The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Reports and Papers Archive


Browse All Papers »       Submit A Paper »

A Tree-based Forward Digest Protocol to Verify Data Integrity in Distributed Media Streaming

CERIAS TR 2005-84
Habib, A. and Xu, D. and Atallah, M. and Bhargava, B., and Chuang, J.
Download: PDF
Added 2005-10-31

Integrity Checking For Process Hardening

Kyung-suk Lhee
Download: PDF

Computer intrusions can occur in various ways. Many of them occur by exploiting program flaws and system configuration errors. Existing solutions that detects specific kinds of flaws are substantially different from each other, so aggregate use of them may be incompatible and require substantial changes in the current system and computing practice. Intrusion detection systems may not be the answer either, because they are inherently inaccurate and susceptible to false positives/negatives. This dissertation presents a taxonomy of security flaws that classifies program vulnerabilities into finite number of error categories, and presents a security mechanism that can produce accurate solutions for many of these error categories in a modular fashion. To be accurate, a solution should closely match the characteristic of the target error category. To ensure this, we focus only on error categories whose characteristics can be defined in terms of a violation of process integrity. The thesis of this work is that the proposed approach produces accurate solutions for many error categories. To prove the accuracy of produced solutions, we define the process integrity checking approach and analyze its properties. To prove that this approach can cover many error categories, we develop a classification of program security flaws and find error characteristics (in terms of a process integrity) from many of these categories. We implement proof-of-concept solutions for two most prevalent error categories, the buffer overflow and the race condition, and analyze their accuracy and performance.

Added 2005-10-21

2003-2004 Assessment of the Army Research Laboratory

National Research Counsil
Added 2005-10-20

The Ontology of Emotion

CERIAS TR 2005-71
Katrina Triezenberg
Download: PDF

Nirenburg and Raskin

Added 2005-10-19

Developing a Risk Management System for Information Systems Security Incidents

Fariborz Farahmand
Download: PDF

The Internet and information systems have enabled businesses to reduce costs, attain greater market reach, and develop closer business partnerships along with improved customer relationships. However, using the Internet has led to new risks and concerns. This research provides a management perspective on the issues confronting CIOs and IT managers. It outlines the current state of the art of information security, the important issues confronting managers, security enforcement measure/techniques, and potential threats and attacks. It develops a model for classification of threats and control measures. It also develops a scheme for probabilistic evaluation of the impact of security threats with some illustrative examples. It involves validation of information assets and probabilities of success of attacks on those assets in organizations and evaluates the expected damages of these attacks. The research outlines some suggested control measures and presents some cost models for quantifying damages from these attacks and compares the tangible and intangible costs of these attacks. This research also develops a risk management system for information systems security incidents in five stages: 1- Resource and application value analysis, 2- Vulnerability and risk analysis, 3- Computation of losses due to threats and benefits of control measures, 4- Selection of control measures, and 5- Implementation of alternatives. The outcome of this research should help decision makers to select the appropriate control measure(s) to minimize damage or loss due to security incidents. Finally, some recommendations for future work are provided to improve the management of security in organizations.

Added 2005-10-18

Intrusion Detection in RBAC-administered Databases

CERIAS TR 2005-70
Elisa Bertino, Ashish Kamra, Evimaria Terzi, Athena Vakali
Download: PDF
Added 2005-10-17

Computational Resiliency: Reliable Heterogeneous Applications

Joohan Lee
Download: PDF

This thesis presents the notion of computational resiliency to provide reliability in heterogeneous distributed applications. The notion provides both software fault tolerance and the ability to tolerate information warfare (IW) attacks. This technology seeks to strengthen a military mission, rather than protect its network infrastructure using static defense measures such as network security, intrusion sensors, and firewalls. Even if a failure or successful attack is never detected, it should be possible to continue information operations and achieve mission objectives. Computational resiliency involves the dynamic use of replicated software structures, guided by mission policy, to achieve reliable operation. However, it goes further to automatically regenerate replication in response to a failure or attack, allowing the level of system reliability to be restored and maintained. Replicated structures can be protected through several techniques such as camouflage, dispersion, and layered security policy. This thesis examines a prototype concurrent programming technology to support computational resiliency in a heterogeneous distributed comp0uting environment. The performance of the technology is explored through two example applications, concurrent sonar processing and remote sensing. We develop the associated performance analytical model and verify the model against the experimental results. Overhead of computation resiliency over homogeneous and heterogeneous systems are investigated. Load balancing techniques are used to improve the overall performance of the system especially on heterogeneous computing environments.

