Visible to the public Biblio

Filters: Keyword is Network Accountability  [Clear All Filters]
2021-02-23
Fan, W., Chang, S.-Y., Emery, S., Zhou, X..  2020.  Blockchain-based Distributed Banking for Permissioned and Accountable Financial Transaction Processing. 2020 29th International Conference on Computer Communications and Networks (ICCCN). :1—9.

Distributed banking platforms and services forgo centralized banks to process financial transactions. For example, M-Pesa provides distributed banking service in the developing regions so that the people without a bank account can deposit, withdraw, or transfer money. The current distributed banking systems lack the transparency in monitoring and tracking of distributed banking transactions and thus do not support auditing of distributed banking transactions for accountability. To address this issue, this paper proposes a blockchain-based distributed banking (BDB) scheme, which uses blockchain technology to leverage its built-in properties to record and track immutable transactions. BDB supports distributed financial transaction processing but is significantly different from cryptocurrencies in its design properties, simplicity, and computational efficiency. We implement a prototype of BDB using smart contract and conduct experiments to show BDB's effectiveness and performance. We further compare our prototype with the Ethereum cryptocurrency to highlight the fundamental differences and demonstrate the BDB's superior computational efficiency.

Patil, A., Jha, A., Mulla, M. M., Narayan, D. G., Kengond, S..  2020.  Data Provenance Assurance for Cloud Storage Using Blockchain. 2020 International Conference on Advances in Computing, Communication Materials (ICACCM). :443—448.

Cloud forensics investigates the crime committed over cloud infrastructures like SLA-violations and storage privacy. Cloud storage forensics is the process of recording the history of the creation and operations performed on a cloud data object and investing it. Secure data provenance in the Cloud is crucial for data accountability, forensics, and privacy. Towards this, we present a Cloud-based data provenance framework using Blockchain, which traces data record operations and generates provenance data. Initially, we design a dropbox like application using AWS S3 storage. The application creates a cloud storage application for the students and faculty of the university, thereby making the storage and sharing of work and resources efficient. Later, we design a data provenance mechanism for confidential files of users using Ethereum blockchain. We also evaluate the proposed system using performance parameters like query and transaction latency by varying the load and number of nodes of the blockchain network.

Wöhnert, S.-J., Wöhnert, K. H., Almamedov, E., Skwarek, V..  2020.  Trusted Video Streams in Camera Sensor Networks. 2020 IEEE 18th International Conference on Embedded and Ubiquitous Computing (EUC). :17—24.

Proof of integrity in produced video data by surveillance cameras requires active forensic methods such as signatures, otherwise authenticity and integrity can be comprised and data becomes unusable e. g. for legal evidence. But a simple file- or stream-signature loses its validity when the stream is cut in parts or by separating data and signature. Using the principles of security in distributed systems similar to those of blockchain and distributed ledger technologies (BC/DLT), a chain which consists of the frames of a video which frame hash values will be distributed among a camera sensor network is presented. The backbone of this Framechain within the camera sensor network will be a camera identity concept to ensure accountability, integrity and authenticity according to the extended CIA triad security concept. Modularity by secure sequences, autarky in proof and robustness against natural modulation of data are the key parameters of this new approach. It allows the standalone data and even parts of it to be used as hard evidence.

Gaber, C., Vilchez, J. S., Gür, G., Chopin, M., Perrot, N., Grimault, J.-L., Wary, J.-P..  2020.  Liability-Aware Security Management for 5G. 2020 IEEE 3rd 5G World Forum (5GWF). :133—138.

Multi-party and multi-layer nature of 5G networks implies the inherent distribution of management and orchestration decisions across multiple entities. Therefore, responsibility for management decisions concerning end-to-end services become blurred if no efficient liability and accountability mechanism is used. In this paper, we present the design, building blocks and challenges of a Liability-Aware Security Management (LASM) system for 5G. We describe how existing security concepts such as manifests and Security-by-Contract, root cause analysis, remote attestation, proof of transit, and trust and reputation models can be composed and enhanced to take risk and responsibilities into account for security and liability management.

