The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Reports and Papers Archive


Browse All Papers »       Submit A Paper »

A Distributed Autonomous-Agent Network-Intrusion Detection and Response System

Joseph Barrus, Neil C. Rowe

We propose a distributed architecture agents to monitor security-related activity within a within a network. Each agent operates cooperatively yet independently of the others, providing for efficiency, real-time response and distribution of resources.  This architecture provides significant advantages in scalability, flexibility, extensibility, fault tolerance, and resistance to compromise. We also propose a scheme of escalating levels of alertness, and a way to notify other agents on other computers in a network of attacks so they can take preemptive or reaction measures.  We designed a neutral network to measure and determine alert threshold values.  A communication protocols proposed to relay these alerts throughout the network.  We illustrate our design with a detailed scenario.

Added 2002-07-26

FormatGuard: Automatic Protection From printf Format String Vulnerabilites

Cowan, C., Barringer, M., Beattie, S., Kroah-Hartman, G.

In June 2000, a major new class of vulnerabilities called \“format bugs\” was discovered when a vulnerability in WU-FTP appeared that acted almost like a buffer over-flow, but wasn\‘t.  Since then, dozens of format string vulnerabilities have appeared.  This paper describes format bug problem, and presents FormatGuard: our proposed solution….

Added 2002-07-26

Detecting Intruders in Computer Systems

Teresa F. Lunt

This paper describes a real-time intrusion-detection system (IDES) that observes user behavior on a monitored computer system and adaptively learns what is normal for individual users, groups, remote hosts, and the overall system behavior.  Observed behavior is flagged as a potential intrusion if it deviates significantly from the expected behavior or if it triggers a rule in the expert-system rule base…

Added 2002-07-26

Power: Metrics for evaluating watermarking algorithms

CERIAS TR 2001-55
Radu Sion and Mikhail Atallah and Sunil Prabhakar
Download: PDF

Whereas the maximal amount of information that a certain algorithm can ``hide\” (while keeping the data within allowable distortion bounds) is certainly related to the ability to assert ownership in court, it is not directly measuring its ``power of persuasion\”, in part also because it doesn\‘t consider directly the existence and power of watermarking attacks.
  In this paper we show why, due to its particularities, watermarking requires a different metric, more closely related to its ultimate purpose, claiming ownership in a court of law. We define one suitable metric ({\\em watermarking power}) and show how it relates to derivates of hiding capacity. We prove that there are cases where considering hiding capacity is sub-optimal as a metric in evaluating watermarking methods whereas the metric of {\\em watermarking power} delivers good results.

Added 2002-07-26

National Identification Cards

Annie I. Ant
Added 2002-07-26

Secure Multi-Party Computation Problems and Their Applications: A Review and Open Problems

CERIAS TR 2001-51
Wenliang Du and Mikhail J. Atallah
Download: PDF
Added 2002-07-26

Data Protection in the University Setting: Employee Perceptions of Student Privacy

Julia B. Earp and Fay C. Payton
Download: PDF

The right to privacy is not absolute and is often established by context and the need to know.  The nature of the university environment sometimes distorts the sanctity of privacy because the “need to know” is so profuse.  Although students are guaranteed the right to keep essential but confidential information private under the Family Educational Rights and Privacy Act of 1974, student data are vulnerable because of the need for academic departments to share and manage these data.  Recent articles in the popular press suggest consumers as a whole are questioning organizational practices that are designed to protect their personal information.  Similar practices occur in the university setting, but fewer concerns are being publicized.  Because of the vast amount of data sharing that occurs in an academic setting, it is imperative that we ensure the employees adhere to privacy policies that are structured to impose conscientious behaviors.  University privacy policies are in practice, but there is no method of determining their effectiveness.  This research seeks to ascertain the attitudes of employees regarding student privacy.  Using a 15-item instrument, this study explores employees’ privacy perceptions of a large university located in the Southeastern U.S.  Our study examines the level of concerns employees have concerning errors, unauthorized secondary use, improper access and collection.

