The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Reports and Papers Archive


Browse All Papers »       Submit A Paper »

Purdue School of ECE Annual Research Summary

School of ECE

This Annual Research Summary presents and overview of the 1999-2000 research activities of the faculty members in the School of Electrical and Computer Engineering at Purdue University.  It provides information on 70 of the country\‘s finest researchers literally at your fingertips.  Of course, the limitations of print media make it impossible to keep up with the changes, breakthroughs, and updates occuring almost daily, so do access our home page.  Also, printing constraints do not allow us to publish this document in color; for images notated that the originals are in color, please refer to the appropriate section of the on-line Research Summary

Added 2002-07-26

New Security Paradigm Workshop 2000

ACM

The modeling of penetration testing as a Petri net is surprisingly useful.  It retains key advantages of the flaw hypothesis and attack tree approaches while providing some new benefits.

Added 2002-07-26




National Security in the Information Age

Matthew G. Devost

This thesis examines the impact information technologies have had on the national security of the United States.  It looks at how these technologies have evolved into a significant component of the economic, military, and social construct of the nation resulting in a transition from the Industrial Age to the Information Age. It introduces a new paradigm for conflict among nations based upon attacking information infrastructures.  The political attractions and deterrents to using these new information warfare methods are discussed at great length.  The debate is then placed in a traditional realist/liberal context and examined fromm both perspectives, suggesting technological developments are explored and contrasted with new technologies to develop hypotheses regarding the future strategic impacts that these new technologies will have. An increased reliance on information technology which is highly vulnerable to failure and sabotage has created a new risk to the national security of the United States.  These vulnerabilities will be exploited during any conventional military conflicts between nation states, but several political deterrents including economic interdependence and fear of escalation decrease their attraction during peacetime.  Despite this, the political and strategic attractions of information warfare make it a likely terrorist weapon. The final chapter offers policy prescriptions and solutions for integrating these concerns into the franework of the United States grand strategy to decrease the security threat and facilitate international cooperation in this area.

Added 2002-07-26

Information Warfare Technologies: Survey of Selected Civil Sector Activities

Institute for Defense Analyses

The objective of this initial phase of work by IDA was to identify promising, relevant technologies from the academic and civil sectors and assess their long-term applications and payoffs for IW functions.

Added 2002-07-26



Commercial Perspectives on Information Assurance Research

William T. Mayfield
Added 2002-07-26

A Recursive TCP Session Token Protocol for Use in Computer Forensics and Traceback

CERIAS TR 2001-19
Brian Carrier
Download: PDF

In this thesis, a new protocol is presented, the Session Token Protocol (STOP) that can assist in the forensic analysis of a computer involved in malicious network activity.  It has been designed to trace attackers who log on to a series of hosts to hide their identity.  The protocol utilizes the Identification Protocol (ident) infrastructure and improves its capabilities and user’s privacy.  the STOP protocol saves user- and application-level dataassociated with a requested TCP connection and returns a random token.  The user- and application-level data are not revealed until the token is returned to the local administrator.  A trail of tokens can be created by sending a traceback request to the previous host from which the user has connected.  The previous host will save the appropriate data, return a token, and send a new traceback request.  This allows an incidents investigator to trace attackers to their home systems, but does not violate the privacy of normal users.  This thesis also describes how the new protocol was implemented on three platforms.

Added 2002-07-26

Data Mining for Web Security: UserWatcher

CERIAS TR 2001-20
Malika Mahoui and Bharat Bhargava and Mukesh Mohania
Download: PDF
Added 2002-07-26

User content Mining Supporting Usage Content Mining for Web Personalization

CERIAS TR 2001-21
Malika Mahoui and Bharat Bhargava and Mukesh Mohania
Download: PDF
Added 2002-07-26


Informative Protection Assessment Kit

The Informative Protection Assessment Kit (IPAK) is a self-administered test intended to help you determine how well your organization\‘s information protection program is doing.  Designed to provide more than just a snapshot of your existing status, it is a tool for monitoring your program over time.  COmpleted annually, the IPAK can provide a relatively objective view of your progress.

Added 2002-07-26