The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Reports and Papers Archive

Browse All Papers »       Submit A Paper »

Trustworthy Data from Untrusted Databases

Rohit Jain
Download: PDF

Increasingly, data are subjected to environments which can result in invalid (malicious or inadvertent) modifications to the data. For example, when we host the database on a third party server, or when there is a threat of insider attack or hacker attack. Ensuring the trustworthiness of data retrieved from a database is of utmost importance to users. In this dissertation, we address the question of whether a data owner can be assured that the data retrieved from an untrusted server are trustworthy. In particular, we reduce the level of trust necessary in order to establish the trustworthiness of data. Earlier work in this domain is limited to situations where there are no updates to the database, or all updates are authorized and vetted by a central trusted entity. This is an unreasonable assumption for a truly dynamic database, as would be expected in many business applications, where multiple users can access (read or write) the data without being vetted by a central server. The legitimacy of data stored in a database is defined by the faithful execution of only valid (authorized) operations. Decades of database research has resulted in solutions that ensure the integrity and consistency of data through principles such as transactions, concurrency, ACID properties, and access control rules. These solutions have been developed under the assumption that the threats arise due to failures (computer crashes, disk failures, etc), limitations of hardware, and the need to enforce access control rules. However, the semantics of these principles assumes complete trust on the database server. Considering the lack of trust that arises due to the untrusted environments that databases are subjected to, we need mechanisms to ensure that the database operations are executed following these principles. In this dissertation, we revisit some of these principles to understand what we should expect when a transaction execution follows those principles. We propose mechanisms to verify that the principles were indeed followed by the untrusted server while executing the transactions.

Added 2015-06-30

Secure platforms for enforcing contextual access control

Aditi Gupta

Advances in technology and wide scale deployment of networking enabled portable devices such as smartphones has made it possible to provide pervasive access to sensitive data to authorized individuals from any location. While this has certainly made data more accessible, it has also increased the risk of data theft as the data may be accessed from potentially unsafe locations in the presence of untrusted parties. The smartphones come with various embedded sensors that can provide rich contextual information such as sensing the presence of other users in a context. Frequent context profiling can also allow a mobile device to learn its surroundings and infer the familiarity and safety of a context. This can be used to further strengthen the access control policies enforced on a mobile device. Incorporating contextual factors into access control decisions requires that one must be able to trust the information provided by these context sensors. This requires that the underlying operating system and hardware be well protected against attacks from malicious adversaries. ^ In this work, we explore how contextual factors can be leveraged to infer the safety of a context. We use a context profiling technique to gradually learn a context’s profile, infer its familiarity and safety and then use this information in the enforcement of contextual access policies. While intuitive security configurations may be suitable for non-critical applications, other security-critical applications require a more rigorous definition and enforcement of contextual policies. We thus propose a formal model for proximity that allows one to define whether two users are in proximity in a given context and then extend the traditional RBAC model by incorporating these proximity constraints. Trusted enforcement of contextual access control requires that the underlying platform be secured against various attacks such as code reuse attacks. To mitigate these attacks, we propose a binary diversification approach that randomizes the target executable with every run. We also propose a defense framework based on control flow analysis that detects, diagnoses and responds to code reuse attacks in real time.

Added 2015-06-30

Website Forgery: Understanding Phishing Attacks & Nontechnical Countermeasures for Ordinary Users

CERIAS TR 2015-10
Ibrahim Waziri Jr
Download: PDF

Website Forgery is a type of web based attack where the phisher builds a website that is completely independent or a replica of a legitimate website, with the goal of deceiving a user by extracting information that could be used to defraud or launch other attacks upon the victim. In this paper we attempt to identify the different types of website forgery phishing attacks and non-technical countermeasure that could be used by users, (mostly by non IT users) that lack the understanding of how phishing attack works and how they can prevent themselves from these criminals.