Singh, A. K..  2020.  A Multi-Layered Network Model for Blockchain Based Security Surveillance system. 2020 IEEE International Conference for Innovation in Technology (INOCON). :1—5.

Blockchain technology is a decentralized ledger of all transactions across peer to peer network. Being decentralized in nature, a blockchain is highly secure as no single user can alter or remove an entry in the blockchain. The security of office premises and data is a very major concern for any organization. This paper majorly focuses on its application of blockchain technology in security surveillance. This paper proposes a blockchain based multi level network model for security surveillance system. The proposed system architecture is composed of different blockchain based systems connected to a multi level decentralized blockchain system to insure authentication, secure storage, Integrity and accountability.

Liu, W., Park, E. K., Krieger, U., Zhu, S. S..  2020.  Smart e-Health Security and Safety Monitoring with Machine Learning Services. 2020 29th International Conference on Computer Communications and Networks (ICCCN). :1—6.

This research provides security and safety extensions to a blockchain based solution whose target is e-health. The Advanced Blockchain platform is extended with intelligent monitoring for security and machine learning for detecting patient treatment medication safety issues. For the reasons of stringent HIPAA, HITECH, EU-GDPR and other regional regulations dictating security, safety and privacy requirements, the e-Health blockchains have to cover mandatory disclosure of violations or enforcements of policies during transaction flows involving healthcare. Our service solution further provides the benefits of resolving the abnormal flows of a medical treatment process, providing accountability of the service providers, enabling a trust health information environment for institutions to handle medication safely, giving patients a better safety guarantee, and enabling the authorities to supervise the security and safety of e-Health blockchains. The capabilities can be generalized to support a uniform smart solution across industry in a variety of blockchain applications.

Gamba, J., Rashed, M., Razaghpanah, A., Tapiador, J., Vallina-Rodriguez, N..  2020.  An Analysis of Pre-installed Android Software. 2020 IEEE Symposium on Security and Privacy (SP). :1039—1055.

The open-source nature of the Android OS makes it possible for manufacturers to ship custom versions of the OS along with a set of pre-installed apps, often for product differentiation. Some device vendors have recently come under scrutiny for potentially invasive private data collection practices and other potentially harmful or unwanted behavior of the preinstalled apps on their devices. Yet, the landscape of preinstalled software in Android has largely remained unexplored, particularly in terms of the security and privacy implications of such customizations. In this paper, we present the first large- scale study of pre-installed software on Android devices from more than 200 vendors. Our work relies on a large dataset of real-world Android firmware acquired worldwide using crowd-sourcing methods. This allows us to answer questions related to the stakeholders involved in the supply chain, from device manufacturers and mobile network operators to third- party organizations like advertising and tracking services, and social network platforms. Our study allows us to also uncover relationships between these actors, which seem to revolve primarily around advertising and data-driven services. Overall, the supply chain around Android's open source model lacks transparency and has facilitated potentially harmful behaviors and backdoored access to sensitive data and services without user consent or awareness. We conclude the paper with recommendations to improve transparency, attribution, and accountability in the Android ecosystem.

Olowononi, F. O., Rawat, D. B., Liu, C..  2020.  Dependable Adaptive Mobility in Vehicular Networks for Resilient Mobile Cyber Physical Systems. 2020 IEEE International Conference on Communications Workshops (ICC Workshops). :1—6.

Improved safety, high mobility and environmental concerns in transportation systems across the world and the corresponding developments in information and communication technologies continue to drive attention towards Intelligent Transportation Systems (ITS). This is evident in advanced driver-assistance systems such as lane departure warning, adaptive cruise control and collision avoidance. However, in connected and autonomous vehicles, the efficient functionality of these applications depends largely on the ability of a vehicle to accurately predict it operating parameters such as location and speed. The ability to predict the immediate future/next location (or speed) of a vehicle or its ability to predict neighbors help in guaranteeing integrity, availability and accountability, thus boosting safety and resiliency of the Vehicular Network for Mobile Cyber Physical Systems (VCPS). In this paper, we proposed a secure movement-prediction for connected vehicles by using Kalman filter. Specifically, Kalman filter predicts the locations and speeds of individual vehicles with reference to already observed and known information such posted legal speed limit, geographic/road location, direction etc. The aim is to achieve resilience through the predicted and exchanged information between connected moving vehicles in an adaptive manner. By being able to predict their future locations, the following vehicle is able to adjust its position more accurately to avoid collision and to ensure optimal information exchange among vehicles.

