Overlay networks are a collection of nodes that form a virtual network on top of the normal routing infrastructure of the Internet. These virtual networks allow nodes to organize themselves for the purpose of transferring data in a robust manner. Overlay networks, and in particular Peer-to-Peer (P2P) systems, have become very popular as they provide scalable services for content distribution. However, many P2P systems have been oblivious to network locality, thus causing an increase in the amount of traffic that must leave an Internet Service Provider (ISP). P2P localization has then been proposed as a solution to contain traffic to within an ISP. In this dissertation, we first study the economic impact of actually deploying localization at an Internet-wide scale. We then consider how insider attackers can disrupt localization services and study how to protect such services from attacks. Finally, as insiders can also attack the overlays that utilize localization, we propose defenses for mitigating attacks in a high-bandwidth P2P streaming system.

Extracting useful knowledge from social network datasets is a challenging problem. To add to the difficulty of this problem, privacy concerns that exist for many social network datasets have restricted the ability to analyze these networks and consequently to maximize the knowledge that can be extracted from them. This paper addresses this issue by introducing the problem of data trustworthiness in social networks when repositories of anonymized social networks exist that can be used to assess such trustworthiness. Three trust score computation models (absolute, relative, and weighted) that can be instantiated for specific anonymization models are defined and algorithms to calculate these trust scores are developed. Using both real and synthetic social networks, the usefulness of the trust score computation is validated through a series of experiments.

Complex navigation (e.g. indoor and outdoor environments) can be studied as a system-of-systems problem. The model is made up of disparate systems that can aid a user in navigating from one location to another, utilizing whatever sensor system or information is available. By using intelligent navigation sensors and tech- niques (e.g. RFID, Wifi, GPS, embedded sensors on a mobile device, IMU, etc.) and adaptive techniques to switch between them, brings the possibility of an end-to-end navigational multi-agent system-of-systems (MaSoS). Indoor location-based applications have a broad appeal for development in navigation, robotics, gaming, asset tracking, networking, and more. GPS technolo- gies have been successfully leveraged for outdoor navigation, but often lose e↵ective- ness indoors due to a more constrained environment, possible loss of signal, lack of elevation information and need for better accuracy. Increasingly complex problems in navigation allow for the development of a framework for a system-of-systems. Individual systems contain distributed and het- erogeneous components that are disparate in nature. Multiple prototypes and a framework for a multi-agent system-of-systems are presented. The purpose of the model is to overcome the limitations of a single tech- nology navigation system. The system creates a classic system-of-systems utilizing existing and developing localization services. The system provides point-to-point path planning and navigation regardless of the transportation medium, location of the user or current environment.

Attribute based systems enable fine-grained access control among a group of users each identified by a set of attributes. Secure collaborative applications need such flexible attribute based systems for managing and distributing group keys. However, current group key management schemes are not well designed to manage group keys based on the attributes of the group members. In this paper, we propose novel key management schemes that allow users whose attributes satisfy a certain access control policy to derive the group key. Our schemes efficiently support rekeying operations when the group changes due to joins or leaves of group members. During a rekey operation, the private information issued to existing members remains unaffected and only the public information is updated to change the group key. Our schemes are expressive; they are able to support any monotonic access control policy over a set of attributes. Our schemes are resistant to collusion attacks; group members are unable to pool their attributes and derive the group key which they cannot derive individually. Experimental results show that our underlying constructs are efficient and practical.

