Recent distributed denial of service attacks have demonstrated the difficulty with tracing network attackers on the Internet and simultaneously led to calls for development of systems to track network traffic to its source. Tracking network traffic is difficult because of two basic techniques used to obfuscate the source of the traffic: spoofing and redirection. In this paper, we examine the desirable properties of network traffic tracking systems (NTTS) from both the technical and social perspectives. An analysis of the feasibility of a system with these properties in a number of increasingly open network models leads us to a number of conclusions. First, NTTS may be very successful in relatively closed environments where there is strong control of the infrastructure, and there is no expectation of privacy. Second, in an open, global Internet, it is not be feasible to deploy a perfect NTTS. Third, if a perfect NTTS for the Internet is not possible, how do we evaluate the consequences of deployment of an evadeable NTTS.

Distributed systems with multiple interacting services, especially e-commerce systems, are suitable targets for malicious attacks because of the potential financial impact. Compared to intrusion detection, automated response has received relatively less attention. In this paper, we present the design of automated response mechanisms in an intrusion tolerant system called ADEPTS. Our focus is on enforcing containment in the system, thus localizing the intrusion and allowing the system to provide service, albeit degraded. ADEPTS uses a graph of intrusion goals, called IGRAPH, as the underlying representation in the system. In response to alerts from an intrusion detection framework, ADEPTS executes algorithms to determine the spread of the intrusion and the appropriate responses to deploy. A feedback mechanism evaluates the success of a deployed response and uses that in guiding future choices. ADEPTS is demonstrated on a distributed e-commerce system and evaluated using a survivability metric.

Event reconstruction plays a critical role in solving physical crimes by explaining why a piece of physical evidence has certain characteristics. With digital crimes, the current focus has been on the recognition and identification of digital evidence using an object’s characteristics, but not on the identification of the events that caused the characteristics. This paper examines digital event reconstruction and proposes a process model and procedure that can be used for a digital crime scene. The model has been designed so that it can apply to physical crime scenes, can support the unique aspects of a digital crime scene, and can be implemented in software to automate part of the process. We also examine the differences between physical event reconstruction and digital event reconstruction.

General-purpose operating systems provide a rich computing environment both to the user and the attacker. The declining cost of hardware and the growing security concerns of software necessitate a revalidation of the many assumptions made in network service architectures. Enforcing sound design principles while retaining usability and flexibility is key to practical security. Poly/sup 2/ is an approach to build a hardened framework for network services from commodity hardware and software. Guided by well-known security design principles such as least common mechanism and economy of mechanism, and driven by goals such as psychological acceptability and immediate usability, Poly/sup 2/ provides a secure platform for network services. It also serves as a testbed for several security-related research areas such as intrusion detection, forensics, and high availability. This paper discusses the overall design and philosophy of Poly/sup 2/, presents an initial implementation, and outlines future work.

Even casual observers can see that our society’s computing infrastructure has significant security problems. Technical sources such as CERT, BugTraq, and the Risks Digest - not to mention the popular media - regularly catalog critical vulnerabilities in deployed software. Unless we figure out how to build trustworthy systems in the real world, we’re in trouble. Recognizing that fact, the Computing Research Association (CRA, www.cra.org), with support from the US National Science Foundation, recently drafted its Grand Research Challenges in security and assurance, intent on galvanizing the field by focusing attention and stimulating progress on these problems.

The widespread adoption of location-based services (LBS) raises increasing concerns for the protection of personal location information. A common strategy, referred to as obfuscation, to protect location privacy is based on forwarding the LSB provider a coarse user location instead of the actual user location. Conventional approaches, based on such tech- nique, are however based only on geometric methods and therefore are unable to assure privacy when the adversary has semantic knowledge about the reference spatial context. This paper provides a comprehensive solution to this problem. Our solution presents a novel approach that obfuscates the user location by taking into account the semantic knowl- edge about the reference space. In the paper, we dene sev- eral theoretical notions underlying our approach. We then propose two dierent strategies for generating obfuscated spaces. The paper also includes several experimental results assessing performance, storage requirements and accuracy for the two approaches. The paper also discusses the system architecture and shows that the approach can be deployed also for clients running on small devices.

Theoretical and empirical results give mixed advice for choosing the cardinality for GA representation.  Using GA models that capture the exact expected behavior of both the binary and higher cardinality cases, the determination of which representation is best for a given GA can be made.  De Jong et al. and Spears and De Jong presented how the exact model for the binary genetic algorithm can give important insights to transient GA behavior.  This paper uses a similar approach to study the impact of different cardinalities using the Koehler-Bhattacharyya-Vose general cardinality model.