The importance of software security is undeniable given the impact of software on our lives. Assurance about the security properties of a software artifact should ultimately translate into a quantitative measure of vulnerabilities. In this paper, we present the idea of vulnerability likelihood as a probabilistic approach to software assurance. Gaining assurance early in the software development cycle is of immense value in directing future efforts. So we first discuss vulnerability likelihood in the context of vulnerability prediction in software artifacts. We propose four types of program properties that can be observed in software artifacts to potentially determine their vulnerability likelihood. Then we discuss vulnerability likelihood in the context of vulnerability detection. We propose a technique to quantify the assurance in the solutions of checkers for vulnerability detection that use static analysis. And finally, we illustrate the importance of vulnerability likelihood in a software development methodology to measurably increase software assurance.

Contributory group key agreement protocols generate group keys based on contributions of all group members. Particularly appropriate for relatively small collaborative peer groups, these protocols are resilient to many types of attacks. Unlike most group key distribution protocols, contributory group key agreement protocols offer strong security properties, such as key independence and perfect forward secrecy. This paper presents the first robust contributory key agreement protocol resilient to any sequence of group changes. The protocol, based on the Group Diffie-Hellman contributory key agreement, uses the services of a group communication system supporting Virtual Synchrony semantics. We prove that it provides both Virtual Synchrony and the security properties of Group Diffie-Hellman, in the presence of any sequence of (potentially cascading) node failures, recoveries, network partitions and heals.  We implemented a secure group communication service, Secure Spread, based on our robust key agreement protocol and Spread group communication system. To illustrate its practicality, we compare the costs of establishing a secure group with the proposed protocol and a protocol based on centralized

Group key agreement is a fundamental building block for secure peer group communication systems. Several group key management techniques were proposed in the last decade, all assuming the existence of an underlying group communication infrastructure to provide reliable and ordered message delivery as well as group membership information. Despite analysis, implementation and deployment of some of these techniques, the actual costs associated with group key management have been poorly understood so far. This resulted in an undesirable tendency: on the one hand, adopting sub-optimal security for reliable group communication, while, on the other hand, constructing excessively costly group key management protocols.  This paper presents a thorough performance evaluation of five notable distributed key management techniques (for collaborative peer groups) integrated with a reliable group communication system. An in-depth comparison and analysis of the five techniques is presented based on experimental results obtained in actual local-and wide-area networks. The extensive performance measurement experiments conducted for all methods offer insights into their scalability and practicality. Furthermore, our analysis of the experimental results highlights several observations which are not obvious from the theoretical analysis.

In this paper we investigate and provide solutions for security threats in the context of hybrid networks consisting of a cellular base station and mobile devices equipped with dual cellular and ad-hoc (802.11b) cards. The cellular connection is used for receiving services (i.e. Internet access) from the base station, while the ad-hoc links are used to improve the quality of the connection. We provide detailed descriptions of several attacks that arbitrarily powerful adversaries, whether outsiders or insiders, can mount against well-behaved members of the network. We introduce a secure routing protocol called JANUS, that focuses on the establishment of secure routes between the base station and mobile devices, and the secure routing of the data. We show that our protocol is secure against the attacks described and experimentally compare the message over-head introduced by JANUS and UCAN.

The formidable dissemination capability allowed by the current network technology makes it increasingly important to devise new methods to ensure authenticity and integrity. Nowadays it is common practice to distribute documents in compressed form. In this paper, we propose a simple variation on the classic LZ-77 algorithm that allows one to hide, within the compressed document,enough information to warrant its authenticity and integrity. The design is based on the unpredictability of a certain class of pseudo-random number generators,in such a way that the hidden data cannot be retrieved in a reasonable amount of time by an attacker (unless the secret bit-string key is known).Since it can still be decompressed by the original LZ-77 algorithm,the embedding is completely

We provide here an overview of the new and rapidly emerging research area of privacy preserving data mining. We also propose a classification hierarchy that sets the basis for analyzing the work which has been performed in this context. A detailed review of the work accomplished in this area is also given, along with the coordinates of each work to the classification hierarchy. A brief evaluation is performed, and some initial conclusions are made.

