SECURE COMPUTING: - Global Soft Solutions

businessunknownInternet και Εφαρμογές Web

12 Νοε 2013 (πριν από 3 χρόνια και 9 μήνες)

111 εμφανίσεις


www.globalsoftsolutions.in



SECURE COMPUTING:


1.


Data
-
Provenance Verification For Secure Hosts


Malicious
software typically resides stealthily on a user's computer and interacts with the
user's computing resources. Our goal in this work is to improve the trustworthiness of a
host

and its system
data
. Specifically, we provide a new mechanism that ensures the c
orrect
origin or
provenance

of critical system information and prevents adversaries from utilizing
host

resources. We define
data
-
provenance

integrity as the security property stating that
the source where a piece of
data

is generated cannot be spoofed or
tampered with. We
describe a cryptographic
provenance

verification

approach
for

ensuring system properties
and system
-
data

integrity at kernel
-
level. Its two concrete applications are demonstrated in
the keystroke integrity
verification

and malicious traff
ic detection. Specifically, we first
design and implement an efficient cryptographic protocol that enforces keystroke integrity
by utilizing on
-
chip Trusted Computing Platform (TPM). The protocol prevents the forgery
of fake key events by malware under rea
sonable assumptions. Then, we demonstrate our
provenance

verification

approach by realizing a lightweight framework
for

restricting
outbound malware traffic. This traffic
-
monitoring framework helps identify network
activities of stealthy malware, and lends

itself to a powerful personal firewall
for

examining
all outbound traffic of a
host

that cannot be bypassed.


2.

On the Security and Efficiency of Content Distribution via Network Coding


Content

distribution

via

network

coding

has received a lot
of

attention lately.
However, direct application
of

network

coding

may be insecure. In particular,
attackers can inject "bogus” data to corrupt
the

content

distribution

process so as
to hinder
the

information dispersal or even deplete
the

network

resource.
Therefore,
content

verification is an important
and

practic
al issue when
network

coding

is employed. When random linear
network

coding

is used, it is infeasible for
the

source
of

the

content

to sign all
the

data,
and

hence,
the

traditional "hash
-
and
-
sign” methods are no longer applicable. Recently, a new
on
-
the
-
fl
y verification
technique has been proposed by Krohn et al. (IEEE S&P '04), which employs a
classical homomorphic hash function. However, this technique is difficult to be
applied to
network

coding

because
of

high computational
and

communication
overhead. W
e explore this issue further by carefully analyzing different types
of

overhead,
and

propose methods to help reducing both
the

computational
and

communication cost,
and

provide provable
security

at
the

same time.


3.

On the Security of a Ticket
-
Based Anonymity System with Tracea
bility Property in
Wireless Mesh Networks



www.globalsoftsolutions.in



In

2011, Sun et al. [CHECK END
OF

SENTENCE] proposed
a

security

architecture to
ensure unconditional
anonymity

for honest users and
traceability

of

misbehaving
users for
network

authorities
in

wireless

mesh

netwo
rks

(WMNs). It strives to
resolve
the

conflicts between
the

anonymity

and
traceability

objectives.
In

this
paper, we attacked Sun et al. scheme's
traceability
. Our analysis showed that
trusted authority (TA) cannot trace
the

misbehavior client (CL) even if

it double
-
time deposits
the

same
ticket
.


4.

Independent D
irected Acyclic Graphs for Resilient Multipath Routing

(Networking)

In order to achieve
resilient

multipath

routing
, we introduce the concept of
independent

directed

acyclic

graphs

(IDAGs) in this paper. Link
-
independent

(node
-
independent
) DAGs satisfy th
e property that any path from a source to the root on
one DAG is link
-
disjoint (node
-
disjoint) with any path from the source to the root on
the other DAG. Given a network, we develop polynomial
-
time algorithms to compute
link
-
independent

and node
-
independe
nt

DAGs. The algorithm developed in this paper:
1) provides
multipath

routing
; 2) utilizes all possible edges; 3) guarantees recovery
from single link failure; and 4) achieves all these with at most one bit per packet as
overhead when
routing

is based on d
estination address and incoming edge. We show
the effectiveness of the proposed IDAGs approach by comparing key performance
indices to that of the
independent

trees and multiple pairs of
independent

trees
techniques through extensive simulations.


5.