Added 2002-07-26

Strategies for Developing Policies and Requirements for Secure E-Commerce Systems

Annie I. Ant
Download: PDF

While the Internet is dramatically changing the way business is conducted, security and privacy issues are of deeper concern than ever before.  A primary fault in evolutionary electronic commerce systems is the failure to adequately address security and privacy issues; therefore security and privacy policies are either developed as an afterthought to the system or not at all.  One reason or this failure is the difficulty in applying traditional software requirements engineering techniques to systems in which policy is continually changing due to the need to respond to the rapid introduction of new technologies which compromise those policies.  Security and privacy should be major concerns from the onset, but practitioners need new systematic mechanisms for determining and assessing security and privacy.  To provide this support, we employ scenario management and goal-driven analysis strategies to facilitate the design and evolution of electronic commerce systems.  Risk and impact assessment is critical for ensuring that system requirements are aligned with an enterprise’s security policy and privacy policy.  Consequently, we tailor our goal-based approach by including a compliance activity to ensure that all policies are reflected in the actual system requirements.  Out integrated strategy thus focuses on the initial specification of security policy and privacy policy and their operationalization into system requirements.  The ultimate goal of our work is to demonstrate viable solutions for supporting the early stages of the software lifecycle, specifically addressing the need for novel approaches to ensure security and privacy requirements coverage.

Added 2002-07-26

NetPIPE: A Network Protocol Independent Performance Evaluator

Quinn O. Snell, Armin R. Mikler and John L. Gustafson

This paper presents the design of NetPIPE, a new Network Protocol Independent Performance Evaluator.  NetPIPE maps the performance of a network across a wide range and presents the data in a new manner…

Added 2002-07-26

WAN-hacking with AutoHack-Auditing Security behind the Firewall

Alec Muffett

This paper is a review of an ongoing project to simplify security auditing of the world-wide TCP/IP network of some thirty thousand hosts, internal to Sun Microsystems.  This paper also examines the issues, which this project raises; it details the conception, design, development of, and one year\‘s results gathered from, AutoHack, a tool specially created to probe, audit, and produce security reports for, a TCP/IP network of this size…

Added 2002-07-26

The Purdue CS Graduate Survival Guide

Anand Narayanan
Added 2002-07-26

Smashing the Stack for Fun and Profit

Aleph One
Added 2002-07-26

Applying Mobile Agents to Intrusion Detection and Response

Wayne Jansen, Peter Mell, Tom Karygiannis, Don Marks

This report is an initial foray into the relatively unexplored terrain of using mobile agents for intrusions detection systems.  It is a research guide that helps identify the most promising areas of mobile agent IDS research.  After providing some background information, we enumerate the problems found in current IDSs and propose potential solutions offered by MAs….

Added 2002-07-26

Deformable Markov Model Templates for Time-Series Pattern Matching

Xianping Ge, Padhriac Smyth

This paper addresses the problem of automatically detecting specific patterns or shapes in time-series data.  A novel and flexible approach is proposed based on segmental semi-Markov models.  Unlike dynamic time-warping or template-matching, the proposed framework provides a principled and coherent framework for leveraging both prior knowledge and training data….

Added 2002-07-26

A New Model of Security for Metasystems

Steve J. Chapin, Chenxi Wang, William A. Wulf, Fritz Knabe, Andrew Grimshaw

With the rapid growth of high-speed networking and microprocessing power, metasystems have become increasingly popular. The need for protection and security in such environments has never been greater. However, the conventional approach to security, that of enforcing a single system-wide policy, will not work for the large-scale distributed systems we envision. Our new model shifts the emphasis from \“system as enforcer: to user-deifinable policies, making users responsible for the security of their objects. This security model has been implented as part of the Legion project. Legion is an object-oriented metacomputing system, with strong support for autonomy. This includes support for per-object, user-defined policies in many areas, including resource management and security. This paper briefly describes the Legion system, presents our security model, and discusses the realization of that model in Legion.

Added 2002-07-26