Pub Date : 2006-06-21DOI: 10.1109/IAW.2006.1652076
Ashish Garg, Ragini Rahalkar, Shambhu Upadhyaya, Kevin Kwiat
Masquerading or impersonation attack refers to the illegitimate activity on a computer system when one user impersonates another user. Masquerade attacks are serious in nature due to the fact that they are mostly carried by insiders and thus are extremely difficult to detect. Detection of these attacks is done by monitoring significant changes in user's behavior based on his/her profile. Currently, such profiles are based mostly on the user command line data and do not represent his/her complete behavior in a graphical user interface (GUI) based system and hence are not sufficient to quickly detect such masquerade attacks. In this paper, we present a new framework for creating a unique feature set for user behavior on GUI based systems. We have collected real user behavior data from live systems and extracted parameters to construct these feature vectors. These vectors contain user information such as mouse speed, distance, angles and amount of clicks during a user session. We model our technique of user identification and masquerade detection as a binary classification problem and use support vector machine (SVM) to learn and classify these feature vectors. We show that our technique can provide detection rates of up to 96% with few false positives based on these feature vectors. We have tested our technique with various feature vector parameters and conclude that these feature vectors can provide unique and comprehensive user behavior information and are powerful enough to detect masqueraders
{"title":"Profiling Users in GUI Based Systems for Masquerade Detection","authors":"Ashish Garg, Ragini Rahalkar, Shambhu Upadhyaya, Kevin Kwiat","doi":"10.1109/IAW.2006.1652076","DOIUrl":"https://doi.org/10.1109/IAW.2006.1652076","url":null,"abstract":"Masquerading or impersonation attack refers to the illegitimate activity on a computer system when one user impersonates another user. Masquerade attacks are serious in nature due to the fact that they are mostly carried by insiders and thus are extremely difficult to detect. Detection of these attacks is done by monitoring significant changes in user's behavior based on his/her profile. Currently, such profiles are based mostly on the user command line data and do not represent his/her complete behavior in a graphical user interface (GUI) based system and hence are not sufficient to quickly detect such masquerade attacks. In this paper, we present a new framework for creating a unique feature set for user behavior on GUI based systems. We have collected real user behavior data from live systems and extracted parameters to construct these feature vectors. These vectors contain user information such as mouse speed, distance, angles and amount of clicks during a user session. We model our technique of user identification and masquerade detection as a binary classification problem and use support vector machine (SVM) to learn and classify these feature vectors. We show that our technique can provide detection rates of up to 96% with few false positives based on these feature vectors. We have tested our technique with various feature vector parameters and conclude that these feature vectors can provide unique and comprehensive user behavior information and are powerful enough to detect masqueraders","PeriodicalId":326306,"journal":{"name":"2006 IEEE Information Assurance Workshop","volume":"50 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126096882","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2006-06-21DOI: 10.1109/IAW.2006.1652112
Erika Johansson, Mats Persson
This paper describes a test bed for assessment of computer network operations (CNO) and electronic warfare (EW) against wireless ad hoc networks. The test bed allows real applications to exchange real traffic over the emulated wireless network. Examples of test bed use are presented, along with some initial results
{"title":"Test Bed for Assessment of CNO and EW Against Emulated Wireless Ad Hoc Networks","authors":"Erika Johansson, Mats Persson","doi":"10.1109/IAW.2006.1652112","DOIUrl":"https://doi.org/10.1109/IAW.2006.1652112","url":null,"abstract":"This paper describes a test bed for assessment of computer network operations (CNO) and electronic warfare (EW) against wireless ad hoc networks. The test bed allows real applications to exchange real traffic over the emulated wireless network. Examples of test bed use are presented, along with some initial results","PeriodicalId":326306,"journal":{"name":"2006 IEEE Information Assurance Workshop","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123625368","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2006-06-21DOI: 10.1109/IAW.2006.1652124
A. Desoky, A. Ashikhmin
Cryptography software system (CSS) is a set of tools to simulate and analyze a number of cryptography algorithms. It is written using Microsoft C# programming language and has a user friendly GUI. Arithmetic operations for encryption and decryption are in GF(28 ) and the analysis provides the user with the basic statistics of data before and after the application of the selected cryptography algorithm. Along with the implementation of five cryptography algorithms (affine, Vigenere, linear-feedback-shift-register, one-time-pad, and weighted sum), CSS is built modularly and the ability to add more algorithms is a definite advantage