Mukhametov, D. R..  2020.  Self-organization of Network Communities via Blockchain Technology: Reputation Systems and Limits of Digital Democracy. 2020 Systems of Signal Synchronization, Generating and Processing in Telecommunications (SYNCHROINFO). :1—7.

The article is devoted to the analysis of the use of blockchain technology for self-organization of network communities. Network communities are characterized by the key role of trust in personal interactions, the need for repeated interactions, strong and weak ties within the network, social learning as the mechanism of self-organization. Therefore, in network communities reputation is the central component of social action, assessment of the situation, and formation of the expectations. The current proliferation of virtual network communities requires the development of appropriate technical infrastructure in the form of reputation systems - programs that provide calculation of network members reputation and organization of their cooperation and interaction. Traditional reputation systems have vulnerabilities in the field of information security and prevention of abusive behavior of agents. Overcoming these restrictions is possible through integration of reputation systems and blockchain technology that allows to increase transparency of reputation assessment system and prevent attempts of manipulation the system and social engineering. At the same time, the most promising is the use of blockchain-oracles to ensure communication between the algorithms of blockchain-based reputation system and the external information environment. The popularization of blockchain technology and its implementation in various spheres of social management, production control, economic exchange actualizes the problems of using digital technologies in political processes and their impact on the formation of digital authoritarianism, digital democracy and digital anarchism. The paper emphasizes that blockchain technology and reputation systems can equally benefit both the resources of government control and tools of democratization and public accountability to civil society or even practices of avoiding government. Therefore, it is important to take into account the problems of political institutionalization, path dependence and the creation of differentiated incentives as well as the technological aspects.

Cushing, R., Koning, R., Zhang, L., Laat, C. d, Grosso, P..  2020.  Auditable secure network overlays for multi-domain distributed applications. 2020 IFIP Networking Conference (Networking). :658—660.

The push for data sharing and data processing across organisational boundaries creates challenges at many levels of the software stack. Data sharing and processing rely on the participating parties agreeing on the permissible operations and expressing them into actionable contracts and policies. Converting these contracts and policies into a operational infrastructure is still a matter of research and therefore begs the question how should a digital data market place infrastructure look like? In this paper we investigate how communication fabric and applications can be tightly coupled into a multi-domain overlay network which enforces accountability. We prove our concepts with a prototype which shows how a simple workflow can run across organisational boundaries.

2020-05-22
Shah, Mujahid, Ahmed, Sheeraz, Saeed, Khalid, Junaid, Muhammad, Khan, Hamayun, Ata-ur-rehman.  2019.  Penetration Testing Active Reconnaissance Phase – Optimized Port Scanning With Nmap Tool. 2019 2nd International Conference on Computing, Mathematics and Engineering Technologies (iCoMET). :1—6.

Reconnaissance might be the longest phase, sometimes take weeks or months. The black hat makes use of passive information gathering techniques. Once the attacker has sufficient statistics, then the attacker starts the technique of scanning perimeter and internal network devices seeking out open ports and related services. In this paper we are showing traffic accountability and time to complete the specific task during reconnaissance phase active scanning with nmap tool and proposed strategies that how to deal with large volumes of hosts and conserve network traffic as well as time of the specific task.

Chen, Jing, Tong, Wencan, Li, Xiaojian, Jiang, Yiyi, Zhu, Liyu.  2019.  A Survey of Time-varying Structural Modeling to Accountable Cloud Services. 2019 IEEE International Conference on Computation, Communication and Engineering (ICCCE). :9—12.

Cloud service has the computing characteristics of self-organizing strain on demand, which is prone to failure or loss of responsibility in its extensive application. In the prediction or accountability of this, the modeling of cloud service structure becomes an insurmountable priority. This paper reviews the modeling of cloud service network architecture. It mainly includes: Firstly, the research status of cloud service structure modeling is analyzed and reviewed. Secondly, the classification of time-varying structure of cloud services and the classification of time-varying structure modeling methods are summarized as a whole. Thirdly, it points out the existing problems. Finally, for cloud service accountability, research approach of time-varying structure modeling is proposed.

