed method is based on game theory and graph theory concepts, with risk mitigation decision-making modeled as a multi-objective optimization challenge.
  • "Principles of Physical Layer Security in Multiuser Wireless Networks: A Survey," Mukherjee, A.; Fakoorian, S.; Huang, J.; Swindlehurst, A.; Communications Surveys & Tutorials, IEEE , vol.PP, no.99, pp.1,24 (ID#:14-1318) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6739367&isnumber=5451756 This paper provides a comprehensive review of the domain of physical layer security in multiuser wireless networks. The essential premise of physical layer security is to enable the exchange of confidential messages over a wireless medium in the presence of unauthorized eavesdroppers, without relying on higher-layer encryption. This can be achieved primarily in two ways: without the need for a secret key by intelligently designing transmit coding strategies, or by exploiting the wireless communication medium to develop secret keys over public channels. The survey begins with an overview of the foundations dating back to the pioneering work of Shannon and Wyner on information-theoretic security. We then describe the evolution of secure transmission strategies from point-to-point channels to multiple-antenna systems, followed by generalizations to multiuser broadcast, multiple-access, interference, and relay networks. Secret-key generation and establishment protocols based on physical layer mechanisms are subsequently covered. Approaches for secrecy based on channel coding design are then examined, along with a description of inter-disciplinary approaches based on game theory and stochastic geometry. The associated problem of physical layer message authentication is also briefly introduced. The survey concludes with observations on potential research directions in this area.
  • "Sourcing Strategies for Energy-Efficient Virtual Organisations in Cloud Computing," Widmer, T.; Premm, M.; Karaenke, P., Business Informatics (CBI), 2013 IEEE 15th Conference on , pp.159,166, 15-18 July 2013. (ID#:14-1319) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6642872&isnumber=6642838 Energy efficiency is an important managerial variable in service business models. Cloud computing advocates the innovation and design of open software services. How the supply of energy-aware software services affects the outsourcing strategies of IT businesses, however, is still not known. This research is concerned with the formation of green virtual organisations (GVOs). Such GVOs foster novel business models to enable the commercialisation of "green" software services. We approach the formation problem from a game-theoretic perspective, which provides well suited models for analysing sourcing strategies of service customers. For analysing the formation, we particularly study the social welfare by examining the economic and ecological efficiency of the GVO as a whole. The contribution of our research is an agent-based GVO formation mechanism that optimises the social welfare of service providers and customers. We demonstrate the efficacy of the proposed artifact in a set of simulation experiments.
  • "Distributed Learning-Based Spectrum Allocation with Noisy Observations in Cognitive Radio Networks," Derakhshani, M.; Le-Ngoc, T., Vehicular Technology, IEEE Transactions on , vol.PP, no.99, pp.1,1 (ID#:14-1320) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6750771&isnumber=4356907 This paper studies the medium access design for secondary users (SUs) from a game-theoretic learning perspective. In consideration of the random return of primary users, a distributed SU access approach is presented based on an adaptive CSMA scheme, in which each SU accesses multiple idle frequency slots of a licensed frequency band with adaptive activity factors. The problem of finding optimal activity factors of SUs is formulated as a potential game, and the existence, feasibility and optimality of Nash Equilibrium (NE) are analyzed. Furthermore, to achieve NEs of the formulated game, learning-based algorithms are developed in which each SU independently adjusts its activity factors. Convergence properties of best-response dynamics and log-linear dynamics are studied. Subsequently, by learning other SUs' behavior from locally available information, the convergence with probability 1 to an arbitrarily small neighborhood of the globally optimal solution is investigated by both analysis and simulation.
  • Dejun Yang; Guoliang Xue; Xi Fang; Misra, S.; Jin Zhang, "A Game-Theoretic Approach to Stable Routing in Max-Min Fair Networks," Networking, IEEE/ACM Transactions on , vol.21, no.6, pp.1947,1959, Dec. 2013. (ID#:14-1321) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6493506&isnumber=6685909 In this paper, we present a game-theoretic study of the problem of routing in networks with max-min fair congestion control at the link level. The problem is formulated as a noncooperative game, in which each user aims to maximize its own bandwidth by selecting its routing path. We first prove the existence of Nash equilibria. This is important, because at a Nash equilibrium (NE), no user has any incentive to change its routing strategy-leading to a stable state. In addition, we investigate how the selfish behavior of users may affect the performance of the network as a whole. We next introduce a novel concept of observed available bandwidth on each link. It allows a user to find a path with maximum bandwidth under max-min fair congestion control in polynomial time, when paths of other users are fixed. We then present a game-based algorithm to compute an NE and prove that by following the natural game course, the network converges to an NE. Extensive simulations show that the algorithm converges to an NE within 10 iterations and also achieves better fairness compared to other algorithms.

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.



IPv6 and Other Protocols

IPv6 and Other Protocols


Internet Protocol Version 6 is gradually being adopted as the replacement for version 4. According to Google Statistics, IPv6 adoption is now 3.5% of all internet traffic. (http://www.google.com/intl/en/ipv6/statistics.html ) Touted as a more secure protocol with increased address space, portability, and greater privacy. Research into this and other related protocols has increased, particularly in the context of smart grid, mobile communications, and cloud computing.

  • "Smart Grid Communications: Overview of Research Challenges, Solutions, and Standardization Activities," Zhong Fan; Kulkarni, P.; Gormus, S.; Efthymiou, C.; Kalogridis, G.; Sooriyabandara, M.; Ziming Zhu; Lambotharan, S.; Woon Hau Chin, Communications Surveys & Tutorials, IEEE , vol.15, no.1, pp.21,38, First Quarter 2013 (ID#:14-1211) Available at: http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=6129368&isnumber=6449396&url=http%3A%2F%2Fieeexplore.ieee.org%2Fstamp%2Fstamp.jsp%3Ftp%3D%26arnumber%3D6129368%26isnumber%3D6449396 Optimization of energy consumption in future intelligent energy networks (or Smart Grids) will be based on grid-integrated near-real-time communications between various grid elements in generation, transmission, distribution and loads, according to the authors. This paper discusses some of the challenges and opportunities of communications research in the areas of smart grid and smart metering. In particular, they focus on some of the key communications challenges for realizing interoperable and future-proof smart grid/metering networks, smart grid security and privacy, and how some of the existing networking technologies can be applied to energy management. They discuss the coordinated standardization efforts in Europe to harmonize communications standards and protocols.
  • "The Evolution of MAC Protocols in Wireless Sensor Networks: A Survey," Pei Huang; Li Xiao; Soltani, S.; Mutka, M.W.; Ning Xi, Communications Surveys & Tutorials, IEEE , vol.15, no.1, pp.101,120, First Quarter 2013. (ID#:14-1212) Available at: http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=6188353&isnumber=6449396&url=http%3A%2F%2Fieeexplore.ieee.org%2Fstamp%2Fstamp.jsp%3Ftp%3D%26arnumber%3D6188353%26isnumber%3D6449396 Wireless Sensor Networks (WSNs) have become a leading solution in many important applications such as intrusion detection, target tracking, industrial automation, smart building and so on. Typically, a WSN consists of a large number of small, low-cost sensor nodes that are distributed in the target area for collecting data of interest. For a WSN to provide high throughput in an energy-efficient way, designing an efficient Medium Access Control (MAC) protocol is of paramount importance because the MAC layer coordinates nodes' access to the shared wireless medium. To show the evolution of WSN MAC protocols, this article surveys the latest progresses in WSN MAC protocol designs over the period 2002-2011. In the early development stages, designers were mostly concerned with energy efficiency because sensor nodes are usually limited in power supply. Recently, new protocols are being developed to provide multi-task support and efficient delivery of bursty traffic. Therefore, research attention has turned back to throughput and delay. This article details the evolution of WSN MAC protocols in four categories: asynchronous, synchronous, frame-slotted, and multichannel. These designs are evaluated in terms of energy efficiency, data delivery performance, and overhead needed to maintain a protocol's mechanisms. With extensive analysis of the protocols many future directions are stated at the end of this survey. The performance of different classes of protocols could be substantially improved in future designs by taking into consideration the recent advances in technologies and application demands.
  • "Comparison of Cloud Middleware Protocols and Subscription Network Topologies using CReST, the Cloud Research Simulation Toolkit; The three truths of cloud computing are: Hardware fails, software has bugs, and people make mistakes". John Cartlidge, Dave Cliff. 2013 (ID#:14-1213) Available at: Available at: http://www.cs.bris.ac.uk/home/cszjpc/pubs/CC_CLOSER_2013_CameraReady.pdf
  • "The role of the RPL routing protocol for smart grid communications," Ancillotti, E.; Bruno, R.; Conti, M., Communications Magazine, IEEE , vol.51, no.1, pp.75,83, January 2013. (ID#:14-1214) Available at: http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=6400442&isnumber=6400427&url=http%3A%2F%2Fieeexplore.ieee.org%2Fstamp%2Fstamp.jsp%3Ftp%3D%26arnumber%3D6400442%26isnumber%3D6400427 Advanced communication/networking technologies should be integrated in next-generation power systems (a.k.a. smart grids) to improve their resilience, efficiency, adaptability, and sustainability. Many believe that the smart grid communication infrastructure will emerge from the interconnection of a large number of small-scale networks organized into a hierarchical architecture covering larger geographic areas. In this article, first we carry out a thorough analysis of the key components of the smart grid communication architecture, discussing the different network topologies and communication technologies that could be employed. Special emphasis is given to the advanced metering infrastructure, which will be used to interconnect the smart meters deployed at customers' premises with data aggregators and control centers. The design of scalable, reliable, and efficient networking solutions for AMI systems is an important research problem because these networks are composed of thousands of resource-constrained embedded devices usually interconnected with communication technologies that can provide only low-bandwidth and unreliable links. The IPv6 Routing Protocol for Low Power and Lossy Networks was recently standardized by the IETF to specifically meet the requirements of typical AMI applications. In this article we present a thorough overview of the protocol, and we critically analyze its advantages and potential limits in AMI applications. We also conduct a performance evaluation of RPL using a Contiki-based prototype of the RPL standard and a network emulator. Our results indicate that although average performance may appear reasonable for AMI networks, a few RPL nodes may suffer from severe unreliability issues and experience high packet loss rates due to the selection of suboptimal paths with highly unreliable links.
  • "Comparative Handover Performance Analysis of IPv6 Mobility Management Protocols," Jong-Hyouk Lee; Bonnin, J.-M.; Ilsun You; Tai-Myoung Chung, Industrial Electronics, IEEE Transactions on , vol.60, no.3, pp.1077,1088, March 2013. (ID#:14-1215) Available at: http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=6195009&isnumber=6331663&url=http%3A%2F%2Fieeexplore.ieee.org%2Fstamp%2Fstamp.jsp%3Ftp%3D%26arnumber%3D6195009%26isnumber%3D6331663 IPv6 mobility management is one of the most challenging research topics for enabling mobility service in the forthcoming mobile wireless ecosystems. The Internet Engineering Task Force has been working for developing efficient IPv6 mobility management protocols. As a result, Mobile IPv6 and its extensions such as Fast Mobile IPv6 and Hierarchical Mobile IPv6 have been developed as host-based mobility management protocols. While the host-based mobility management protocols were being enhanced, the network-based mobility management protocols such as Proxy Mobile IPv6 (PMIPv6) and Fast Proxy Mobile IPv6 (FPMIPv6) have been standardized. In this paper, we analyze and compare existing IPv6 mobility management protocols including the recently standardized PMIPv6 and FPMIPv6. They identify each IPv6 mobility management protocol's characteristics and performance indicators by examining handover operations. Then, we analyze the performance of the IPv6 mobility management protocols in terms of handover latency, handover blocking probability, and packet loss. Through the conducted numerical results, we summarize considerations for handover performance.
  • "A New Approach to Coding in Content-Based MANETs", Joshua Joy, Yu-Ting Yu, Victor Perez, Dennis Lu, Mario Gerla, ICNC'14, Honolulu, Hawaii, February. 2014 (ID#:14-1216) Available at: http://nrlweb.cs.ucla.edu/publication/show/784 In testing the hypothesis that performance of the coding restricted to full caches is equal to that of unrestricted cases in CBMANETs with replicated caches of a file, they determined that full cache coding is competitive with unrestricted coding.
  • "ICAN: Information-Centric Context-Aware Ad-Hoc Network ", Yu-Ting Yu, Chris Tandiono, Xiao Li, You Lu, M. Y. Sanadidi, Mario Gerla, ICNC'14, Honolulu, Hawaii, February. 2014. (ID#:14-1217) Available at: http://nrlweb.cs.ucla.edu/publication/show/785 The authors introduce ICAN, an ICN architecture that supports pull and push transport and context-aware multi-hop/DTN communication.


Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.


Intrusion Tolerance

Intrusion Tolerance


Intrusion tolerance refers to a fault-tolerant design approach to defending communications, computer and other information systems against malicious attack. Rather than detecting all anomalies, tolerant systems only identify those intrusions which lead to security failures. This collection cites 11 articles of interest addressing new methods of building secure fault tolerant systems.

