Secure routing and data aggregation for infrastructureless wireless networks without persistent cryptographic operations

Dreef, Dennis Sebastian

08 January 2010

Nodes in infrastructureless wireless networks usually have only limited energy and pose new security challenges. since traditional cryptographic operations have a high energy cost. In this thesis, new security solutions are presented to avoid using costly cryptographic operations. Two secure problems are investigated: the first is secure routing: the other is secure data aggregation. For the first problem, a randomized algorithm is proposed to defend against malicious attackers wishing to disrupt routing in wireless ad-hoc networks. For the second problem, a solution is proposed to leverage the broadcast nature of wireless medium and use a special aggregation topology, namely a clique tree, for data integrity in wireless sensor networks. With analysis and performance evaluation, both solutions are demonstrably lightweight with acceptable security features.

wireless communication systems

security measures

Legal aspects of aviation risk management

Leloudas, Georgios

January 2003

The thesis in the first part examines the notion of risk and describes the process of risk management with emphasis on the identification of emerging threats to civil aviation and on the adoption of new risk handling techniques. / In the second part, the role of law into the airlines' management regime is examined especially in the light of two prima facie conflicting trends: liberalization of market access and increased State involvement in war risk, safety and security issues. Furthermore, the contractual and tortious/delictual exposures of airlines are being scrutinized and the ways to handle them are being analyzed. / The main objectives are (i) to demonstrate that risk management is not restricted to insurance, but involves a number of techniques and procedures that have the potential not only to minimize risk but also to turn risk into opportunity and value and (ii) to identify the role of law as a management tool in the oncoming liberalized aviation environment.

Architectural support for autonomic protection against stealth by rootkit exploits

Vasisht, Vikas R.

19 November 2008

Operating system security has become a growing concern these days. As the complexity of software layers increases, the vulnerabilities that can be exploited by adversaries increases. Rootkits are gaining much attention these days in cyber-security. Rootkits are installed by an adversary after he/she gains elevated access to the computer system. Rootkits are used to maintain a consistent undetectable presence in the computer system and help as a toolkit to hide all the malware activities from the system administrator and anti-malware tools. Current defense mechanism used to prevent such activities is to strengthen the OS kernel and fix the known vulnerabilities. Software tools are developed at the OS or virtual machine monitor (VMM) levels to monitor the integrity of the kernel and try to catch any suspicious activity after infection. Recognizing the failure of software techniques and attempting to solve the endless war between the anti-rootkit and rootkit camps, in this thesis, we propose an autonomic architecture called SHARK, or Secure Hardware support Against RootKits. This new hardware architecture provides system-level security against the stealth activities of rootkits without trusting the entire software stack. It enhances the relationship of the OS and hardware and rules out the possibility of any hidden activity even when the OS is completely compromised. SHARK proposes a novel hardware manager that provides secure association with every software context making use of hardware resources. It helps system administrators to obtain feedback directly from the hardware to reveal all running processes. This direct feedback makes it impossible for rootkits to conceal running software contexts from the system administrator. We emulated the proposed architecture SHARK by using Bochs hardware simulator and a modified Linux kernel version 2.6.16.33 for the proposed architectural extension. In our emulated environment, we installed several real rootkits to compromise the kernel and concealed malware processes. SHARK is shown to be very effective in defending against a variety of rootkits employing different software schemes. Also, we performed performance analysis using SIMICS simulations and the results show a negligible overhead, making the proposed solution very practical.

Kernel security

Rootkits

Hardware

Computer security

Computer architecture

Self-stabilization (Computer science)