Sneps-Sneppe, Manfred, Namiot, Dmitry.  2019.  The curse of software: Pentagon telecommunications case. 2019 International Symposium on Systems Engineering (ISSE). :1—8.

A main goal of the paper is to discuss the world telecommunications strategy in transition to the IP world. The paper discuss the shifting from circuit switching to packet switching in telecommunications and show the main obstacle is excessive software. As a case, we are passing through the three generations of American military communications: (1) implementation of signaling protocol SS7 and Advanced Intelligent Network, (2) transformation from SS7 to IP protocol and, finally, (3) the extremely ambitious cybersecurity issues. We use the newer unclassified open Defense Information Systems Agency documents, particularly: Department of Defense Information Enterprise Architecture; Unified Capabilities the Army. We discuss the newer US Government Accountability Office (2018) report on military equipment cyber vulnerabilities.

Desmoulins, Nicolas, Diop, Aïda, Rafflé, Yvan, Traoré, Jacques, Gratesac, Josselin.  2019.  Practical Anonymous Attestation-based Pseudonym Schemes for Vehicular Networks. 2019 IEEE Vehicular Networking Conference (VNC). :1—8.

Vehicular communication systems increase traffic efficiency and safety by allowing vehicles to share safety-related information and location-based services. Pseudonym schemes are the standard solutions providing driver/vehicle anonymity, whilst enforcing vehicle accountability in case of liability issues. State-of-the-art PKI-based pseudonym schemes present scalability issues, notably due to the centralized architecture of certificate-based solutions. The first Direct Anonymous Attestation (DAA)-based pseudonym scheme was introduced at VNC 2017, providing a decentralized approach to the pseudonym generation and update phases. The DAA-based construction leverages the properties of trusted computing, allowing vehicles to autonomously generate their own pseudonyms by using a (resource constrained) Trusted Hardware Module or Component (TC). This proposition however requires the TC to delegate part of the (heavy) pseudonym generation computations to the (more powerful) vehicle's On-Board Unit (OBU), introducing security and privacy issues in case the OBU becomes compromised. In this paper, we introduce a novel pseudonym scheme based on a variant of DAA, namely a pre-DAA-based pseudonym scheme. All secure computations in the pre-DAA pseudonym lifecycle are executed by the secure element, thus creating a secure enclave for pseudonym generation, update, and revocation. We instantiate vehicle-to-everything (V2X) with our pre-DAA solution, thus ensuring user anonymity and user-controlled traceability within the vehicular network. In addition, the pre-DAA-based construction transfers accountability from the vehicle to the user, thus complying with the many-to-many driver/vehicle relation. We demonstrate the efficiency of our solution with a prototype implementation on a standard Javacard (acting as a TC), showing that messages can be anonymously signed and verified in less than 50 ms.

Wu, Boyang, Li, Hewu, Wu, Qian.  2019.  Extending Authentication Mechanism to Cooperate with Accountable Address Assignment. 2019 IEEE Wireless Communications and Networking Conference (WCNC). :1—7.

Lack of effective accountability mechanisms brings a series of security problems for Internet today. In Next Generation Internet based on IPv6, the system of identity authentication and IP verification is the key to accounting ability. Source Address Validation Improvement (SAVI) can protect IP source addresses from being faked. But without identity authentication mechanism and certain relationship between IP and accountable identity, the accountability is still unreliable. To solve this problem, most research focus on embedding accountable identity into IP address which need either changing DHCP client or twice DHCP request process due to the separate process of user authentication and address assignment. Different from previous research, this paper first analyzes the problems and requirements of combining Web Portal or 802.1X, two main identity authentication mechanism (AAA), with the accountable address assignment in SAVI frame-work. Then a novel Cooperative mechanism for Accountable IP address assignment (CAIP) is proposed based on 802.1X and SAVI, which takes into account the validation of IP address, the authenticity and accountability of identity at the same time. Finally, we build up prototype system for both Fat AP and Thin AP wireless scenarios and simulate the performance of CAIP through large-scale campus networks' data logs. The experiment result shows that the IP addresses and identities in CAIP are protective and accountable. Compared with other previous research, CAIP is not only transparent to the terminals and networks, but also low impact on network equipment, which makes CAIP easy deployment with high compatibility and low cost.

