Voting with assurance seems to be an obvious, simple concept. A registered voter should be able to cast his or her ballot with the confidence that the vote will be counted as cast. Traditionally, paper ballots have seemed like a simple, comfortable voting solution. However, paper ballots in some forms can be easily manipulated, result in ambiguous interpretations (e.g., “hanging chads”), are sometimes error-prone, and do not provide a quick tally. In our technology-saturated society, we want results right away, and it would seem that technology could speed up vote counting and make it more accurate. Computers are being integrated into every aspect of our lives, so why can’t they work for voting, too? If we can use computers to control airplanes, factories, and ATM machines, we should certainly be able to use them in voting!

The first computer virus was created 25 years ago, but there is no end in sight to malicious software.

We propose a coverage algorithm for mobile sensors to achieve a coverage that will match - over the long term and as quantified by an RMSE metric - a given threat profile.

The project aims to design, realize, evaluate, and deploy a detection, identification, and tracking sensor cyber network (DITSCN) for chemical and radiational plumes. The current focus is on building a system of radiation sensors inter-connected by wireless links for detecting the presence of radioactive materials, identifying the radiation source, and tracking their propagation over time.

Protecting networks from computer security attacks is an important concern of computer security. Within this, intrusion prevention and intrusion detection systems have been the subject of much study and have been covered in several excellent survey papers. However, the actions that need to follow the steps of prevention and detection, namely response, have received less attention from researchers or practitioners. It was traditionally thought of as an offline process,  with humans in the loop, such as system administrators performing forensics by going through the system logs and determining which services or components need to be recovered. Our systems today have reached a level of complexity and the attacks directed at them a level of sophistication that manual responses are no longer adequate. So far there has been limited work in autonomous intrusion response systems, especially work that provides rigorous analysis or generalizable system building techniques. The work that exists has not been surveyed previously.  In this survey paper, we lay out the design challenges in building autonomous intrusion response systems. Then we provide a classification of existing work on the topic into four categories

In this paper, we develop concepts of network coverage by a set of mobile sensors for given areas of interest, possibly under deadline constraints. our analytical results characterize the fundamental statistic properties of AOI coverage when sensors move according to an enhanced random waypoint model. Extensive experimental results are reported to verify and illustrate the analytical results.

Under the national SensorNet initiative, Oak Ridge National Lab, in conjunction with its University collaborators, has carried out the initial deployment of a detection, identification, and tracking sensor-cyber network (DITSCN) in the Washington D.C. and Memphis Port areas, against radiational, biological, and chemical attacks.

DITCS combines various modalities of sensors and cyber networks. -Sensors network provides the information about the physical space -Cyber network provides storage and computational resources to predict plume propagation based on realistic dispersion models -Decisions regarding future sensing and communications are made in cyber network and carried out in physical space.

Role engineering is the process of designing an RBAC system.  A promising approach to role engineering is role mining, which uses data mining techniques to find an RBAC system from existing permission assignment data.  Role mining techniques are also useful for optimizing and refactoring an existing RBAC system, which can become increasingly chaotic over time. In this paper we study the problem of mining an RBAC system that optimizes some objective measure of ``goodness’’ for RBAC systems. We introduce the weighted structural complexity measure, which sums up the sizes of different RBAC system components (e.g., the number of roles, the number of user-role assignments, etc.), possibly with different weights for each component. Different optimization objectives can be achieved by choosing different weight combinations.  We show that the optimization problem is NP-complete.  We then develop heuristic techniques for mining RBAC systems with low weighted structural complexity. We show that the problem of mining a hierarchical RBAC system is closely related to formal concept analysis, and develop an algorithm using the notion of a concept lattice. We also introduce new approaches to generating synthetic data for evaluating role mining techniques. Our experiments show that our algorithms outperform existing approaches.

In this paper, we characterize the fundamental performance limit, namely the lower bound expected communication distance, achievable by any postponement algorithm within given deadline constraints. We consider a realistic map based stochastic movement model, of which the well known random waypoint model is a special case. For the random waypoint model, we develop a tight analytical lower bound that has a low computational complexity.

We study the problem of a mobile target (the mouse) trying to evade detection by one or more mobile sensors (we call such a sensor a cat) in a closed network area. We view our problem as a game between two players; the mouse, and the collection of cats forming a single (meta-)player. The game ends when the mouse falls within the sensing range of one or more cats. A cat tries to determine its optimal strategy to minimize the worse case expected detection time of the mouse. The mouse tries to determine an optimal counter movement strategy to maximize the expected detection time. We divide the problem into two cases based on the relative sensing capabilities of the cats and the mouse. When the mouse has a sensing range smaller than or equal to the cats, we develop a dynamic programming solution for the mouse’s optimal strategy, assuming high level information about the cats’ movement model. We discuss how the cats’ chosen movement model will affect its presence matrix in the network, and hence its payoff in the game. Extensive experimental results verify and illustrate the analytical results, and evaluate the games’ payoffs as a function of several important system parameters.

Defending against denial-of-service attacks (DoS) in a mobile ad hoc network (MANET) is challenging because the network topology is dynamic and nodes are selfish. In this paper, we propose a DoS mitigation technique that uses digital signatures to verify legitimate packets, and drop packets that do not pass the verification. Since nodes are selfish, they may not perform the verification in order to avoid paying the overhead. A bad packet that escapes verification along the whole network path will bring a penalty to all its forwarders. A network game can be formulated in which notes along a network path, in optimizing their own benefits, are encouraged to act collectively to filter out bad packets. Analytical results show that Nash equilibrium can be attained for players in the proposed game, and significant benefits can be provided to forwarders such that many of the bad packets will be eliminated by verification.

Computer intrusions can occur in various ways. Many of them occur by exploiting program flaws and system configuration errors. Existing solutions that detects specific kinds of flaws are substantially different from each other, so aggregate use of them may be incompatible and require substantial changes in the current system and computing practice. Intrusion detection systems may not be the answer either, because they are inherently inaccurate and susceptible to false positives/negatives.  This dissertation presents a taxonomy of security flaws that classifies program vulnerabilities into finite number of error categories, and presents a security mechanism that can produce accurate solutions for many of these error categories in a modular fashion. To be accurate, a solution should closely match the characteristic of the target error category. To ensure this, we focus only on error categories whose characteristics can be defined in terms of a violation of process integrity.  The thesis of this work is that the proposed approach produces accurate solutions for many error categories. To prove the accuracy of produced solutions, we define the process integrity checking approach and analyze its properties. To prove that this approach can cover many error categories,  we develop a classification of program security flaws and find error characteristics (in terms of a process integrity) from many of these categories.  We implement proof-of-concept solutions for two most prevalent error categories, the buffer overflow and the race condition, and analyze their accuracy and performance.