An integrated checkpointing and recovery scheme which exploits the low latency and high coverage characterisitics of a concurrent error detection scheme is presented.  Message dependency which is the main source of multistep rollback in distributed systems is minimized by using a new message validation technique derived from the notion of concurrent error detection.  The concept of a new global state matrix is introduced to track error checking and message dependency in a distributed system and assist in the recovery.  The analyitcal model, algorithms, and data structures to support an easy implementation of the new scheme are presented.  The completeness and correctness of the algorithms are proved.  A number of scenarios are illustrations that give the details of the analytical model are presented.  The benefits of the integrated checkpointing scheme are quantified by means of simulation using an object-oriented test framework.

Launching a denial of service (DoS)  attack is trivial, but detection and response is a painfully slow and often a manual process.  Automatic classification of attacks as single-or multi-source can help focus a response, but current packet-header-based approaches are susceptible to spoofing.  This paper introduces a framework for classifying DoS attacks based on header content, transient ramp-up behavior and novel techniques such as spectral analysis.  Although headers are easily forged, we show that characteristics of attack ramp-up and attack specrum and more difficult to spoof.  To evaluate our framework we monitored access links of a regional ISP detecting 80 live attacks.  Header analysis identified the number of attackers in 67 attacks, while the remaining 13 attacks were classified based on ramp-up and spectral analysis.  We validate our results thrugh monitoring at a sencond site, controlled experiments and stimulation.  We use experiments and simulation to understand the underlying reasons for the characteristics observed.  In addition to helping understand attack dynamics, classifications mechanisms such as ours are important for the development of realistic models of DoS traffic, can be packaged as an automated tool to aid in rapid response to attacks, and can also be used to estimate the level of DoS activity on the Internet.

Trust in ad hoc networks is an open area of research.  The ad hoc environment has characteristics that are fundamentally different from fixed networks in a way that makes establishing, recalling, and maintaining trust relationships difficult.  The dynamic nature of the network and the heterogeneity of the hosts are two issues that complicate establishing trust.

Secure electronic communication relies on cryptography.  Even with perfect encryption, communication may be compromised without effective security protocols for key exchange, authentication, etc.  We are now seeing proliferation of large secure environments characterized by high volume, encrypted traffic between principals, facilitated by Public Key Infrastructures (PKI). PKI’s are dependent on security protocols.  Unfortunately, security protocols are susceptible to subtle errors.  To date, we have relied on formal methods to tell us if security protocols are effective.  These methods do not provide complete or measurable protocol security.  Security protocols are also subject to the same implementation and administrative vulnerabilities as communication protocols.  As a result, we will continue to operate security protocols that have flaws. In this paper, we describe a method and architecture to detect intrusions in security protocol environments such as Public Keys Infrastructures.  Our method is based on classic techniques of knowledge-based and behavior-based intrusion detection systems.

The application of science and education to computer-related crime forensics is still largely limited to law enforcement organizations.  Building a suitable workforce developemt program could support the rapidly growing field of computer and network forensics.

Analyzing security protocols is notoriously difficult.  In this paper, we show how a novel tool for analyzing classical cryptographic protocols can be used to model and analyze complex Internet security protocol families.  CPAL-ES allows the representation of the interaction between two sub-protocols.  Within a protocol such as Transport Layer Security (TLS) these are selected from a collection of sub-protocols utilized by a principal.  Modeling subversion related to sub-protocol interactions is an important part of formally understanding attacks upon protocol suites.  The CPAL environment contains sufficient functionality to verify the feasibility of these attacks. We also define and classify the characteristics that add complexity to modern security protocol and some impacts this complexity has on security protocol analysis.  Finally, we discuss the modifications that were necessary in our formal method tool to answer this complexity and show how the tool illuminated flaws in the TLS protocol.

Tools to evaluate Cryptographic Protocols (CPs) exploded into the literature after development of BAN Logic.  Many of these were created to repair weaknessess in BAN Logic.  Unfortunately, these tools are all complex and difficult to implement individually, with little or no effort available to implement multiple tools in a workbench environment.  We propose a framework that allows a protocol analyst to exercise multiple CP evaluation tools in a single environment.  Moreover, this environment exhibits characteristics that will enhance the effectiveness of the CP evaluation methods themselves.