An important problem in public clouds is how to selectively share documents based on fine-grained attribute based access control policies. An approach is to encrypt documents satisfying different policies with different keys using a public key crytosystem such as attribute based encryption (ABE), and/or proxy re-encryption (PRE). However, such an approach has some weaknesses: it cannot efficiently handle adding/revoking users or identity attributes, and policy changes; it requires to keep multiple encrypted copies of the same documents; it incurs high computational cost. A direct application of a symmetric key cryptosystem, where users are grouped based on the policies they satisfy and assigning unique keys for each group, also has similar weaknesses. We observe that, without utilizing public key cryptography and by allowing users to dynamically derive the symmetric keys at the time of decryption, one can address the above weaknesses. Based on this idea, we formalize a new key management scheme called broadcast group key management (BGKM) and then give a secure construction of a BGKM scheme called ACV-BGKM. The idea is to give some secrets to users based on the identity attributes they have and later allow them to derive actual symmetric keys based on their secrets and some public information. A key advantage of the BGKM scheme is that adding users/revoking users or updating access control policies can be performed efficiently by updating only some public information. Using our BGKM construct, we propose an efficient approach for fine-grained encryption based access control for documents stored in an untrusted cloud file storage.

Physical systems are becoming increasingly computationally powerful as faster microprocessors are installed. This allows many types of applications and function- ality to be implemented. Much of the security risk has to do with confirming the device as an authentic device. This risk can be mitigated using a technology known as Physically Unclonable Functions (PUFs). PUFs use the intrinsic differences in hardware behavior to produce a random function that is unique to that hardware instance. When combined with existing cryptographic techniques, these PUFs enable many different types of applications, such as read once keys, secure communications, and secure smart grids.

Internet Relay Chat (IRC) has been and is still being used for a number of legal and illegal activities. Investigations dealing with IRC tend to be arduous and require a vast amount of man hours for the constant monitoring needed, whether it is from law enforcement or just a normal user surfing through the channels. This research looked at developing the IRC Data Gathering Tool (IRCDGT), which facilitated real-time analysis of IRC chat messages as well as real-time updates to the investigator. This is intended to help reduce the number of man-house needed in front of a computer for an investigation. A crawler was developed for IRC that goes through a list of channels and reports on what is being discussed in those channels. Normal keyword analysis statistically outperforms keyword & POST analysis in terms of recall while there is no significant difference between basic keyword analysis and keyword & POST analysis in terms of precision. Topic analysis was performed in near-real time to enhance the keyword analysis. Lastly, natural language processing seems to have issues with dealing with the language of the Internet subculture.

Computing systems continue to be plagued by malicious corruption of instructions and data.  Buffer overflows, in particular, are often employed to disrupt the control flow of vulnerable processes. Existing methods of protection against these attacks operate by detecting corruption after it has taken place or by ensuring that if corruption has taken place, it cannot be used to hijack a process’ control flow. These methods thus still allow the corruption of control data to occur but rather than being subverted, the process may terminate or take some other defined error. Few methods have attempted to prevent the corruption of control data, and those that have only focused on preventing the corruption of the return address.

We propose the use of multiple memory segments to support multiple stacks, heaps, .bss, and .data sections per process with the goal of segregating control and non-control data. By segregating these different forms of data, we can prevent the corruption of control data by overflow and address manipulation of memory allocated for non-control data. We show that the creation of these additional data segments per process can be implemented through modifications to the compiler.

Alert and event correlation is a process in which the alerts produced by one or more intrusion detection systems and events generated from different systems and security tools are analyzed and correlated to provide a more succinct and high-level view of occurring or attempted intrusions. Current correlation techniques improve the intrusion detection results and reduce the huge number of alerts in a summarized report, but still have some limitations such as a high false detection rate; missing alerts in a multi-step attack correlation; alert verifications are still limited; Zero Day attacks still have low rates of detection; Low and Slow attacks and Advanced Persistent Threats (APTs) cannot be detected; and some attacks have evasion techniques against IDSs. Finally, current correlation systems do not enable the integration of correlations from multiple information sources and are limited to only operate in IDS alerts. Agents and multi- agent systems have been widely used in IDSs because of their advantages.

The thesis purpose is to prove the possibility of improving both IDS Accuracy and IDS Completeness through reducing either False Positive or False Negative alerts using correlation between different available information sources in the system and network environment. The dissertation presents a modular framework for a Distributed Agent Correlation Model (DACM) for intrusion detection alerts and events in computer networks. The framework supports the integration of multiple correlation techniques and enables easy implementation of new components.

