We present and analyze portable access control mechanisms for large data repositories, in that the customized access policies are stored on a portable device (e.g., a smart card). While there are significant privacy-preservation advantages to the use of smart cards anonymously created and bought in public places (stores, libraries, etc), a major difficulty is that, for huge data repositories and limited-capacity portable storage devices, it is not possible to represent any possible access configuration on the card. For a customer whose card is supposed to contain a subset S of documents, access to all of S must be allowed. In some situations a small enough number of “false positives” (which are accesses to non-S documents) is acceptable to the server, and the challenge then is to minimize the number of false positives implicit to any given card. We describe and analyze schemes for both unstructured and structured collections of documents. For these schemes, we give fast algorithms for efficiently using the limited space available on the card. In our model the customer does not know which documents correspond to false positives, the probability of a randomly chosen document being a false positive is small, and information about false positives bound to one card is useless for any other card even if both of them permit access to the same set of documents S.

The goal of data mining is to extract or ``mine’’ knowledge from large amounts of data. However, data is often collected by several different sites. Privacy, legal and commercial concerns restrict centralized access to this data. Theoretical results from the area of secure multiparty computation in cryptography prove that assuming the existence of trapdoor permutations, one may provide secure protocols for \emph two-party computation as well as for \emph multiparty computation with honest majority.

However, the general methods are far too inefficient and impractical for computing complex functions on inputs consisting of large sets of data. What remains open is to come up with a set of techniques to achieve this efficiently within a quantifiable security framework. The distributed data model considered is the heterogeneous database scenario with different features of the same set of data being collected by different sites. This thesis argues that it is indeed possible to have \emph and \emph techniques for useful privacy-preserving mining of knowledge from large amounts of data. The dissertation presents several privacy preserving data mining algorithms operating over vertically partitioned data. The set of underlying techniques solving independent sub-problems are also presented. Together, these enable the secure ``mining’’ of knowledge.

In this article we survey a number of security models—which range from the first models to newly proposed approaches—in an attempt to answer the question of what we want our security model to be. The emphasis of this work is not on past or current security models, but rather on new approaches that have been proposed in the literature but have not yet found their way to the end user. The models described in this work provide unusual ways of addressing security needs and may be difficult to employ due to drastic differences from the currently accepted norms. These models, however, may have useful properties that the current systems do not possess, and might provide more efficient ways of securing our systems.

DDoS attacks are increasingly common and many defense mechanisms have been proposed. However, in order to evaluate their effectiveness it is important to consider what goes into making an attack. In this paper, we analyzed common DDoS attacks at the source code and network level. We then developed a hybrid toolkit that combines attack tools, background traffic and monitoring software. Finally, we studied how effective our toolkit is at launching attacks and then detecting them. The results and lessons learned from testing on Emulab are presented.

The rapid proliferation of the Internet and the cost effective growth of its key enabling technologies such as database management systems, storage and end-systems, and networking are revolutionizing information technology and have created unprecedented opportunities for developing large scale distributed applications and enterprise-wide systems. At the same time, there is a growing need for information sharing and resource exchange in a collaborative environment that spans multiple enterprises. Various businesses, government, and other organizations have realized that information and resource sharing is becoming increasingly critical to their success.  However, increase in inter-domain information and resource exchange poses new threats to the security and privacy of data. Numerous studies have shown that unauthorized access, in particular by insiders, constitutes a major security problem for enterprise application environments. This problem can get magnified in a collaborative environment where, distributed, heterogeneous, and autonomous organizations interoperate with each other. Collaboration in such a diverse environment requires integration of the access control policies of local domains to compose a global security policy for controlling information accesses across multiple domains. In this proposal, we address the issue of policy integration in a multi-domain system that allows information and resource sharing in a collaborative environment. The proposed policy integration mechanism is a two phase process that first defines a mapping among the cross-domain entities and then resolves the underlying access control policy conflicts. For conflict resolution, we propose an integer programming (IP) based approach that maximizes inter-domain information and data exchange according to some specified optimality criterion. As an extension to the policy integration framework, we plan to address the problem of access control policy verification and policy evolution in the context of secure interoperation. In addition, we will investigate the problem of semantic partitioning of a single access control policy into multiple independent, autonomous, and functional policies.