Router Support for Fine
-
Grained Latency Measurements

(Networking)

An increasin
g number of datacenter network applications, including automated trading and
high
-
performance computing, have stringent end
-
to
-
end
latency

requirements where even
microsecond variations may be intolerable. The resulting
fine
-
grained

measurement

demands
can
not be met effectively by existing technologies, such as SNMP, NetFlow, or active
probing. We propose instrumenting
routers

with a hash
-
based primitive that we call a Lossy
Difference Aggregator (LDA) to measure
latencies

down to tens of microseconds even
in
the presence of packet loss. Because LDA does not modify or encapsulate the packet, it can
be deployed incrementally without changes along the forwarding path. When compared to
Poisson
-
spaced active probing with similar overheads, our LDA mechanism deli
vers orders of
magnitude smaller relative error; active probing requires 50
-
60 times as much bandwidth to
deliver similar levels of accuracy. Although ubiquitous deployment is ultimately desired, it
may be hard to achieve in the shorter term; we discuss a
partial deployment architecture
called mPlane using LDAs
for

intrarouter
measurements

and localized segment
measurements

for

interrouter
measurements
.

6.

Design, Implementation, and Performance of a Load Balancer for SIP Server
Clusters
(Networking)


www.globalsoftsolutions.in



This paper introduces several novel
load
-
balanc
ing algorithms
for

distributing
Session Initiation Protocol (
SIP
) requests to
a

cluster

of

SIP

servers
. Our
load

balancer

improves both throughput
and

response time versus
a

single node while
exposing
a

single interface to external clients. We present the
design
,
implementation
,
and

evaluation
of

our system using
a

cluster

of

Intel x86 machines
running Linux. We compare our algorithms to several well
-
known approaches
and

present scalability results
for

up to 10 nodes. Our best algorithm, Transaction
Least
-
W
ork
-
Left (TLWL), achieves its
performance

by integrating several features:
knowledge
of

the
SIP

protocol, dynamic estimates
of

back
-
end
server

load
,
distinguishing transactions from calls, recognizing variability in call length,
and

exploiting differences
in processing costs
for

different
SIP

transactions. By
combining these features, our algorithm provides finer
-
grained
load

balancing than
standard approaches, resulting in throughput improvements
of

up to 24%
and

response
-
time improvements
of

up to two ord
ers
of

magnitude. We present
a

detailed analysis
of

occupancy to show how our algorithms significantly reduce
response time.

7.

Privacy
-

and Integrity
-
Preserving Range Queries in Sensor Networks
(Networking)

The architecture of two
-
tiered
sensor

networks
, where storage nodes serve as an
intermediate tier between
sen
sors

and

a sink for storing data
and

processing
queries
, has
been widely adopted because of the benefits of power
and

storage saving for
sensors

as
well as the efficiency of
query

processing. However, the importance of storage nodes also
makes them attract
ive to attackers.
In

this paper, we propose SafeQ, a protocol that
prevents attackers from gaining information from both
sensor

collected data
and

sink
issued
queries
. SafeQ also allows a sink to detect compromised storage nodes when they
misbehave. To pre
serve
privacy
, SafeQ uses a novel technique to encode both data
and

queries

such that a storage node can correctly process encoded
queries

over encoded data
without knowing their values. To preserve
integrity
, we propose two schemes

one using
Merkle hash t
rees
and

another using a new data structure called neighborhood chains

to
generate
integrity

verification information so that a sink can use this information to verify
whether the result of a
query

contains exactly the data items that satisfy the
query
. To

improve performance, we propose an optimization technique using Bloom filters to reduce
the communication cost between
sensors

and

storage nodes.


8.

Toward Secure and Dependable Storage Services in Cloud Computing

(Service
Computing)

Cloud

storage

enables users to remotely store their data
and

enjoy the on
-
dema
nd high
quality
cloud

applications without the burden of local hardware
and

software
management. Though the benefits are clear, such a
service

is also relinquishing users'
physical possession of their outsourced data, which inevitably poses new security ri
sks
toward

the correctness of the data
in

cloud
.
In

order to address this new problem
and

further achieve a
secure

and

dependable

cloud

storage

service
, we propose
in

this paper

www.globalsoftsolutions.in



a flexible distributed
storage

integrity auditing mechanism, utilizing the hom
omorphic
token
and

distributed erasure
-
coded data. The proposed design allows users to audit
the
cloud

storage

with very lightweight communication
and

computation cost. The
auditing result not only ensures strong
cloud

storage

correctness guarantee, but al
so
simultaneously achieves fast data error localization, i.e., the identification of
misbehaving server. Considering the
cloud

data are dynamic
in

nature, the proposed
design further supports
secure

and

efficient dynamic operations on outsourced data,
incl
uding block modification, deletion,
and

append. Analysis shows the proposed scheme
is highly efficient
and

resilient against Byzantine failure, malicious data modification
attack,
and

even server colluding attacks.

