Kernel rootkits, malicious software designed to compromise a running operating system kernel, are difficult to profile due to the variety and complexity of their attacks as well as the privilege level at which they run.  However, an accurate profile of a kernel rootkit can be greatly helpful in developing cost-effective rootkit defense solutions. In this paper we present PoKeR, a kernel rootkit profiler capable of producing multi-aspect rootkit profiles which include the extraction of kernel rootkit code, the revelation of rootkit hooking behavior, the determination of targeted kernel objects (both static and dynamic), as well as the assessment of user-level impacts.  The evaluation results with a number of real-world rootkits show that PoKeR is able to accurately profile a variety of rootkits ranging from traditional ones with system call hooking to more advanced ones with direct kernel object manipulation. The obtained profiles lead to unique insights into the rootkits’ characteristics.

The increased use of fingerprint recognition systems has brought the issue of fingerprint sensor interoperability to the forefront. Fingerprint sensor interoperability refers to the process of matching fingerprints collected from different sensors. Variability in the fingerprint image is introduced due to the differences in acquisition technology and interaction with the sensor. The effect of sensor interoperability on performance of minutiae based matchers is examined in this dissertation. Fingerprints from 190 participants were collected on nine different fingerprint sensors which included optical, capacitive, and thermal acquisition technologies and touch, and swipe interaction types. The NBIS and VeriFinger 5.0 feature extractor and matcher were used. Along with fingerprints, characteristics like moisture content, oiliness, elasticity and temperature of the skin were also measured. A statistical analysis framework for testing interoperability was formulated for this dissertation, which included parametric and non-parametric tests. The statistical analysis framework tested similarity of minutiae count, image quality and similarity of performance between native and interoperable datasets. False non-match rate (FNMR) was used as the performance metric in this dissertation. Interoperability performance analysis was conducted on each sensor dataset and also by grouping datasets based on the acquisition technology and interaction type of the acquisition sensor. Similarity of minutiae count and image quality scores between two datasets was not an indicator of similarity of FNMR for their interoperable datasets. Interoperable FNMR of 1.47% at fixed FMR of 0.1% was observed for the optical touch and capacitive touch groupings. The impact of removing low quality fingerprint images on the effect of interoperable FNMR was also examined. Although the absolute value of FNMR reduced for all the datasets, fewer interoperable datasets were found to be statistically similar to the native datasets. An image transformation method was also proposed to compensate for the differences in the fingerprint images between two datasets, and experiments conducted using this method showed significant reduction in interoperable FNMR using the transformed dataset.

This paper reports the correlations between skin characteristics, such as moisture, oiliness, elasticity, and temperature of the skin, and fingerprint image quality across three sensing technologies.  Fingerprint images from the index finger of the dominant hand of 190 individuals, were collected on nine different fingerprint sensors.  The sensors included four capacitance sensors, four optical sensors and one thermal fingerprint sensor.  Skin characteristics included temperature, moisture, oiliness and elasticity, were measured prior to the initial interaction with each of the individual sensors.  The analysis of the full dataset indicated that the sensing technology and interaction type (swipe or touch) were moderately and weakly correlated respectively with image quality scores. Correlation analysis between image quality scores and the skin characteristics were also made on subsets of data, divided by the sensing technology. The results did not identify any significant correlations.  This indicates that further work is necessary to determine the type of relationship between the variables, and how they impact image quality and matching performance.

Suppose Alice owns a k-anonymous database and needs to determine whether her database, when inserted with a tuple owned by Bob, is still k-anonymous. Also, suppose that access to the database is strictly controlled, because for example data are used for certain experiments that need to be maintained confidential. Clearly, allowing Alice to directly read the contents of the tuple breaks the privacy of Bob (e.g., a patient’s medical record); on the other hand, the confidentiality of the database managed by Alice is violated once Bob has access to the contents of the database. Thus, the problem is to check whether the database inserted with the tuple is still k-anonymous, without letting Alice and Bob know the contents of the tuple and the database respectively. In this paper, we propose two protocols solving this problem on suppression-based and generalization-based k-anonymous and confidential databases. The protocols rely on well-known cryptographic assumptions, and we provide theoretical analyses to proof their soundness and experimental results to illustrate their efficiency.

In electronic subscription and pay TV systems, data can be organized and encrypted using symmetric key algorithms according to predefined time periods and user privileges, then broadcast to users. This requires an efficient way to manage the encryption keys. In this scenario, time-bound key management schemes for a hierarchy were proposed by Tzeng and Chien in 2002 and 2005, respectively. Both schemes are insecure against collusion attacks. In this paper, we propose a new key assignment scheme for access control which is both efficient and secure. Elliptic curve cryptography is deployed in this scheme. We also provide analysis of the scheme with respect to security and efficiency issues.