Computer networks--Security measures

Acquisition and diffusion of technology innovation

Ransbotham, Samuel B., III

31 March 2008

In the first essay, I examine value created through external acquisition of nascent technology innovation. External acquisition of new technology is a growing trend in the innovation process, particularly in high technology industries, as firms complement internal efforts with aggressive acquisition programs. Yet, despite its importance, there is little empirical research on the timing of acquisition decisions in high technology environments. I examine the impact of target age on value created for the buyer. Applying an event study methodology to technology acquisitions in the telecommunications industry from 1995 to 2001, empirical evidence supports acquiring early in the face of uncertainty. The equity markets reward the acquisition of younger companies. In sharp contrast to the first essay, the second essay examines the diffusion of negative innovations. While destruction can be creative, certainly not all destruction is creative. Some is just destruction. I examine two fundamentally different paths to information security compromise an opportunistic path and a deliberate path. Through a grounded approach using interviews, observations, and secondary data, I advance a model of the information security compromise process. Using one year of alert data from intrusion detection devices, empirical analysis provides evidence that these paths follow two distinct, but interrelated diffusion patterns. Although distinct, I find empirical evidence that these paths both converge and escalate. Beyond the specific findings in the Internet security context, the study leads to a richer understanding of the diffusion of negative technological innovation. In the third essay, I build on the second essay by examining the effectiveness of reward-based mechanisms in restricting the diffusion of negative innovations. Concerns have been raised that reward-based private infomediaries introduce information leakage which decreases social welfare. Using two years of alert data, I find evidence of their effectiveness despite any leakage which may be occurring. While reward-based disclosures are just as likely to be exploited as non-reward-baed disclosures, exploits from reward-based disclosures are less likely to occur in the first week after disclosure. Further the overall volume of alerts is reduced. This research helps determine the effectiveness of reward mechanisms and provides guidance for security policy makers.

Security

Innovation

Technological innovations

Diffusion of innovations

Malware (Computer software)

Commercial crimes

Computer networks Security measures

Incorporating security into the transportation planning process

Denny, Brandon

17 March 2009

The transportation system is an important network established to ensure the mobility of people and goods between destinations. In addition, it also serves a vital role in responding to disasters, and therefore deserves special attention when those disasters threaten to decrease its support capability. The task of securing a transportation system consisting of multiple interconnected assets is a complex responsibility. As an owner and operator of major transportation infrastructure, state Departments of Transportation (DOTs) have a vested interest in ensuring this balance and represent an important mediator between federal and local interests, assuming nine key security planning roles in their traditional transportation planning duties: Coordinator, Analyzer/Planner, Financial Administrator, Infrastructure Owner, Infrastructure Operator, Implementer, Regulator, Information Provider, and Influencer. Through their internal vulnerability assessments, the departments already perform a vital security planning function that can support their own planning efforts as well as others. Incorporating security into the transportation planning process requires modification as feedback of implementation methods is received. It does not mean transforming the DOT into a security agency, but rather incorporating a security perspective into the analysis of the system. This first involves establishing a more solid role as a coordinator in order to solidify vital linkages between agencies relevant to security planning. This interaction should reveal standardization issues the DOT can address in order to ensure effective collaboration, communication and coordination. Funding security measures may be difficult; but by incorporating security measures into initial analyzation and planning processes, they can be brought into the broader concept of the system rather than simply added as additional funding needs. The nine roles suggested earlier offer opportunities for state DOTs to overcome these and other challenges faced in the process of incorporating security into the transportation planning process. Through these roles, state DOTs can ensure that security efforts reach the parts of the system that require them and begin to build a more secure system.

Transportation

Department of Transportation

Transportation Security

Vulnerability assessment

Transportation Planning

Transportation Security measures

Framework for botnet emulation and analysis

Lee, Christopher Patrick

12 March 2009

Criminals use the anonymity and pervasiveness of the Internet to commit fraud, extortion, and theft. Botnets are used as the primary tool for this criminal activity. Botnets allow criminals to accumulate and covertly control multiple Internet-connected computers. They use this network of controlled computers to flood networks with traffic from multiple sources, send spam, spread infection, spy on users, commit click fraud, run adware, and host phishing sites. This presents serious privacy risks and financial burdens to businesses and individuals. Furthermore, all indicators show that the problem is worsening because the research and development cycle of the criminal industry is faster than that of security research. To enable researchers to measure botnet connection models and counter-measures, a flexible, rapidly augmentable framework for creating test botnets is provided. This botnet framework, written in the Ruby language, enables researchers to run a botnet on a closed network and to rapidly implement new communication, spreading, control, and attack mechanisms for study. This is a significant improvement over augmenting C++ code-bases for the most popular botnets, Agobot and SDBot. Rubot allows researchers to implement new threats and their corresponding defenses before the criminal industry can. The Rubot experiment framework includes models for some of the latest trends in botnet operation such as peer-to-peer based control, fast-flux DNS, and periodic updates. Our approach implements the key network features from existing botnets and provides the required infrastructure to run the botnet in a closed environment.