We give the first solution to the problem of access control in an arbitrary n-node hierarchy G (e.g., RBAC) where all of the following hold: (i) only hash functions are used for a node to derive a descendant’s key from its own key, as opposed to the use of RSA public-key cryptography in many previous schemes (which requires slow modular exponentiations); (ii) the space complexity of the public information is the same as that of storing graph G (which is asymptotically optimal), as opposed to the quadratic space complexity of some other schemes; (iii) the derivation by a node of a descendant’s access key takes O(n) bit operations in the worst case, as opposed to O(n^2) bit operations in some of the previous schemes; (iv) updates are handled locally in the hierarchy and do not “propagate” to descendants or ancestors of the affected part of the tree; and (v) the scheme is resistant to collusion in that no subset of nodes can conspire to gain access to any node that is not already a descendant of one of the conspirators (hence legally accessible). Similar to a number of previous schemes, the private information at a node consists of a single key associated with that node. The security of our scheme relies on the existence of cryptographic one-way hash functions and the random oracle model. Another (more minor) property of our scheme is that it does not require access graph G to be free of directed cycles. We provide simple modifications to our scheme so it can handle Crampton’s extensions of the standard hierarchies to “limited depth” and reverse inheritance.

Suppose a number of hospitals in a geographic area want to learn how their own heart-surgery unit is doing compared with the others in terms of mortality rates, subsequent complications, or any other quality metric. Similarly, a number of small businesses might want to use their recent point-of-sales data to cooperatively forecast future demand and thus make more informed decisions about inventory, capacity, employment, etc. These are simple examples of cooperative benchmarking and (respectively) forecasting that would benefit all participants as well as the public at large, as they would make it possible for participants to avail themselves of more precise and reliable data collected from many sources, to assess their own local performance in comparison to global trends, and to avoid many of the inefficiencies that currently arise because of having less information available for their decision-making. And yet, in spite of all these advantages, cooperative benchmarking and forecasting typically do not take place, because of the participants’ unwillingness to share their information with others. Their reluctance to share is quite rational, and is due to fears of embarrassment, lawsuits, weakening their negotiating position (e.g., in case of over-capacity), revealing corporate performance and strategies, etc. The development and deployment of private benchmarking and forecasting technologies would allow such collaborations to take place without revealing any participant’s data to the others, reaping the benefits of collaboration while avoiding the drawbacks. Moreover, this kind of technology would empower smaller organizations who could then cooperatively base their decisions on a much broader information base, in a way that is today restricted to only the largest corporations. This paper is a step towards this goal, as it gives protocols for forecasting and benchmarking that reveal to the participants the desired answers yet do not reveal to any participant any other participant’s private data. We consider several forecasting methods, including linear regression and time series techniques such as moving average and exponential smoothing. One of the novel parts of this work, that further distinguishes it from previous work in secure multi-party computation, is that it involves floating point arithmetic, in particular it provides protocols to securely and efficiently perform division.

The papers in this book comprise the proceedings of the meeting mentioned on the cover and title page.  They reflect the author’s opinons and, in the interests of timely dissemination, are published as presented and without change.

Parameters of a program’s runtime environment such as the machine architecture and opening system largely determine whether a vulnerability can be exploited.  For example, the machine word size is an important factor in an integer overflow attack and likewise the memory layout of a process in a buffer or heap overflow attack.  In this paper, we present an analysis of the effects of a runtime environment on a language’s data types.  Based on this analysis, we have developed Archerr, an automated one-pass source-to-source transformer that derives appropriate architecture dependant runtime safety error checks and inserts them in C source programs.  Our approach achieves comprehensive vulnerability coverage against a wide array of program-level exploits including integer overflows/underflows.  We demonstrate the efficacy of our technique on versions of C programs with known vulnerabilities such as Send-mail.  We have benchmarked our technique and the results show that it is general less expensive than other well-known runtime techniques, and at the same time requires no extentions to the C programming language.  Additional benefits include the ability to gracefully handle arbitrary pointer usage, aliasing, and typecasting.

Replication and redundancy techniques rely on the assumption that a majority of components are always safe and voting is used to resolve any ambiguities.  This assumption may be unreasonable in the context of attacks and intrusions.  An intruder could compromise any number of the available copies of a service resulting in a false sense of security.  The kernel based approaches have proven to be quite effective but they cause performance impacts if any code changes are in the critical path.  In this paper, we provide an alternate user space mechanism consisting of process monitors by which such user space daemons can be unambiguously monitored without causing serious performance impacts.  A framework that claims to provide such a feature must itself be tamper-resistant to attacks.  We the-oretically analyze and compare some relevant schemes and show their fallibility.  We propose our own framework that is based on some simple principals of graph theory and well-founded concepts in topological fault tolerance, and show that it can not only unambiguously detect any such attacks on the services but is also very hard to subvert.  We also present some preliminary results as a proof of concept.

Local and wide area network information assurance analysts need current and precise knowlege about their systems activities in order to address the challenges of critical infrastructure protection.