An adequate level of trust must be established between prospective partners before an interaction can begin. In asymmetric trust relationships, one of the interacting partners is stronger. The weaker partner can gain a higher level of trust by disclosing private information. Dissemination of sensitive data owned by the weaker partner starts at this moment. The stronger partner can propagate data to others, who may then choose to spread data further. The proposed scheme for privacy-preserving data dissemination enables control of data by their owner (such as a weaker partner). It relies on the ideas of bundling sensitive data with metadata, an apoptosis of endangered bundles, and an adaptive evaporation of bundles in suspect environments. Possible applications include interactions among patients and healthcare providers, customers and businesses, researchers, and suppliers of their raw data. They will contribute to providing privacy guarantees, which are indispensable for the realization of the promise of pervasive computing.
Continuous monitoring of a network domain poses several challenges. First, routers of a network domain need to be polled periodically to collect statistics about delay, loss, and bandwidth. Second, this huge amount of data has to be mined to obtain useful monitoring information. This increases the overhead for high speed core routers, and restricts the monitoring process from scaling to a large number of flows. To achieve scalability, polling and measurements that involve core routers should be avoided. We design and evaluate a distributed monitoring scheme that uses only edge-to-edge measurements, and scales well to large network domains. In our scheme, all edge routers form an overlay network with their neighboring edge routers. The network is probed intelligently from nodes in the overlay to detect congestion in both directions of a link. The proposed scheme requires significantly fewer number of probes than existing monitoring schemes. Through analytic study and a series of experiments, we show that the proposed scheme can effectively identify the congested links. The congested links are used to capture the misbehaving flows that are violating their service level agreements, or attacking the domain by injecting excessive traffic.
Security, flexibility, and scalability are critical to the success of wireless communications. Wireless networks with movable base stations combine the advantages of mobile ad hoc networks and wireless LAN to achieve these goals. Hierarchical mobile wireless network (HMWN) is proposed for supporting movable base stations. In such a system, mobile hosts are organized into hierarchical groups. The group agents serve as a distributed trust entity. A secure packet forwarding algorithm and an authentication and key exchange protocol are developed to protect the network infrastructure. A roaming support mechanism and the associated mutual authentication protocol are proposed to secure the foreign group and the mobile host when it roams within the network. The computation overhead of secure packet forwarding and roaming support algorithms is studied via experiments. The results demonstrate that these two security mechanisms only require, respectively, less than 2% and 0.2% to 5% CPU time in a low-end 700 MHz PC.
A mobile ad hoc network is a collection of wireless terminals that can be deployed rapidly. Its deficiencies include limited wireless bandwidth efficiency, low throughput, large delays, and weak security. Integrating it with a well-established cellular network can improve communication and security in ad hoc networks, as well as enrich the cellular services. This research proposes a cellular-aided mobile ad hoc network (CAMA) architecture, in which a CAMA agent in the cellular network manages the control information, while the data is delivered through the mobile terminals (MTs). The routing and security information is exchanged between MTs and the agent through cellular radio channels. A position-based routing protocol, the multi-selection greedy positioning routing (MSGPR) protocol, is proposed. At times due to the complicated radio environment, the position information is not precise. Even in these cases, the MT can still find its reachable neighbors (the association) by exchanging ldquohellordquo messages. This association is used in complement with the position information to make more accurate routing decisions. Simulation results show that the delivery ratio in the ad hoc network is greatly improved with very low cellular overhead. The security issues in the proposed architecture and the corresponding solutions are addressed. The experimental study shows that CAMA is much less vulnerable than a pure ad hoc network.
In a fixed-channel-allocation (FCA) cellular network, a fixed number of channels are assigned to each cell. However, under this scheme, the channel usage may not be efficient because of the variability in the offered traffic. Different approaches such as channel borrowing (CB) and dynamic channel allocation (DCA) have been proposed to accommodate variable traffic. Our work expands on the CB scheme and proposes a new channel-allocation scheme—called mobile-assisted connection-admission (MACA) algorithm—to achieve load balancing in a cellular network, so as to assure network communication. In this scheme, some special channels are used to directly connect mobile units from different cells; thus, a mobile unit, which is unable to connect to its own base station because it is in a heavily-loaded “hot” cell, may be able to get connected to its neighboring lightly-loaded cold cell’s base station through a two-hop link. Research results show that MACA can greatly improve the performance of a cellular network by reducing blocking probabilities.
