Secure data sharing in multi-party environments such as cloud computing requires that both authenticity and confidentiality of the data be assured. Digital signature schemes are commonly employed for authentication of data. However, no such technique exists for directed graphs, even though such graphs are one of the most widely used data organization structures.  Existing schemes for DAGs are authenticity-preserving but {\em not} confidentiality-preserving, and lead to leakage of sensitive information during authentication.

In this paper, we propose two schemes on how to {\em authenticate} DAGs and directed cyclic graphs {\em without leaking}, which are the first such schemes in the literature. It is based on the structure of the graph as defined by depth-first graph traversals and aggregate signatures.  Graphs are structurally different from trees in that they have four types of edges: tree, forward, cross, and back-edges in a depth-first traversal. The fact that an edge is a forward, cross or a back-edge conveys information that is sensitive in several contexts. Moreover, back-edges pose a more difficult problem than the one posed by forward, and cross-edges primarily because back-edges add bidirectional properties to graphs. We prove that the proposed technique is {\em both} authenticity-preserving and non-leaking. While providing such strong security properties, our scheme is also efficient, as supported by the performance results.

In this paper, we address the problem of how to authenticate sub-trees (sub-graphs) without leakage of information. Previous schemes for tree (graph)-organized data, such as XML documents, authenticate information recorded in tree (graph)  nodes, but leak structural information that the data receiver is not entitled to access.

This is often unacceptable, as the value of a tree (graph)-organized data is not only in the contents of the tree (graph) nodes but also in the tree (graph) structure (such as in healthcare and military data). A possible approach would be to store a pre-signed hash for each subset of the tree (graph). Such an approach is however not suitable even for moderate-size trees (graphs) because of the exponential number of such subsets. This paper proposes authentication schemes for trees and graphs (with or without cycles). The schemes are provably secure and efficient in that the number of signatures computed for trees is \bigoh and for graphs is \bigoh, where $m$ is the number of nodes. The schemes are highly scalable - they accommodate trees and graphs with high branching factors and extremely large numbers of nodes, such as in the order of millions. The efficiency is corroborated by our experimental results. Branching factors of 100 and 300 (which result in trees with nodes as many as 1 million and 27 millions, respectively, with the height being 3) are handled by the proposed schemes quite efficiently. We also describe how our scheme for graphs can be used to authenticate forests without leaking.

The rapid growth of communication environments such as the Internet has spurred the development of a wide range of systems and applications based on peer-to-peer ideologies.  As these applications continue to evolve, there is an increasing effort towards improving their overall performance.  This effort has led to the incorporation of measurement-based adaptivity mechanisms and network awareness into peer-to-peer applications, which can greatly increase peer-to-peer performance and dependability.  Unfortunately, these mechanisms are often vulnerable to attack, making the entire solution less suitable for real-world deployment. In this dissertation, we study how to create robust systems components for adaptivity, network awareness, and responding to identified threats.  These components can form the basis for creating efficient, high-performance, and resilient peer-to-peer systems.

In this information age, data and knowledge extracted by data mining techniques represent a key asset driving research, innovation, and policy-making activities. Many agencies and organizations have recognized the need of accelerating such trends and are therefore willing to release the data they collected to other parties, for purposes such as research and the formulation of public policies. However the data publication processes are today still very difficult. Data often contains personally identifiable information and therefore releasing such data may result in privacy breaches; this is the case for the examples of microdata, e.g., census data and medical data.

This thesis studies how we can publish and share microdata in a privacy-preserving manner. We present an extensive study of this problem along three dimensions: (1) designing a simple, intuitive, and robust privacy model; (2) designing an effective anonymization technique that works on sparse and high-dimensional data; and (3) developing a methodology for evaluating privacy and utility tradeoff.

Security of 802.11x wireless encryption standards are increasingly coming under scrutiny as compared to other security protocols and standards. The attacks on 802.11x wireless security protocols are exacerbated by the ease with which attackers can monitor radio signals and passively capture packets as compared to LAN or other physical networks. The intent of this research is to analyze the feasibility of designing a wireless authentication protocol, which is secure against dictionary attacks, for home networks and small wireless networks without using PKI or transport layer security. The research focuses mainly on pre-shared key authentication mechanisms in order to reduce the overhead of directory servers or radius based authentication mechanisms.

Wireless routers are common in the typical home and are becoming more so every year. While wireless networks can be convenient and provide many benefits they also have the potential to be insecure and vulnerable. Statistics show that a large percentage of wireless routers use weak or no encryption and many wireless routers still use their default password. This research analyzed the security of wireless routers, specifically the security of a standard Linksys wireless router. The research focused on CSRF attacks and the possibility for an attacker to modify a wireless router through such attacks. The results of the research were significant. Proof of concept code is provided that demonstrates a variety of different types of attacks that enable an attacker to modify a wireless router in order to gain complete and persistent control of the device.