{"title":"Cryptography Software System using Galois Field Arithmetic","authors":"A. Desoky, A. Ashikhmin","doi":"10.1109/IAW.2006.1652124","DOIUrl":"https://doi.org/10.1109/IAW.2006.1652124","url":null,"abstract":"Cryptography software system (CSS) is a set of tools to simulate and analyze a number of cryptography algorithms. It is written using Microsoft C# programming language and has a user friendly GUI. Arithmetic operations for encryption and decryption are in GF(28 ) and the analysis provides the user with the basic statistics of data before and after the application of the selected cryptography algorithm. Along with the implementation of five cryptography algorithms (affine, Vigenere, linear-feedback-shift-register, one-time-pad, and weighted sum), CSS is built modularly and the ability to add more algorithms is a definite advantage","PeriodicalId":326306,"journal":{"name":"2006 IEEE Information Assurance Workshop","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121771292","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2006-06-21DOI: 10.1109/IAW.2006.1652096
S. Wolthusen
Modern GIS systems increasingly rely on server-side rendering and Web services for the rendering of geographical and application-specific data for both efficiency and security reasons since the underlying data sets for critical infrastructures and emergency operations are typically extremely sensitive. Given that display devices can be spread in the field on mobile devices, the ability to track and trace leaking and misuse of visualization data is of critical importance. In this paper we describe a technique to insert robust steganographic markings into the rendering process for GIS data based on context-sensitive texture adaptation along with a system architecture for marking and tracing GIS service data over a standards-based communication channel
{"title":"Secure Visualization of GIS Data","authors":"S. Wolthusen","doi":"10.1109/IAW.2006.1652096","DOIUrl":"https://doi.org/10.1109/IAW.2006.1652096","url":null,"abstract":"Modern GIS systems increasingly rely on server-side rendering and Web services for the rendering of geographical and application-specific data for both efficiency and security reasons since the underlying data sets for critical infrastructures and emergency operations are typically extremely sensitive. Given that display devices can be spread in the field on mobile devices, the ability to track and trace leaking and misuse of visualization data is of critical importance. In this paper we describe a technique to insert robust steganographic markings into the rendering process for GIS data based on context-sensitive texture adaptation along with a system architecture for marking and tracing GIS service data over a standards-based communication channel","PeriodicalId":326306,"journal":{"name":"2006 IEEE Information Assurance Workshop","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124877923","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2006-06-21DOI: 10.1109/IAW.2006.1652097
R. Stapleton-Gray, S. Gorton
There is a need to convey information on sensitive networks and systems, specifically, those carrying classified information, to researchers lacking clearances. Sanitization or use of analogs allows for uncleared researchers to make contributions, but as detail is removed, data may become less useful. A number of approaches to feeding research with relevant data are described, including creation of realistic traffic from a national intelligence community network, and recommendations made for improving current practices
{"title":"Rendering the Elephant: Characterizing Sensitive Networks for an Uncleared Audience","authors":"R. Stapleton-Gray, S. Gorton","doi":"10.1109/IAW.2006.1652097","DOIUrl":"https://doi.org/10.1109/IAW.2006.1652097","url":null,"abstract":"There is a need to convey information on sensitive networks and systems, specifically, those carrying classified information, to researchers lacking clearances. Sanitization or use of analogs allows for uncleared researchers to make contributions, but as detail is removed, data may become less useful. A number of approaches to feeding research with relevant data are described, including creation of realistic traffic from a national intelligence community network, and recommendations made for improving current practices","PeriodicalId":326306,"journal":{"name":"2006 IEEE Information Assurance Workshop","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130408568","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2006-06-21DOI: 10.1109/IAW.2006.1652102
Cungang Yang, Jie Xiao
Sensor networks are often deployed in unattended environment, thus leaving those networks vulnerable to false data injection attacks. Attackers often inject false data into the network in order to deceive the base station or deplete the resource and the energy of the relaying nodes. The existing authentication mechanisms cannot prevent this kind of attack after an amount of sensor nodes have been compromised. Pairwise key establishment is a fundamental security in wireless sensor networks, which makes it possible that sensor nodes can communicate securely one another using cryptographic techniques. However, the limited resource and energy of sensor nodes are not feasible to use such traditional key management techniques as public/private cryptography and key distribution center (KDC). In this paper, we present a novel key management and data authentication technique that pass sensing data securely and filter false data out on its way to base station. The framework of our design is to divide sensing area into a number of location cells and a group of local cells consist of a logical cell, where, pairwise key between two sensor nodes is established according to the grid-based bivariate polynomials. The established pairwise key is included in the message authentication code (MAC) and is forwarded several hops down to the base station for data authentication. Our result shows that this location scheme and data authentication method decreases communication overhead, avoids t-tolerance, and filters bogus report in wireless sensor networks