In this paper, we simulate the Code Red II and Nimda worms on different enterprise-scale networks to determine the impact that topology has on worm propagation.  A corporate network can be designed to improve security and, as we show, to decrease the propagation rate of worms that use network scanning as a target discovery technique.  We also examine the impact that LaBrea-like devices have on propagation rates and compare it to the impact of network topology.

In this paper we present the Session Token Protocol (STOP), a new protocol that can assist in the forensic analysis of a computer involved in malicious network activity.  It has been designed to help automate tracing attackers who log on to a series of hosts to hide their identity.  STOP utilizes the Identification Protocol (IDENT) infrastructure, improving both its capabilities and user privacy.  On request, the STOP protocol saves user-level and application-level data associated with a particular TCP connection and returns a random token specifically related to that session.  The saved data are not revealed to the requester unless the token is returned to the local administrator, who verifies the legitimacy of the need for the release of information.  The protocol supports recursive traceback requests to gather information about the entire path of a connection. This allows an incident investigator to trace attackers to their home systems, but does not violate the privacy of normal users.  This paper details the new protocol and presents implementation and performance results.

Event reconstruction plays a critical role in solving physical crimes by explaining why a piece of physical evidence has certain characteristics. With digital crimes, the current focus has been on the recognition and identification of digital evidence using an object’s characteristics, but not on the identification of the events that caused the characteristics. This paper examines digital event reconstruction and proposes a process model and procedure that can be used for a digital crime scene. The model has been designed so that it can apply to physical crime scenes, can support the unique aspects of a digital crime scene, and can be implemented in software to automate part of the process. We also examine the differences between physical event reconstruction and digital event reconstruction.

There are at least four U.S. patents on software watermarking, and an idea for further advancing the state of the art was presented in 1999 by Collberg and Thomborsen. The new idea is to embed a watermark in dynamic data structures, thereby protecting against many programtransformation attacks. Until now there have been no reports on practical experience with this technique

We have implemented and experimented with a watermarking system for Java based on the ideas of Collberg and Thomborsen. Our experiments show that watermarking can be done efficiently with moderate increases in code size, execution times, and heap-space usage, while making the watermarked code resilient to a variety of programtransformation attacks. For a particular representation of watermarks, the time to retrieve a watermark is on the order of one minute per megabyte of heap space. Our implementation is not designed to resists all possible attacks; to do that it should be combined with other protection techniques such as obfuscation and tamperproofing.

We present a detailed analysis of SQUFOF, Daniel Shanks’ Square Form Factorization algorithm. We give the expected running time and space requirement for SQUFOF. We analyze the effect of multipliers, either used for a single factorization or when racing the algorithm in parallel.

Federated identity and privilege management are the cornerstones of access management on the Web. The increasing trend of business integration across enterprises and Web-based collaboration has led to tremendous growth of the identity and privilege management research and products in the recent past. However, despite the existence of available mechanisms, there are drawbacks in almost all well-known schemes that make them inadequate for use in large scale open system. Additionally, the migration of these mechanisms to the Web environment is happening at dissimilar pace, resulting in a wide gap in integrating privilege management with existing federated identity mechanisms to provide a comprehensive access management solution. In this paper, we discuss these issues in detail, namely the shortcomings of federated identity mechanisms, and their integration with privilege management mechanisms. In response, we provide an integrated approach to Web-based access management that combines a decentralized federated identity mechanism with a privilege management framework. Our solution allows name-binding to be avoided; doing so is essential to scalability and privacy in open systems. The solution has been prototyped and preliminarily tested to determine its feasibility.

As schools become more dependent on information technology to facilitate administrative tasks and enhance learning and discovery, the security of the schools