Availability is not often a primary concern for frameworks meant to provide security. Poly^2 is one such framework. It provides us with a hardened foundation based on secure design principles to run mission-critical services. While, the primary focus of Poly^2 till now seems to have been fault isolation, we will now attempt to add recovery as well. However, current techniques may compromise the security principles on which the framework was originally built. We propose a hybrid system based on two popular techniques to rectify the same.

Detecting web application attacks is a task performed by many systems. An example of such a system is the open source tool NoScript, which will be discussed at various points in this work. Among these attacks, cross site scripting is a focus of this study, mainly due to the levels of concern related to it. The primary goal of this research is to analyze how efficiently a cross-site scripting attack once detected can be logged. Logging the attack has benefits from a Cyberforensics point of view. This work analyzes related efforts and the benefits of implementing such functionality. It was found that for the test system analyzed, there was an additional overhead. This overhead, though, was seen to be within acceptable limits defined in Usability Engineering literatures.

There have been tremendous efforts and many technical innovations in supporting real-time video streaming in the past two decades, but cost-effective large-scale video broadcast has remained an elusive goal. IP multicast represented the earlier attempt to tackle this problem, but failed largely due to concerns regarding scalability, deployment, and support for higher level functionality. Recently, peer-to-peer based broadcast has emerged as a promising technique, which has been shown to be cost effective and easy to deploy. This new paradigm brings a number of unique advantages such as scalability, resilience and also effectiveness in coping with dynamics and heterogeneity. While peer-to-peer applications such as file download and voice over IP have gained tremendous popularity, video broadcast is still in its early stages and its full potential remains to be seen. This article reviews the state-of-the-art of peer-to-peer Internet video broadcast technologies. We describe the basic taxonomy of peer-to-peer broadcast and summarize the major issues associated with the design of broadcast overlays. We closely examine two approaches, namely, tree-based and data-driven, and discuss their fundamental trade-off and potential for large-scale deployment. Finally, we outline the key challenges and open problems, and highlight possible avenues for future directions.

Federated text search provides a unified search interface for multiple search engines of distributed text information sources. Resource selection is an important component for federated text search, which selects a small number of information sources that contain the largest number of relevant documents for a user query. Most prior research of resource selection focused on selecting information sources by analyzing static information of available information sources that is sampled in the offline manner. On the other hand, most prior research ignored a large amount of valuable information like the results from past queries.

This paper proposes a new resource selection technique (which is called qSim) that utilizes the search results of past queries for estimating the utilities of available information sources for a specific user query. Experiment results demonstrate the effectiveness of the new resource selection algorithm.

Secure collaborative applications currently enabled by the Internet need flexible and efficient mechanisms for managing and distributing group keys.  The secure transmission of information among collaborating users should be efficient as well as flexible in order to support access control models with different granularity levels for different kinds of applications such as secure group communication, secure dynamic conferencing,  and selective/hierarchical access control disseminated information. In this paper, we propose the first provably secure broadcast Group Key Management (BGKM) scheme where each user in a group shares a secret with the trusted key server and the subsequent rekeying for join or departure of users requires only one broadcast message. Our scheme satisfies all the requirements laid down for an effective GKM scheme and requires no change to secret shares existing users possess. We analyze the security of our BGKM scheme and compare it with the existing BGKM schemes which are mostly ad-hoc.

Dynamic kernel memory is difficult to analyze due to its volatile status; numerous kernel objects are frequently allocated or freed in a kernel’s heap, and their data types are missing in the memory systems of current commodity operating systems. Since the majority of kernel data is stored dynamically, this memory has been a favorite target of many malicious software and kernel bugs. In order to analyze dynamic kernel memory, a global technique that systematically translates a given memory address into a data type is essential. Previous approaches had a limited focus in the analysis of either a malware’s execution or a snapshot of kernel memory. We present here a new memory interpretation system called LiveDM that can automatically translate dynamic kernel memory addresses into data types. This system enables the accurate memory analysis of the entire kernel execution, ranging from malware activity to legitimate kernel code execution, over a period of time beyond the instant of a snapshot by using these two novel techniques. (1) The system identifies an individual dynamic kernel object with its systematically-determined runtime identifier that points to the code where the object is allocated. (2) The data type then can be automatically extracted from the code using static code analysis offline. We have implemented a prototype of LiveDM that supports three Linux kernels where LiveDM dynamically tracks tens of thousands of dynamic kernel memory objects that can be accurately translated into data types in the offline process. We have evaluated and validated its general applicability and effectiveness in extensive case studies of kernel malware analysis and kernel debugging.