Dot-products form the basis of various applications ranging from scientific computations to commercial applications in data mining and transaction processing. Typical scientific computations utilizing sparse iterative solvers use repeated matrix-vector products. These can be viewed as dot-products of sparse vectors. In database applications, dot-products take the form of counting operations. With widespread use of clustered and distributed platforms, these operations are increasingly being performed across networked hosts. Traditional APIs for messaging are susceptible to sniffing, and the data being transferred between hosts is often enough to compromise the entire computation. For example, in a domain decomposition based sparse solver, the entire solution can often be reconstructed easily from boundary values that are communicated on the net. In yet other applications, dot-products may be performed across two hosts that do not want to disclose their vectors, yet, they need to compute the dot-product. In each of these cases, there is a need for secure and anonymous dot-product protocols. Due to the large computational requirements of underlying applications, it is highly desirable that secure protocols add minimal overhead to the original algorithm. Finally, by its very nature, dot-products leak limited amounts of information—one of the parties can detect an entry of the other party’s vector by simply probing it with a vector with a 1 in a particular location and zeros elsewhere. Given all of these constraints, traditional cryptographic protocols are generally unsuitable due to their significant computational and communication overheads. In this paper, we present an extremely efficient and sufficiently secure protocol for computing the dot-product of two vectors using linear algebraic techniques. Using analytical as well as experimental results, we demonstrate superior performance in terms of computational overhead, numerical stability, and security. We show that the overhead of a two-party dot-product computation using MPI as the messaging API across two high-end workstations connected via a Gigabit ethernet approaches multiple 4.69 over an un-secured dot-product. We also show that the average relative error in dot-products across a large number of random (normalized) vectors was roughly $4.5 \times 10^{-9}$.

The Generalized Temporal Role Based Access Control (GTRBAC) model introduces a large set of temporal constraint expressions that facilitates the specification of a comprehensive access control policy. However, the issue of its expressiveness has not been investigated earlier. In this paper, we present an exhaustive analysis of the expressiveness of the constructs provided by GTRBAC and prove that the set of constraints is not minimal by showing that there is a subset of GTRBAC constraints that is sufficient to express all access constraints that can be expressed using the full set. We formally present the minimality result for the GTRBAC constraint set and argue that, although the complete set of constraints in GTRBAC is not minimal, having such an extensive set is advantageous from the perspective of user convenience and the lower complexity of constraint representation. Based on our analysis, we present a set of design guidelines that can considerably enhance security management.

We study the verification of data integrity during peer-to-peer video streaming sessions. Challenges include the timing constraint of streaming, as well as the untrustworthiness of peers. We show the inadequacy of existing authentication protocols and propose a more efficient protocol which utilizes message digest and probabilistic verification. We then propose One Time Digest Protocol (OTDP) and Tree-based Forward Digest Protocol (TFDP) to further reduce the communication overhead. Finally, a comprehensive comparison is presented comparing the performance of existing protocols and our protocols, with respect to overhead, security assurance level, and packet loss tolerance.

Two main results in the area of information hiding in natural language text are presented. A semantically-based scheme dramatically improves the information-hiding capacity of any text through two techniques: (i) modifying the granularity of meaning of individual sentences, whereas our own previous scheme kept the granularity fixed, and (ii) halving the number of sentences affected by the watermark. No longer a

The public part of the vulnerability management cycle, publication-notification-patch is of interest to system administrators.  We describe the architecture of the vulnerability notification Cassandra system (https://cassandra.cerias.purdue.edu).  The timeliness of the notifications was evaluated by using the publication dates of CERT Incident Notes as approximations for the dates when vulnerabilities are widely exploited.  We found that notifications sent by Cassandra in 2001 (until November) provided a forewarning of 60 days on average.  However, these notifications were not always timely.  An analysis of the vulnerability information flow identified sources of undesirable delays.  A new Cassandra service, CVE Change Logs, was created to report daily changes to the CVE and bypass some sources of delays.  Other efforts by MITRE mitigated other sources of delays and consolidated changes on their web site.  An unexpected finding of this study is that the timing and the number of vulnerabilities involved in the method of disclosing vulnerabilities can contribute to notification delays due to the limited processing capacity of intermediates and the finite patching capability of system administrators.  We conclude that the large batch processing of vulnerabilities contributes to notification and patching delays and is undesirable.  For the same reasons, randomly timed disclosures of vulnerabilities should be undesirable, suggesting the creation of a concerted mechanism for the disclosure of vulnerabilities.