  • "Rethinking error injection for effective resilience," Mirkhani, S.; Hyungmin Cho; Mitra, S.; Abraham, J.A., Design Automation Conference (ASP-DAC), 2014 19th Asia and South Pacific, vol., no., pp.390,393, 20-23 Jan. 2014. (ID#:14-1254) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6742922&isnumber=6742831 This paper suggests approaches to improving current error injections, a method used to evaluate a system's resilience to errors, particularly radiation-induced soft errors. The most widely used method of such evaluation today is through injection of errors into elements of processors, application programs, and hardware storage. This paper employs answers from frequently asked questions to explore methods of improving today's standard approaches to improve error resiliency.
  • "An Intrusion Tolerant Identity Management Infrastructure for Cloud Computing Services," Barreto, L.; Siqueira, F.; Fraga, J.; Feitosa, E., Web Services (ICWS), 2013 IEEE 20th International Conference on, vol., no., pp.155,162, June 28 2013-July 3 2013. (ID#:14-1255) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6649574&isnumber=6649542 Identity management is a central point to the security of large applications such cloud services. The identity providers (IdPs) offer services that handle critical information of users. Usually, this kind of information is stored with special care in these providers and intrusions do not necessarily result in security violations. But intrusions may implant malicious behaviors which modify the action of these authentication services. In this way, unauthorized accesses may be achieved for denying accesses to legitimate users of the system. In this paper we introduce an approach for intrusion tolerance to ensure the correct behavior in authentication of large systems, even in presence of possible intrusions.
  • "Redundancy Management of Multipath Routing for Intrusion Tolerance in Heterogeneous Wireless Sensor Networks," Al-Hamadi, H.; Ing-Ray Chen, Network and Service Management, IEEE Transactions on, vol.10, no.2, pp.189,203, June 2013. (ID#:14-1256) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6514999&isnumber=6522803 In this paper we propose redundancy management of heterogeneous wireless sensor networks (HWSNs), utilizing multipath routing to answer user queries in the presence of unreliable and malicious nodes. The key concept of our redundancy management is to exploit the tradeoff between energy consumption vs. the gain in reliability, timeliness, and security to maximize the system useful lifetime. We formulate the tradeoff as an optimization problem for dynamically determining the best redundancy level to apply to multipath routing for intrusion tolerance so that the query response success probability is maximized while prolonging the useful lifetime. Furthermore, we consider this optimization problem for the case in which a voting-based distributed intrusion detection algorithm is applied to detect and evict malicious nodes in a HWSN. We develop a novel probability model to analyze the best redundancy level in terms of path redundancy and source redundancy, as well as the best intrusion detection settings in terms of the number of voters and the intrusion invocation interval under which the lifetime of a HWSN is maximized. We then apply the analysis results obtained to the design of a dynamic redundancy management algorithm to identify and apply the best design parameter settings at runtime in response to environment changes, to maximize the HWSN lifetime.
  • "A joint scheme for secure and reliable communication in wireless sensor networks," Alawadhi, R.; Nair, S., Computer Systems and Applications (AICCSA), 2013 ACS International Conference on, vol., no., pp.1,1, 27-30 May 2013. (ID#:14-1257) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6616443&isnumber=6616408 This paper discusses the necessity of security and reliability of information exchange when designing wireless sensor networks (WSNs), particularly for critical applications. This paper proposes a system which encompass information confidentiality and delivery assurance in the event of failed or compromised communication. In order to do this, the authors have devised combining Crypto-System with Embedded Error Control (CSEEC) with multi-path routing for intrusion-tolerant wireless sensor networks.
  • "An intrusion tolerant transaction management model for wireless storage area networks," Djemaiel, Y.; Boudriga, N.; Zouaidi, S., Computer and Information Technology (WCCIT), 2013 World Congress on, vol., no., pp.1,6, 22-24 June 2013. (ID#:14-1258) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6618725&isnumber=6618649 The emergence and growing dependence on wireless storage area networks has introduced new security threats, particularly those devised to incorrectly process transactions, thereby also making interconnected areas vulnerable. This paper details an intrusion-tolerant model for wireless storage area networks, with a view to harden transaction applications against exploits. The proposed model utilizes the Predicate Transition Net to monitor secure flex transactions. The model is tested for success by subjecting a simulated company e-commerce transaction service to attacks.
  • "Fault and Intrusion Tolerance of Complex Networks: A Controllability View," Yuehua Zhou; Yong Zeng; Zhihong Liu; Nan Li; Jianfeng Ma; Lihua Dong, Intelligent Networking and Collaborative Systems (INCoS), 2013 5th International Conference on, vol., no., pp.516,520, 9-11 Sept. 2013. (ID#:14-1259) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6630467&isnumber=6630249 This paper introduces a unique controllability framework for the fault and intrusion tolerance of complex networks, using driver nodes as opposed to network topology or functions. This paper details the discovery that Scale-free (SF) networks offer a more robust fault tolerance than Erdos-Renyi (ER) networks, while both networks provide substandard intrusion tolerance.
  • "An intrusion-tolerant firewall design for protecting SIEM systems," Garcia, M.; Neves, N.; Bessani, A., Dependable Systems and Networks Workshop (DSN-W), 2013 43rd Annual IEEE/IFIP Conference on, vol., no., pp.1,7, 24-27 June 2013. (ID#:14-1260) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6615538&isnumber=6615495 Nowadays, organizations are resorting to Security Information and Event Management (SIEM) systems to monitor and manage their network infrastructures. SIEMs employ a data collection capability based on many sensors placed in critical points of the network, which forwards events to a core facility for processing and support different forms of analysis (e.g., report attacks in near real time, inventory management, risk assessment). In this paper, the authors focus on the defense of the core facility components by presenting a new firewall design that is resilient to very harsh failure scenarios. In particular, it tolerates not only external attacks but also the intrusion of some of its components. The firewall employs a two level filtering scheme to increase performance and to allow for some flexibility on the selection of fault-tolerance mechanisms. The first filtering stage efficiently eliminates the most common forms of attacks, while the second stage supports application rules for a more sophisticated analysis of the traffic. The fault tolerance mechanisms are based on a detection and recovery approach for the first stage, while the second stage uses state machine replication and voting.
  • "Dynamic multisource multipath routing for intrusion tolerance and lifetime maximization of autonomous wireless sensor networks," Al-Hamadi, Hamid; Chen, Ing-Ray, Autonomous Decentralized Systems (ISADS), 2013 IEEE Eleventh International Symposium on, vol., no., pp.1,7, 6-8 March 2013. (ID#:14-1261) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6513409&isnumber=6513393 Multisource multipath data routing to a remote sink node is an effective way to cope with unreliable and malicious nodes in autonomous wireless sensor networks (WSNs). In this paper, the authors analyze the optimal amount of redundancy in terms of the number of source sensors sensing the same physical phenomena and the number of paths through which data are routed to a remote sink node in the presence of unreliable and malicious nodes so that the query success probability is maximized while maximizing the sensor network lifetime. Their dynamic multisource multipath routing algorithm design integrates with a voting-based distributed intrusion detection algorithm to remove malicious nodes from the sensor network. By controlling the redundancy level for multisource multipath and intrusion detection settings dynamically with energy considerations as prescribed by our algorithm, they demonstrate that the lifetime of a query-based autonomous WSN is maximized in response to changing environment conditions including node density, radio range, and node capture rate.
  • "The Design of a Robust Intrusion Tolerance System through Advanced Adaptive Cluster Transformation and Vulnerability-Based VM Selection," Jungmin Lim; Seokjoo Doo; Hyunsoo Yoon, Military Communications Conference, MILCOM 2013 - 2013 IEEE, vol., no., pp.1422,1428, 18-20 Nov. 2013. (ID#:14-1262) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6735823&isnumber=6735577 In this paper, the authors suggest novel schemes which use advanced adaptive cluster transformation and VM selection policy for intrusion tolerant systems (ITSs). The cluster size is transformed adaptively in order to maintain a certain level of services by using the adaptive cluster expansion scheme. Also, all the servers in clusters can be substituted in case serious threat such as massive packets incoming is expected by using the adaptive cluster substitution method. If there exists reliable historical data, more fast transformation is possible. In addition, the less-vulnerable virtual machines (VMs) are chosen using evaluation policies to reduce data leakage occurred from system's vulnerabilities. Simulation results done with CSIM 20 prove that the suggested schemes improve intrusion tolerance efficiently compared to other conventional methods.
  • "Intrusion tolerant system for integrated vetronics survivability strategy," Obi, O.; Deshpande, A.; Stipidis, E.; Charchalakis, P., System Safety Conference incorporating the Cyber Security Conference 2013, 8th IET International, vol., no., pp.1,6, 16-17 Oct. 2013. (ID#:14-1263) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6725810&isnumber=6725785 This paper discusses the current detection and recovery methods for vetronics, the architecture which, when exploited, exhibits abnormal behavior and ceases normal functions. This paper details improvements in vetronics survivability, notably by adding an intrusion tolerance mechanism which would directly address characteristics of an attack, as opposed to conventional methods, such as diagnosis or containment. Dynamic responses to attackers, as well as closer integration of services and framework are also proposed.
  • "Towards practical intrusion tolerant systems," Wenbing Zhao, Information and Communications Technologies (IETICT 2013), IET International Conference on, vol., no., pp.280,287, 27-29 April 2013. (ID#:14-1264) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6617506&isnumber=6617468 This paper discusses a novel approach to developing intrusion-tolerant mission-critical systems. The approach separates execution and state management, enabling simultaneous, parallel executions and limiting runtime overhead. This approach implements an append-only log, aiding in system hardening and a clean state for recovery, and implements acceptance testing to help verify application requests.

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.


Mathematics

SoS Newsletter - Mathematics


  • "Families of Fast Elliptic Curves from Q-curves", B. Smith, INRIA, 2013 New families of elliptic curves over \(\FF_{p^2}\) with efficiently computable endomorphisms, are constructed which can be used to accelerate elliptic curve-based cryptosystems in the same way as Gallant--Lambert--Vanstone (GLV) and Galbraith--Lin--Scott (GLS) endomorphisms. (ID#:14-1065) See: http://eprint.iacr.org/2013/312.pdf


Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.


Mobile Computing

Mobile Computing


The section on mobile computing contains two compendia. The first, titled Recent Research in Mobile Security, lists articles and presentations from, among other sources, the International Symposium on Trust, Security, and Privacy for Emerging Applications held in November, 2013. The second, titled Mobile Computing and Security Articles--Part II, expands and updates the initial bibliography. A great deal of work is going on in mobile communications security. The articles cited here are deemed the most relevant for the Science of Security community because of their specific content.

  • "Analysis of authentication and key establishment in inter-generational mobile telephony", Chunyu Yang, David Naumann, Susanne Wetzel. International Symposium on Trust, Security, and Privacy for Emerging Applications, November 2013. Second (GSM), third (UMTS), and fourth generation (LTE) mobile telephony protocols are all in active use, giving rise to a number of interoperation situations. Although the standards address roaming by specifying switching and mapping of established security context, there is not a comprehensive specification of which are the possible interoperation cases, nor is there comprehensive specification of the procedures to establish security context (authentication and short-term keys) in the various interoperation scenarios. This paper systematically enumerates the cases, classifying them as allowed, disallowed, or uncertain with rationale based on detailed analysis of the specifications. The authors identify the authentication and key agreement procedure for each of the possible cases and formally model these scenarios and analyze their security, in the symbolic model, using the tool ProVerif. (ID#:14-1078) Available at: http://www.cs.stevens.edu/~naumann/publications/TangNaumannWetzel2013.pdf
  • "Behavioral Malware Detection in Delay Tolerant Networks", W. Peng, F. Li, X. Zou, and J. Wu, IEEE Transactions on Parallel and Distributed Systems, 25 (1), pp. 53--63, 2014. Behavioral characterization of malware is an effective alternative to pattern matching in detecting malware, especially when dealing with polymorphic or obfuscated malware. In this paper, the authors propose a general behavioral characterization of proximity malware based on Bayesian model, which has been successfully applied in non-DTN settings such as filtering email spams and detecting botnets. They identify two unique challenges for extending Bayesian malware detection to DTNs ("insufficient evidence versus evidence collection risk" and "filtering false evidence sequentially and distributedly"), and propose a simple yet effective method, look ahead, to address the challenges. (ID#:14-1079) Available at: http://www.computer.org/csdl/trans/td/2014/01/ttd2014010053-abs.html
  • "A Two-stage Deanonymization Attack Against Anonymized Social Networks", IEEE Transactions on Computers, W. Peng, F. Li, X. Zou, and J. Wu, 63(2), pp. 290--303, 2014. Digital traces left by users of online social networking services, even after anonymization, are susceptible to privacy breaches. This is exacerbated by the increasing overlap in user-bases among various services. To alert fellow researchers in both the academia and the industry to the feasibility of such an attack, the authors propose an algorithm, Seed-and-Grow, to identify users from an anonymized social graph, based solely on graph structure. The algorithm first identifies a seed subgraph, either planted by an attacker or divulged by a collusion of a small group of users, and then grows the seed larger based on the attacker's existing knowledge of the users' social relations. (ID#:14-1080) Available at: http://www.computer.org/csdl/trans/tc/2014/02/ttc2014020290-abs.html
  • "Smartphone Strategic Sampling in Defending Enterprise Network Security", Feng Li, Wei Peng, Chin-Tser Huang, and Xukai Zou, ICC 2013. The susceptibility of smartphones to mobile malware makes them a liability in enterprise network security. (ID#:14-1081) Available at: http://cs.iupui.edu/~pengw/doc/pub/li2013smartphone.pdf
  • "The virtue of patience: offloading topical cellular content through opportunistic links", Wei Peng, Feng Li, Xukai Zou, and Jie Wu, IEEE international conference on mobile ad-hoc and sensor systems (MASS), 2013. Mobile data offloading is an approach to alleviating overloaded cellular traffic through alternative communication technologies on smartphones. Inspired by the prospect of spontaneous, peer-assisted, bulk data transfer through NFC or Wi-Fi Direct between proximate users' smartphones, the authors propose a model for mobile data offloading through the opportunistic proximity (e.g., Wi-Fi Direct) links with bounded content delivery delay and differential interests in content. (ID#:14-1082) Available at: http://cs.iupui.edu/~pengw/doc/pub/peng2013offloading.pdf
  • "Newton: Securing Virtual Coordinates by Enforcing Physical Laws", J. Seibert, S. Becker, C. Nita-Rotaru and R. State. IEEE/ACM Transactions on Networking April 2013. The authors present Newton, a decentralized virtual coordinate system (VCS) that is robust to a wide class of insider attacks. Newton uses an abstraction of a real-life physical system, similar to that of Vivaldi, but in addition uses safety invariants derived from Newton's laws of motion. As a result, Newton does not need to learn good behavior and can tolerate a significantly higher percentage of malicious nodes. The authors show that Newton is able to mitigate all known attacks against VCSs while providing better accuracy than Vivaldi, even in benign settings. (ID#:14-1083) Available at: http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=6523976&url=http%3A%2F%2Fieeexplore.ieee.org%2Fstamp%2Fstamp.jsp%3Ftp%3D%26arnumber%3D6523976


Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.


Mobile Computing and Security

Mobile Computing


The section on mobile computing contains two compendia. The first, titled Recent Research in Mobile Security, lists articles and presentations from, among other sources, the International Symposium on Trust, Security, and Privacy for Emerging Applications held in November, 2013. The second, titled Mobile Computing and Security Articles--Part II, expands and updates the initial bibliography. A great deal of work is going on in mobile communications security. The articles cited here are deemed the most relevant for the Science of Security community because of their specific content.