9.Secure Failure Detection and Consensus in TrustedPals

We present a modular redesign of
TrustedPals
, a smart
card
-
based security framework
for solving
Secure

Multiparty Computation (SMC). Originally,
TrustedPals

assumed a
synchronous network setting
and

allowed to reduce SMC to the problem of fault
-
tolerant
consensus

among smart cards. We explore how to make
Trus
tedPals

applicable
in

environments with less synchrony
and

show how it can be used to solve asynchronous
SMC. Within the redesign we investigate the problem of solving
consensus

in

a general
omission
failure

model augmented with
failure

detectors. To this
end, we give novel
definitions of both
consensus

and

the class oP of
failure

detectors
in

the omission
model, which we call

P(om),

and

show how to implement

P(om)

and

have
consensus

in

such a system with very weak synchrony assumptions. The integration of
failure

detection

and

consensus

into the
TrustedPals

framework uses tools from privacy
enhancing techniques such as messag
e padding
and

dummy traffic.


10.
Give2Get
: Forwarding in Social Mobile Wireless Networks of Selfish Individuals


In

this paper, we present two
forwarding

protocols for
mobile

wireless

networks

of

selfish

individuals
. We assume that all the nodes are
selfish

and show formally that both
protocols
are strategy proof, that is, no
individual

has an interest to deviate. Extensive
simulations with real traces show that our protocols introduce an extremely small
overhead
in

terms
of

delay, while the techniques we introduce to force faithful behavior
have

the positive and quite surprising side effect to improve performance by reducing
the number
of

replicas and the storage requirements. We test our protocols also
in

the
presence
of

a natural variation
of

the notion
of

selfishness
-
nodes that are
selfish

wit
h
outsiders and faithful with people from the same community. Even
in

this case, our
protocols are shown to be very efficient
in

detecting possible misbehavior.


11.
JS
-
Reduce: Defending Your Data from Sequential Background Knowledge Attacks


www.globalsoftsolutions.in



Web queries, credit card transactions, and medical records are examples of transaction
data flo
wing in corporate data stores, and often revealing associations between individuals
and sensitive information. The serial release of these data to partner institutions or data
analysis centers in a nonaggregated form is a common situation. In this paper, w
e show that
correlations among sensitive values associated to the same individuals in different releases
can be easily used to violate users' privacy by adversaries observing multiple data releases,
even if state
-
of
-
the
-
art privacy protection techniques ar
e applied. We show how the above
sequential background knowledge can be actually obtained by an adversary, and used to
identify with high confidence the sensitive values of an individual. Our proposed defense
algorithm is based on Jensen
-
Shannon divergence
; experiments show its superiority with
respect to other applicable solutions. To the best of our knowledge, this is the first work
that systematically investigates the role of sequential background knowledge in serial
release of transaction data.


12,
Enhanced Privacy ID: A Direc
t Anonymous Attestation Scheme with Enhanced
Revocation Capabilities

Direct

Anonymous

Attestation

(DAA) is
a

scheme

that enables the remote authentication of
a

Trusted Platform Module (TPM) while preserving the user's
privacy
.
A

TPM can prove to
a

remote
party that it is
a

valid TPM without revealing its identity and without linkability. In
the DAA
scheme
,
a

TPM can be revoked only if the DAA private key in the hardware has
been extracted and published widely so that verifiers obtain the corrupted private
key. If
the unlinkability requirement is relaxed,
a

TPM suspected of being compromised can be
revoked even if the private key is not known. However,
with

the full unlinkability
requirement intact, if
a

TPM has been compromised but its private key has not b
een
distributed to verifiers, the TPM cannot be revoked. Furthermore,
a

TPM cannot be
revoked from the issuer, if the TPM is found to be compromised after the DAA issuing has
occurred. In this paper, we present
a

new DAA
scheme

called
Enhanced

Privacy

ID

(
EPID)
scheme

that addresses the above limitations. While still providing unlinkability, our
scheme

provides
a

method to revoke
a

TPM even if the TPM private key is unknown. This expanded
revocation

property makes the
scheme

useful for other applications su
ch as for driver's
license. Our EPID
scheme

is efficient and provably secure in the same security model as
DAA, i.e., in the random oracle model under the strong RSA assumption and the decisional
Diffie
-
Hellman assumption.


