This Annual Research Summary presents and overview of the 1999-2000 research activities of the faculty members in the School of Electrical and Computer Engineering at Purdue University. It provides information on 70 of the country\‘s finest researchers literally at your fingertips. Of course, the limitations of print media make it impossible to keep up with the changes, breakthroughs, and updates occuring almost daily, so do access our home page. Also, printing constraints do not allow us to publish this document in color; for images notated that the originals are in color, please refer to the appropriate section of the on-line Research Summary
The modeling of penetration testing as a Petri net is surprisingly useful. It retains key advantages of the flaw hypothesis and attack tree approaches while providing some new benefits.
This thesis examines the impact information technologies have had on the national security of the United States. It looks at how these technologies have evolved into a significant component of the economic, military, and social construct of the nation resulting in a transition from the Industrial Age to the Information Age. It introduces a new paradigm for conflict among nations based upon attacking information infrastructures. The political attractions and deterrents to using these new information warfare methods are discussed at great length. The debate is then placed in a traditional realist/liberal context and examined fromm both perspectives, suggesting technological developments are explored and contrasted with new technologies to develop hypotheses regarding the future strategic impacts that these new technologies will have. An increased reliance on information technology which is highly vulnerable to failure and sabotage has created a new risk to the national security of the United States. These vulnerabilities will be exploited during any conventional military conflicts between nation states, but several political deterrents including economic interdependence and fear of escalation decrease their attraction during peacetime. Despite this, the political and strategic attractions of information warfare make it a likely terrorist weapon. The final chapter offers policy prescriptions and solutions for integrating these concerns into the franework of the United States grand strategy to decrease the security threat and facilitate international cooperation in this area.
The objective of this initial phase of work by IDA was to identify promising, relevant technologies from the academic and civil sectors and assess their long-term applications and payoffs for IW functions.
In this thesis, a new protocol is presented, the Session Token Protocol (STOP) that can assist in the forensic analysis of a computer involved in malicious network activity. It has been designed to trace attackers who log on to a series of hosts to hide their identity. The protocol utilizes the Identification Protocol (ident) infrastructure and improves its capabilities and user’s privacy. the STOP protocol saves user- and application-level dataassociated with a requested TCP connection and returns a random token. The user- and application-level data are not revealed until the token is returned to the local administrator. A trail of tokens can be created by sending a traceback request to the previous host from which the user has connected. The previous host will save the appropriate data, return a token, and send a new traceback request. This allows an incidents investigator to trace attackers to their home systems, but does not violate the privacy of normal users. This thesis also describes how the new protocol was implemented on three platforms.
The Informative Protection Assessment Kit (IPAK) is a self-administered test intended to help you determine how well your organization\‘s information protection program is doing. Designed to provide more than just a snapshot of your existing status, it is a tool for monitoring your program over time. COmpleted annually, the IPAK can provide a relatively objective view of your progress.