Almashaqbeh, Ghada, Kelley, Kevin, Bishop, Allison, Cappos, Justin.  2019.  CAPnet: A Defense Against Cache Accounting Attacks on Content Distribution Networks. 2019 IEEE Conference on Communications and Network Security (CNS). :250—258.

Peer-assisted content distribution networks (CDNs)have emerged to improve performance and reduce deployment costs of traditional, infrastructure-based content delivery networks. This is done by employing peer-to-peer data transfers to supplement the resources of the network infrastructure. However, these hybrid systems are vulnerable to accounting attacks in which the peers, or caches, collude with clients in order to report that content was transferred when it was not. This is a particular issue in systems that incentivize cache participation, because malicious caches may collect rewards from the content publishers operating the CDN without doing any useful work. In this paper, we introduce CAPnet, the first technique that lets untrusted caches join a peer-assisted CDN while providing a bound on the effectiveness of accounting attacks. At its heart is a lightweight cache accountability puzzle that clients must solve before caches are given credit. This puzzle requires colocating the data a client has requested, so its solution confirms that the content has actually been retrieved. We analyze the security and overhead of our scheme in realistic scenarios. The results show that a modest client machine using a single core can solve puzzles at a rate sufficient to simultaneously watch dozens of 1080p videos. The technique is designed to be even more scalable on the server side. In our experiments, one core of a single low-end machine is able to generate puzzles for 4.26 Tbps of bandwidth - enabling 870,000 clients to concurrently view the same 1080p video. This demonstrates that our scheme can ensure cache accountability without degrading system productivity.

Jaiswal, Supriya, Ballal, Makarand Sudhakar.  2019.  A Novel Online Technique for Fixing the Accountability of Harmonic Injector in Distribution Network. 2019 Innovations in Power and Advanced Computing Technologies (i-PACT). 1:1—7.

Harmonic distortions come into existence in the power system not only due to nonlinear loads of consumers but also due to custom power devices used by power utilities. These distortions are harmful to the power networks as these produce over heating of appliances, reduction in their life expectancy, increment in electricity bill, false tripping, etc. This paper presents an effective, simple and direct approach to identify the problematic cause either consumer load or utility source or both responsible for harmonics injection in the power system. This technique does not require mathematical model, historical data and expert knowledge. The online methodology is developed in the laboratory and tested for different polluted loads and source conditions. Experimental results are found satisfactory. This proposed technique has substantial potential to determine the problematic cause without any power interruption by plug and play operation just like CCTV.

Jemal, Jay, Kornegay, Kevin T..  2019.  Security Assessment of Blockchains in Heterogenous IoT Networks : Invited Presentation. 2019 53rd Annual Conference on Information Sciences and Systems (CISS). :1—4.

As Blockchain technology become more understood in recent years and its capability to solve enterprise business use cases become evident, technologist have been exploring Blockchain technology to solve use cases that have been daunting industries for years. Unlike existing technologies, one of the key features of blockchain technology is its unparalleled capability to provide, traceability, accountability and immutable records that can be accessed at any point in time. One application area of interest for blockchain is securing heterogenous networks. This paper explores the security challenges in a heterogonous network of IoT devices and whether blockchain can be a viable solution. Using an experimental approach, we explore the possibility of using blockchain technology to secure IoT devices, validate IoT device transactions, and establish a chain of trust to secure an IoT device mesh network, as well as investigate the plausibility of using immutable transactions for forensic analysis.

2020-05-11
Tabiban, Azadeh, Majumdar, Suryadipta, Wang, Lingyu, Debbabi, Mourad.  2018.  PERMON: An OpenStack Middleware for Runtime Security Policy Enforcement in Clouds. 2018 IEEE Conference on Communications and Network Security (CNS). :1–7.