This research report provides a historical perspective on key developments in cyber critical infrastructure protection efforts to secure the bulkpower grid system. It is important to understand the past so future efforts can benefit from the knowledge gained from past experiences. The research examines 21 key developments that occur from 1997 to 2008. The developments are sorted into three groups: DHS (represents public sector), NERC (representing the private sector), and FERC (regulatory function). The developments within each group are then analyzed to identify what prior developments contributed to later developments. The main underlying theme in each group is also examined to identify potential issues that hinder cyber critical infrastructure protection efforts. The results of this research show that some progress has been made by the combined efforts of NERC and FERC. The DHS has produced plans but has been unable to effectively implement those plans. The three main issues that were identified are the impact of economics, major power outages, and the ineffective partnership efforts between the DHS and the private entities within the electricity sector. These issues will need to be solved in the future so cyber critical infrastructure protection for the bulk-power grid system can proceed.

This paper addresses resolution of normative inconsistencies in privacy regulation resulting from merging documents of various kinds. The solution we propose is similar to the past approaches, in that we also resort to the implementation of a certain priority in order to resolve actual contradiction. At the core of the processing conflicts lies text-meaning-representation (TMR) module. Conflict detection explores modalities as well as OPPOSITE/NOT relation of corresponding principal heads of the TMR(s). Additionally, we claim that unlike purely axiomatic frameworks used, ontological semantics accounts for semantic heterogeneity and does not place a restriction on the type of regulation that can be processed.

Policy integration and inter-operation is often a crucial requirement when parties with different access control policies need to participate in collaborative applications and coalitions. Such requirement is even more difficult to address for dynamic large-scale collaborations, in which the number of access control policies to analyze and compare can be quite large. An important step in policy integration and inter-operation is to analyze the similarity of policies. Policy similarity can sometimes also be a pre-condition for establishing a collaboration, in that a party may enter a collaboration with another party only if the policies enforced by the other party match or are very close to its own policies. Existing approaches to the problem of analyzing and comparing access control policies are very limited, in that they only deal with some special cases. By recognizing that a suitable approach to the policy analysis and comparison requires combining different approaches, we propose in this paper a comprehensive environment—EXAM. The environment supports various types of analysis query, that we categorize in the paper. A key component of such environment, on which we focus in the paper, is the policy analyzer able to perform several types of analysis. Specifically, our policy analyzer combines the advantages of existing MTBDD-based and SAT-solver-based techniques. Our experimental results, also reported in the paper, demonstrate the efficiency of our analyzer.

Simulation, emulation, and wide-area testbeds exhibit different tradeoffs with respect to fidelity, scalability, and manageability.

Network security and network planning/dimensioning experiments introduce additional requirements compared to traditional networking and distributed system experiments. For example, high capacity attack or multimedia flows can push packet forwarding devices to the limit and expose unexpected behaviors.  Many popular simulation and emulation tools use high-level models of forwarding behavior in switches and routers, and give little guidance on setting model parameters such as buffer sizes.  Thus, a myriad of papers report results that are highly sensitive to the forwarding model or buffer size used.

In this work, we first motivate the need for better models by performing an extensive comparison between simulation and emulation environments for the same Denial of Service (DoS) attack experiment.  Our results reveal that there are drastic differences between emulated and simulated results and between various emulation testbeds.  We then argue that measurement-based models for routers and other forwarding devices are crucial. We devise such a model and validate it with measurements from three types of Cisco routers and one Juniper router, under varying traffic conditions.  The structure of our model is device-independent, but requires device-specific parameters. The compactness of the parameter tables and simplicity of the model make it versatile for high-fidelity simulations that preserve simulation scalability.  We construct a black box profiler to infer parameter tables within a few hours. Our results indicate that our model can approximate different types of routers.

Additionally, the results indicate that queue characteristics vary dramatically among the devices we measure, and that backplane contention must be modeled.

In the modern multi-user computer environment, Internet-capable network servers provide connectivity that allows a large portion of the user population to access information at the desktop from sources around the world. Because of the ease with which information can be accessed, computer security breaches may occur unless systems and restricted information stored therein are kept secure. Breaches of security can have serious consequences, including theft of confidential corporate documents, compromise of intellectual property, unauthorized modification of systems and data, denial of service, and others. Considerable research has been conducted on threats to security.

Numerous sophisticated security methods have been developed, many of which rely on individuals to implement and use them. However, these methods may not accomplish their intended objectives if they are not used properly. Despite the apparent influence of usability, surprisingly little research has been conducted on the trade-off between usability and the degree of security provided by various information security methods. In the present paper, we review the various information security methods that are used, appraise the usability issues, and develop a taxonomy to organize these issues. The intent is to make a strong case for the need for systematic usability analyses and for the development of usability metrics for information security.