Simulation

Simulators

Emulation

Spam

DDoS

Information security

Botnets

Network security

Computer networks Security measures

Computer crimes

Contingency planning models for Government agencies

January 1996

This report describes a research study into the current situation within Federal, State Government and selected private sector agencies, assessing contingency plans for Information Systems and suggests models for state-wide planning against Information Systems disasters. Following a brief look at various phases of contingency plan development, the study looks into the factors that prompt organisations to prepare contingency plans. The project involved a survey of current Information Systems contingency plans in the government agencies in the states of Victoria, Western Australia, South Australia, New South Wales and in the Australian Capital Territory. It also included two major banks, an insurance company and two computer services bureaux in the private sector within New South Wales. The survey determined that particular factors play important roles in the decision by organisations to commence contingency planning. These include actual disaster experience, senior management support, auditor's comments, legal requirements, risk analysis and business impact study, economic considerations, insurance requirements, contract commitment, new staff and introduction of new hardware and software. The critical success factors in contingency planning include regular maintenance and testing of the plan. The project also discusses the current contingency planning environment within New South Wales Government agencies and suggests cost-effective models for state-wide adoption.

Information resources management

Security measures

Emergency management

Business enterprises

Computer networks

Administrative agencies

Australia

Knowledge based anomaly detection

Prayote, Akara, Computer Science & Engineering, Faculty of Engineering, UNSW

January 2007

Traffic anomaly detection is a standard task for network administrators, who with experience can generally differentiate anomalous traffic from normal traffic. Many approaches have been proposed to automate this task. Most of them attempt to develop a sufficiently sophisticated model to represent the full range of normal traffic behaviour. There are significant disadvantages to this approach. Firstly, a large amount of training data for all acceptable traffic patterns is required to train the model. For example, it can be perfectly obvious to an administrator how traffic changes on public holidays, but very difficult, if not impossible, for a general model to learn to cover such irregular or ad-hoc situations. In contrast, in the proposed method, a number of models are gradually created to cover a variety of seen patterns, while in use. Each model covers a specific region in the problem space. Any novel or ad-hoc patterns can be covered easily. The underlying technique is a knowledge acquisition approach named Ripple Down Rules. In essence we use Ripple Down Rules to partition a domain, and add new partitions as new situations are identified. Within each supposedly homogeneous partition we use fairly simple statistical techniques to identify anomalous data. The special feature of these statistics is that they are reasonably robust with small amounts of data. This critical situation occurs whenever a new partition is added. We have developed a two knowledge base approach. One knowledge base partitions the domain. Within each domain statistics are accumulated on a number of different parameters. The resultant data are passed to a knowledge base which decides whether enough parameters are anomalous to raise an alarm. We evaluated the approach on real network data. The results compare favourably with other techniques, but with the advantage that the RDR approach allows new patterns of use to be rapidly added to the model. We also used the approach to extend previous work on prudent expert systems - expert systems that warn when a case is outside its range of experience. Of particular significance we were able to reduce the false positive to about 5%.

Computer networks -- Security measures.

Computer networks -- Access control.

Computer security.

Data protection.

Architectural support for autonomic protection against stealth by rootkit exploits

Vasisht, Vikas R..

January 2008

Thesis (M. S.)--Electrical and Computer Engineering, Georgia Institute of Technology, 2009. / Committee Chair: Lee, Hsien-Hsin; Committee Member: Blough, Douglas; Committee Member: Copeland, John. Part of the SMARTech Electronic Thesis and Dissertation Collection.

Automatic identification and removal of low quality online information

Webb, Steve.

January 2008

Thesis (Ph.D)--Computing, Georgia Institute of Technology, 2009. / Committee Chair: Pu, Calton; Committee Member: Ahamad, Mustaque; Committee Member: Feamster, Nick; Committee Member: Liu, Ling; Committee Member: Wu, Shyhtsun Felix. Part of the SMARTech Electronic Thesis and Dissertation Collection.