  • "Improving the performance, availability, and security of data access for opportunistic mobile computing"; Stephen D. Smaldone. 2011. (ID#:14-1322) Doctoral Dissertation available at: http://www.research.rutgers.edu/~smaldone/pubs/smaldone-dissertation.pdf Author's thesis statement: Opportunistic mobile computing can be achieved if critical challenges in the performance, availability, and security of user data access, introduced by the weakening of the binding between the user's data location and the environment from where it is accessed, are solved.
  • "Privacy & Security of Mobile Cloud Computing". Manmohan Chaturvedi, ,Sapna Malik, Preeti Aggarwal and Shilpa Bahl. Ansal University, Gurgaon, India May 2013. (ID#:14-1323) Available at: http://dimacs.rutgers.edu/Workshops/TAFC/PrivacySecurityofMobileCloudComputing.pdf This papers enters the discussion of security and privacy challenges accompanying the rapid widespread use of mobile devices as a preferred platform. The term Mobile Cloud Computing (MCC), integrates both mobile applications and cloud service infrastructure, enabling effective use of a mobile device despite generally inadequate resources. This article focuses on the need for an efficient and secure framework with minimal drain on communication and mobile resources, which can be achieved through mobile-cloud services.
  • "A DFA with Extended Character-set for Fast Deep Packet Inspection," C. Liu, Y. Pan, A. Chen, and J. Wu, accepted to appear in IEEE Transactions on Computers. 2014. (ID#:14-1326) Available at: http://www.cis.temple.edu/~wu/research/publications/Publication_files/dfaec.pdf Deep packet inspection (DPI), based on regular expressions, is expressive, compact, and efficient in specifying attack signatures. The authors focus on their implementations based on general-purpose processors that are cost-effective and flexible to update. They propose a solution called "deterministic finite automata with extended character-set" (DFA/EC), which can significantly decrease the number of states through doubling the size of the character-set.
  • "A Two-stage Deanonymization Attack Against Anonymized Social Networks," W. Peng, F. Li, X. Zou, and J. Wu, accepted to appear in IEEE Transactions on Computers. 2014. (ID#:14-1327) Available at: http://www.cis.temple.edu/~wu/research/publications/Publication_files/seed-n-grow.pdf The authors assert that digital traces left by users of online social networking services, even after anonymization, are susceptible to privacy breaches. This problem is exacerbated by the increasing overlap in user-bases among various services. The authors propose an algorithm, Seed-and-Grow, to identify users from an anonymized social graph, based solely on graph structure.
  • "Hop-by-Hop Message Authentication and Source Privacy in Wireless Sensor Networks," J. Li, Y. Li, J. Ren, and J. Wu, accepted to appear in IEEE Transactions on Parallel and Distributed Systems. 2014. (ID#:14-1328) Available at: http://www.cis.temple.edu/~wu/research/publications/Publication_files/Auth-Ring-TPDS.pdf Message authentication is one of the most effective ways to thwart unauthorized and corrupted messages from being forwarded in wireless sensor networks (WSNs). For this reason, many message authentication schemes have been developed, based on either symmetric-key cryptosystems or public-key cryptosystems. Most of them, however, have the limitations of high computational and communication overhead in addition to lack of scalability and resilience to node compromise attacks. To address these issues, a polynomial-based scheme was recently introduced. However, this scheme and its extensions all have the weakness of a built-in threshold determined by the degree of the polynomial: when the number of messages transmitted is larger than this threshold, the adversary can fully recover the polynomial. In this paper, we propose a scalable authentication scheme based on elliptic curve cryptography (ECC).
  • "Towards Differential Query Services in Cost-Efficient Clouds [supplemental]," Q. Liu, C. C. Tan, J. Wu, and G. Wang, accepted to appear in IEEE Transactions on Parallel and Distributed Systems. 2014. (ID#:14-1329) Available at:http://www.cis.temple.edu/~wu/research/publications/Publication_files/TPDS-Ranked%20Query-main.pdf In this paper, the authors address two fundamental issues in such an environment: privacy and efficiency. We first review a private keyword-basedfile retrieval scheme that was originally proposed by Ostrovsky. Their scheme allows a user to retrieve files of interest from an untrusted server without leaking any information. The main drawback is that it will cause a heavy querying overhead incurred on the cloud, and thus goes against the original intention of cost efficiency. In this paper, we present a scheme, termed efficient information retrieval for ranked query (EIRQ), based on an aggregation and distribution layer (ADL), to reduce querying overhead incurred on the
  • "Symbol-Level Reliable Broadcasting of Sensitive Data in Error-Prone Wireless Networks," P. Ostovari, J. Wu, and A. Khreishah, accepted to appear in Journal of Parallel and Distributed Computing. 2014. (ID#:14-1330) Available at: http://www.cis.temple.edu/~wu/research/publications/Publication_files/JPDC2014-Pouya.pdf This paper addresses the security challenges of reliable packet transmission over wireless networks, and proposes a unique retransmission approach, focusing on the differing weight of bits in the event of partial data delivery, to increase reliability. This research considers single and multiple packet transmission, using random linear network coding to maximize gain during potential partial data delivery.
  • "Behavioral Malware Detection in Delay Tolerant Networks [supplemental]," W. Peng, F. Li, X. Zou, and J. Wu, IEEE Transactions on Parallel and Distributed Systems, Vol. 25, No. 1, 2014, 53-63. (ID#:14-1331) Available at: http://www.cis.temple.edu/~wu/research/publications/Publication_files/TPDS-main-Behavioral%20Malware%20Detection.pdf The authors propose a general behavioral characterization of proximity malware which based on Naive Bayesian model, which has been successfully applied in non-DTN settings such as filtering email spams and detecting botnets. We identify two unique challenges for extending Bayesian malware detection to DTNs ("insufficient evidence vs. evidence collection risk" and "filtering false evidence sequentially and distributedly"), and propose a method, "look-ahead", to address the challenges. They propose two extensions to "look-ahead", dogmatic filtering and adaptive look-ahead, to address the challenge of "malicious nodes sharing false evidence". Real mobile network traces are used to verify the effectiveness of their proposed methods.
  • "User Requirements-Based Security Ranking in SSL Protocol," F. Qi, Z. Tang, G. Wang, and J. Wu, accepted to appear in The Journal of Supercomputing. 2014. (ID#:14-1333) Available at: http://www.cis.temple.edu/~wu/research/publications/Publication_files/Fang%20Qi-SUPE-User%20Requirements-Based%20Security%20Ranking%20in%20SSL%20Protocol.pdf This paper is central focus is the server is RSA decryption in a secure socket layer protocol (SSL) handshake, and the challenge to create a more time-efficient SSL session initialization. Instead of the conventional use of multiple certificate, the authors of this paper propose adopting unique certificates. The proposed optimization scheme, based on access control and requirements-aware security, suggest success in using varying public key sizes.
  • "Guest Editorial: In-Network Computation: Exploring the Fundamental Limits," Kumar, P.R.; Kushilevitz, Eyal; Manjunath, D.; Medard, Muriel; Orlitsky, Alon; Srikant, R., Selected Areas in Communications, IEEE Journal on , vol.31, no.4, pp.617,619, April 2013 (ID#:14-1334) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6481617&isnumber=6481614 Some of the early work on in-network computation, a term that is being applied to this class of problems, was on the asymptotic analysis of the number of transmissions needed to compute specific functions in noisy broadcast networks. The development of geometric random graph theory and its applicability to wireless networks led to an extending of the analysis to large, multihop wireless networks. A second approach, which in some sense predates the preceding class of problems, considers simple, we may even say simplistic, networks with a small number of correlated sources. A third approach is to analyze the communication complexity of computing functions. The preceding is a sample of the extant literature and we launched this special issue with the hope of consolidating the area and also provide a launch-pad for new problem formulations and applications. We are happy to note that we have been reasonably successful on both counts and this special issue contains papers that advance our understanding of the fundamental limits and also develop several interesting new strands of research. And there are also papers that analyze the performance of in-network computation in specific application environments.


Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.



Moving Target Defense

Moving Target Defense


One of the research thrusts outlined in the 2011 report Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program was Moving Target (MT) research and development that results in the presentation of a dynamic attack surface to an adversary, increasing the work factor necessary to successfully attack and exploit a cyber target. The subsequent Symposium on Moving Target Research brought together and published the work of the MT community to provide a basis for building on the current state of the art as of June 2012. The works cited here are research papers presented and published subsequent to the conference.

  • In June 2012, at the National Symposium on Moving Target Research, papers were presented on research and development that results in the presentation of a dynamic attack surface to an adversary, increasing the work factor necessary to successfully attack and exploit a cyber-target. The bibliography below identifies works published on moving target defense since that symposium.
  • "Optimizing a network layer moving target defense for specific system architectures," Hardman, Owen; Groat, Stephen; Marchany, Randy; Tront, Joseph, Architectures for Networking and Communications Systems (ANCS), 2013 ACM/IEEE Symposium on , vol., no., pp.117,118, 21-22 Oct. 2013. (ID#:14-1265) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6665191&isnumber=6665163 Complex defenses, such as moving target defenses, exist to help protect against threats. While these new forms of defense offer increased security, they are resource intensive and cannot be run on many new classes of network connected mobile systems. To provide security for these systems, a highly efficient defense must be used. Moving Target Defense for IPv6 (MT6D) is a network layer moving target defense that was originally designed using Python for portability to a variety of system architectures. Optimizing a moving target defense (MTD) for a specific system architecture increases performance to allow for these new defenses to be deployed in resource constrained environments. By transitioning from Python to C, and by using system specific networking features, MT6D can be successfully deployed to resource constrained network systems.
  • "MTC2: A command and control framework for moving target defense and cyber resilience," Carvalho, M.; Eskridge, T.C.; Bunch, L.; Dalton, A.; Hoffman, R.; Bradshaw, J.M.; Feltovich, P.J.; Kidwell, D.; Shanklin, T., Resilient Control Systems (ISRCS), 2013 6th International Symposium on , vol., no., pp.175,180, 13-15 Aug. 2013. (ID#:14-1266) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6623772&isnumber=6623739 This paper sheds new light on the current way command and control (C2) is managed for deployment of Moving Target Defenses (MTDs) within an enterprise network setting. Current approaches involve compensating for errors, as opposed to this paper's newly proposed method of active, iterative decision making, including human-agent elements. Detailed within this paper are the requirements and constraints of using concurrent multiple moving target defenses.
  • "Moving target defense for adaptive adversaries," Colbaugh, R.; Glass, K., Intelligence and Security Informatics (ISI), 2013 IEEE International Conference on , vol., no., pp.50,55, 4-7 June 2013. (ID#:14-1267) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6578785&isnumber=6578763 Machine learning (ML) plays a central role in the solution of many security problems, for example enabling malicious and innocent activities to be rapidly and accurately distinguished and appropriate actions to be taken. Unfortunately, a standard assumption in ML - that the training and test data are identically distributed - is typically violated in security applications, leading to degraded algorithm performance and reduced security. Previous research has attempted to address this challenge by developing ML algorithms which are either robust to differences between training and test data or are able to predict and account for these differences. This paper adopts a different approach, developing a class of moving target (MT) defenses that are difficult for adversaries to reverse-engineer, which in turn decreases the adversaries' ability to generate training/test data differences that benefit them. The authors leverage the coevolutionary relationship between attackers and defenders to derive a simple, flexible MT defense strategy which is optimal or nearly optimal for a broad range of security problems. Case studies involving two distinct cyber defense applications demonstrate that the proposed MT algorithm outperforms standard static methods, offering effective defense against intelligent, adaptive adversaries.
  • "A moving target defense approach for protecting resource-constrained distributed devices," Casola, V.; De Benedictis, A.; Albanese, M., Information Reuse and Integration (IRI), 2013 IEEE 14th International Conference on , vol., no., pp.22,29, 14-16 Aug. 2013. (ID#:14-1268) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6642449&isnumber=6642428 Techniques aimed at continuously changing a system's attack surface, usually referred to as Moving Target Defense (MTD), are emerging as powerful tools for thwarting cyber-attacks. Such mechanisms increase the uncertainty, complexity, and cost for attackers, limit the exposure of vulnerabilities, and ultimately increase overall resiliency. In this paper, the authors propose an MTD approach for protecting resource-constrained distributed devices through fine-grained reconfiguration at different architectural layers. In order to show the feasibility of our approach in real-world scenarios, they study its application to Wireless Sensor Networks (WSNs), introducing two different reconfiguration mechanisms. Finally, they show how the proposed mechanisms are effective in reducing the probability of successful attacks.
  • "Investigating the application of moving target defenses to network security," Rui Zhuang; Su Zhang; Bardas, A.; DeLoach, S.A.; Xinming Ou; Singhal, A., Resilient Control Systems (ISRCS), 2013 6th International Symposium on , vol., no., pp.162,169, 13-15 Aug. 2013. (ID#:14-1269) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6623770&isnumber=6623739 This paper centers on the importance of understanding the role of Moving Target Defenses (MTD) in maintaining network integrity. The proposed MTD system is designed to counter malicious entities engaging in asymmetric cyber warfare. The system chooses the best adaptation that will allow continued maintenance of network integrity, by analyzing abstract models of the network's configuration, operational, and security objectives. The paper analyzes a simple MTD system and an intelligent MTD system, respectively, both which enhance adaptation selection by use of attack indicators. This paper provides particular insight on the role of MTDs in network security.
  • "Managed Execution Environment as a Moving Target Defense (MTD) Infrastructure," Security & Privacy, IEEE , vol.PP, no.99, pp.1,1 2013. (ID#:14-1270) Available at: Pal, P.; Schantz, R.; Paulos, A.; Benyo, B., http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6671568&isnumber=5210089 The authors describe how the A3 adaptive execution management environment contributes to MTD strategies by enabling sophisticated dynamic defensive maneuvers. A3 facilitates synergistic combination of MTDs with one another and also with other aspects of an overall composite defense, aiming to improve over time the survivability of the application it manages. Execution management environments like A3 have the potential to expand the scope and increase the effectiveness of MTD by subjecting additional system aspects to dynamic motion, and adding moving target dynamism to the overall defense with only incremental increase in cost and complexity. They conclude this paper with a summary of evaluation results of the current prototype and its precursor techniques, and some thoughts on future research directions.
  • "Lightweight Reconfigurable Encryption Architecture for Moving Target Defense," Husain, M.I.; Courtright, K.; Sridhar, R., Military Communications Conference, MILCOM 2013 - 2013 IEEE , vol., no., pp.214,219, 18-20 Nov. 2013. (ID#:14-1271) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6735624&isnumber=6735577 Symmetric encryption provides lightweight security solution to maintain data confidentiality on devices in a resource constrained scenario such as in a tactical network. However, lightweight encryption schemes are traditionally vulnerable to linear and differential cryptanalysis as well as power analysis attack when the encryption structure is known to the attacker. For tactical network devices, this is a critical concern since they often operate in hostile scenarios and lack in physical security in most cases. Moving Target Defense (MTD) is one of the key components of cyber maneuver that reshapes friendly networks and associated assets to be resilient to cyber-attacks. In this paper, the authors propose a lightweight reconfigurable symmetric encryption architecture, REA, which is capable of implementing a user-defined symmetric encryption scheme as an MTD mechanism. The encryption structure can be customized from device to device based on their available resource and performance requirements. Due to the reconfigurable nature of the proposed architecture, it is not possible for an attacker to directly launch the cryptanalysis or power analysis attack before committing significant resources to retrieve the encryption structure first. They implemented a reference encryption scheme on our proposed architecture in programmable logic (FPGA) and compared it to two representative symmetric encryption methods: AES and Present. Their results show that the reference encryption consumes less resources and performs faster compared to AES. Performance of the REA reference encryption is comparable with Present, which is optimized only for low resource devices and doesn't support reconfigurability.
  • "Effectiveness of IP address randomization in decoy-based moving target defense," Clark, Andrew; Sun, Kun; Poovendran, Radha, Decision and Control (CDC), 2013 IEEE 52nd Annual Conference on , vol., no., pp.678,685, 10-13 Dec. 2013. (ID#:14-1272) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6759960&isnumber=6759837 In a decoy-based moving target defense (MTD), a computer network introduces a large number of virtual decoy nodes in order to prevent the adversary from locating and targeting real nodes. Since the decoys can eventually be identified and their Internet Protocol (IP) addresses blacklisted by the adversary, current MTD approaches suggest that the IP addresses of the real and decoy nodes should be randomly refreshed and reassigned over time. Refreshing and reassigning the IP addresses, however, disrupts services such as TCP/IP that rely on the IP address. The authors introduce an analytical approach to MTD and choosing the optimal randomization policy in order to minimize disruptions to system performance. The approach consists of two components. First, they model the interaction between the adversary and a virtual node as a sequential detection process, in which the adversary attempts to determine whether the node is real or a decoy in the minimum possible time. They compute the optimal strategy for the adversary to decide whether the node is real or a decoy, and derive closed-form expressions for the expected time to identify the real node using this strategy. Second, they formulate the problem of deciding when to randomize the IP addresses, based on a trade-off between reducing the probability of detecting the real node and minimizing the disruption to network services, as an optimal stopping problem. They derive the optimal randomization policy for the network and analyze the detection probability, expected number of connections lost due to IP randomization, and expected time between randomizations under the proposed policy. Their results are illustrated via a simulation study using real-world data from NMAP, a software tool used to identify decoy nodes. Their simulation study indicates that their IP randomization policy reduces the probability of detection while minimizing the number of connections that are disrupted by the randomization.
  • "Moving Target with Load Balancing in P2P Cloud," Hong Liu; Thomas, J.; Khethavath, P.,Cloud Computing (CLOUD), 2013 IEEE Sixth International Conference on , vol., no., pp.359,366, June 28 2013-July 3 2013. (ID#:14-1273) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6676715&isnumber=6676660 In this paper the authors propose a 'moving target' security mechanism for a P2P cloud where files are partitioned and sensitive sections are moved at different times without modifying the routing or finger tables, to reduce the risk of the file being compromised. Two drawbacks with this approach are the problem of determining the locality of the data and load unbalancing. We present a hierarchical P2P cloud system that leads to scalability and efficiency. A 3-step load balancing scheme for hierarchical P2P cloud system to globally balance the network is proposed. Their simulation results show that our algorithm is effective in achieving load balancing in hierarchical peer-to-peer cloud systems.
  • "A moving target defense mechanism for MANETs based on identity virtualization," Albanese, M.; De Benedictis, A.; Jajodia, S.; Kun Sun, Communications and Network Security (CNS), 2013 IEEE Conference on, vol., no., pp.278,286, 14-16 Oct. 2013. (ID#:14-1274) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6682717&isnumber=6682673 Mechanisms for continuously changing or shifting a system's attack surface are emerging as game-changers in cyber security. In this paper, the authors propose a novel defense mechanism for protecting the identity of nodes in Mobile Ad Hoc Networks and defeat the attacker's reconnaissance efforts. The proposed mechanism turns a classical attack mechanism - Sybil - into an effective defense mechanism, with legitimate nodes periodically changing their virtual identity in order to increase the uncertainty for the attacker. To preserve communication among legitimate nodes, they modify the network layer by introducing (i) a translation service for mapping virtual identities to real identities; (ii) a protocol for propagating updates of a node's virtual identity to all legitimate nodes; and (iii) a mechanism for legitimate nodes to securely join the network. Their proposed approach is robust to different types of attacks, and they also show that the overhead introduced by the update protocol can be controlled by tuning the update frequency.
  • "MOTAG: Moving Target Defense against Internet Denial of Service Attacks," Quan Jia; Kun Sun; Stavrou, A., Computer Communications and Networks (ICCCN), 2013 22nd International Conference on, vol., no., pp.1,9, July 30 2013-Aug. 2 2013. (ID#:14-1275) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6614155&isnumber=6614072 This paper proposes applications of a Moving Target Defense (MTD) as "moving" dynamic packet proxies, called MOTAG, designed to effectively prevent attackers from directly accessing and overwhelming the network in the event of a Distributed Denial of Service attack (DDoS). MOTAG is able to discern insider attackers from legitimate parties by constantly "moving" said proxies to different areas on the network, and by reorganizing client-proxy assignments using a greedy algorithm.