{"title":"Location-Based Pairwise Key Establishment and Data Authentication for Wireless Sensor Networks","authors":"Cungang Yang, Jie Xiao","doi":"10.1109/IAW.2006.1652102","DOIUrl":"https://doi.org/10.1109/IAW.2006.1652102","url":null,"abstract":"Sensor networks are often deployed in unattended environment, thus leaving those networks vulnerable to false data injection attacks. Attackers often inject false data into the network in order to deceive the base station or deplete the resource and the energy of the relaying nodes. The existing authentication mechanisms cannot prevent this kind of attack after an amount of sensor nodes have been compromised. Pairwise key establishment is a fundamental security in wireless sensor networks, which makes it possible that sensor nodes can communicate securely one another using cryptographic techniques. However, the limited resource and energy of sensor nodes are not feasible to use such traditional key management techniques as public/private cryptography and key distribution center (KDC). In this paper, we present a novel key management and data authentication technique that pass sensing data securely and filter false data out on its way to base station. The framework of our design is to divide sensing area into a number of location cells and a group of local cells consist of a logical cell, where, pairwise key between two sensor nodes is established according to the grid-based bivariate polynomials. The established pairwise key is included in the message authentication code (MAC) and is forwarded several hops down to the base station for data authentication. Our result shows that this location scheme and data authentication method decreases communication overhead, avoids t-tolerance, and filters bogus report in wireless sensor networks","PeriodicalId":326306,"journal":{"name":"2006 IEEE Information Assurance Workshop","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129567150","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2006-06-21DOI: 10.1109/IAW.2006.1652081
D. Yao, R. Tamassia
We introduce a decentralized trust management model called anonymous role-based cascaded delegation. In this model, a delegator can issue authorizations on behalf of her role without revealing her identity. This type of delegation protects the sensitive membership information of a delegator and hides the internal structure of an organization. To provide an efficient storage and transmission mechanism for credentials used in anonymous role-based cascaded delegation, we present a new signature scheme that supports both signer anonymity and signature aggregation. Our scheme has compact role signatures that make it especially suitable for ubiquitous computing environments, where users may have mobile computing devices with narrow communication bandwidth and small storage units
{"title":"Cascaded Authorization with Anonymous-Signer Aggregate Signatures","authors":"D. Yao, R. Tamassia","doi":"10.1109/IAW.2006.1652081","DOIUrl":"https://doi.org/10.1109/IAW.2006.1652081","url":null,"abstract":"We introduce a decentralized trust management model called anonymous role-based cascaded delegation. In this model, a delegator can issue authorizations on behalf of her role without revealing her identity. This type of delegation protects the sensitive membership information of a delegator and hides the internal structure of an organization. To provide an efficient storage and transmission mechanism for credentials used in anonymous role-based cascaded delegation, we present a new signature scheme that supports both signer anonymity and signature aggregation. Our scheme has compact role signatures that make it especially suitable for ubiquitous computing environments, where users may have mobile computing devices with narrow communication bandwidth and small storage units","PeriodicalId":326306,"journal":{"name":"2006 IEEE Information Assurance Workshop","volume":"81 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126420891","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2006-06-21DOI: 10.1109/IAW.2006.1652069
A. Zuccato, B. Marquet, S. Papillon, M. Alden
To be able to achieve security assurance for services, which run on large and complex communication infrastructures, support tools are needed. Such tools need a representations of the infrastructure that enables and provides security assurance. In this paper we suggest an assurance modeling profile for UML 2.0. The profile contains stereotypes that define assurance-relevant object types as observed and unobserved assurance-relevant infrastructure items or metrics. In addition, the model defines information relevant for the aggregation of assurance, to allow an assurance value for a service to be derived from its underlying infrastructure. Our modeling approach starts from a service-oriented flow model and stepwise refines the topology and hierarchy view of the infrastructure involved in the service. To validate our approach we model a voice-over-IP service and show how the approach satisfies initially stated requirements
