The Embedding Capacity of Information Flows Under Renewal Traffic

Given two independent point processes and a certain rule for matching points between them, what is the fraction of matched points over infinitely long streams? In many application contexts, e.g., secure networking, a meaningful matching rule is that of a maximum causal delay, and the problem is related to embedding a flow of packets in cover traffic such that no traffic analysis can detect it. We study the best undetectable embedding policy and the corresponding maximum flow rate ---that we call the embedding capacity--- under the assumption that the cover traffic can be modeled as arbitrary renewal processes. We find that computing the embedding capacity requires the inversion of very structured linear systems that, for a broad range of renewal models encountered in practice, admits a fully analytical expression in terms of the renewal function of the processes. Our main theoretical contribution is a simple closed form of such relationship. This result enables us to explore properties of the embedding capacity, obtaining closed-form solutions for selected distribution families and a suite of sufficient conditions on the capacity ordering. We evaluate our solution on real network traces, which shows a noticeable match for tight delay constraints. A gap between the predicted and the actual embedding capacities appears for looser constraints, and further investigation reveals that it is caused by inaccuracy of the renewal traffic model rather than of the solution itself.Comment: Sumbitted to IEEE Trans. on Information Theory on March 10, 201

Policy based runtime verification of information flow.

Standard security mechanism such as Access control, Firewall and Encryption only focus on controlling the release of information but no limitations are placed on controlling the propagation of that confidential information. The principle problem of controlling sensitive information confidentiality starts after access is granted. The research described in this thesis belongs to the constructive research field where the constructive refers to knowledge contributions being developed as a new framework, theory, model or algorithm. The methodology of the proposed approach is made up of eight work packages. One addresses the research background and the research project requirements. Six are scientific research work packages. The last work package concentrates on the thesis writing up. There is currently no monitoring mechanism for controlling information flow during runtime that support behaviour configurability and User interaction. Configurability is an important requirement because what is considered to be secure today can be insecure tomorrow. The interaction with users is very important in flexible and reliable security monitoring mechanism because different users may have different security requirements. The interaction with monitoring mechanism enables the user to change program behaviours or modify the way that information flows while the program is executing. One of the motivations for this research is the information flow policy in the hand of the end user. The main objective of this research is to develop a usable security mechanism for controlling information flow within a software application during runtime. Usable security refers to enabling users to manage their systems security without defining elaborate security rules before starting the application. Our aim is to provide usable security that enables users to manage their systems' security without defining elaborate security rules before starting the application. Security will be achieved by an interactive process in which our framework will query the user for security requirements for specific pieces of information that are made available to the software and then continue to enforce these requirements on the application using a novel runtime verification technique for tracing information flow. The main achievement of this research is a usable security mechanism for controlling information flow within a software application during runtime. Security will be achieved by an interactive process to enforce user requirements on the application using runtime verification technique for tracing information flow. The contributions are as following. Runtime Monitoring: The proposed runtime monitoring mechanism ensures that the program execution is contains only legal flows that are defined in the information flow policy or approved by the user. Runtime Management: The behaviour of a program that about to leak confidential information will be altered by the monitor according to the user decision. User interaction control: The achieved user interaction with the monitoring mechanism during runtime enable users to change the program behaviours while the program is executing.Libyan Embass

Chinese Wall Security Policy

This project establishes a Chinese wall security policy model in the environment of cloud computing. In 1988 Brewer and Nash proposed a very nice commercial security policy in British financial world. Though the policy was well accepted, but the model was incorrect. A decade later, Dr. Lin provided a model in 2003 that meets Brewer & Nash’s Policy. One of the important components in Cloud computing is data center. In order for any company to store data in the center, a trustable security policy model is a must; Chinese wall security policy model will provide this assurance. The heart of the Chinese Wall Security Policy Model is the concept of Conflict of Interest (COI). The concept can be modeled by an anti-reflexive, symmetric and transitive binary relation. In this project, by extending Dr. Lin’s Model, we explore the security issues in the environment of cloud computing and develop a small system of the Chinese Wall Security Model