As computing environments become both mobile and pervasive, the need for robust and flexible access control systems comes to the fore. Instead of relying simply on identity-based mechanisms or multi-level classifications, modern information systems must incorporate contextual factors into the access control decision. Examples of these factors include the user’s location at the time of the request, the unique instance of the hardware device, and the history of previous accesses.

Designing and implementing such contextual access control mechanisms requires addressing a number of interesting challenges. First, one must be able to determine when the required policy conditions are satisfied. For instance, in the realm of spatially aware access control, the system must be able to validate user’s claims to a particular location at a given time. Next, contextual mechanisms must be able to detect and react to changes in the environmental conditions, such as when a connection becomes disrupted.  Finally, the integrity of the execution environment must be ensured, despite the complexity of modern computing systems.

To address these challenges, we have examined the creation of trusted enforcement mechanisms that are built on a combination of secure hardware, cryptographic protocols, virtual machine monitors, and randomized execution environments. We have developed a number of prototypes using NFC, PUFs, VMMs, and a microkernel OS to demonstrate the feasibility of our approaches to a number of contextual settings. Our experimental evaluation and security analyses demonstrate that robust mechanisms can be deployed for a minimal amount of computational expense.

As mobile computing devices are becoming increasingly dominant in enterprise and government organizations, the need for fine-grained access control in these environments continues to grow.  Specifically, advanced forms of access control can be deployed to ensure authorized users can access sensitive resources only when in trusted locations. One technique that has been proposed is to augment role-based access control (RBAC) with spatial constraints.  In such a system, an authorized user must be in a designated location in order to exercise the privileges associated with a role. In this work, we extend spatially aware RBAC systems by defining the notion of proximity-based RBAC. In our approach, access control decisions are not based solely on the requesting user’s location. Instead, we also consider the location of other users in the system.  For instance, a policy in a government application could prevent access to a sensitive document if any civilians are present.  We introduce our spatial model and the notion of proximity constraints. We define the syntax and semantics for the Prox-RBAC language, which can be used to specify these policy constraints.  We introduce our enforcement architecture, including the protocols and algorithms for enforcing Prox-RBAC policies, and give a proof of functional correctness. Finally, we describe our work toward a Prox-RBAC prototype and present an informal security analysis.

In a distributed computing environment, remote devices must often be granted access to sensitive information. In such settings, it is desirable to restrict access only to known, trusted devices. While approaches based on public key infrastructure and trusted hardware can be used in many cases, there are settings for which these solutions are not practical. In this work, we define physically restricted access control to reflect the practice of binding access to devices based on their intrinsic properties. Our approach is based on the application of physically unclonable functions. We define and formally analyze protocols enforcing this policy, and present experimental results observed from developing a prototype implementation. Our results show that non-deterministic physical properties of devices can be used as a reliable authentication and access control factor.

Proposed models for spatially-aware extensions of role-based access control (RBAC) combine the administrative and security advantages of RBAC with the dynamic nature of mobile and pervasive computing systems. However, implementing systems that enforce these models poses a number of challenges. As a solution, we propose an architecture for designing such a system. The architecture is based on an enhanced RBAC model that supports location-based access control policies by incorporating spatial constraints.

Enforcing spatially-aware RBAC policies in a mobile environment requires addressing several challenges. First, one must guarantee the integrity of a user’s location during an access request. We adopt a proximity-based solution using Near-Field Communication (NFC) technology. The next challenge is to verify the user’s position continuously satisfies the location constraints. To capture these policy restrictions, we incorporate elements of the UCONABC usage control model in our architecture.In this work, we also propose a number of protocols, describe our prototype implementation, report the performance of our prototype, and evaluate the security guarantees.

The Internet has witnessed explosive growth over the last few decades, steadily evolving into a worldwide communication medium capable of supporting myriads of applications. While several efforts have been undertaken to improve the reliability of best-effort Internet communication, their adoption has been virtually nonexistent due to the lack of incentive for change and the presence of heterogeneous networks not controlled by a single entity. Moreover, the Internet structure is rapidly evolving into a flatter one composed of large organizations or clouds which hampers any efforts of retrofitting the existing Internet.