13.Extending Attack Graph
-
Based Security Metrics and Aggregating Their Appli
cation


The
attack

graph

is an abstraction that reveals the ways an attacker can leverage
vulnerabilities in a network to violate a
security

policy. When used with
attack

graph
-
based

security

metrics
, the
attack

graph

may be used to quantitatively assess
security
-
relevant

www.globalsoftsolutions.in



aspects of a network. The Shortest Path metric, the Number of Paths metric,
and

the Mean
of Path Lengths metric are three
attack

graph
-
based

security

metrics

that can extract
security
-
relevant information. However, one's usage of these
me
trics

can lead to misleading
results. The Shortest Path metric
and

the Mean of Path Lengths metric fail to adequately
account for the number of ways an attacker may violate a
security

policy. The Number of
Paths metric fails to adequately account for the
a
ttack

effort associated with the
attack

paths. To overcome these shortcomings, we propose a complimentary suite of
attack

graph
-
based

security

metrics

and

specify an algorithm for combining the usage of these
metrics
.
We present simulated results that sugg
est that our approach reaches a conclusion about
which of two
attack

graphs correspond to a network that is most secure in many instances.


14.On Privacy of Encrypted Speech Communications


Silence suppression, an essential feature
of

speech

communications

over the Internet, saves
bandwidth by disabling voice packet transmissions w
hen silence is detected. However,
silence suppression enables an adversary to recover talk patterns from packet timing. In
this paper, we investigate
privacy

leakage through the silence suppression feature. More
specifically, we propose a new class
of

traf
fic analysis attacks to
encrypted

speech

communications

with the goal
of

detecting speakers
of

encrypted

speech

communications
.
These attacks are based
on

packet timing information only and the attacks can detect
speakers
of

speech

communications

made with

different codecs. We evaluate the proposed
attacks with extensive experiments over different type
of

networks including commercial
anonymity networks and campus networks. The experiments show that the proposed traffic
analysis attacks can detect speakers
of

encrypted

speech

communications

with high
accuracy based
on

traces
of

15 minutes long
on

average.

15.
A FLEXIBLE APPROACH TO IMPROVING SYSTEM RELIABILITY WITH VIRTUAL
LOCKSTEP


There is an increasing need for fault tolerance capabilities in logic devices brought about by
the scaling of transistors to ever smaller geometries. This paper presents a hyper
visor
-
based replication approach that can be applied to commodity hardware to allow for virtually
lockstepped execution. It offers many of the benefits of hardware
-
based lockstep while
being cheaper and easier to implement and more flexible in the configur
ations supported. A
novel form of processor state fingerprinting is also presented, which can significantly
reduce the fault detection latency. This further improves reliability by triggering rollback
recovery before errors are recorded to a checkpoint. Th
e mechanisms are validated using a
full prototype and the benchmarks considered indicate an average performance overhead of
approximately 14 percent with the possibility for significant optimization. Finally, a unique
method of using virtual lockstep for f
ault injection testing is presented and used to show
that significant detection latency reduction is achievable by comparing only a small amount
of data across replicas.