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.


Operating Systems

The Operating Systems citations cover publications and presentations since fall of 2013. Specific works include studies on such as an empirical study showing that the performance difference between double hashing and fully random hashing appears negligible, how to structure parallel peeling algorithms, and about uniform quantization, Software-as-a-Service (SaaS)

  • "Participatory Networking: An API for Application Control of SDNs", Andrew D. Ferguson, Arjun Guha, Chen Liang, Rodrigo Fonseca, and Shriram Krishnamurthi. In Proc. ACM SIGCOMM 2013, August 2013. The API presented by the authors enables users to work with the network, rather than around it, to improve performance and security. (ID#:14-1084) Available at: http://cs.brown.edu/~adf/work/SIGCOMM2013-paper.pdf
  • "Balanced Allocations and Double Hashing", M. Mitzenmacher. Based on his studies, the author offers theoretical results to explain the behavior of double hashing in a specific context. (ID#:14-1085) Preliminary version at http://arxiv.org/abs/1209.5360
  • "Parallel Peeling Algorithms", J. Jiang, M. Mitzenmacher, and J. Thaler. The authors provide insights into how to structure parallel peeling algorithms for efficiency in practice. (ID#:14-1086) Preliminary version at http://arxiv.org/abs/1302.7014
  • "Coding for Random Projections" P. Li, M. Mitzenmacher, and A. Shrivastava. The authors demonstrate that uniform quantization outperforms the standard method and propose that in many cases coding with just a small number of bits suffices. (ID#:14-1087) Preliminary version at http://arxiv.org/abs/1308.2218
  • "Equitability Analysis of the Maximal Information Coefficient, with Comparisons", D. Reshef, Y. Reshef, M. Mitzenmacher, and P. Sabeti. (ID#:14-1088) Preliminary version at: http://arxiv.org/abs/1308.2218
  • "Simple Multi-Party Set Reconciliation", M. Mitzenmacher and R. Pagh. The authors propose a methodology to achieve efficiency in network utilization. (ID#:14-1089) Preliminary version at: http://arxiv.org/abs/1311.2037
  • "Why Simple Hash Functions Work: Exploiting the Entropy in a Data Stream", K. Chung, M. Mitzenmacher, and S. Vadhan, Theory of Computing , vol 9, pp. 897-945. The authors argue that given certain conditions, performance when choosing a hash function from a 2-universal family or a random hash function is essentially the same. (ID#:14-1090) Available at: http://theoryofcomputing.org/articles/v009a030/
  • "FChain: Toward Black-box Online Fault Localization for Cloud Systems". Hiep Nguyen, Zhiming Shen, Yongmin Tan, Xiaohui Gu. Proc. of IEEE International Conference on Distributed Computing Systems (ICDCS), Philadelphia, PA, July, 2013. The authors present a system called FChain that can identify faulty components after a performance anomaly is detected. (ID#:14-1092) Available at: http://dance.csc.ncsu.edu/papers/icdcs2013.pdf
  • "Scalable Distributed Service Integrity Attestation for Software-as-a-Service Clouds", Juan Du, Daniel Dean, Yongmin Tan, Xiaohui Gu, Ting Yu, IEEE Transactions on Parallel and Distributed Systems (TPDS), 2013. The authors propose a scheme that provides attacker pinpointing power that is stronger than earlier schemes. (ID#:14-1093) Available at: http://dance.csc.ncsu.edu/papers/tpds13_main.pdf
  • "Data-Centric OS Kernel Malware Characterization", Junghwan Rhee, Ryan Riley, Zhiqiang Lin, Xuxian Jiang, Dongyan Xu, IEEE Transactions on Information Forensics and Security (TIFS), accepted in 2013. (ID#:14-1094) Available upon release at: https://www.cs.purdue.edu/homes/dxu/pubs/soon.txt
  • "Protocol Responsibility Offloading to Improve TCP Throughput in Virtualized Environments", Sahan Gamage, Ardalan Kangarlou, Ramana Kompella, Dongyan Xu, ACM Transactions on Computer Systems (TOCS), 31(3), 2013. (ID#:14-1095) Available upon release at: https://www.cs.purdue.edu/homes/dxu/pubs/soon.txt
  • "Measuring and Detecting Malware Downloads in Live Network Traffic", Phani Vadrevu, Babak Rahbarinia, Roberto Perdisci, Kang Li, and Manos Antonakakis, Proceedings of 10th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2013). July, 2013. (Best Paper Award of DIMVA 2013.) The authors present Peer-Rush, a system for identifying, categorizing, and attributing unwanted P2P traffic. (ID#:14-1096) Available at: http://cobweb.cs.uga.edu/~kangli/src/dimva2013.pdf
  • "Preemptable Ticket Spinlocks: Improving Consolidated Performance in the Cloud", J. Ouyang and J. Lange, Proceedings of the 9th Annual International Conference on Virtual Execution Environments, (VEE 2013). The authors demonstrate that Preemptable Ticket spinlocks improve VM performance. (ID#:14-1097) Available at: http://www.prognosticlab.org/~jarusl/pubs/vee13.pdf
  • "Balancing Performance, Accuracy, and Precision for Secure Cloud Transactions", Marian K. Iskander, Dave Wilkinson, Tucker Trainor, Adam J. Lee, and Panos Chrysanthis, IEEE Transactions on Parallel and Distributed Systems, 2014. The authors address the issue of unsafe decisions by policy-based authorization systems and define the idea of trusted transactions with respect to proofs of authorization. (ID#:14-1098) Available at: https://people.cs.pitt.edu/~adamlee/pubs/2013/iskander2013tpds.pdf
  • "Verifying computations without reexecuting them: from theoretical possibility to near-practicality", Michael Walfish and Andrew J. Blumberg, Electronic Colloquium on Computational Complexity ECCC TR13-165, November 2013. (ID#:14-1099) Available at: http://eccc.hpi-web.de/report/2013/165/
  • "Verifying Computations with State", Benjamin Braun, Ariel J. Feldman, Zuocheng Ren, Srinath Setty, Andrew J. Blumberg and Michael Walfish, ACM Symposium on Operating Systems Principles (SOSP), 14 Nov 2013. This paper describes Pantry, a system that composes proofbased verifiable computation with untrusted storage. (ID#:14-1100) Available at: http://eprint.iacr.org/2013/356.pdf



Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.


Peer to Peer Systems

Peer to Peer Systems


In a peer-to-peer (P2P) network, tasks such as searching for files or streaming audio or video are shared among multiple interconnected nodes--peers-- who share resources with other network participants without the need for centralized coordination by servers. Peer-to-peer systems pose considerable challenges for computer security. Like other forms of software, P2P applications can contain vulnerabilities, but what makes security particularly dangerous for P2P software is that peer-to-peer applications act as servers as well as clients, making them more vulnerable to remote exploits. The research articles in this bibliography address such topics as a large scale overlay network, unstructured networks, mobile streaming, bit torrent, and traffic identification.