In this dissertation, we study two of the most important components of the Internet infrastructure, namely Routing and Domain Name System (DNS). We aim to find predictability in Internet routing, specifically the existence of Internet routes to prefixes, collection of IP addresses. We hypothesize that the Internet under Border Gateway Protocol (BGP), the de-facto interdomain routing protocol, while seemingly unpredictable, has a structure whereby prefix similarity can be exploited to successfully predict availability of Internet routes and route failures. We build data mining based prediction models using real-world routing data and find that this is indeed the case and the future availability of a prefix can be predicted by observing it for a limited time period and using the learned models. We also formulate BGP molecules which are the set of Internet prefixes that have similar propensity to become unreachable from portions of the Internet, i.e. to fail. We use these molecules in four failure prediction schemes, among which a hybrid scheme achieves 91% predictability of failures with 99.3% coverage of prefixes in the Internet.

We study how DNS as an Internet infrastructure has evolved by investigating cloud-based DNS, which is the result of moving DNS services to the cloud. We perform a case-study of a recently launched cloud-based DNS, namely Google external DNS. A novel technique for geolocating data centers of cloud providers is developed and used to show that a query to Google DNS may not be redirected to the geographically closest Google data center. We also study Akamai-hosted content retrieval through cloud-based DNS and find that the client perceives worse performance as compared to the use of local DNS to retrieve content. The reasons for this poor performance are investigated and we explore the design space of methods for cloud-based DNS systems to be used by clients retrieving content. Client-side, cloud-side, and hybrid approaches are presented and compared, with the goal of achieving the best client-perceived performance. Our work yields valuable insight into Akamai’s DNS system, revealing previously unknown features.

Finally, we present our vision of the evolution of the current Internet to the future cloud-based Internet, while specifying the lightning or interaction among clouds. We posit that while the cloud offers several advantages for hosting services, blindly using the cloud for every service can cause poor performance. Instead, a carefully balanced approach can usher a smooth transition from current Internet systems to the cloud-based Internet of tomorrow.

In the last decade, there have been radical changes in both the nature of the mechanisms used for Internet content distribution, and the type of content delivered. On the one hand, Peer-to-Peer (P2P) based content distribution has matured. On the other hand, there has been a tremendous growth in video traffic. The goal of this thesis is to characterize these emerging trends in content distribution and understand their implications for Internet Service Providers (ISP) and users. Such characterization is critical given the predominance of P2P and video traffic in the Internet today and can enable further evolution of content delivery systems in ways that benefit both providers and users.

In this thesis, we make the following contributions: (i) We develop novel methodologies to identify undesirable behavior of P2P systems, and expose the prevalence of such behavior; (ii) We characterize private P2P communities, and discuss the implications of our findings on recent research on localization of P2P traffic within an ISP; (iii) We shed light into the factors that govern the data-center selection for video delivery in geographically distributed settings by characterizing YouTube, the most popular video distribution network in the Internet.

A common thread underlying these contributions, and a distinguishing highlight of this thesis is the analysis of terabytes of traffic traces collected from the edge of multiple ISP and Campus networks located in different countries.

Configuring access control policies in mobile devices can be quite tedious and unintuitive for users. Software designers attempt to address this problem by setting up default policy configurations. But such global defaults may not be sensible for all users.  Modern smartphones are capable of sensing a variety of information about the surrounding environment like Bluetooth devices, WiFi access points, temperature, ambient light, sound and location coordinates. We claim that profiling this type of contextual information can be used to infer the familiarity and safety of a context and aid in access control decisions. We propose a context profiling framework and describe device locking as an example application where the locking timeout and unlocking method are dynamically decided based on the perceived safety of current context.  We report on using datasets from a large scale smartphone data collection campaign to select parameters for the context profiling framework.  We also describe a prototype implementation on a smartphone platform.