The framework introduces a multi-agent distributed model in a hierarchical organization; correlates alerts from the IDS with attack signatures from information security tools and either system or application log files as other sources of information. Correlation between multiple sources of information reduces both false negative and false positive alerts, enhancing intrusion detection accuracy and completeness. Each local agent aggregates/correlates events from its source according to a specific pattern matching. The integration of these correlation agents together forms a complete integrated correlation system.

The model has been implemented and tested using a set of datasets. Agent’s proposed models and algorithms have been implemented, analyzed, and evaluated to measure detection and correlation rates and reduction of false positive and false negative alerts.

In conclusion, DACM enhances both the accuracy and completeness of intrusion detection. DACM is flexible, upgradable, and platform independent. It decreases the audit load and the time cost required to obtain effective situational understanding; increases the coverage of the attack space and forensics; and improves the ability to distinguish the serious attack from the less important ones or identify the kind of needed reaction. DACM can also be used to enhance the early detection capability of APT. Finally, DACM can be used as a real time system with minor modifications. We think that this is a promising approach successfully combining correlation techniques with agent technology in intrusion detection systems in order to provide higher security for computer networks and internet services.

The smart power grid promises to improve efficiency and reliability of power delivery.  This report introduces the logical components, associated technologies, security protocols, and network designs of the system.  Undermining the potential benefits are security threats, and those threats related to cyber security are described in this report. Concentrating on the design of the smart meter and its communication links, this report describes the ZigBee technology and implementation, and the communication between the smart meter and the collector node, with emphasis on security attributes.  It was observed that many of the secure features are based on keys that must be maintained; therefore, secure key management techniques become the basis to securing the entire grid.  The descriptions of current key management techniques are delineated, highlighting their weaknesses.  Finally some initial research directions are outlined.

Cyber Physical Systems (CPS) are complex systems that operate in a dynamic environment where security characteristics of contexts are unique, and uniform access to secure resources anywhere anytime to mobile entities poses daunting challenges. To capture context parameters such as location and time in an access control policy for CPS, we propose a Generalized Spatio- Temporal RBAC (GST-RBAC) model. In this model spatial and temporal constraints are defined for role enabling, user-role assignment, role-permission assignment, role activation, separation of duty and role hierarchy. The inclusion of multiple types of constraints exposes the need of composing a policy which is verifiable for consistency. The second contribution in this paper is GST-RBAC policy specification and verification framework using light weight formal modeling language, Alloy. The analysis assists in consistency verification leading to conflict free composition of the actual policy for implementation for CPS.

Maximizing data usage and minimizing privacy risk are two conflicting goals. Organizations always hide the owners’ identities and then apply a set of transformations on their data before releasing it. While determining the best set of transformations has been the focus of extensive work in database community, most of this work suffered from one or two of the following major problems: scalability and privacy guarantee. To the best of our knowledge, none of the proposed scalable anonymization techniques provides privacy guarantees supported with well-formulated theoretical foundation. Differential privacy provides a theoretical formulation for privacy that ensures that the system behaves essentially the same way, regardless of whether any individual, or small group of individuals, are included in the database. In this paper, we address both scalability and privacy risk of data anonymization. We propose a scalable algorithm that meets differential privacy when applying a specific random sampling. The contribution of the paper is three-fold: (1) We prove that determining the optimal transformations is an NP-hard problem and propose a heuristic approximation based on genetic algorithms, (2) we propose a personalized anonymization technique based on Lagrangian formulation and prove that it could be solved in polynomial time, and (3) we prove that a variant of the proposed Lagrangian technique with specific sampling satisfies differential privacy. Through experimental studies we compare our proposed algorithm with other anonymization schemes in terms of both time and privacy risk. We show that the proposed algorithm is scalable. Moreover, we compare the performance of the proposed approximate algorithm with the optimal algorithm and show that the sacrifice in risk is outweighed by the gain in e±ciency.