  • "Capturing Connectivity Graphs of a Large-Scale P2P Overlay Network," Salah, H.; Strufe, T., Distributed Computing Systems Workshops (ICDCSW), 2013 IEEE 33rd International Conference on , vol., no., pp.172,177, 8-11 July 2013. (ID#:14-1164) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6679883&isnumber=6679830 According to the authors, measuring accurate graph snapshots of peer-to-peer (P2P) overlay networks is essential to understand these systems. Furthermore, the captured graph snapshots can be used, among other important purposes, as traces for simulation studies, to validate existing simulation models, to design and implement targeted attacks, or to detect anomalies. Motivated by the importance of the purposes above as well as the popularity of several Kademlia-like networks, they present a new crawler aiming to capture snapshots of the connectivity graph of the entire KAD network. The crawler's design is generic and adaptable for Kademlia-like and other structured P2P networks. The results show that the crawler is fast and captures high accurate graph snapshots. Furthermore, its design enables it to outperform prior KAD crawlers significantly in terms of the time and the number of crawling messages that are required to download nodes' routing tables. The crawls they conducted at different times between April 2012 and February 2013 show that KAD is still widely-used in terms of total observed users. However, when compared to the results of prior studies, they report a significant drop in the number of its simultaneous online users.
  • "An adaptive membership protocol against sybil attack in unstructured P2P networks," Haowen Liu; Chao Ma; Walshe, R., Information and Communications Technologies (IETICT 2013), IET International Conference on , vol., no., pp.29,34, 27-29 April 2013. (ID#:14-1165) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6617474&isnumber=6617468 This paper proposes a solution protocol to combat Sybil, a network attack often found in Peer-to-Peer (P2P) networks, which is difficult to defend due to the anonymous nature of the P2P architecture. In a Sybil attack, a malicious user distributes fake nodes throughout a system of legitimate nodes, enabling the attacker to control a large portion of the system and carry out various malicious exploits, such as DDoS attacks. The protocol proposed by this paper accommodates file sharing in an unstructured P2P architecture, and utilizes communication among peers, as well as neighbor monitoring to secure against malicious nodes.
  • "Neighbour peer selection scheme based on effective capacity for mobile Peer-to-Peer streaming," Hailun, Xia; Ning, Wang; Zhimin, Zeng, Communications China , vol.10, no.5, pp.89,98, May 2013. (ID#:14-1166) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6520941&isnumber=6520928 The appropriate selection of neighbor peers within a Peer to Peer (P2P) mobile network is discussed in this paper, with consideration of streaming and improving Quality of Service (QoS). Using the Multiple Attribute Decision Making theory (MADM), this paper details a scheme called Effective Capacity Peer Selection (ECPS), which is designed to improve throughout and packet delivery time.
  • "Exploring and improving BitTorrent topologies," Decker, C.; Eidenbenz, R.; Wattenhofer, R., Peer-to-Peer Computing (P2P), 2013 IEEE Thirteenth International Conference on , vol., no., pp.1,10, 9-11 Sept. 2013. (ID#:14-1167) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6688698&isnumber=6688689 BitTorrent, the most popular peer-to-peer (P2P) file-sharing protocol, accounts for a significant fraction of the traffic of the Internet. Using a novel technique, the authors measure live BitTorrent swarms on the Internet and confirm the conjecture that overlay networks formed by BitTorrent are not locality-aware, i.e., they include many unnecessary long distance connections. Attempts to improve the locality have failed because they require a modification of the existing protocol, or interventions by Internet service providers (ISPs). In contrast, the authors propose a lightweight method that improves the locality of active swarms by 6% by suggesting geographically close peers with the Peer Exchange Protocol (PEX), without any modifications to the current system. An improvement of locality not only benefits the ISPs by reducing network transit cost, it also reduces the traffic over long-distance connections, which delays the need to expand the infrastructure, easing the power consumption. They expect that if used on a large scale our method reduces the Internet's energy consumption by 8 TWh a year.
  • "P2P traffic identification based on transfer learning," Cai, Lin; Jing, Xiaojun; Sun, Songlin; Huang, Hai; Chen, Na; Lu, Yueming, Granular Computing (GrC), 2013 IEEE International Conference on , vol., no., pp.22,26, 13-15 Dec. 2013. (ID#:14-1168) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6740374&isnumber=6740363 With the rapid development of the Internet, a large number of peer networks (Peer-to-Peer) applications rise and are widely used. Because of this, it is more difficult for network operators to manage and monitor their networks in a proper way. To identify the peer networks applications generating the traffic traveling through networks is necessary and if we can identify them sooner, we control them better. In this work, the authors use the machine learning-based classification method to identify the classes of the flows. They choose transfer learning algorithm to classify the traffic, and improve classified results. Finally they compare and evaluate the classification results in terms of the two metrics such as true positive ratio and time expense. Their experiments show that the machine learning algorithm is an efficient algorithm for traffic identification and is able to build a quick identification system.


Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.


Quantum Computing

SoS Newsletter - Quantum


While quantum computing is still in its early stage of development, large-scale quantum computers promise to be able to solve certain problems much more quickly than any classical computer using the best currently known algorithms. Quantum algorithms, such as Simon's algorithm, run faster than any possible probabilistic classical algorithm. For the Science of Security, the speed, capacity, and flexibility of qubits over digital processing offers still greater promise. The articles cited here include a series from Science magazine's special issue on quantum computing in March 2013, as well as peer reviewed journals in physics.

  • "The Future of Quantum Information Processing", Jelena Stajic, Science 8 March 2013: Vol. 339 no. 6124 p. 1163 This article is the introduction to a special Science issue on quantum computing. This introduction defines terms, describes quantum computing and provides links to a collection of essays about specific issues, particularly basic research issues, in quantum computing. (ID#:14-1059) Available at: http://www.sciencemag.org/content/339/6124/1163
  • "Simulation of Lattice Quantum-Chromodynamics and Other Lattice Models ".Claudio Rebbi, Adam Avakian, Ron Babich, Richard Brower, Mike Clark, James Osborn, David Schaich; This work displays four dimensional models of QCD developed by the authors and offers comparisons to similar theorems. (ID#:14-1060) Available at: http://www.bu.edu/tech/about/research/help/gallery/lattice-qcd09/
  • "Dissipative Preparation of Spin Squeezed Atomic Ensembles in a Steady State", E. Dalla Torre, J. Otterbach, E. Demler, V. Vuletic, M. Lukin, Phys. Rev. Lett,. 110, 120402 (2013). This article explores a new approach for generating atomic spin squeezed states. Such states have implications for the development of atomic clocks and frequencies. (ID#:14-1061) Available at: http://lukin.physics.harvard.edu/wp-uploads/Papers/Publications/PhysRevLett.110.120402.pdf
  • "Topologically Protected Quantum State Transfer in a Chiral Spin Liquid" N.Y. Yao, C.R. Laumann, A.V. Gorshkov, H. Weimer, L. Jiang, J.I. Cirac, P. Zoller, M.D. Lukin, Nature Communications, 4, 1585 (2013). This article analyzes a topologically protected channel for the transfer of quantum states between remote quantum nodes. In this approach, state transfer is mediated by the edge mode of a chiral spin liquid. Potential value relates to creating scalable quantum devices. (ID#:14-1062) Available at: http://lukin.physics.harvard.edu/wp-uploads/Papers/Publications/ncomms.4.1585.2013.pdf
  • "Symmetries and Collective Excitations in Large Superconducting Circuits". David G. Ferguson, A. A. Houck, and Jens Koch, Phys. Rev. X 3, 011003 (2013). The authors present theoretical tools suitable for quantitative modeling of large superconducting circuits that include one-dimensional Josephson-junction arrays. (ID#:14-1063) Available at: http://prx.aps.org/abstract/PRX/v3/i1/e011003
  • "Asymptotic expressions for charge-matrix elements of the fluxonium circuit", Guanyu Zhu and Jens Koch, Phys. Rev. B 87, 144518 (2013). The authors present analytical expressions for the fluxonium charge matrix elements. In charge-coupled circuit QED systems, transition amplitudes and dispersive shifts are governed by the matrix elements of the charge operator. According to the authors, for the fluxonium circuit, these matrix elements are not limited to nearest-neighbor energy levels and are conveniently tunable by magnetic flux. (ID#:14-1064) Available at: http://prb.aps.org/abstract/PRB/v87/i14/e144518


Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.


Resiliency

Resiliency


The European-based Resilience and Survivability for Future Networking: Framework, Mechanisms, and Experimental Evaluation (ResumeNET) project, defines resiliency as "the ability to provide and maintain an acceptable level of service in the face of faults and challenges to normal operations." This broad definition includes both natural disasters and man-made intrusions. The articles cited here focus on resiliency amid cyber-attacks. Specific works address botnets, cross layer network design, finding disjoint linear codes, many core systems, redundant paths, and multiagent consensus networks.

  • "Studies on Resilient Control Through Multiagent Consensus Networks Subject to Disturbances," Meng, D.; Moore, K.L., Cybernetics, IEEE Transactions on, vol.PP, no.99, pp.1,1, 10 February 2014. (ID#:14-1236) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6736064&isnumber=6352949 Resiliency is one of the most critical objectives found in complex industrial applications today and designing control systems to provide resiliency is an open problem. This paper proposes resilient control design guidelines for industrial systems that can be modeled as networked multiagent consensus systems subject to disturbances or noise. The authors give a general analysis of multiagent consensus networks in the presence of different disturbances from the input-to-output stability point of view. Using a nonsingular linear transformation, some necessary and sufficient results are established for disturbed multiagent consensus networks by taking advantage of the input-to-state stability theory, based on which the disturbance rejection performance is analyzed in three cases separated by the spaces of disturbances and state disagreements between agents. It is shown that the linear matrix inequality technique can be adopted to determine the optimal disturbance rejection indexes for all the three cases. In addition, two illustrative numerical examples are given to demonstrate the derived consensus results for different types of directed graphs and subject to different classes of disturbances.
  • "A Process-Variation Resilient Current Mode Logic With Simultaneous Regulations for Time Constant, Voltage Swing, Level Shifting, and DC Gain Using Time-Reference-Based Adaptive Biasing Chain," Jeon, H.-J.; Silva-Martinez, J.; Hoyos, S., Very Large Scale Integration (VLSI) Systems, IEEE Transactions on, vol.PP, no.99, pp.1,1 14 February 2014. (ID#:14-1237) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6740824&isnumber=4359553 A process-variation resilient current mode logic (CML) is presented. The proposed CML employs time-reference-based adaptive biasing chain with replica load to address performance degradation over the process variations. It adjusts variable load resistor to simultaneously regulate time constant, voltage swing, level shifting, and DC gain. The prototype demonstrates the process-variation resiliency of the proposed solution by showing performance degradation over the process corners. Over 20% of polygate resistance variation, the proposed CML suppresses the degradation of speed and rms jitter less than 4.3% and 0.15 ps while conventional CML results in 13% and 3.8-ps degradation, respectively.
  • "Robust and Reverse-Engineering Resilient PUF Authentication and Key-Exchange by Substring Matching," Rostami, M.; Majzoobi, M.; Koushanfar, F.; Wallach, D.; Devadas, S., Emerging Topics in Computing, IEEE Transactions on , vol.PP, no.99, pp.1,1 January 2014. (ID#:14-1238) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6714458&isnumber=6558478 This paper proposes novel robust and low-overhead Physical Unclonable Function (PUF) authentication and key exchange protocols that are resilient against reverse-engineering attacks. The protocols are executed between a party with access to a physical PUF (Prover) and a trusted party who has access to the PUF compact model (Verifier). The proposed protocols do not follow the classic paradigm of exposing the full PUF responses or a transformation of them. Instead, random subsets of PUF response strings are sent to the Verifier so the exact position of the subset is obfuscated for the third-party channel observers. Authentication of the responses at the Verifier side is done by matching the substring to the available full response string; the indaex of the matching point is the actual obfuscated secret (or key) and not the response substring itself. The authors perform a thorough analysis of resiliency of the protocols against various adversarial acts, including machine learning and statistical attacks. The attack analysis guides them in tuning the parameters of the protocol for an efficient and secure implementation. The low overhead and practicality of the protocols are evaluated and confirmed by hardware implementation.
  • "Wide-Area Control Resiliency Using Redundant Communication Paths," Zhang, S.; Vittal, V., Power Systems, IEEE Transactions on, vol.PP, no.99, pp.1,11, January 2014. (ID#:14-1239) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6728664&isnumber=4374138 With significant investment made in the U.S. in deploying synchrophasor measurement technology, more wide-area measurements will be available and controls based on these signals are likely to be adopted. Communication systems play a critical role in interactive grid control as an indispensable medium to transmit wide-area measurements; however, they are vulnerable to disruptions leading to the risk of destabilizing power systems. This work addresses a critical issue related to engineering resilient cyber-physical systems. The proposed framework utilizes a hierarchical set of wide-area measurements for control and employs channel switching based on mathematical morphology identification to counteract the impact of communication failures on control effectiveness. The proposed control framework incorporating a set of synchronized wide-area measurements is designed to consist of multiple single-input single-output supplementary damping controllers associated with a static VAr compensator. This work is particularly important with regard to leveraging the large investment in installing phasor measurement units across the nation.
  • "Access Versus Bandwidth in Codes for Storage," Tamo, I.; Wang, Z.; Bruck, J., Information Theory, IEEE Transactions on , vol.60, no.4, pp.2028,2037, April 2014. (ID#:14-1240) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6737213&isnumber=6766686 Maximum distance separable (MDS) codes are widely used in storage systems to protect against disk (node) failures. A node is said to have capacity $l$ over some field $BBF$, if it can store that amount of symbols of the field. An $(n,k,l)$ MDS code uses $n$ nodes of capacity $l$ to store $k$ information nodes. The MDS property guarantees the resiliency to any $n-k$ node failures. An optimal bandwidth (respectively, optimal access) MDS code communicates (respectively, accesses) the minimum amount of data during the repair process of a single failed node. It was shown that this amount equals a fraction of $1/(n-k)$ of data stored in each node. In previous optimal bandwidth constructions, $l$ scaled polynomially with $k$ in codes when the asymptotic rate is less than 1. Moreover, in constructions with a constant number of parities, i.e., when the rate approaches 1, $l$ is scaled exponentially with $k$. In this paper, the authors focus on the case of linear codes with linear repair operations and constant number of parities $n-k=r$, and ask the following question: given the capacity of a node $l$ what is the largest number of information disks $k$ in an optimal bandwidth (respectively, access) $(k+r,k,l)$ MDS code? They give an upper bound for the general case, and two tight bounds in the special cases of two important families of codes. The first is a family of codes with optimal update property, and the second is a family with optimal access property. Moreover, the bounds show that in some cases optimal-bandwidth codes have larger $k$ than optimal-access codes, and therefore these two measures are not equivalent.
  • "Resiliency for many-core system on a chip," Karnik, T.; Tschanz, J.; Borkar, N.; Howard, J.; Vangal, S.; De, V.; Borkar, S., Design Automation Conference (ASP-DAC), 2014 19th Asia and South Pacific, vol., no., pp.388,389, 20-23 Jan. 2014. (ID#:14-1241) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6742921&isnumber=6742831 This paper discusses dynamic and static variation tolerance, and the adaptive clocking approach designed to greatly improve throughout and bandwidth, while conserving energy. This article also broaches the subject of resiliency in many-core microprocessors.
  • "Constructions of Resilient S-Boxes With Strictly Almost Optimal Nonlinearity Through Disjoint Linear Codes," Wei-Guo Zhang; Pasalic, E., Information Theory, IEEE Transactions on , vol.60, no.3, pp.1638,1651, March 2014. (ID#:14-1242) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6712115&isnumber=6739111 In this paper, a novel approach of finding disjoint linear codes is presented. The cardinality of a set of [u, m, t+1] disjoint linear codes largely exceeds all the previous best known methods used for the same purpose. Using such sets of disjoint linear codes, not necessarily of the same length, we have been able to provide a construction technique of t-resilient S-boxes F:F2n-2m ( n even, ) with strictly almost optimal nonlinearity . This is the first time that the bound 2n-1-2n/2 has been exceeded by multiple output resilient functions. Actually, the nonlinearity of our functions is in many cases equal to the best known nonlinearity of balanced Boolean functions. A large class of previously unknown cryptographic resilient S-boxes is obtained, and several improvements of the original approach are proposed. Some other relevant cryptographic properties are also briefly discussed. It is shown that these functions may reach Siegenthaler's bound n-t-1, and can be either of optimal algebraic immunity or of slightly suboptimal algebraic immunity, which was confirmed by simulations.
  • "Cross-layer resilient system design," Tahoori, M., Design and Diagnostics of Electronic Circuits & Systems (DDECS), 2013 IEEE 16th International Symposium on , vol., no., pp.10,10, 8-10 April 2013. (ID#:14-1243) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6549779&isnumber=6549768 Summary form only given. Improvements in chip manufacturing technology have propelled an astonishing growth of computing systems which are integrated into our daily lives. However, this trend is facing serious challenges, both at device and system levels. At the device level, as the minimum feature size continues to shrink, a host of vulnerabilities influence the robustness, reliability, and availability of embedded and critical systems. Some of these factors are caused by the stochastic nature of the nanoscale manufacturing process (e.g., process variability, sub-wavelength lithographic inaccuracies), while other factors appear because of high frequencies and nanoscale features (e.g. RLC noise, on-chip temperature variation, increased sensitivity to radiation and transistor aging). At the other end of the spectrum, these systems are seeing a tremendous increase in software content. Whereas traditional software design paradigms have assumed that the underlying hardware is fully predictable and error-free, there is now a critical need to build a software stack that is responsive to variations, and resilient against emerging vulnerabilities in the underlying hardware. To cost-efficiently tackle resiliency challenges, a new "cross-layer" trend has emerged in which different levels of design stacks, in hardware and software, work together to find a globally optimal solution. The interdisciplinary topic of cross layer resiliency cross various disciplines and requires collaboration and cooperation of various communities such as design automation, testing and design for testability, computer architecture, embedded systems and software, validation and verification, fabrication, device, circuits, and systems. Such cross-layer approach will lead to possible paradigm shifts to consider reliability throughout the design flow, from devices to systems and applications.
  • "A Next-Generation Approach to Combating Botnets," Alhomoud, A.; Awan, I.; Disso, J.F.P.; Younas, M., Computer, vol.46, no.4, pp.62,66, April 2013. (ID#:14-1244) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6459493&isnumber=6494531 As part of a defense-in-depth security solution for domain-controlled enterprise networks, a proposed self-healing system architecture is designed to increase resiliency against botnets with minimal disruption to network services.