Attempting to gain a competitive advantage is the nature of most business research. However, Industrial espionage is disallowed and frowned upon. Competitive Intelligence is considered to be a lesser evil of Industrial Espionage. This paper discusses the differences between the two and examines the Competitive Intelligence industry. Within the Competitive Intelligence industry there are guidelines on successful and ethical methods for data gathering. The following is a sample of industry topics and methodology. Keywords: Industrial Espionage, Competitive Intelligence

The purpose of this study is to identify several areas of forensic interest within the Yahoo! Messenger application, which are of forensic significance. This study focuses on new areas of interest within the file structure of Windows Vista and Windows 7. One of the main issues with this topic is that little research has been previously conducted on the new Windows platforms. Previously conducted research indicates the evidence found on older file structures, such as Windows XP, as well as outdated versions of Yahoo! Messenger. Several differences were found within the Yahoo Messenger’s registry keys and directory structure on Windows Vista and Windows 7 as compared to Windows XP.

Security and privacy of complex systems is a concern due to proliferation of cyber based technologies. Several researchers have pointed out that for the proper enforcement of privacy rules in a complex system, the privacy requirements should be captured in access control systems. In this paper, we present a framework for composition and enforcement of context-aware rules for such systems. The focus of this paper is the design of a system to allow a user (not a system or security administrator) to compose conflict free access control policies for his or her on-line assets. An additional requirement in this case is that such a policy be context-aware. We also present a methodology for verifying the privacy rules to ensure correctness and logical consistency. The verification process is also used to ensure that sensitive security requirements are not violated when privacy rules are enforced.

Online Social Networks (OSNs) have become ubiquitous in the past few years, counting hundreds of millions of people as members. In this paper we show that the ease of accessing third party information by engineering OSN features, makes users vulnerable to infiltration attacks. Providing invaluable user context information, such attacks can become dangerous tools in the hands of spammers and phishers. Using a set of primitive attacks, we formalize a new infiltration attack called the 3-Clique attack. We design an automated attack system, iFriendU, to demonstrate the effectiveness of these attacks on more than 10,000 Facebook users. We show that the 3-Clique attack outperforms any existing attack by at least 75% in the number of users it can befriend. We propose a novel OSN security framework, called MORPH-x to defend against infiltration attacks. We show the effectiveness of our solution through extensive simulations on a large Facebook social graph. We prove its practicality by implementing MORPH-x as a web application and demonstrate user interest through a user study. We show that our solution imposes only negligible computing overheads on its users and succeeds in blocking the studied attacks in 93-98% of the cases.

Private searching on streaming data allows a user to collect potentially useful information from huge streaming sources of data without revealing his or her searching criteria. This technique can be used for airports, without knowing a classified “possible terrorists” list, to find if any of hundreds of passenger lists has a name from the “possible terrorists” list and if so his/hers itinerary. Current solutions for private searching on streaming data only support searching for “OR” of keywords or “AND” of two sets of keywords. In this paper, we extend the types of private queries to support searching on streaming data for an “OR” of a set of both single and conjunctive keywords. Our protocol is built on Boneh et al.’s result for the evaluation of 2-DNF formulas on ciphertexts. The size of our encrypted dictionary is O(|D|) only, which is much less than 〖|D|〗^2, the size of the encrypted dictionary if conjunctive keywords (A_i,B_i) (i=1,2,…,k) is treated as single keyword, where we assume A_i,B_i∈D (i=1,2,…,k).