Added 2005-10-13

Requirements-Based Access Control Analysis and Policy Specification

Qingfeng He
Download: PDF

Access control is a mechanism for achieving confidentiality and integrity in software systems. Access control policies (ACPs) define how access is managed and the high-level rules of who can access what information under certain conditions. Traditionally, access control policies have been specified in an ad-hoc manner, leaving systems vulnerable to security breaches. ACP specification is often isolated from requirements analysis, resulting in policies that are not in compliance with system requirements. This dissertation introduces the Requirements-based Access Control Analysis and Policy Specification (ReCAPS) method for deriving access control policies from various sources, including software requirements specifications (SRS), software designs, and high-level security/privacy policies. The ReCAPS method is essentially an analysis method supported by a set of heuristics and a software tool: the Security and Privacy Requirements Analysis Tool (SPRAT). The method was developed in two formative case studies and validated in two summative case studies. All four case studies involved operational systems, and ReCAPS evolved as a result of the lessons learned from applying the method to these case studies. Further validation of the method was performed via an empirical study to evaluate the usefulness and effectiveness of the approach. Results from these evaluations indicate that the process and heuristics provided by the ReCAPS method are useful for specifying database-level and application-level ACPs. Additionally, ReCAPS integrates policy specification into software development, thus providing a basic framework for ensuring compliance between different levels of policies, system requirements and software design. The method also improves the quality of requirements specifications and system designs by clarifying ambiguities and resolving conflicts across these artifacts.

Added 2005-09-29

CARAVAN: A Communications Architecture for Reliable Adaptive Vehicular Ad hoc Networks

Jeremy Joseph Blum

Future generations of in-vehicle Intelligent Transportation Systems (ITS) will network nearby vehicles for enhanced safety and efficiency. Initially, these intelligent vehicles will utilize wireless communications to extend the perception horizon for individual drivers through warning messages of roadway hazards, including obstacles in the roadway, accidents, and hard-braking incidents. Ultimately, this communication will become a vital part of automated highway systems including cooperative driving and coordinated collision avoidance. For efficiency and cost reasons, the wireless communication is likely to be done directly between vehicles. However, direct inter-vehicle communication (IVC) presents unique security and scalability issues that must be addressed before these systems can be realized.

This dissertation describes a Communication Architecture for Reliable Adaptive Vehicular Ad hoc Networks (CARAVAN) to address these issues. CARAVAN consists of IVC-specific parameterization for the physical layer, as well as protocols for the link and the network layers of the architecture. In the development of CARAVAN, this dissertation makes the following contributions: 1. A study of the characteristics and requirements of the IVC network, elicited through analytical and simulation studies of the network 2. A description of the services needed to support the distribution of the secret spreading codes and the additional scalability requirements that arise from the use of spread spectrum, in order to use spread spectrum to provide protection against denial of Service attacks. 3. A methodology to balance the tradeoffs between radio range, spatial reuse, and multi-hop message delivery 4. A novel mapping function, which maps discrete sections of roadway to timeslots allocated to vehicles that allows for significantly lower latencies for multi-hop transmissions. 5. Novel assignment rules, which specify the timeslots a vehicle is authorized to use, that allow for significantly more efficient use of allocated spectrum. 6. Assignment rules designed to automatically adapt the timeslot allocation to varying densities of vehicle traffic. 7. Forwarding rules at the network layer, including acknowledgement processing, for the delivery of a-periodic messages to all nodes in the zone-of-relevance. 8. A network layer that leverages the benefits of varying radio ranges to reduce the latency in multi-hop message delivery.

Through simulation and analysis, the CARAVAN architecture is shown to present significant and measurable improvement over current IVC architecture proposals.