This paper is a call for standardization and certification for the computer forensics field. It presents an overview of some of the more serious issues in the maturing discipline of computer forensics and explores three areas within the legal system where computer forensics is most likely to be questioned: search and seizure, expert qualifications, and analysis and preservation. One problem area identified that needs to be addressed sooner, as opposed to later, is the lack of standards and certification. The paper examines the need for standardization and certification by analyzing federal and state court cases (criminal and civil) and concludes with suggestions for dealing with some of the issues raised.

Distributed systems with multiple interacting services, such as distributed e-commerce systems, are suitable targets for malicious attacks because of the potential financial impact. Intrusion detection in such systems has been an active area of research, while the problem of containment has received relatively less attention. Containment seeks to localize the effect of the intrusion to some parts of the system while allowing the other parts to continue to provide service. In this paper, we present the design and implementation of an Adaptive Intrusion Tolerant System, ADEPTS,  for automatically containing intrusions in a distributed system.  ADEPTS uses a directed acyclic graph of intrusion goals,  called I-DAG,  and a graph of service interactions, called SNet, as the underlying representations in the system. The containment action in ADEPTS initially has the goal of preventing the spread of the intrusion by modifying its path of escalation in the I-DAG. Failing that, it adopts a more drastic response of modifying the interactions of the services in the SNet. There is also a feedback mechanism for the effectiveness of a deployed response and uses that in guiding future choices. ADEPTS is demonstrated on a distributed e- commerce system and evaluated using a survivability metric whose value depends on the operational services in the face of an intrusion.

The administration of large Role-Based Access Control (RBAC) systems is a challenging problem. In order to administer such systems,  decentralization of administration tasks by the use of delegation is an effective approach. %Delegation is an effective approach for such %systems to decentralize administration tasks.  While the use of delegation greatly enhances flexibility and scalability, it may reduce the control that an organization has over its resources, thereby diminishing a major advantage RBAC has over Discretionary Access Control (DAC).  We propose to use security analysis techniques to maintain desirable security properties while delegating administrative privileges.  We give a precise definition of a family of security analysis problems in RBAC, which is more general than safety analysis that is studied in the literature. We show that two classes of problems in the family can be reduced to similar analysis in the $\SRT$ role-based trust-management language, thereby establishing an interesting relationship between RBAC and the $RT$ framework.  The reduction gives efficient algorithms for answering most kinds of queries in these two classes and establishes the complexity bounds for the intractable cases.

Trust plays a growing role in research on security in open computing systems, including Grid computing. We propose using trust for authorization in such systems. Traditionally, authentication and authorization in computer systems guard only user interfaces, thus providing only a perimeter defense against attacks. We search for an authentication and authorization approach that satisfies the requirements of defense in depth. After reviewing and classifying a variety of security paradigms, we propose the paradigm of Pervasive Trust. It is analogous to a social model of interaction, where trust is constantly

Adding a computer security course to a traditional computer science curriculum presents several challenges, not least of which is the difficulty of providing appropriate laboratory facilities, finding a qualified instructor, and devising a curriculum.  The cost and time requried to introduce such courses can be considerable, beyond the capacity of some institutions that would like to include them.  This paper discusses strategies used at a small private university to rapidly expand its undergraduate and graduate curriculum with only a moderate budget and without hiring additional permanent faculty.  The student body was primarly comprised of part time graduate students attending night courses to complete their degree while working full time during the day and seniors in an undergraduate computer science program in need of elective courses.  Using resources available within traveling distance and the ready and willing participation of enthusiastic students, the school was able to launch a well-received program in a very short period of time.  The course was structured around a combination of on-campus instruction, additional DVD materials provided by an NSA Center of Excellence site, presentations by local subject area experts, and students who maintained their own hand’s on laboratory.  The lessons learned from this effort could prove useful to other universities contemplating similar attempts.