We design and evaluate a simple and scalable system to verify quality of service (QoS) in a differentiated services domain. The system uses a distributed edge-to-edge monitoring approach with measurement agents collecting information about delays, losses and throughput, and reporting to a service level agreement monitor (SLAM). The SLAM detects potential service violations, bandwidth theft, denial of service attacks, and flags the need to re-dimension the network domain or limit its users. Measurements may be performed entirely edge-to-edge, or the core routers may participate in logging packet drop information. We compare the core-assisted and edge-to-edge schemes, and we extend network tomography-based loss inference mechanisms to cope with different drop precedences in a QoS network. We also develop a load-based service monitoring scheme which probes the appropriate edge routers for loss and throughput on demand. Simulation results indicate that the system detects attacks with reasonable accuracy, and is useful for damage control in both QoS-enabled and best effort network domains.
This paper reports a service learning project of an information security risk assessment in a K12 school corporation. The project team constructed a customized risk assessment process in the selected school corporation. The team evaluated the information technology systems’ implementations, related policies and regulations surrounding the technology and implementations, as well as common procedures adopted for the school corporation’s information technology operations. Although the technical aspect of this project focused on one asset of the school corporation’s information systems: the student database, the school corporation can extend the applied process to other assets as well. This report mainly discusses how threats and vulnerabilities of the systems and the systems’ implementations can be determined, how risks can be quantified, and how recommendations on areas of improvement can be derived. Following the customized risk assessment process, K12 Schools and corporations could conduct the regular risk assessment on their own.
We present an adaptive controlled scheduler for heterogeneous applications running on general purpose computers. Our scheduler can effectively support diverse application requirements. It employs uniform rate-based sharing. Application heterogeneity is satisfied by partitioning CPU capacity into service classes, each with a different criterion for admission control. As a result, we are able to provide at once guaranteed performance, flexible allocation of rates with excellent scalability and intermediate service classes offering tradeoffs between reserved rate utilization and the strength of guarantees. Our scheduler has been implemented in Solaris 2.5.1. It runs existing applications without modifications. We present experimental results showing the scalability, efficiency, guaranteed performance, and overload performance aspects of our scheduler. We demonstrate the importance of priority inheritance implemented in our scheduler for stable system performance.
In this paper, we explore the teaching of ethics in computing related fields. The article intends to share ideas on moral development and the nature of morality, specifically as it relates to changes that educators may be trying to elicit within students when teaching ethics. The paper then addresses educational theories that are better suited to enabling moral development with suggestions on how these theories might shape classroom climate and instructional approaches.
A major bottleneck in using the web for accessing data and executing transactions for e-commerce is the performance. It can take 500–1400 ms to set up the connection and download a web page. Several hundred milliseconds are taken to transmit a multimedia web image. A simple web transaction may have a response time of 2–5 s. The consistency control mechanisms can double this time. A typical electronic trading transaction may take close to 2 min. I assert that the performance is unacceptable and the main cause is the communication system. The communication delays under a variety of scenarios and their causes and remedies are the focus of this study. Mechanisms have been developed for studying the performance of the web transaction processing on the Internet. Experimental studies have been conducted to analyze and understand the behavior of web based transactions and to measure the communication delays. The developed mechanisms have been used to perform a series of experiments around the world. Experiments were conducted to measure the communication delays for different steps which includes web page downloading, access to digital library data and transaction processing. This paper presents the experimental results for a variety of cases. It concludes by suggesting directions for decreasing the communication latency and improving the performance of web transactions.
Current peer-to-peer file-sharing systems mostly work on wired networks. Mobile ad hoc network is characterized as multi-hop wireless communications between moblie devices. In this paper, five routing approaches with different complexity ar propsed to enable peer-to-peer file-sharing over mobile ad hoc networks. The complexity of the proposed approaches is evaluated and compared. It is concluded that the cross-layer protocols perform better than simply overlaying peer-to-peer searching protocol on mobile ad hoc networks.
Preserving privacy during Web transactions is a major concern for individuals and organizations. One of the solutions proposed in the literature is to maintain anonymity through group cooperation during Web transactions. The lack of understanding of incentives for encouraging group cooperation is a major drawback in such systems. We propose an anonymizing club mechanism, and sequential economic strategy for trusted collaboration. We model the individual transactions as a Prisoners’ Dilemma, where two players either cooperate or defect while maintaining each other’s anonymity. The activities of the participants over a series of transactions can be modeled as a sequential repeated game. We determine conditions to ensure cooperation among the participants in the sequential repeated game, even if defecting is a dominant strategy in each individual Prisoners’ Dilemma game. Our results show that by adopting an appropriate initiation fee and adequate fine for malicious behavior, both enforced through a trusted central authority, we can sustain cooperation in the proposed anonymizing club mechanism.