16.
ENSURING DISTRIBUTED ACCOUNTABILITY FOR DATA

SHARING IN THE CLOUD.


www.globalsoftsolutions.in



Cloud

computing enables highly scalable services to be easily consum
ed over
the

Internet on
an as
-
needed basis. A major feature of
the

cloud

services is that users'
data

are usually
processed remotely
in

unknown machines that users do not own or operate. While enjoying
the

convenience brought by this new emerging technolog
y, users' fears of losing control of
their own
data

(particularly, financial and health
data
) can become a significant barrier to
the

wide adoption of
cloud

services. To address this problem,
in

this paper, we propose a
novel highly decentralized informati
on
accountability

framework to keep track of
the

actual
usage of
the

users'
data

in

the

cloud
.
In

particular, we propose an object
-
centered approach
that enables enclosing our logging mechanism together with users'
data

and policies. We
leverage
the

JAR pr
ogrammable capabilities to both create a dynamic and traveling object,
and to
ensure

that any access to users'
data

will trigger authentication and automated
logging local to
the

JARs. To strengthen user's control, we also provide
distributed

auditing
mech
anisms. We provide extensive experimental studies that demonstrate
the

efficiency
and effectiveness of
the

proposed approaches.


17.Packet
-
Hiding Methods for Preventing Selective Jamming Attacks

The open nature of the wireless medium leaves it vulnerable t
o intentional interference
attacks, typically referred to as jamming. This intentional interference with wireless
transmissions can be used as a launchpad for mounting Denial
-
of
-
Service attacks on wireless
networks. Typically, jamming has been addressed un
der an external threat model. However,
adversaries with internal knowledge of protocol specifications and network secrets can
launch low
-
effort jamming attacks that are difficult to detect and counter. In this work, we
address the problem of selective jamm
ing attacks in wireless networks. In these attacks,
the adversary is active only for a short period of time, selectively targeting messages of
high importance. We illustrate the advantages of selective jamming in terms of network
performance degradation an
d adversary effort by presenting two case studies; a selective
attack on TCP and one on routing. We show that selective jamming attacks can be launched
by performing real
-
time packet classification at the physical layer. To mitigate these
attacks, we devel
op three schemes that prevent real
-
time packet classification by
combining cryptographic primitives with physical
-
layer attributes. We analyze the security
of our methods and evaluate their computational and communication overhead.


18.Detecting and Resolv
ing Firewall Policy Anomalies

The advent of emerging computing technologies such as service
-
oriented architecture and
cloud computing has enabled us to perform business services more efficiently and
effectively. However, we still suffer from unintended se
curity leakages by unauthorized
actions in business services. Firewalls are the most widely deployed security mechanism to
ensure the security of private networks in most businesses and institutions. The
effectiveness of security protection provided by a f
irewall mainly depends on the quality of
policy configured in the firewall. Unfortunately, designing and managing firewall policies are
often error prone due to the complex nature of firewall configurations as well as the lack of
systematic analysis mechan
isms and tools. In this paper, we represent an innovative policy

www.globalsoftsolutions.in



anomaly management framework for firewalls, adopting a rule
-
based segmentation technique
to identify policy anomalies and derive effective anomaly resolutions. In particular, we
articulate a
grid
-
based representation technique, providing an intuitive cognitive sense
about policy anomaly. We also discuss a proof
-
of
-
concept implementation of a visualization
-
based firewall policy analysis tool called Firewall Anomaly Management Environment (FAME)
.
In addition, we demonstrate how efficiently our approach can discover and resolve
anomalies in firewall policies through rigorous experiments.

19.Detecting Anomalous Insiders in Collaborative Information Systems

Collaborative information systems (CISs)
are deployed within a diverse array of
environments that manage sensitive information. Current security mechanisms detect
insider threats, but they are ill
-
suited to monitor systems in which users function in
dynamic teams. In this paper, we introduce the
community anomaly detection system
(CADS), an unsupervised learning framework to detect insider threats based on the access
logs of collaborative environments. The framework is based on the observation that typical
CIS users tend to form community structur
es based on the subjects accessed (e.g.,
patients' records viewed by healthcare providers). CADS consists of two components: 1)
relational pattern extraction, which derives community structures and 2) anomaly
prediction, which leverages a statistical model

to determine when users have sufficiently
deviated from communities. We further extend CADS into MetaCADS to account for the
semantics of subjects (e.g., patients' diagnoses). To empirically evaluate the framework, we
perform an assessment with three mont
hs of access logs from a real electronic health
record (EHR) system in a large medical center. The results illustrate our models exhibit
significant performance gains over state
-
of
-
the
-
art competitors. When the number of illicit
users is low, MetaCADS is t
he best model, but as the number grows, commonly accessed
semantics lead to hiding in a crowd, such that CADS is more prudent.


