Dealing with temporal inconsistency in automated computer forensic profiling

Computer profiling is the automated forensic examination of a computer system in order to provide a human investigator with a characterisation of the activities that have taken place on that system. As part of this process, the logical components of the computer system – components such as users, files and applications - are enumerated and the relationships between them discovered and reported. This information is enriched with traces of historical activity drawn from system logs and from evidence of events found in the computer file system. A potential problem with the use of such information is that some of it may be inconsistent and contradictory thus compromising its value. This work examines the impact of temporal inconsistency in such information and discusses two types of temporal inconsistency that may arise – inconsistency arising out of the normal errant behaviour of a computer system, and inconsistency arising out of deliberate tampering by a suspect – and techniques for dealing with inconsistencies of the latter kind. We examine the impact of deliberate tampering through experiments conducted with prototype computer profiling software. Based on the results of these experiments, we discuss techniques which can be employed in computer profiling to deal with such temporal inconsistencies

Fast casual multicast

A new protocol is presented that efficiently implements a reliable, causally ordered multicast primitive and is easily extended into a totally ordered one. Intended for use in the ISIS toolkit, it offers a way to bypass the most costly aspects of ISIS while benefiting from virtual synchrony. The facility scales with bounded overhead. Measured speedups of more than an order of magnitude were obtained when the protocol was implemented within ISIS. One conclusion is that systems such as ISIS can achieve performance competitive with the best existing multicast facilities--a finding contradicting the widespread concern that fault-tolerance may be unacceptably costly

A Distributed GUI-based Computer Control System for Atomic Physics Experiments

Atomic physics experiments often require a complex sequence of precisely timed computer controlled events. A distributed GUI-based control system designed with such experiments in mind, The Cicero Word Generator, is described. The system makes use of a client-server separation between a user interface for sequence design and a set of output hardware servers. Output hardware servers are designed to use standard National Instruments output cards, but the client-server nature allows this to be extended to other output hardware. Output sequences running on multiple servers and output cards can be synchronized using a shared clock. By using an FPGA-generated variable frequency clock, redundant buffers can be dramatically shortened, and a time resolution of 100ns achieved over effectively arbitrary sequence lengths

A Web-Based Tool for Analysing Normative Documents in English

Our goal is to use formal methods to analyse normative documents written in English, such as privacy policies and service-level agreements. This requires the combination of a number of different elements, including information extraction from natural language, formal languages for model representation, and an interface for property specification and verification. We have worked on a collection of components for this task: a natural language extraction tool, a suitable formalism for representing such documents, an interface for building models in this formalism, and methods for answering queries asked of a given model. In this work, each of these concerns is brought together in a web-based tool, providing a single interface for analysing normative texts in English. Through the use of a running example, we describe each component and demonstrate the workflow established by our tool

Randomized and efficient time synchronization in dynamic wireless sensor networks: a gossip-consensus-based approach

This paper proposes novel randomized gossip-consensus-based sync (RGCS) algorithms to realize efficient time correction in dynamic wireless sensor networks (WSNs). First, the unreliable links are described by stochastic connections, reflecting the characteristic of changing connectivity gleaned from dynamicWSNs. Secondly, based on the mutual drift estimation, each pair of activated nodes fully adjusts clock rate and offset to achieve network-wide time synchronization by drawing upon the gossip consensus approach. The converge-to-max criterion is introduced to achieve a much faster convergence speed. The theoretical results on the probabilistic synchronization performance of the RGCS are presented. Thirdly, a Revised-RGCS is developed to counteract the negative impact of bounded delays, because the uncertain delays are always present in practice and would lead to a large deterioration of algorithm performances. Finally, extensive simulations are performed on the MATLAB and OMNeT++ platform for performance evaluation. Simulation results demonstrate that the proposed algorithms are not only efficient for synchronization issues required for dynamic topology changes but also give a better performance in term of converging speed, collision rate, and the robustness of resisting delay, and outperform other existing protocols

Models of leader elections and their applications

New research about cyber-physical systems is rapidly changing the way we think about critical infrastructures such as the power grid. Changing requirements for the generation, storage, and availability of power are all driving the development of the smart-grid. Many smart-grid projects disperse power generation across a wide area and control devices with a distributed system. However, in a distributed system, the state of processes is hard to determine due to isolation of memory. By using information flow security models, we reason about a process\u27s beliefs of the system state in a distributed system. Information flow analysis aided in the creation of Markov models for the expected behavior of a cyber controller in a smart-grid system using a communication network with omission faults. The models were used as part of an analysis of the distributed system behavior when there are communication faults. With insight gained from these models, existing congestion management techniques were extended to create a feedback mechanism, allowing the cyber-physical system to better react to issues in the communication network --Abstract, page iii

The ISIS project: Fault-tolerance in large distributed systems

The semi-annual status report covers activities of the ISIS project during the second half of 1989. The project had several independent objectives: (1) At the level of the ISIS Toolkit, ISIS release V2.0 was completed, containing bypass communication protocols. Performance of the system is greatly enhanced by this change, but the initial software release is limited in some respects. (2) The Meta project focused on the definition of the Lomita programming language for specifying rules that monitor sensors for conditions of interest and triggering appropriate reactions. This design was completed, and implementation of Lomita is underway on the Meta 2.0 platform. (3) The Deceit file system effort completed a prototype. It is planned to make Deceit available for use in two hospital information systems. (4) A long-haul communication subsystem project was completed and can be used as part of ISIS. This effort resulted in tools for linking ISIS systems on different LANs together over long-haul communications lines. (5) Magic Lantern, a graphical tool for building application monitoring and control interfaces, is included as part of the general ISIS releases