In this thesis we present a solution to the problem of identification of significant sets of episodes in event sequences. In order to determine the significance of an episode in a monitored event sequence, we compare its observed frequency to its frequency in a reference sequence. The reference sequence in our work is represented by a variable-length Markov model of generating symbols in the reference sequence. An episode is significant if the probability that it would have a given frequency by chance, in the reference sequence, is very small. In order to identify significant episodes we first show how to select the sliding window size to ensure that a discovered episode is meaningful and then we show how to compute a lower threshold for under-represented and an upper threshold for overrepresented significant episodes. The frequency of occurrence alone is not enough to determine significance, i.e., an infrequent episode can be more significant than a frequent one, and the significance depends on the structure of the episode and on probabilistic characteristics of the reference and monitored event streams. As an extension, we propose a novel method for providing approximate answers, with probabilistic guarantees, to a class of ad hoc sliding window queries referencing past data in data streams. The queries in that class compute the frequency of past windows that satisfy given join conditions among tuples in a window comprising multiple streams. To represent the join conditions consisting of intra-stream and inter-stream constraints between tuples in the window we introduce a concept of a 2D-episode.

We present a theory for comparing the expressive power of access control models. Our theory is based on reductions that preserve the results of security analysis. Security analysis is an approach to the verification of security policies in access control systems. We demonstrate the effectiveness of the theory by applying it in several cases. Also, we present related results on safety analysis in Discretionary Access Control (DAC) and security analysis in Role-Based Access Control (RBAC).

Service Oriented Computing is emerging as the main approach to build distributed enterprise applications on the Web. The widespread use of Web services is hindered by the lack of adequate security and privacy support. In this paper, we present a novel framework for enforcing access control in conversation-based Web services. Our approach takes into account the conversational nature of Web services. This is in contrast with existing approaches to access control enforcement that assume aWeb service as a set of independent operations. Furthermore, our approach achieves a tradeoff between the need to protect Web service

Code injection attacks are a top threat to today

A separation of duty policy requires a sensitive task to be performed by a team of at least k users. It states a high-level requirement about the task without the need to refer to individual steps in the task. While extremely important and widely used, separation of duty policies cannot capture qualification requirements on users involved in the task. In this paper, we introduce a novel algebra that enables the specification of high-level policies that combine user qualification requirements with separation of duty considerations. A high-level policy associates a task with a term in the algebra and requires that all sets of users that perform the task satisfy the term. Our algebra has four operators. We give the syntax and semantics of the algebra and study algebraic properties of these operators. We also study several computational problems related to the algebra. As our algebra is about the general concept of sets of sets, we conjecture that it will prove to be useful in other contexts as well.

Specifying and managing access control policies is a challenging problem. We propose to develop formal verification techniques for access control policies to improve the current state of the art of policy specification and management. In this paper, we formalize classes of security analysis and administrative insider threat assessment problems in the context of Role-Based Access Control. We show that in general these problems are PSPACE-complete. We also study the factors that contribute to the computational complexity by considering a lattice of various subcases of the problem with different restrictions. We show that several subcases remain PSPACE-complete, several further restricted subcases are NP-complete, and identify two subcases that are solvable in polynomial time. We also discuss our experiences and findings from experimentations that use existing formal method tools, such as model checking and logic programming, for addressing these problems.

Wormhole attacks enable an attacker with limited resources and no cryptographic material to wreak havoc on wireless networks. To date, no general defenses against wormhole attacks have been proposed. This paper presents an analysis of wormhole attacks and proposes a countermeasure using directional antennas. We present a cooperative protocol whereby nodes share directional information to prevent wormhole endpoints from masquerading as false neighbors. Our defense greatly diminishes the threat of wormhole attacks and requires no location information or clock synchronization.

We describe general methods for designing deterministic parallel algorithms in computational geometry. We focus on techniques for shared-memory parallel machines, which we describe and illustrate with examples. We also discuss some open problems in this area.

Instruction Set Randomization (ISR) has been proposed as a promising defense against code injection attacks. It defuses all standard code injection attacks since the attacker does not know the instruction set of the target machine. A motivated attacker, however, may be able to circumvent ISR by determining the randomization key. In this paper, we investigate the possibility of a remote attacker successfully ascertaining an ISR key using an incremental attack. We introduce a strategy for attacking ISR-protected servers, develop and analyze two attack variations, and present a technique for packaging a worm with a miniature virtual machine that reduces the number of key bytes an attacker must acquire to 100. Our attacks can break enough key bytes to infect and ISR-protected server in about six minutess. Our results provide insights into properties necessary for ISR implementations to be sure

Software vulnerability disclosure has become a critical area of concern for policymakers. Traditionally, a Computer Emergency Response Team (CERT) acts as an infomediary between benign identifiers (who voluntarily report vulnerability information) and software users. After verifying a reported vulnerability, CERT sends out a public advisory so that users can safeguard their systems against potential exploits. Lately, firms such as iDefense have been implementing a new market-based approach for vulnerability information. The marketbased infomediary provides monetary rewards to identifiers for each vulnerability reported. The infomediary then shares this information with its client base. Using this information, clients protect themselves against potential attacks that exploit those specific vulnerabilities. The key question addressed in our paper is whether movement toward such a market-based mechanism for vulnerability disclosure leads to a better social outcome. Our analysis demonstrates that an active unregulated market-based mechanism for vulnerabilities almost always underperforms a passive CERT-type mechanism. This counterintuitive result is attributed to the market-based infomediary’s incentive to leak the vulnerability information inappropriately. If a profit-maximizing firm is not allowed to (or chooses not to) leak vulnerability information, we find that social welfare improves. Even a regulated market-based mechanism performs better than a CERT-type one, but only under certain conditions. Finally, we extend our analysis and show that a proposed mechanism—federally funded social planner—always performs better than a market-based mechanism.

In this paper, we propose a framework for secure composition and management of time based work flows. The proposed framework allows communication and sharing of information among predefined or ad hoc team of users collaborating with each other in the time critical workflow applications. A key requirement for such applications is to provide the right data to the right person at the right time. In addition, the workflow needs to be adapted if a subtask of a workflow cannot be executed within the due time. The proposed framework supports GTRBAC based workflow specification and allows dynamic adaptation of workflow instances depending on the execution status of workflow tasks and environmental context. Adaptations in a workflow may include rescheduling of component tasks, reassignment of users to the scheduled tasks, or abortion of component tasks that cannot be completed under the current system state. We propose an integer programming based approach for finding the best possible adaptation according to the pre-defined optimality criterion.

Trust is an increasingly important issue:  interpersonal trust, consumer trust, trust within organizations, and trust of organizations from corporations to non-profits to governments.  Not only is trust important, but it is also communication-centered.  In order to prepare communication students (especially those in public relations) to make healthy trusting decisions and manage organizational trust issues, this essay proposes a special topics course in trust issue management.  It provides a rationale for the course, course objectives, a reading list and schedule, and assignments that engage students in examining the concept and management of trust.