This chapter presents the results of several efforts over the last few years to develop and propose a method to handle these unstructured computer security incident records (text files).  Specifically, this chapter presents a tool designed to help individuals and organizations record, understand and share computer security incident information.  We call the tool the common language for computer security incident information.

Remote access to distributed hyper-linked information proves to be one of the killer applications for computer networks. More and more content in current inter and intra nets is available as hyper-data, a form easing its distribution and semantic organization.
  In the framework of the Internet’s Web-Portals and Pay-Sites, mechanisms for login based on username and password enable the dynamic customization as well as partial protection of the content. In other applications (e.g. commercial intra-nets) various similar schemes of authentication are deployed.
  Nevertheless, stolen passwords are an easy avenue to identity theft, in both public and commercial data networks. Once a perpetrator enters a system, assuming an authorized user’s identity, the task of actually detecting this intrusion becomes non-trivial and is often ignored completely.
  Thus, in addition to the initial authentication step we propose a runtime intrusion detection mechanism, required to maintain a virtually continuous user authentication process and detect identity theft and password misuses.
  The current paper focuses on designing a pervasive intrusion detection method for hyper-data systems, based on training on and analyzing of access patterns to hyper-linked data, aiming at detecting intruders and raising a red flag at the content provider’s side. Our solution is based on a new technique, on-the-fly adaptive training for normality on streams of data access patterns. This enables runtime intrusion detection through analysis of correlations between current patterns and the adaptive past-knowledge. Such a method is to be used in conjunction with current username-password protection schemes.

We introduce the motivation behind our solution , discuss the novel detection and training metrics and propose a real-life deployment design. We implement the main algorithm and perform experiments for assessing its intrusion detection ability, with very encouraging results. We also discuss the deployment of our method for detecting automatic spam-bot accesses.

Many network applications depend on the security of the domain name system (DNS).  Attacks on DNS can cause denial of service and entity authentication to fail.  In our approach, we use formal specifications to characterize DNS clients and DNS name servers, and to define a security goal: A name server should only use DNS data that is consistent with data from name servers that manage the corresponding domains (i.e., authoritative name servers).  To enforce the security goal, we formally specify a DNS wrapper that examines the incoming and outgoing DNS messages of a name server to detect messages that could cause violations of the security goal, cooperates with the corresponding authoritative name servers to diagnose those messages, and drops the messages that are identified as threats.  Based on the wrapper specification, we implemented a wrapper prototype and evaluated its performance.  Our experiments show that the wrapper incurrs reasonable overhead and is effective against DNS attacks such as cache poisoning and certain spoofing attacks.

Daniels, Thomas E., Ph.D., Purdue University, December, 2002. Reference Models for the Concealment and Observation of Origin Identity in Store-and-Forward Networks. Major Professor: Eugene H. Spafford.

Past work on determining the origin of network traffc has been done in a case- specific manner. This has resulted in a number of specific works while yielding little general understanding of the mechanisms used for expression, concealment, and observation of origin identity.

This dissertation addresses this state of affairs by presenting a reference model of how the originator identity of network data elements are concealed and observed. The result is a model that is useful for representing origin concealment and identification scenarios and reasoning about their properties. From the model, we have determined several mutually sucient conditions for passively determining the origin of traffic. Based on these conditions, we have developed two new origin identification algorithms for constrained network topologies.

Unfortunate recent events clarified the absolute requirement for a unified, concerted, scientifically proven strategy for combating forms of actual or potential cyber-terrorism. In this paper we present related solutions based on some of our ongoing and proposed future research in the broader areas of data and system security.

More specifically we focus on preventive techniques for content and system security. In the framework of content security we discuss document tamper-proofing, watermarking and generic information hiding detection, essential tools required in the combat against attacks in the current distributed, heterogeneous, networked world.

System security issues address new intrusion detection mechanisms using biometrics as well as new concepts such as “data access patterns”, in the framework of structured content and “network breath” in the case of secure computer networks.

Finally we present our research in the area of secure multi-party cooperation, an essential component in any inter-party contingency interaction scenario where trust issues might prevent complete cooperation. In the end we introduce some of the main conclusions and propose immediate-future research and focus points.

We study the economic aspects of P2P systems. We present a cost-profit analysis of a media streaming service deployed over a peer-to-peer (P2P)  infrastructure.  We consider the limited capacity as well as the heterogeneity of peers in the analysis.  The analysis shows that with the appropriate incentives for participating peers, the service provider achieves more profit.  In addition, the analysis shows how the service provider can maximize its revenue by controlling the amount of incentives offered to peers.

By comparing   the economics of P2P and conventional client/server media streaming architectures,  we show that with a relatively small initial investment,  the P2P architecture can realize a large-scale media streaming service.