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.




Signals Processing

Signals Processing


Broadly speaking, signal processing covers signal acquisition and reconstruction, quality improvement, signal compression and feature extraction. Each of these processes introduces vulnerabilities into communications and other systems. The research articles cited here explore trust between networks, steganalysis, tracing passwords across networks, and certificates.

  • "Evaluating Geometrical Parameters of Disperse Structures by the Images". Tatiana Ruzova, Alexander Tolstopyat, Vladimir Yeliseyev, and Leonid Fleer. Signal Processing Research PP.49-54, 3-2013. (ID#:14-1180) Available at: http://www.seipub.org/spr/
  • "Texture Based Steganalysis of Grayscale Images Using Neural Network". Arooj Nissar, A. H. Mir. Signal Processing Research PP.17-24, 3-2013. (ID#:14-1181) Available at: http://www.seipub.org/spr/
  • "Re3: Relay Reliability Reputation for Anonymity Systems" Anupam Das, Nikita Borisov, Prateek Mittal, and Matthew Caesar, ASIACCS, June 2014 (to appear; not yet available online.) (ID#:14-1182)
  • "The Tangled Web of Password Reuse" Anupam Das, Joseph Bonneau, Matthew Caesar, Nikita Borisov, and XiaoFeng Wang, NDSS, February 2014 (to appear) (ID#:14-1183) Available at: http://hatswitch.org/~nikita/papers/password-reuse-ndss14.pdf The authors address how an attacker can take advantage of a known password from one site to improve their ability to determine user passwords at other sites. Their research suggests that close to 50% of users reuse the same password for multiple sites.
  • "Exploiting Innocuous Activity for Correlating Users Across Sites" O. Goga, H. Lei, S. H. K. Parthasarathi, G. Friedland, R. Sommer, and R. Teixeira. Proceedings of the World Wide Web Conference (WWW), Rio de Janeiro, Brazil May 2013. (ID#:14-1184) Available at: https://www.icsi.berkeley.edu/pubs/networking/ICSI_exploitinginnocuousactivity13.pdf The authors researched the ways in which attackers find accounts on multiple social network sites all belonging to a single user by exploiting activity that is part of the posted content. Their findings suggest that content itself may provide enough information to connect the accounts to a single user.
  • "A building code for building code: putting what we know works to work". Carl E. Landwehr. Proceedings of the 29th Annual Computer Security Applications Conference Pages 139-147, ACM New York, NY, 2013. (ID#:14-1188) Available at: http://dl.acm.org/citation.cfm?doid=2523649.2530278 (fee required) The author suggests an approach to capturing and implementing lessons-learned about how to build secure software.
  • "Systems Thinking for Safety and Security" William Young and Nancy Leveson. Proceedings of the 29th Annual Computer Security Applications Conference Pages 139-147, ACM New York, NY, 2013. (ID#:14-1189) Available at: http://dl.acm.org/citation.cfm?doid=2523649.2530277 (fee required) Although the security and safety communities face similar challenges, there appears to have been little exchange of information between security and safety professionals. The authors suggest a framework for safety that may be applicable to security.
  • "Leveraging SDN Layering to Systematically Troubleshoot Networks". B. Heller, C. Scott, N. McKeown, S. Shenker, A. Wundsam, H. Zeng, S. Whitlock, V. Jeyakumar, N. Handigol, M. McCauley, K. Zarifis and P. Kazemian. Proceedings of ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking (HotSDN '13), Hong Kong, China, August 2013. (ID#:14-1190) Available at: http://www.icsi.berkeley.edu/pubs/networking/leveragingsdn13.pdf
  • "Less Pain, Most of the Gain: Incrementally Deployable ICN". S. Fayazbakhsh, Y. Lin, A. Tootonchian, A. Ghodsi, T. Koponen, B. Maggs, KC Ng, V. Sekar, and S. Shenker. Proceedings of the Annual Conference of the ACM Special Interest Group on Data Communication (SIGCOMM 2013), pp. 147-158, Hong Kong, China, August 2013. (ID#:14-1191) Available at: http://www.icsi.berkeley.edu/pubs/networking/lesspain13.pdf
  • "Simultaneous Target and Multipath Positioning," Li Li; Krolik, J.L., Selected Topics in Signal Processing, IEEE Journal of , vol.8, no.1, pp.153,165, Feb. 2014. (ID#:14-1194) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6658859&isnumber=6712940 This paper addresses the problem of target geo-localization in complex multipath environments such as indoor and urban settings. In both radar applications (where targets are non-cooperative) and navigation in GPS-denied areas using RF signals (where the subject is cooperative), multipath propagation is a well-known cause of large geo-location errors except in rare cases when a very accurate channel model is available. This work addresses more typical situations of uncertain channel properties by jointly estimating target position and multipath parameters. The proposed Simultaneous Target and Multipath Positioning (STAMP) approach involves an application of multi-scan multi-hypothesis data association to approximate recursive Bayesian estimates of both moving target location as well as specular reflector and point scatterer locations. STAMP achieves joint estimation by exploiting the different dynamics of targets (e.g., people moving) versus channel parameters (e.g., fixed wall locations). Algorithm performance is evaluated in simulation for radar localization of a non-cooperative target in an uncertain urban multipath environment. In addition, the successful demonstration of STAMP geolocation using real wideband microwave data collected in an actual building foyer with unknown floor plan is discussed. Finally, the issue of identifiability of both target and multipath parameters is explored via analysis of the Cramer-Rao Lower Bound (CRLB) on joint estimation of target and multipath parameters in both line-of-sight and non-line-of-sight scenarios.
  • "A Bayesian Approach to Device-Free Localization: Modeling and Experimental Assessment," Savazzi, S.; Nicoli, M.; Carminati, F.; Riva, M., Selected Topics in Signal Processing, IEEE Journal of , vol.8, no.1, pp.16,29, Feb. 2014. (ID#:14-1195) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6644290&isnumber=6712940 Device-free positioning allows to localize and track passive targets (i.e., not carrying any electronic device) moving in an area monitored by a dense network of low-power and battery-operated wireless sensors. The technology is promising for a wide number of applications, ranging from ambient intelligence in smart spaces, intrusion detection, emergency and rescue operations in critical areas. In this paper, a new approach is proposed where both the average path-loss and the fluctuations of the received signal strength induced by the moving target are jointly modeled based on the theory of diffraction. A novel stochastic model is derived and used for the evaluation of fundamental performance limits. The model is proved to be tight enough to be adopted for real-time estimation of the target location. The proposed localization system is validated by extensive experimental studies in both indoor and outdoor environments. The model calibration is addressed in practical scenarios to compare the performance of different Bayesian online localization methods. The test-bed system supports efficient and flexible target tracking, without requiring any action from the end-users. In addition, the technology is proven to be readily applicable over the existing IEEE 802.15.4 compliant PHY layer standard, by adapting the low-level MAC firmware.
  • "Device-Free Person Detection and Ranging in UWB Networks," Kilic, Y.; Wymeersch, H.; Meijerink, A.; Bentum, M.J.; Scanlon, W.G., Selected Topics in Signal Processing, IEEE Journal of , vol.8, no.1, pp.43,54, Feb. 2014. (ID#:14-1196) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6600737&isnumber=6712940 We present a novel device-free stationary person detection and ranging method, that is applicable to ultra-wide bandwidth (UWB) networks. The method utilizes a fixed UWB infrastructure and does not require a training database of template waveforms. Instead, the method capitalizes on the fact that a human presence induces small low-frequency variations that stand out against the background signal, which is mainly affected by wideband noise. We analyze the detection probability, and validate our findings with numerical simulations and experiments with off-the-shelf UWB transceivers in an indoor environment.


Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.


Situational Awareness


Situational awareness is an important human factor for cyber security. IEEE published a Special Issue on Signal Processing for Situational Awareness from Networked Sensors and Social Media in April 2014: Signal Processing, IEEE Transactions on, Volume 62 , Issue: 4, April 1, 2014 , Page(s): 1035. Many of the citations are from this special issue.

Note: IEEE has published a Special Issue on Signal Processing for Situational Awareness from Networked Sensors and Social Media this month: Signal Processing, IEEE Transactions on, Vol 62 , Issue: 4, April 1, 2014 , Page(s): 1035. Many of the citations below are from this special issue.

  • "Robust Beamforming by Linear Programming," Jiang, X.; Zeng, W.-J.; Yasotharan, A.; So, H.C.; Kirubarajan, T., Signal Processing, IEEE Transactions on , vol.62, no.7, pp.1834,1849, April1, 2014. (ID#:14-1294) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6731581&isnumber=6757015 In this paper, a robust linear programming beamformer (RLPB) is proposed for non-Gaussian signals in the presence of steering vector uncertainties. Unlike most of the existing beamforming techniques based on the minimum variance criterion, the proposed RLPB minimizes the $ell_{infty}$-norm of the output to exploit the non-Gaussianity. We make use of a new definition of the $ell_{p}$-norm $(1leq pleqinfty)$ of a complex-valued vector, which is based on the $ell_{p}$-modulus of complex numbers. To achieve robustness against steering vector mismatch, the proposed method constrains the $ell_{infty}$ -modulus of the response of any steering vector within a specified uncertainty set to exceed unity. The uncertainty set is modeled as a rhombus, which differs from the spherical or ellipsoidal uncertainty region widely adopted in the literature. The resulting optimization problem is cast as a linear programming and hence can be solved efficiently. The proposed RLPB is computationally simpler than its robust counterparts requiring solution to a second-order cone programming. We also address the issue of appropriately choosing the uncertainty region size. Simulation results demonstrate the superiority of the proposed RLPB over several state-of-the-art robust beamformers and show that its performance can approach the optimal performance bounds.
  • "Secrecy Wireless Information and Power Transfer With MISO Beamforming," Liu, L.; Zhang, R.; Chua, K.-C., Signal Processing, IEEE Transactions on , vol.62, no.7, pp.1850,1863, April 1, 2014. (ID#:14-1295) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6728676&isnumber=6757015 The dual use of radio signal for simultaneous wireless information and power transfer (SWIPT) has recently drawn significant attention. To meet the practical requirement that the energy receiver (ER) operates with significantly higher received power as compared to the conventional information receiver (IR), ERs need to be deployed in more proximity to the transmitter than IRs in the SWIPT system. However, due to the broadcast nature of wireless channels, one critical issue arises that the messages sent to IRs can be eavesdropped by ERs, which possess better channels from the transmitter. In this paper, we address this new physical-layer security problem in a multiuser multiple-input single-output (MISO) SWIPT system where one multi-antenna transmitter sends information and energy simultaneously to an IR and multiple ERs, each with one single antenna. Two problems are investigated with different practical aims: the first problem maximizes the secrecy rate for the IR subject to individual harvested energy constraints of ERs, while the second problem maximizes the weighted sum-energy transferred to ERs subject to a secrecy rate constraint for IR. We solve these two non-convex problems optimally by a general two-stage procedure. First, by fixing the signal-to-interference-plus-noise ratio (SINR) target for ERs or IR, we obtain the optimal transmit beamforming and power allocation solution by applying the technique of semidefinite relaxation (SDR). Then, each of the two problems is solved by a one-dimension search over the optimal SINR target for ERs or IR. Furthermore, for each problem, suboptimal solutions of lower complexity are proposed.
  • "Minimum Dispersion Beamforming for Non-Gaussian Signals," Jiang, X.; Zeng, W.-J.; Yasotharan, A.; So, H.C.; Kirubarajan, T., Signal Processing, IEEE Transactions on , vol.62, no.7, pp.1879,1893, April1, 2014. (ID#:14-1296) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6737329&isnumber=6757015 Most of the existing beamforming methods are based on the Minimum Variance (MV) criterion. The MV approach is statistically optimal only when the signal, interferences and the noise are Gaussian-distributed. However, non-Gaussian signals arise in a variety of practical applications. In this paper, Minimum Dispersion Distortionless Response (MDDR) beamforming, which minimizes the $ell_p$-norm of the output while constraining the desired signal response to be unity, is devised for non-Gaussian signals. It is shown that the MDDR beamformer, which implicitly exploits non-Gaussianity, can improve the performance significantly if $p > 2$ for sub-Gaussian signals or $p < 2$ for super-Gaussian signals. Three efficient algorithms, the Iteratively Reweighted Minimum Variance Distortionless Response (IR-MVDR), complex-valued full Newton's and partial Newton's methods, are developed to solve the resulting $ell_p$ -norm minimization with a linear constraint. Furthermore, the MDDR beamformer with a single constraint is generalized to the Linearly Constrained Minimum Dispersion (LCMD) beamformer with multiple linear constraints, which exhibits robustness against steering vector mismatch. The LCMD beamformer yields significant performance improvement over the conventional Linearly Constrained Minimum Variance (LCMV) beamformer. Simulation results are provided to demonstrate the superior performance of the proposed minimum dispersion beamforming approaches.
  • "Greedy Algorithms for Joint Sparse Recovery," Blanchard, J.D.; Cermak, M.; Hanle, D.; Jing, Y.,Signal Processing, IEEE Transactions on , vol.62, no.7, pp.1694,1704, April 1, 2014. (ID#:14-1297) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6719509&isnumber=6757015 Five known greedy algorithms designed for the single measurement vector setting in compressed sensing and sparse approximation are extended to the multiple measurement vector scenario: Iterative Hard Thresholding (IHT), Normalized IHT (NIHT), Hard Thresholding Pursuit (HTP), Normalized HTP (NHTP), and Compressive Sampling Matching Pursuit (CoSaMP). Using the asymmetric restricted isometry property (ARIP), sufficient conditions for all five algorithms establish bounds on the discrepancy between the algorithms' output and the optimal row-sparse representation. When the initial multiple measurement vectors are jointly sparse, ARIP-based guarantees for exact recovery are also established. The algorithms are then compared via the recovery phase transition framework. The strong phase transitions describing the family of Gaussian matrices which satisfy the sufficient conditions are obtained via known bounds on the ARIP constants. The algorithms' empirical weak phase transitions are compared for various numbers of multiple measurement vectors. Finally, the performance of the algorithms is compared against a known rank aware greedy algorithm, Rank Aware Simultaneous Orthogonal Matching Pursuit + MUSIC. Simultaneous recovery variants of NIHT, NHTP, and CoSaMP all outperform the rank-aware algorithm.
  • "Single-Site Localization via Maximum Discrimination Multipath Fingerprinting," Jaffe, A.; Wax, M., Signal Processing, IEEE Transactions on , vol.62, no.7, pp.1718,1728, April1, 2014. (ID#:14-1298) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6733301&isnumber=6757015 A novel approach to single-site localization based on maximum discrimination multipath fingerprinting is presented. In contrast to the existing approach, which extracts each fingerprint only from the data of that location, the new approach uses also the data of all the other locations in the database, and leverages it to extract a fingerprint that is as different as possible from the other fingerprints in the database. The performance of this approach, validated with both simulated and real data, is superior to the existing approach, demonstrating single-site localization accuracy of 1 m in typical indoor environments. The new approach has also a lower computational complexity.