Added 2005-09-29

Complex Events In An Ontological-Semantic Natural Language Processing System

CERIAS TR 2000-29
Craig McDonough
Download: PDF

The goal of this dissertation is to elucidate principles for representing complex-event knowledge (or

Added 2005-09-28

FASH: A Fast and Secure Hash

CERIAS TR 2005-68
William Speirs
Download: PDF

FASH is a cryptographic hash function that is more then 5 times faster then SHA1 making it more suited for large amounts of data. However, this increase in speed comes at the cost of security. Although
all tests performed in this paper show that FASH is as secure as SHA1, FASH has a higher rate of collision. F ASH was created as a replacement for SHA1 in applications where speed is much more important than security.

Added 2005-09-24

Software Engineering for Secure Software - State of the Art: A Survey

CERIAS TR 2005-67
Jayaram K R and Aditya P Mathur
Download: PDF

This report contains a survey of the state of the art in software engineering for secure software. Secure software is defined and techniques used in each phase of the software lifecycle to engineer the development of secure software are described. Also identified are open questions and areas where further research is needed.

The survey reported here was undertaken to understand how the practice of software engineering blends with the requirement of secure software. This has resulted in a novel two-dimensional description of the relationship between the software lifecycle phases and techniques for satisfying security requirements. The report is organized around this relationship.

Added 2005-09-16

Access Control for Collaborative Environments

COAST TR 94-11
HongHai Shen
Download: PDF

In this dissertation, previous work on access control for both collaborate and non-collaborative systems is surveyed.  New access control requirements for general collaborative environments are identified, and it is shown that existing models do not completely meet these requirements.  A new access control model is developed for meeting the requirements.  In particular, a set of collaboration rights are identified based on a general collaboration model; exception-based, multiple inheritance mechanisms are used to support both flexible and high-level access specification; and dynamic, multiple ownership rules are developed to support flexible access administration.  The model can emulate a variety of existing systems and meets the new access requirements.  It has been implemented in a generic, extensible collaborative system, which relieves individual applications from implementing the model.

Added 2005-09-13

Bounding the Stack Size of Interrupt-Driven Programs

CERIAS TR 2004-81
Di Ma
Download: PDF

A widely-used class of real-time, reactive, embedded systems is called interrupt-driven systems (8).  Programming of interrupt-driven systems is notoriously difficult and error-prone.  This is because such systems are usually equipped with a small amount of memory while being asked to handle as many external interrupts as possible.  Furthermore, such systems demand responsive handling of interrupts.  Due to the fact that an interrupt may happen at any time, a handler can be interrupted by another interrupt, making the stack grow in order to store the context information for the current handler.  The problem with such a scenario is that it may lead to stack overflow.  Traditionally, this problem has been avoided by forbidding other interrupts during the execution of the handler.  However, doing this puts tremendous limit on the number of interrupts which can be handled.  Moreover, it greatly increases the response time for interrupts, resulting in an inefficient system and causing a potential predictability problem:  the handling of an interrupt can be so long that the next interrupt occurrence is missed.  In this thesis, we lay a formal framework, which, to the best of our knowledge, is the first in the field, to ensure stack boundedness, to give the tightest possible upper bound of the stack usage for interrupt-driven programs, and to guarantee predictability.  Specifically, we develop two formal languages, interrupt calculus and periodic interrupt calculus, to capture the characteristics of interrupt-driven systems.  We advocate intersection types and union types from the field of programming languages as a convenient vehicle to solve these problems.  We base our analysis on two type systems which are designed for the two calculi.  Our results show that the calculi demonstrate the desired capability for characterizing interrupt-driven programs.  We show that once an interrupt calculus program type checks, there can be no stack overflow; we prove that the type inference problem for interrupt calculus is in PSPACE.  For type-checked periodic interrupt calculus programs, we show that not only can the stack not overflow, but that it is also guaranteed that no single interrupt can be missed.  In addition, our building of the types and type derivations of the periodic interrupt calculus programs unveils an equivalence relation between model checking and type systems, which may be of interest in its own right.

Added 2005-09-12

Automated Digital Evidence Target Definition Using Outlier Analysis and Existing Evidence

CERIAS TR 2005-65
Brian D. Carrier and Eugene H. Spafford
Download: PDF
Added 2005-09-08