Added 2015-06-02

Modeling and Performance of Privacy Preserving Authorization Mechanism for Graph Data

Zahid Pervaiz, Arif Ghafoor, Walid G. Aref

There has been significant interest in the development of anonymization schemes for publishing graph data. However, due to strong correlation among users’ social identities, privacy is a major concern in dealing with social network data. In this paper, we propose a privacy-preserving mechanism for publishing graph data to prevent identity disclosure. The framework is a combination of access control and privacy protection mechanisms. The access control policies define selection predicates available to roles/queries and their associated imprecision bounds. Only authorized role/query predicates on sensitive data are allowed by the access control mechanism. For this framework, we define the problem of k-anonymous Bi-constraint Graph Partitioning (k-BGP) and provide its hardness results. We present heuristics for graph data partitioning to satisfy the imprecision and information loss bounds for k-BGP problem. The privacy-protection mechanism anonymizes the graph data with minimal information loss while simultaneously meeting the QoS requirement in terms of satisfying the bounds on the number of roles being satisfied. This approach provides an anonymous view based on the target class of role-based workloads for graph data. We present detailed performance evaluations to demonstrate the effectiveness of our algorithms w.r.t. both meeting both the QoS requirements and global information loss on real-world data sets.

Added 2015-05-20

Digital Forensics and Community Supervision

CERIAS TR 2015-8
Christopher Flory
Download: PDF

In this paper I reviewed the literature concerning investigator digital forensics models and how they apply to field investigators. A brief history of community supervision and how offenders are supervised will be established. I also covered the difference between community supervision standards and police standards concerning searches, evidence, standards of proof, and the difference between parole boards and courts. Currently, the burden for digital forensics for community supervision officers is placed on local or state law enforcement offices, with personnel trained in forensics, but may not place a high priority on outside cases. Forensic field training for community supervision officers could ease the caseloads of outside forensic specialists, and increase fiscal responsible by increasing efficiency and public safety in the field of community supervision.

Added 2015-05-19

Basic Dynamic Processes Analysis of Malware in Hypervisors Type I & II

CERIAS TR 2015-9
Ibrahim Waziri Jr, Sam Liles
Download: PDF

In this paper, we compare, analyze and study the behavior of a malware processes within both Type 1 & Type 2 virtualized environments. In other to achieve this we to set up two different virtualized environments and thoroughly analyze each malware processes behavior. The goal is to see if there is a difference between the behaviors of malware within the 2 different architectures. At the end we achieve a result and realized there is no significant difference on how malware processes run and behave on either virtualized environment. However our study is limited to basic analysis using basic tools. An advance analysis with more sophisticated tools could prove otherwise.

Added 2015-05-18

There is Something Fishy About Your Evidence... Or How to Develop Inconsistency Checks for Digital Evidence Using the B Method

Pavel Gladyshev & Andrea Enbacka

Inconsistencies fin various data structures, such as missing log records and modified operating system files, have been used by intrusion investigators and forensic analysts as indicators of suspicious activity. This paper describes a rigorous methodology for developing such inconsistency checks and verifying their correctness. It is based on the use of the B Method- a formal method of software development. The idea of the methodology is to (1) formulate a state-machine model of the (sub)system in which inconsistencies are being detected, (2) formulating inconsistency checks in terms of that model, and (3) rigorously verifying correctness of these checks using the B Method. The methodology is illustrated by developing ConAlyzer utility- an inconsistency checker for the FTP log files.

Added 2015-05-11

Failure characterization and error detection in distributed web applications

Fahad A. Arshad

We have seen an evolution of increasing scale and complexity of enterprise-class distributed applications, such as, web services for providing anything from critical infrastructure services to electronic commerce. With this evolution, it has become increasingly difficult to understand how these applications perform, when do they fail, and what can be done to make them more resilient to failures, both due to hardware and due to software? Application developers tend to focus on bringing their applications to market quickly without testing the complex failure scenarios that can disrupt or degrade a given web service. Operators configure these web services without the complete knowledge of how the configurations interact with the various layers. Matters are not helped by ad hoc and often poor quality failure logs generated by even mature and widely used software systems. Worse still, both end users and servers sometime suffer from “silent problems” where something goes wrong without any immediate obvious end-user manifestation. To address these reliability issues, characterizing and detecting software problems with some post-detection diagnostic-context is crucial. ^ This dissertation first presents a fault-injection and bug repository-based evaluation to characterize silent and non-silent software failures and configuration problems in three-tier web applications and Java EE application servers. Second, for detection of software failures, we develop simple low-cost application-generic and application-specific consistency checks, while for duplicate web requests (a class of performance problems), we develop a generic autocorrelation-based algorithm at the server end.Third, to provide diagnostic-context as a post-detection step for performance problems, we develop an algorithm based on pair-wise correlation of system metrics to diagnose the root-cause of the detected problem. ^