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.


Software Assurance

Software Assurance


The 2005 Department of Defense initiative to promote software assurance defines the term as "the level of confidence that software functions as intended and is free of vulnerabilities, either intentionally or unintentionally designed or inserted as part of the software." The Department of Homeland Security has a companion strategic initiative to promote integrity, security, and reliability in software. Research into software assurance cited here includes testing, verification and validation, metrics, and test planning.

  • Cadar, C.; Dadeau, F., "Constraints in Software Testing, Verification and Analysis CSTVA'2013," Software Testing, Verification and Validation Workshops (ICSTW), 2013 IEEE Sixth International Conference on , vol., no., pp.208,209, 18-22 March 2013. (ID#:14-1197) Available at: http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=6571631&isnumber=6571592&url=http%3A%2F%2Fieeexplore.ieee.org%2Fstamp%2Fstamp.jsp%3Ftp%3D%26arnumber%3D6571631%26isnumber%3D6571592 Recent years have seen an increasing interest in the application of constraint solving techniques to test, verify and analyze software systems. Constraint-based techniques are proposed and investigated in the context of test input generation, model-based testing, symbolic execution, static analysis, program verification, and many other areas. These techniques use or extend constraint solvers such as SAT and SMT solvers to reason about Boolean, integer, real and floating-point data types, as well as complex data structures, control structures, method calls and other program features. The constraint systems that result from this work usually share many common features and are relevant to a variety of application domains. Following a first meeting held with the Principles and Practice of Constraint Programming (CP) conference in 2006, and three subsequent meetings at the International Conference on Software Testing, Verification and Validation (ICST) in 2010, 2011 and 2012, the aim of this paper is to bring together researchers and practitioners working in constraint-based software testing, verification and analysis, to investigate future developments in this research field.
  • "Lessons learned and challenges of developing the NATO air command and control information services," Aker, S.; Audin, C.; Lindy, E.; Marcelli, L.; Massart, J.-P.; Okur, Y., Systems Conference (SysCon), 2013 IEEE International , vol., no., pp.791,800, 15-18 April 2013. (ID#:14-1198) Available at: http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=6549974&isnumber=6549844&url=http%3A%2F%2Fieeexplore.ieee.org%2Fstamp%2Fstamp.jsp%3Ftp%3D%26arnumber%3D6549974%26isnumber%3D6549844 The North Atlantic Treaty Organization (NATO) Communications and Information (NCI) Agency is responsible for procuring and maintaining systems that are aligned with NATO Alliance operational requirements and national agreements, and are interoperable, when appropriate, with national systems. In the current NATO environment, long lead items, such as obtaining nationally agreed to capability packages and financial investments, are now leaving less time to engineer complex solutions in a fluctuating financial and mission environment. In addition, NATO is challenged with fielding systems to operational and system administrative users provided by 28 allied nations. This presents challenges with language, data exchange, security issues, and training for users that may rotate back to their nation every three years. This unique NATO environment has forced Project Managers (PMs) and Technical Leads (TLs) to operate with constraints imposed by contracts built around traditional systems engineering waterfall methods. In contrast, system lifecycle short timelines demand engineering solutions using agile methods supported by iterative, user validation of the system fit for purpose and usability with regard to changing peace-time and war-time missions (International Security Assistance Force (ISAF), Libyan Operation Unified Protector (OUP), etc.). The NCI Agency will be fielding a new Air C2 information service (AirC2IS) in 2013. This system, AirC2IS, was partially installed for initial system validation 21 months after contract award and will be fielded to over 20 NATO sites 35 months after contract award. The system will replace an interim capability and offer a vast array of software functionalities, using a web-based design, including, but not limited to, air track management, shared early warning, air planning, theatre ballistic missile defense planning and monitoring, and collaborative tool integration. The system capabilities are being procured by NCI Agency and developed- by an industry partner. The AirC2IS design phase utilized a Human Machine Interface (HMI) driven approach and the development phase an agile methodology with user validation of functionalities before formal testing. The overall systems engineering approach was tailored to reduce risks of system non-acceptance and ensure high usability and software fit for purpose, matching user requirements. This paper will present lessons learned in the procurement, development, and fielding of AirC2IS in the following areas: Project management of agile development in a traditional waterfall contract environment; Agile software development with a HMI driven approach; and Validation of systems optimizing mission flexibility.
  • "Visualization of Software Assurance Information," Feather, Martin S.; Wilf, Joel M., System Sciences (HICSS), 2013 46th Hawaii International Conference on , vol., no., pp.4948,4956, 7-10 Jan. 2013. (ID#:14-1199) Available at: http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=6480441&isnumber=6479821&url=http%3A%2F%2Fieeexplore.ieee.org%2Fstamp%2Fstamp.jsp%3Ftp%3D%26arnumber%3D6480441%26isnumber%3D6479821 During the conduct of Software Assurance on a software development project, data is gathered on both the software being developed, and the development processes being followed. It is from this information that Software Assurance derives insights into the quality of the software itself and the efficacy of the development process. For large software developments such data can be voluminous, making deriving and conveying insights challenging. This motivates our ongoing efforts to apply information visualization techniques to software assurance data. While visualization techniques have long been applied to software itself, the application to software development processes and the data they yield is relatively novel. We report on several such applications and the insights they revealed. We offer some suggestions for the further investigation of information visualization techniques applied to assurance data.
  • "1st International workshop on assurance cases for software-intensive systems (ASSURE 2013)," Denney, Ewen; Pai, Ganesh; Habli, Ibrahim; Kelly, Tim; Knight, John, Software Engineering (ICSE), 2013 35th International Conference on , vol., no., pp.1505,1506, 18-26 May 2013. (ID#:14-1200) Available at: http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=6606759&isnumber=6606539&url=http%3A%2F%2Fieeexplore.ieee.org%2Fstamp%2Fstamp.jsp%3Ftp%3D%26arnumber%3D6606759%26isnumber%3D6606539 Software plays a key role in high-risk systems, i.e., safety and security-critical systems. Several certification standards and guidelines, e.g., in the defense, transportation (aviation, automotive, rail), and healthcare domains, now recommend and/or mandate the development of assurance cases for software-intensive systems. As such, there is a need to understand and evaluate (a) the application of assurance cases to software, and (b) the relationship between the development and assessment of assurance cases, and software engineering concepts, processes and techniques. The ICSE 2013 Workshop on Assurance Cases for Software-intensive Systems (ASSURE) aims to provide an international forum for high-quality contributions (research, practice, and position papers) on the application of assurance case principles and techniques for software assurance, and on the treatment of assurance cases as artifacts to which the full range of software engineering techniques can be applied.
  • "Formalization of Measure Theory and Lebesgue Integration for Probabilistic Analysis in HOL". Mhamdi, Tarek and Hasan, Osman and Tahar, Sofiene (2013ACM Transactions on Embedded Computing Systems, 12 (1). pp. 1-23. (ID#:14-1201) Available at: http://spectrum.library.concordia.ca/977357/1/TECS-2013.pdf
  • "Theory in Practice for System Design and Verification" Rajeev Alur, Thomas A. Henzinger, and Moshe Y. Vardi. N.p. 2014. (ID#:14-1203) Available at: http://www.cis.upenn.edu/~alur/Survey13.pdf The authors address the impact of advances in design automation for hardware, software, and embedded systems.
  • "A Verified Information-Flow Architecture" Arthur Azevedo de Amorim, Nathan Collins, Andre DeHon, Delphine Demange, Catalin Hritcu, David Pichardie, Benjamin C. Pierce, Randy Pollack, and Andrew Tolmach. Proceedings of the 41st Symposium on Principles of Programming Languages, POPL, January 2014. (ID#:14-1204) Available at: http://prosecco.gforge.inria.fr/personal/hritcu/publications/verified-ifc-draft.pdf The authors present a formal, machine-checked model of selected hardware and software elements that control information flow in SAFE.
  • "System regression test planning with a fuzzy expert system". Zhiwei Xu; Kehan Gao; Taghi M. Khoshgoftaar; Naeem Seliya. Information Sciences. 2014;259:532-543. (ID#:14-1206) Available at: http://www.sciencedirect.com/science/article/pii/S0020025510004524 (fee required) The authors propose the use of fuzzy systems to offset the problem of test case selection in the absence of source code analysis.
  • "CILogon: A Federated X.509 Certification Authority for CyberInfrastructure Logon," Jim Basney, Terry Fleury, and Jeff Gaynor . XSEDE Conference, July 2013, San Diego, CA. (ID#:14-1207) Available at: http://dl.acm.org/citation.cfm?id=2484791&CFID=412526834&CFTOKEN=85385041 (fee required) This article presents the CILogon service and what has been learned during the first three years of its operation.
  • "Comparing Approaches to Analyze Refactoring Activity on Software Repositories". Gustavo Soares, Rohit Gheyi, Emerson Murphy-Hill, and Brittany Johnson. Journal of Systems and Software, 2013. (ID#:14-1209) Available at: http://people.engr.ncsu.edu/ermurph3/papers/jss12.pdf


Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.


Virtual Machines

Virtual Machines


The use of virtual machines, that is, software-based emulations of a computer, holds promise for security applications. But virtual machines are often less efficient than actual machines. Security research in this area has begun to focus on large scale applications of virtual machines in cloud computing. Specific works cited address mash-up services, data center migration, and data center federations and networks.