{"title":"Service oriented modeling of communication infastructure for assurance","authors":"A. Zuccato, B. Marquet, S. Papillon, M. Alden","doi":"10.1109/IAW.2006.1652069","DOIUrl":"https://doi.org/10.1109/IAW.2006.1652069","url":null,"abstract":"To be able to achieve security assurance for services, which run on large and complex communication infrastructures, support tools are needed. Such tools need a representations of the infrastructure that enables and provides security assurance. In this paper we suggest an assurance modeling profile for UML 2.0. The profile contains stereotypes that define assurance-relevant object types as observed and unobserved assurance-relevant infrastructure items or metrics. In addition, the model defines information relevant for the aggregation of assurance, to allow an assurance value for a service to be derived from its underlying infrastructure. Our modeling approach starts from a service-oriented flow model and stepwise refines the topology and hierarchy view of the infrastructure involved in the service. To validate our approach we model a voice-over-IP service and show how the approach satisfies initially stated requirements","PeriodicalId":326306,"journal":{"name":"2006 IEEE Information Assurance Workshop","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122401224","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2006-06-21DOI: 10.1109/IAW.2006.1652072
R. C. Vernon, C.E. Irvine, T. Levin
In trustworthy systems, object reuse requirements extend to all forms of memory on the platform and can include volatile elements such as RAM, cache, I/O device registers, and certain controllers. To ensure that residual information is not accessible from one session to another, these regions must be either protected or purged. In situations where the operating system cannot be trusted to meet object reuse requirements, an alternative is needed. In this paper, we address the object reuse problem in volatile memory. A "hard" reboot includes a power cycle, which ensures that sensitive information in volatile memory is purged, whereas a software initiated reboot does not. How can we prove that a hard reboot has occurred? To our knowledge, it is not possible for a remote entity using currently available technology, to sense whether a hard reboot has occurred on an PC client, e.g. between communication sessions. We propose a hardware-assisted design that uses a secure coprocessor to sense the reboot type of the host platform and that maintains a boot odometer that tracks the sum of hard reboots that have occurred on the host. In addition, secure coprocessor services allow trustworthy attestation to a remote entity, cognizant of a previous boot odometer value, that volatile memory has been purged
{"title":"Toward a Boot Odometer","authors":"R. C. Vernon, C.E. Irvine, T. Levin","doi":"10.1109/IAW.2006.1652072","DOIUrl":"https://doi.org/10.1109/IAW.2006.1652072","url":null,"abstract":"In trustworthy systems, object reuse requirements extend to all forms of memory on the platform and can include volatile elements such as RAM, cache, I/O device registers, and certain controllers. To ensure that residual information is not accessible from one session to another, these regions must be either protected or purged. In situations where the operating system cannot be trusted to meet object reuse requirements, an alternative is needed. In this paper, we address the object reuse problem in volatile memory. A \"hard\" reboot includes a power cycle, which ensures that sensitive information in volatile memory is purged, whereas a software initiated reboot does not. How can we prove that a hard reboot has occurred? To our knowledge, it is not possible for a remote entity using currently available technology, to sense whether a hard reboot has occurred on an PC client, e.g. between communication sessions. We propose a hardware-assisted design that uses a secure coprocessor to sense the reboot type of the host platform and that maintains a boot odometer that tracks the sum of hard reboots that have occurred on the host. In addition, secure coprocessor services allow trustworthy attestation to a remote entity, cognizant of a previous boot odometer value, that volatile memory has been purged","PeriodicalId":326306,"journal":{"name":"2006 IEEE Information Assurance Workshop","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129855166","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2006-06-21DOI: 10.1109/IAW.2006.1652123
Jianjun Shen, S. Qing, Qingni Shen
We describe the Trium secure system architecture. It is based on Fiasco an implementation of the L4 microkernel interface - and L4Env - a programming environment for L4 systems. Compared to previous work on microkernel based secure systems, such as TMach and DTOS, Trium tries to minimize the trusted computing base (TCB) of a secure system by moving most functions of an operating system (OS) out of the TCB, and it emphasizes on the reuse of legacy software. We also try to achieve better isolation, privilege control and flexible configuration of system components, taking advantage of the specific features of the L4 microkernel as a second generation microkernel
{"title":"Design of a Micro-kernel Based Secure System Architecture","authors":"Jianjun Shen, S. Qing, Qingni Shen","doi":"10.1109/IAW.2006.1652123","DOIUrl":"https://doi.org/10.1109/IAW.2006.1652123","url":null,"abstract":"We describe the Trium secure system architecture. It is based on Fiasco an implementation of the L4 microkernel interface - and L4Env - a programming environment for L4 systems. Compared to previous work on microkernel based secure systems, such as TMach and DTOS, Trium tries to minimize the trusted computing base (TCB) of a secure system by moving most functions of an operating system (OS) out of the TCB, and it emphasizes on the reuse of legacy software. We also try to achieve better isolation, privilege control and flexible configuration of system components, taking advantage of the specific features of the L4 microkernel as a second generation microkernel","PeriodicalId":326306,"journal":{"name":"2006 IEEE Information Assurance Workshop","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127596915","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: