摘要 :
High-quality online services demand reliable packet delivery at the network layer. However, clear evidence documents the existence of compromised routers in ISP and enterprise networks, threatening network availability and reliabi...
展开
High-quality online services demand reliable packet delivery at the network layer. However, clear evidence documents the existence of compromised routers in ISP and enterprise networks, threatening network availability and reliability. A compromised router can stealthily drop, modify, inject or delay packets in the forwarding path to launch Denial-of-Service, surveillance, man- in-the-middle attacks, etc. Unfortunately, current networks fail to provide any assurance of data delivery in adversarial environments, nor a reliable way to identify misbehaving routers that jeopardize packet delivery. Data-plane fault localization serves as an imperative building block to enhance network availability and reliability, since it localizes faulty links of misbehaving routers, enables a sender to find a fault-free path, and enforces contractual obligations among network nodes. Until recently however, the design of secure fault localization protocols has proven to be surprisingly elusive. Existing fault localization protocols fail to achieve high security and efficiency, incur unacceptably long detection delays, and require forwarding paths to be impractically long-lived. In this dissertation we show a suite of secure and efficient fault localization protocols exploring distinct dimensions in the design space of fault localization. Our key idea is to achieve a lower bound on packet forwarding correctness via fault localization by limiting the amount of malicious packet drops/forgeries at the data plane, instead of perfectly detecting every single malicious activity which tends to result in high overhead. In this way, we trap an attacker into a dilemma: if the attacker inflicts damage worse than a threshold, it will be detected, which may lead to removal from the network; otherwise the damage is limited and thus a lower bound on data-plane packet delivery is achieved.
收起
摘要 :
Domain parking is the practice of assigning a nonsense address to a domain when it is not in use in order to keep it ready for live use. This practice is peculiar because it indicates someone has administrative control over the do...
展开
Domain parking is the practice of assigning a nonsense address to a domain when it is not in use in order to keep it ready for live use. This practice is peculiar because it indicates someone has administrative control over the domain name, does not have hardware ready to respond to requests, but wants the domain to appear active. A more appropriate response would seem to us to be that the domain does not exist. This mismatch between expected benign behavior (no such domain) and actual observed behavior (parking) made us suspicious. In this paper we discuss scalable detection methods for domain names parking on reserved IP address space, and then using this data set evaluate whether this behavior appears to be indicative of malicious behavior. We find that during the month of January 2014 only 21;328 unique domains exhibited parking on reserved address space, out of over 610 million total unique observed domains. Thus, parking appears to be an uncommon Internet behavior with only 0:0035% of domains exhibiting parking on reserved IP addresses. Of these 21;328 domains, relatively few were observed listed on any of 16 domain black lists any time from January 1 to February 28, 2014. Only 1; 563, or 7:3%, were listed in this time period. Therefore, we conclude that parking is a poor indicator of malicious activity, or at least not an indicator of any kind of malicious activity usually examined by any public list of malicious domain behavior.
收起
摘要 :
When people talk about hacking and social networks, they're not referring to the common definition of hacking, which is using malicious code or backdoors in computer networks to damage systems or steal proprietary information. Hac...
展开
When people talk about hacking and social networks, they're not referring to the common definition of hacking, which is using malicious code or backdoors in computer networks to damage systems or steal proprietary information. Hacking into social networks requires very little technical skill. It's much more of a psychological game using information on personal profiles to win a complete stranger's trust. Facebook offer privacy settings for their users but they don't the give the users a simple and easier way to edit them or use them.
收起
摘要 :
COBIT is a set of documents that provides guidance for computer security. This report introduces COBIT by answering the following questions, after first defining acronyms and presenting definitions: 1. Why is COBIT valuable. 2. Wh...
展开
COBIT is a set of documents that provides guidance for computer security. This report introduces COBIT by answering the following questions, after first defining acronyms and presenting definitions: 1. Why is COBIT valuable. 2. What is COBIT, and 3. What documents are related to COBIT. (The answer to the last question constitutes the bulk of this report.) This report also provides more detailed review of three documents. The first two documents - COBIT Security Baseline(Trade Name) and COBIT Ouickstart(Trade Name) - are initial documents, designed to get people started. The third document-Control Practices-is a 'final' document, so to speak, designed to take people all the way down into the details. Control Practices is the detail.
收起
摘要 :
The purpose of this paper is to evaluate two Federal statutes, the Computer Fraud and Abuse Act of 1986 and the Computer Security Act of 1987, from the perspective of computer security incident response efforts. First, the major r...
展开
The purpose of this paper is to evaluate two Federal statutes, the Computer Fraud and Abuse Act of 1986 and the Computer Security Act of 1987, from the perspective of computer security incident response efforts. First, the major relevant provisions of eac ...
收起
摘要 :
While conventional wisdom holds that residential users experience a high degree of compromise and infection, this presumption has seen little validation in the way of an in-depth study. In this paper we present a first step toward...
展开
While conventional wisdom holds that residential users experience a high degree of compromise and infection, this presumption has seen little validation in the way of an in-depth study. In this paper we present a first step towards an assessment based on monitoring network activity (anonymized for user privacy) of 20,000 residential DSL customers in a European urban area, roughly 1,000 users of a community network in rural India, and several thousand dormitory users at a large US university. Our study focuses on security issues that overtly manifest in such data sets, such as scanning, spamming, payload signatures, and contact to botnet rendezvous points. We analyze the relationship between overt manifestations of such activity versus the 'security hygiene' of the user populations (anti-virus and OS software updates) and potential risky behavior (accessing blacklisted URLs). We find that hygiene has little correlation with observed behavior, but risky behavior--which is quite prevalent--more than doubles the likelihood that a system will manifest security issues.
收起
摘要 :
Internet. Discussions of the Internet encourage the misapprehension that there is a single, uniform user community instead of a loose alliance of many cultures that differ in many fundamental aspects. At this Workshop, we had repr...
展开
Internet. Discussions of the Internet encourage the misapprehension that there is a single, uniform user community instead of a loose alliance of many cultures that differ in many fundamental aspects. At this Workshop, we had representatives of administrative and military cultures, Governmental and commercial cultures, profit-cultures and non-profit cultures, research and operational cultures. Internet cultures are united in their desire to exploit the connectivity, flexibility, and rapidity of communication provided by the net, but differ greatly in their motivations, their attitudes towards authority, their willingness to cooperate within their own communities, their interest in technical arcana, and the patience with which they will put up with - or the enthusiasm with which they will embrace - the growing list of procedures deemed necessary for acceptable security.
收起
摘要 :
An inventory management plan is presented for the local area network (LAN) for the Security Aspects of Database Management Systems, a Department of Energy (DOE)-sponsored project examining computer and network security in a data m...
展开
An inventory management plan is presented for the local area network (LAN) for the Security Aspects of Database Management Systems, a Department of Energy (DOE)-sponsored project examining computer and network security in a data management environment. The inventory management plan establishes procedures to ensure that changes in system hardware and software are identified and controlled. Management tools are described, and the roles of the project manager, inventory control manager, and research team members in the implementation of inventory management are defined.
收起
摘要 :
Cognitive networking mechanisms promise to greatly improve network performance over non-cognitive mechanisms, by making more efficient use of bandwidth, spectrum, and power. However, these mechanisms must be designed with cyber se...
展开
Cognitive networking mechanisms promise to greatly improve network performance over non-cognitive mechanisms, by making more efficient use of bandwidth, spectrum, and power. However, these mechanisms must be designed with cyber security in mind in order to remain efficient in the presence of subverted, adversarial participants. In this paper, we demonstrate the susceptibility of two specific cognitive-networking mechanisms to a single Byzantine participant. Specifically, we describe a novel 'energy well' attack against Q-routing, in which a Byzantine participant can attract traffic meant for an honest participant. Secondly, we describe a denial of service attack against a no-regret learning algorithm for Dynamic Spectrum Access (DSA), in which a single Byzantine participant can degrade network-wide performance for an arbitrary amount of time. These attacks demonstrate why cyber security techniques must be designed into cognitive mechanisms before use in the tactical field so that they do not fail to tolerate adversarial behavior. We conclude by discussing possible mitigation concepts and future work.
收起
摘要 :
In this paper we discuss security issues for cloud computing including storage security, data security, and network security and secure virtualization. Then we select some topics and describe them in more detail. In particular, we...
展开
In this paper we discuss security issues for cloud computing including storage security, data security, and network security and secure virtualization. Then we select some topics and describe them in more detail. In particular, we discuss a scheme for secure third party publications of documents in a cloud. Next we discuss secure federated query processing with map Reduce and Hadoop. Next we discuss the use of secure coprocessors for cloud computing. Third we discuss XACML implementation for Hadoop. We believe that building trusted applications from untrusted components will be a major aspect of secure cloud computing.
收起