20.Incentive Compatible Privacy
-
Preserving Distributed Classification

In this paper, we propose game
-
theoretic mechanisms to enc
ourage truthful data sharing
for distributed data mining. One proposed mechanism uses the classic Vickrey
-
Clarke
-
Groves (VCG) mechanism, and the other relies on the Shapley value. Neither relies on the
ability to verify the data of the parties participatin
g in the distributed data mining
protocol. Instead, we incentivize truth telling based solely on the data mining result. This is
especially useful for situations where privacy concerns prevent verification of the data.
Under reasonable assumptions, we prov
e that these mechanisms are incentive compatible
for distributed data mining. In addition, through extensive experimentation, we show that
they are applicable in practice.

21.Large Margin Gaussian Mixture Models with Differential Privacy

As increasing amo
unts of sensitive personal information is aggregated into data
repositories, it has become important to develop mechanisms for processing the data

www.globalsoftsolutions.in



without revealing information about individual data instances. The differential privacy model
provides a fram
ework for the development and theoretical analysis of such mechanisms. In
this paper, we propose an algorithm for learning a discriminatively trained multiclass
Gaussian mixture model
-
based classifier that preserves differential privacy using a large
margi
n loss function with a perturbed regularization term. We present a theoretical upper
bound on the excess risk of the classifier introduced by the perturbation.

22.On the Security of a Ticket
-
Based Anonymity System with Traceability Property in
Wireless Mes
h Networks

In 2011, Sun et al. [CHECK END OF SENTENCE] proposed a security architecture to ensure
unconditional anonymity for honest users and traceability of misbehaving users for network
authorities in wireless mesh networks (WMNs). It strives to resolv
e the conflicts between
the anonymity and traceability objectives. In this paper, we attacked Sun et al. scheme's
traceability. Our analysis showed that trusted authority (TA) cannot trace the misbehavior
client (CL) even if it double
-
time deposits the sam
e ticket.


23.Persuasive Cued Click
-
Points: Design, Implementation, and Evaluation of a Knowledge
-
Based Authentication Mechanism

This paper presents an integrated evaluation of the Persuasive Cued Click
-
Points graphical
password scheme, including usabilit
y and security evaluations, and implementation
considerations. An important usability goal for knowledge
-
based authentication systems is
to support users in selecting passwords of higher security, in the sense of being from an
expanded effective security s
pace. We use persuasion to influence user choice in click
-
based graphical passwords, encouraging users to select more random, and hence more
difficult to guess, click
-
points.

24.Remote Attestation with Domain
-
Based Integrity Model and Policy Analysis

We p
ropose and implement an innovative remote attestation framework called DR@FT for
efficiently measuring a target system based on an information flow
-
based integrity model.
With this model, the high integrity processes of a system are first measured and veri
fied,
and these processes are then protected from accesses initiated by low integrity processes.
Toward dynamic systems with frequently changed system states, our framework verifies
the latest state changes of a target system instead of considering the ent
ire system
information. Our attestation evaluation adopts a graph
-
based method to represent integrity
violations, and the graph
-
based policy analysis is further augmented with a ranked violation
graph to support high semantic reasoning of attestation resul
ts. As a result, DR@FT
provides efficient and effective attestation of a system's integrity status, and offers
intuitive reasoning of attestation results for security administrators. Our experimental
results demonstrate the feasibility and practicality of
DR@FT.

25.Risk
-
Aware Mitigation for MANET Routing Attacks


www.globalsoftsolutions.in



Mobile Ad hoc Networks (MANET) have been highly vulnerable to attacks due to the
dynamic nature of its network infrastructure. Among these attacks, routing attacks have
received considerable attent
ion since it could cause the most devastating damage to
MANET. Even though there exist several intrusion response techniques to mitigate such
critical attacks, existing solutions typically attempt to isolate malicious nodes based on
binary or nai

ve fuzzy
response decisions. However, binary responses may result in the
unexpected network partition, causing additional damages to the network infrastructure,
and nai

ve fuzzy responses could lead to uncertainty in countering routing attacks in MANET.
In this pap
er, we propose a risk
-
aware response mechanism to systematically cope with the
identified routing attacks. Our risk
-
aware approach is based on an extended Dempster
-
Shafer mathematical theory of evidence introducing a notion of importance factors. In
additi
on, our experiments demonstrate the effectiveness of our approach with the
consideration of several performance metrics