The current study was the first to analyze the relationship among psychological characteristics, personality, and the types of images preferred or collected by self- reported consumers of Internet child pornography. This study had 4 specific aims: (1) to explore the personality differences between self-reported consumers and non-consumers of Internet child pornography, (2) to examine whether the self-reported male and female consumers of Internet child pornography exhibit different personality characteristics and traits from the non-consumers, (3) to assess the types of images preferred by the self- reported consumers of Internet child pornography, and (4) to determine whether or not there was a predictive relationship between the personality characteristics and the types of images preferred by the self-reported child pornography consumers. This study was conducted electronically using an Internet-based survey, which targeted respondents from the United States, United Kingdom, Australia, and Canada. By targeting current permanent residents from these countries, the study ensured the respondents were from countries where the possession, distribution, and production of Internet child pornography was illegal. Results suggested the self-reported child pornography users in xi this sample were more trusting (less suspicious) and compliant (less oppositional) whereas the respondents who did not self-report child pornography use were more suspicious (less trusting) and oppositional (less compliant). Second, the male consumers of child pornography were less likely to make moral decisions based on social values (e.g., societal norms, laws) compared to the female consumers of Internet-child pornography. Third, those individuals who engaged in more Internet child pornography behaviors were more social, unconventional, and followed a different moral compass (i.e., do not make decisions based on moral beliefs). Finally, with regard to image content, the results suggested the self-reported child pornography users in this sample might prefer different types of child pornography. Overall, Internet-based research designs assessing the relationship between psychology constructs and Internet child pornography use was possible, but this type of research was not without limitations.

An operating system kernel is the core of system software which is responsible for the integrity and operations of a conventional computer system. Authors of malicious software (malware) have been continuously exploring various attack vectors to tamper with the kernel. Traditional malware detection approaches have focused on the codecentric aspects of malicious programs, such as the injection of unauthorized code or the control flow patterns of malware programs. However, in response to these malware detection strategies, modern malware is employing advanced techniques such as reusing existing code or obfuscating malware code to circumvent detection. In this dissertation, we offer a new perspective to malware detection that is different from the code-centric approaches. We propose the data-centric malware defense architecture (DMDA), which models and detects malware behavior by using the properties of the kernel data objects targeted during malware attacks. This architecture employs external monitoring wherein the monitor resides outside the monitored kernel to ensure tamper-resistance. It consists of two core system components that enable inspection of the kernel data properties. First, an external monitor has a challenging task in identifying the data object information of the monitored kernel. We designed a runtime kernel object mapping system which has two novel characteristics: (1) an un-tampered view of data objects resistant to memory manipulation and (2) a temporal view capturing the allocation context of dynamic memory. We demonstrate the effectiveness of these views by detecting a class of malware that hides dynamic data objects. Also, we present our analysis of malware attack behavior targeting dynamic kernel objects. Second, in addition to the mapping of kernel objects, we present a new kernel malware characterization approach based on kernel memory access patterns. This approach generates signatures of malware by extracting recurring data access patterns specific to malware attacks. Moreover, each memory pattern in the signature represents abstract data behavior; therefore, it can expose common data behavior among malware variants. Our experiments demonstrate the effectiveness of these signatures in the detection of not only malware with signatures but also malware variants that share memory access patterns. Our results utilizing these approaches in the defense against kernel rootkits demonstrate that the DMDA can be an effective solution that complements code-centric approaches in kernel malware defense.

The Web is an important resource for health information. Pew’s Internet and American Life Project found 62% of adult Web users looking for health-related information on health social networks. However, the National Survey on Identity and Privacy in Social Media by The Ponemon Institute reported that about 56% of adult users were anxious about the privacy of their personal information on social networks. This study examines the privacy policies of 35 online social network sites selected based on the U.S. users’ traffic. The objectives of this research are to determine the extent to which privacy policies of online health social networks comply with the principles of Fair Information Practice (FIP) and to evaluate the readability and accessibility of policies. To measure the readability of the policy statements, the Flesch Reading Ease Score and Flesch Kincaid Grade Level score metrics are used. The findings indicate that 9% of the websites in the sample had no privacy policy posted, and only about 26% of the websites in the sample fully complied with the FIP. The findings show that compliance with the FIP principles is poor, and confirm that most policies require a reading skill higher than the Internet population’s average literacy level.