Added 2015-04-22

Leveraging machine learning for security related decision making

Christopher Gates

The need to ensure the primary functionality of any system means that considerations of security are often secondary. Computer security considerations are made in relation to considerations of usability, functionality, productivity, and other goals. Decision-making related to security is about finding an appropriate tradeoff. Most existing security mechanisms take a binary approach where an action is either malicious or benign, and therefore allowed or denied. However, security and privacy outcomes are often fuzzy and cannot be represented by a binary decision. It is useful for end users, who may ultimately need to allow or deny an action, to understand the potential differences among objects and the way that these differences are communicated matters. ^ In this work, we use machine learning and feature extraction techniques to model normal behavior in various contexts and then used those models to detect the degree that new behavior is anomalous. This measurement can then be used, not as a binary signal but as a more nuanced indicator that can be communicated to a user to help guide decision-making. ^ We examine the application of this idea in two domains. The first is the installation of applications on a mobile device. The focus in this domain is on permissions that represent capabilities and access to data, and we generate a model for expected permission requests. Various user studies were conducted to explore effective ways to communicate this measurement to influence decision-making by end users. Next, we examined to the domain of insider threat detection in the setting of a source code repository. The goal was to build models of expected user access and more appropriately predict the degree that new behavior deviates from the previous behavior. This information can be utilized and understood by security personnel to focus on unexpected patterns.^

Added 2015-04-22

Secure and private outsourcing to untrusted cloud servers

Shumiao Wang

One major impediment to large-scale use of cloud services is concern for confidentiality of the data and the computations carried out on it. This dissertation advances the state of art for secure and private outsourcing to untrusted cloud servers by solving three problems in the computational outsourcing setting and extending the semantics of oblivious storage in the storage outsourcing setting. ^ In computational outsourcing, this dissertation provides protocols for two parties to collaboratively design engineering systems and check certain properties of the codesigning system with the help of a cloud server, without leaking the designing parameters to each other or to the server. It also provides approaches to outsource two computationally intensive tasks, image feature extraction and generalized matrix multiplication, preserving the confidentiality of both the input data and the output result. Experiments are included to demonstrate the viability of the protocols. ^ In storage outsourcing, this dissertation extends the semantics of the oblivious storage scheme by providing algorithms to support nearest neighbor search. It enables clients to perform nearest neighbor queries on the outsourced storage without leaking the access pattern.^

Added 2015-04-22

Meaning-Based Machine Learning

CERIAS TR 2015-7
Courtney Falk, Lauren Stuart
Download: PDF

Meaning-Based Machine Learning (MBML) is a research program intended to show how training machine learning (ML) algorithms on meaningful data produces more accurate results than that of using unstructured data.

Added 2015-04-01

Evaluating Public Cloud Providers

CERIAS TR 2015-6
Courtney Falk
Download: PDF

Security for public cloud providers is an ongoing concern.  Programs like FedRAMP look to certify a minimum level of compliance.  This project aims to build a tool to help decision makers compare different clouds solutions and weigh the risks against their own organizational needs.

Added 2015-04-01

Semantic Phishing Detection

CERIAS TR 2015-5
Courtney Falk
Download: PDF

Our goal is to improve the detection of phishing attack emails by using natural language processing (NLP) technology that models the semantic meaning behind the email text.

Added 2015-04-01

Cyber Forensics: The Need for An Official Governing Body

CERIAS TR 2015-4
Ibrahim Waziri Jr, Rachel Sitarz
Download: PDF

In this paper we identified and addressed some of the key challenges in digital forensics. An intensive review was conducted of the major challenges that have already been identified. At the end, the findings proposed a solution and how having a standardized body that governs the digital forensics community could make a difference.

Added 2015-03-23