  • "Remote and deep attestations to mitigate threats in Cloud Mash-Up services," Celesti, A.; Fazio, M.; Villari, M.; Puliafito, A.; Mulfari, D., Computer and Information Technology (WCCIT), 2013 World Congress on , vol., no., pp.1,6, 22-24 June 2013. (ID#:14-1299) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6618763&isnumber=6618649 Security concerns surrounding the widespread adoption of cloud computing is discussed in this paper, particularly by enterprises who must ensure the confidentiality and integrity of classified data. This paper discusses the role of Trusted Computing in the emergence of cloud mash-up services. The role that Remote and Deep Attestation protocols play in the physical and virtual security of cloud computing is also discussed in terms of a federated environment..
  • "Joint study on optimizations of data center deployment, VM assignment and migration," Yin Li; Min Yao; Chuang Lin, Quality of Service (IWQoS), 2013 IEEE/ACM 21st International Symposium on , vol., no., pp.1,10, 3-4 June 2013. (ID#:14-1300) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6550271&isnumber=6550252 Enterprises build private clouds to provide IT resources for geographically distributed subsidiaries or product divisions. Public cloud providers like Amazon [1] lease their platforms to enterprise users, thus, enterprises can also rent a number of virtual machines (VMs) from their data centers in the service provider networks. Unfortunately, the networks cannot always guarantee stable connectivity for their clients to access the VMs or low-latency transfer among data centers. Usually, latency and bandwidth are in an uncertain network environment. Being affected by background traffics, the network status can be volatile. To reduce the latency of client accesses, enterprises should consider the network status when they deploy data centers or rent virtual data centers from cloud providers. In this paper, we first develop a long-term oblivious data center deployment scheme for an enterprise to meet its client requirements under uncertain network status. Then, we design the optimal VM assignment schemes to assign VMs residing on each data center to each client in the enterprise. To accommodate to the changes of the network status, a VM migration scheme is adopted. The latter two schemes are short-term optimizations given the data center deployment policy. The two-time-scale optimizations work in a joint way, and lay down a framework to help enterprises make better use of private clouds or public clouds.
  • "Cross-stratum orchestration and flexgrid optical networks for data center federations," Velasco, L.; Asensio, A.; Castro, A.; Berral, J.L.; Carrera, D.; Lopez, V.; Fernandez-palacios, J.P., Network, IEEE , vol.27, no.6, pp.23,30, November-December 2013. (ID#:14-1301) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6678923&isnumber=6678916 Current inter-data-center connections are configured as static big fat pipes, which entails large bit rate over-provisioning and thus high operational costs for DC operators. On the other hand, network operators cannot share such connections between customers, because DC traffic varies greatly over time. Those connections are used to perform virtual machine migration and database synchronization among federated DCs, allowing elastic DC operations. To improve resource utilization and save costs, dynamic inter-DC connectivity is currently being targeted from a research point of view and in standardization form. In this article, we show that dynamic connectivity is not enough to guarantee elastic DC operations and might lead to poor performance provided that not enough overprovisioning of network resources is performed. To alleviate it to some extent, we propose using the flexgrid optical technology that enables finer spectrum granularity adaptation and the ability to dynamically increase and decrease the amount of optical resources assigned to connections. DCs can be interconnected through a flexgrid-based network controlled using a centralized software defined network, based on the architecture currently being proposed by the IETF; a cross-stratum orchestrator architecture coordinates DC and network elastically. Illustrative results show that dynamic elastic connectivity provides benefits by reducing the amount of overprovisioned network resources and facilitating elastic DC operations.
  • Pi-Chung Wang, "Scalable Packet Classification for Datacenter Networks," Selected Areas in Communications, IEEE Journal on , vol.32, no.1, pp.124,137, January 2014. (ID#:14-1302) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6689489&isnumber=6689238 The key challenge to a datacenter network is its scalability to handle many customers and their applications. In a datacenter network, packet classification plays an important role in supporting various network services. Previous algorithms store classification rules with the same length combinations in a hash table to simplify the search procedure. The search performance of hash-based algorithms is tied to the number of hash tables. To achieve fast and scalable packet classification, we propose an algorithm, encoded rule expansion, to transform rules into an equivalent set of rules with fewer distinct length combinations, without affecting the classification results. The new algorithm can minimize the storage penalty of transformation and achieve a short search time. In addition, the scheme supports fast incremental updates. Our simulation results show that more than 90% hash tables can be eliminated. The reduction of length combinations leads to an improvement on speed performance of packet classification by an order of magnitude. The results also show that the software implementation of our scheme without using any hardware parallelism can support up to one thousand customer VLANs and one million rules, where each rule consumes less than 60 bytes and each packet classification can be accomplished under 50 memory accesses.
  • "Challenges in Implementing Cache-Based Side Channel Attacks on Modern Processors," Gajrani, J.; Mazumdar, P.; Sharma, S.; Menezes, B., VLSI Design and 2014 13th International Conference on Embedded Systems, 2014. 27th International Conference on , vol., no., pp.222,227, 5-9 Jan. 2014. (ID#:14-1303) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6733134&isnumber=6733066 .This paper discusses the prevalence of side channel attacks, which exploit information gathered from hardware - such as power usage and timing, in order to compromise a system. This paper delves into existing research on cache-based side channel attacks on AES software implementation. These attacks are particularly noted in the cloud environment, as further detailed in the paper.This paper discusses the prevalence of side channel attacks, which exploit information gathered from hardware - such as power usage and timing, in order to compromise a system. This paper delves into existing research on cache-based side channel attacks on AES software implementation. These attacks are particularly noted in the cloud environment, as further detailed in the paper.
  • "A paravirtualized file system for accelerating file I/O," Kihong Lee; Dongwoo Lee; Young Ik Eom, Big Data and Smart Computing (BIGCOMP), 2014 International Conference on , vol., no., pp.309,313, 15-17 Jan. 2014 (ID#:14-1304) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6741459&isnumber=6741395 Virtualization performance has significantly increased due to recent technological advances, yet suffers from associated CPU and I/O strain. This paper details improvements for virtualized I/O performance through use of a dedicated thread, a paravirtualized file system, and shared queue, in order to eliminiate strain associated to processes like mode switching.
  • "Novel approach for security in Wireless Sensor Network using bio-inspirations," Rathore, H.; Badarla, V.; Jha, S.; Gupta, A., Communication Systems and Networks (COMSNETS), 2014 Sixth International Conference on , vol., no., pp.1,8, 6-10 Jan. 2014. (ID#:14-1305) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6734875&isnumber=6734849 This paper places into conversation the similarities between compromised computer networks and a human body fighting pathogens. The authenticity and intergrity of a Wireless Sensor Network (WSN), which senses physical specifications through sensor devices connected to nodes, may be compromised over time, and spurred the inspiration for using biology as a basis for combating these security threats. This paper discusses the use of machine learning to help detect and classify bogus nodes, as a threatened immune system might defend the human body from pathogenic viruses.
  • "Whispers in the Hyper-Space: High-Bandwidth and Reliable Covert Channel Attacks Inside the Cloud," Wu, Z.; Xu, Z.; Wang, H., Networking, IEEE/ACM Transactions on , vol.PP, no.99, pp.1,1 2014. (ID#:14-1306) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6744676&isnumber=4359146 Privacy and information security in general are major concerns that impede enterprise adaptation of shared or public cloud computing. Specifically, the concern of virtual machine (VM) physical co-residency stems from the threat that hostile tenants can leverage various forms of side channels (such as cache covert channels) to exfiltrate sensitive information of victims on the same physical system. However, on virtualized x86 systems, covert channel attacks have not yet proven to be practical, and thus the threat is widely considered a "potential risk." In this paper, we present a novel covert channel attack that is capable of high-bandwidth and reliable data transmission in the cloud. We first study the application of existing cache channel techniques in a virtualized environment and uncover their major insufficiency and difficulties. We then overcome these obstacles by: 1) redesigning a pure timing-based data transmission scheme, and 2) exploiting the memory bus as a high-bandwidth covert channel medium. We further design and implement a robust communication protocol and demonstrate realistic covert channel attacks on various virtualized x86 systems. Our experimental results show that covert channels do pose serious threats to information security in the cloud. Finally, we discuss our insights on covert channel mitigation in virtualized environments.
  • "DR-Cloud: Multi-cloud based disaster recovery service," Gu, Yu; Wang, Dongsheng; Liu, Chuanyi, Tsinghua Science and Technology, vol.19, no.1, pp.13,23, Feb. 2014. (ID#:14-1307) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6733204&isnumber=6733199 This paper discusses disaster recovery in a cloud computing environment, an essential topic accompanying the rise and widespread use of the cloud in industry and academia. This paper details DR-Cloud, a disaster recovery service model that utilizes multiple cloud service providers and varying optimization scheduling methods.
  • "A Compressive Sensing Based Secure Watermark Detection and Privacy Preserving Storage Framework," Qia Wang; Wenjun Zeng; Jun Tian, Image Processing, IEEE Transactions on , vol.23, no.3, pp.1317,1328, March 2014. (ID#:14-1308) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6705663&isnumber=6717077 Privacy is a critical issue when the data owners outsource data storage or processing to a third party computing service, such as the cloud. In this paper, we identify a cloud computing application scenario that requires simultaneously performing secure watermark detection and privacy preserving multimedia data storage. We then propose a compressive sensing (CS)-based framework using secure multiparty computation (MPC) protocols to address such a requirement. In our framework, the multimedia data and secret watermark pattern are presented to the cloud for secure watermark detection in a CS domain to protect the privacy. During CS transformation, the privacy of the CS matrix and the watermark pattern is protected by the MPC protocols under the semi-honest security model. We derive the expected watermark detection performance in the CS domain, given the target image, watermark pattern, and the size of the CS matrix (but without the CS matrix itself). The correctness of the derived performance has been validated by our experiments. Our theoretical analysis and experimental results show that secure watermark detection in the CS domain is feasible. Our framework can also be extended to other collaborative secure signal processing and data-mining applications in the cloud.
  • "Graphical Password Authentication: Cloud Securing Scheme," Gurav, Shraddha M.; Gawade, Leena S.; Rane, Prathamey K.; Khochare, Nilesh R., Electronic Systems, Signal Processing and Computing Technologies (ICESC), 2014 International Conference on , vol., no., pp.479,483, 9-11 Jan. 2014. (ID#:14-1309) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6745426&isnumber=6745317 This article discusses increased vulnerability of applications when authentication is made user-friendly, as well as the proposed use of graphical passwords in a cloud environment. Alphanumeric passwords have proved aggravating to remember for some users, prompting the discussion of using images as passwords, which are more easily remembered than number and/or letter combinations.
  • "Hilbert-curve based cryptographic transformation scheme for protecting data privacy on outsourced private spatial data," Kim, Hyeong-Il; Hong, Seung-Tae; Chang, Jae-Woo, Big Data and Smart Computing (BIGCOMP), 2014 International Conference on , vol., no., pp.77,82, 15-17 Jan. 2014. (ID#:14-1310) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6741411&isnumber=6741395 With the rise and widespread adoption of cloud environments, the concern has now shifted to the practice of outsourcing databases containing sensitive information. This article recognizes that, while attempting to censor location data privacy, current methods are easily bypassed and exploited. This paper proposes a novel cryptographic transformation scheme, using local clustering based on the Hilbert curve, to bolster security for data privacy, and decrease query processing time.
  • "An Approach to Balance the Load with Security for Distributed File System in Cloud," Chiwande, Vidya N.; Tayal, Animesh R., Electronic Systems, Signal Processing and Computing Technologies (ICESC), 2014 International Conference on, pp.266,270, 9-11 Jan. 2014. (ID#:14-1311) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6745385&isnumber=6745317 This paper highlights the challenges surrounding the secure use of distributed file systems, particularly the issue of load imbalance whenever nodes are upgraded, replaced, or included. The authors propose a novel load rebalancing algorithm, focusing on preventing imbalance for the central node. By using Hadoop, the authors combat associated security challenges with the use of Kerberos authentication protocol.
  • "Collaborative network security in multi-tenant data center for cloud computing," Chen, Zhen; Dong, Wenyu; Li, Hang; Zhang, Peng; Chen, Xinming; Cao, Junwei, Tsinghua Science and Technology , vol.19, no.1, pp.82,94, Feb. 2014. (ID#:14-1312) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6733211&isnumber=6733199 This paper discusses using shared cloud service infrastructure, and the challenges this poses in terms of respective security requirements for respective clients using the same service. This paper proposes a group-effort network security prototype system, called vCNSMS, used in conjunction with an open source UTM system for packet review. Different levels of security are accompanied by associated packet review schemes, and intelligence flow is monitored using a smart packet scheme to help prevent networks attack from within the data center network.
  • "Confidentiality-Preserving Image Search: A Comparative Study Between Homomorphic Encryption and Distance-Preserving Randomization," Lu, W.; Varna, A.L.; Wu, M., Access, IEEE , vol.2, no., pp.125,141, 2014. (ID#:14-1313) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6746001&isnumber=6705689 Recent years have seen increasing popularity of storing and managing personal multimedia data using online services. Preserving confidentiality of online personal data while offering efficient functionalities thus becomes an important and pressing research issue. In this paper, we study the problem of content-based search of image data archived online while preserving content confidentiality. The problem has different settings from those typically considered in the secure computation literature, as it deals with data in rank-ordered search, and has a different security-efficiency requirement. Secure computation techniques, such as homomorphic encryption, can potentially be used in this application, at a cost of high computational and communication complexity. Alternatively, efficient techniques based on randomizing visual feature and search indexes have been proposed recently to enable similarity comparison between encrypted images. This paper focuses on comparing these two major paradigms of techniques, namely, homomorphic encryption-based techniques and feature/index randomization-based techniques, for confidentiality-preserving image search. We develop novel and systematic metrics to quantitatively evaluate security strength in this unique type of data and applications. We compare these two paradigms of techniques in terms of their search performance, security strength, and computational efficiency. The insights obtained through this paper and comparison will help design practical algorithms appropriate for privacy-aware cloud multimedia systems.
  • "Shared Authority Based Privacy-preserving Authentication Protocol in Cloud Computing," Liu, H.; Ning, H.; Xiong, Q.; Yang, L.T., Parallel and Distributed Systems, IEEE Transactions on , vol.PP, no.99, pp.1,1 2014. (ID#:14-1314) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6748054&isnumber=4359390 Cloud computing is emerging as a prevalent data interactive paradigm to realize users' data remotely stored in an online cloud server. Cloud services provide great conveniences for the users to enjoy the on-demand cloud applications without considering the local infrastructure limitations. During the data accessing, different users may be in a collaborative relationship, and thus data sharing becomes significant to achieve productive benefits. The existing security solutions mainly focus on the authentication to realize that a user's privative data cannot be unauthorized accessed, but neglect a subtle privacy issue during a user challenging the cloud server to request other users for data sharing. The challenged access request itself may reveal the user's privacy no matter whether or not it can obtain the data access permissions. In this paper, we propose a shared authority based privacy-preserving authentication protocol (SAPA) to address above privacy issue for cloud storage. In the SAPA, 1) shared access authority is achieved by anonymous access request matching mechanism with security and privacy considerations (e.g., authentication, data anonymity, user privacy, and forward security); 2) attribute based access control is adopted to realize that the user can only access its own data fields; 3) proxy re-encryption is applied by the cloud server to provide data sharing among the multiple users. Meanwhile, universal composability (UC) model is established to prove that the SAPA theoretically has the design correctness. It indicates that the proposed protocol realizing privacy-preserving data access authority sharing, is attractive for multi-user collaborative cloud applications.
  • "A privacy-aware query authentication index for database outsourcing," Miyoung Jang; Min Yoon; Jae-Woo Chang, Big Data and Smart Computing (BIGCOMP), 2014 International Conference on , pp.72,76, 15-17 Jan. 2014. (ID#:14-1315) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6741410&isnumber=6741395 This paper discusses the concern of data confidentiality and query result integrity for outsourced databases, especially with the increasing popularity of cloud computing. Existing methods, such as bucket-based authentication, are considered to be relatively vulnerable. This paper proposes a query authentication method, which utilizes a periodic data grouping scheme to divide a spatial database into groups with a unique signature. The group signature is then used to verify outsourced data in range query replies to clients.

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.