To ensure the accountability of a cloud environment, security policies may be provided as a set of properties to be enforced by cloud providers. However, due to the sheer size of clouds, it can be challenging to provide timely responses to all the requests coming from cloud users at runtime. In this paper, we design and implement a middleware, PERMON, as a pluggable interface to OpenStack for intercepting and verifying the legitimacy of user requests at runtime, while leveraging our previous work on proactive security verification to improve the efficiency. We describe detailed implementation of the middleware and demonstrate its usefulness through a use case.

Üzüm, İbrahim, Can, Özgü.  2018.  An anomaly detection approach for enterprise file integration. 2018 6th International Symposium on Digital Forensic and Security (ISDFS). :1–4.
An information system based on real-time file integrations has an important role in today's organizations' work process management. By connecting to the network, file flow and integration between corporate systems have gained a great significance. In addition, network and security issues have emerged depending on the file structure and transfer processes. Thus, there has become a need for an effective and self-learning anomaly detection module for file transfer processes in order to provide the persistence of integration channels, accountability of transfer logs and data integrity. This paper proposes a novel anomaly detection approach that focuses on file size and integration duration of file transfers between enterprise systems. For this purpose, size and time anomalies on transferring files will be detected by a machine learning-based structure. Later, an alarm system is going to be developed in order to inform the authenticated individuals about the anomalies.
Memon, Raheel Ahmed, Li, Jianping, Ahmed, Junaid, Khan, Asif, Nazir, M. Irshad, Mangrio, M. Ismail.  2018.  Modeling of Blockchain Based Systems Using Queuing Theory Simulation. 2018 15th International Computer Conference on Wavelet Active Media Technology and Information Processing (ICCWAMTIP). :107–111.
Blockchain is the one of leading technology of this time; it has started to revolutionize several fields like, finance, business, industry, smart home, healthcare, social networks, Internet and the Internet of Things. It has many benefits like, decentralized network, robustness, availability, stability, anonymity, auditability and accountability. The applications of Blockchain are emerging, and it is found that most of the work is focused on its engineering implementation. While the theoretical part is very less considered and explored. In this paper we implemented the simulation of mining process in Blockchain based systems using queuing theory. We took the parameters of one of the mature Cryptocurrency, Bitcoin's real data and simulated using M/M/n/L queuing system in JSIMgraph. We have achieved realistic results; and expect that it will open up new research direction in theoretical research of Blockchain based systems.
Cui, Zhicheng, Zhang, Muhan, Chen, Yixin.  2018.  Deep Embedding Logistic Regression. 2018 IEEE International Conference on Big Knowledge (ICBK). :176–183.
Logistic regression (LR) is used in many areas due to its simplicity and interpretability. While at the same time, those two properties limit its classification accuracy. Deep neural networks (DNNs), instead, achieve state-of-the-art performance in many domains. However, the nonlinearity and complexity of DNNs make it less interpretable. To balance interpretability and classification performance, we propose a novel nonlinear model, Deep Embedding Logistic Regression (DELR), which augments LR with a nonlinear dimension-wise feature embedding. In DELR, each feature embedding is learned through a deep and narrow neural network and LR is attached to decide feature importance. A compact and yet powerful model, DELR offers great interpretability: it can tell the importance of each input feature, yield meaningful embedding of categorical features, and extract actionable changes, making it attractive for tasks such as market analysis and clinical prediction.
Enos, James R., Nilchiani, Roshanak R..  2018.  Merging DoDAF architectures to develop and analyze the DoD network of systems. 2018 IEEE Aerospace Conference. :1–9.
The Department of Defense (DoD) manages capabilities through the Joint Interoperability and Capability Development System (JCIDS) process. As part of this process, sponsors develop a series of DoD Architecture Framework (DoDAF) products to assist analysts understand the proposed capability and how it fits into the broader network of DoD legacy systems and systems under development. However, the Joint Staff, responsible for executing the JCIDS process, often analyzes these architectures in isolation without considering the broader network of systems. DoD leadership, the Government Accountability Organization, and others have noted the lack of the DoD's ability to manage the broader portfolio of capabilities in various reports and papers. Several efforts have proposed merging DoDAF architecture into a larger meta-architecture based on individual system architectures. This paper specifically targets the Systems View 3 (SV-3), System-to-system matrix, as an opportunity to merge multiple DoDAF architecture views into a network of system and understand the potential benefits associated with analyzing a broader perspective. The goal of merging multiple SV-3s is to better understand the interoperability of a system within the network of DoD systems as network metrics may provide insights into the relative interoperability of a DoD system. Currently, the DoD's definition of interoperability focuses on the system or capability's ability to enter and operate within the DoD Information Network (DoDIN); however, this view limits the definition of interoperability as it focuses solely on information flows and not resource flows or physical connections that should be present in a SV-3. The paper demonstrates the importance of including all forms of connections between systems in a network by comparing network metrics associated with the different types of connections. Without a complete set of DoDAF architectures for each system within the DoD and based on the potential classification of these products, the paper collates data that should be included in an SV-3 from open source, unclassified references to build the overall network of DoD systems. From these sources, a network of over 300 systems with almost 1000 connections emerges based on the documented information, resource, and physical connections between these legacy and planned DoD systems. With this network, the paper explores the quantification of individual system's interoperability through the application of nodal and network metrics from social network analysis (SNA). A SNA perspective on a network of systems provides additional insights beyond traditional network analysis because of the emphasis on the importance of nodes, systems, in the network as well as the relationship, connections, between the nodes. Finally, the paper proposes future work to explore the quantification of additional attributes of systems as well as a method for further validating the findings.
Kinkelin, Holger, Hauner, Valentin, Niedermayer, Heiko, Carle, Georg.  2018.  Trustworthy configuration management for networked devices using distributed ledgers. NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium. :1–5.
Numerous IoT applications, like building automation or process control of industrial sites, exist today. These applications inherently have a strong connection to the physical world. Hence, IT security threats cannot only cause problems like data leaks but also safety issues which might harm people. Attacks on IT systems are not only performed by outside attackers but also insiders like administrators. For this reason, we present ongoing work on a Byzantine fault tolerant configuration management system (CMS) that provides control over administrators, restrains their rights, and enforces separation of concerns. We reach this goal by conducting a configuration management process that requires multi-party authorization for critical configurations to prevent individual malicious administrators from performing undesired actions. Only after a configuration has been authorized by multiple experts, it is applied to the targeted devices. For the whole configuration management process, our CMS guarantees accountability and traceability. Lastly, our system is tamper-resistant as we leverage Hyperledger Fabric, which provides a distributed execution environment for our CMS and a blockchain-based distributed ledger that we use to store the configurations. A beneficial side effect of this approach is that our CMS is also suitable to manage configurations for infrastructure shared across different organizations that do not need to trust each other.
Xue, Kaiping, Zhang, Xiang, Xia, Qiudong, Wei, David S.L., Yue, Hao, Wu, Feng.  2018.  SEAF: A Secure, Efficient and Accountable Access Control Framework for Information Centric Networking. IEEE INFOCOM 2018 - IEEE Conference on Computer Communications. :2213–2221.
Information Centric Networking (ICN) has been regarded as an ideal architecture for the next-generation network to handle users' increasing demand for content delivery with in-network cache. While making better use of network resources and providing better delivery service, an effective access control mechanism is needed due to wide dissemination of contents. However, in the existing solutions, making cache-enabled routers or content providers authenticate users' requests causes high computation overhead and unnecessary delay. Also, straightforward utilization of advanced encryption algorithms increases the opportunities for DoS attacks. Besides, privacy protection and service accountability are rarely taken into account in this scenario. In this paper, we propose a secure, efficient, and accountable access control framework, called SEAF, for ICN, in which authentication is performed at the network edge to block unauthorized requests at the very beginning. We adopt group signature to achieve anonymous authentication, and use hash chain technique to greatly reduce the overhead when users make continuous requests for the same file. Furthermore, the content providers can affirm the service amount received from the network and extract feedback information from the signatures and hash chains. By formal security analysis and the comparison with related works, we show that SEAF achieves the expected security goals and possesses more useful features. The experimental results also demonstrate that our design is efficient for routers and content providers, and introduces only slight delay for users' content retrieval.