ENTERPRISE SECURITY ANALYSIS INCLUDING DENIAL OF SERVICE COUNTERMEASURES

Computer networks are the nerve systems of modern enterprises. Unfortunately, these networks are subject to numerous attacks. Safeguarding these systems is challenging. In this thesis we describe current threats to enterprise security, before concentrating on the Distributed denial of Service (DDoS) problem. DDoS attacks on popular websites like Amazon, Yahoo, CNN, eBay, Buy, and the recent acts of war using DDoS attacks against NATO ally Estonia [1] graphically illustrate the seriousness of these attacks. Denial of Service (DoS) attacks are explicit attempts to block legitimate users\u27 system access by reducing system availability [2]. A DDoS attack deploys multiple attacking entities to attain this goal [3]. Unfortunately, DDoS attacks are difficult to prevent and the solutions proposed to date are insufficient. This thesis uses combinatorial game theory to analyze the dynamics of DDoS attacks on an enterprise and find traffic adaptations that counter the attack. This work builds on the DDoS analysis in [4]. The approach we present designs networks with a structure that either resists DDoS attacks, or adapts around them. The attacker (Red) launches a DDoS on the distributed application (Blue). Both Red and Blue play an abstract board game defined on a capacitated graph, where nodes have limited CPU capacities and edges have bandwidth constraints. Our technique provides two important results that aid in designing DDoS resistant systems: 1.It quantifies the resources an attacker needs to disable a distributed application. The design alternative that maximizes this value will be the least vulnerable to DDoS attacks. 2.When the attacker does not have enough resources to satisfy the limit in 1, we provide near optimal strategies for reconfiguring the distributed application in response to attempted DDoS attacks. Our analysis starts by finding the feasible network configurations for Blue that satisfy its computation and communications requirements. The min-cut sets [5] of these configurations are the locations most vulnerable to packet flooding DDoS attacks. Red places \u27zombie\u27 processes on the graph that consume network bandwidth. Red attempts to break Blue communications links. Blue reconfigures its network to re-establish communications. We analyze this board game using the theory of surreal numbers [6]. If Blue can make the game \u27loopy\u27 (i.e. move to one of its previous configurations), it wins [7]. If Red creates a situation where Blue can not successfully reconfigure the network, it wins. In practice, each enterprise relies on multiple distributed processes. Similarly, an attacker can not expect to destroy all of the processes used by the enterprise at any point in time. The attacker will try to maximize the number of processes it can disable at any point in time. This situation describes a \u27sum of games\u27 problem [6], where Blue and Red alternate moves. We adapt Berlekamp\u27s strategies for Go endgames, to tractably find near optimal reconfiguration regimes for this P-Space complete problem [6], [7]

Programmierkonzepte für die Umsetzung von Nutzungsrichtlinien in industriellen Datenräumen

Daten haben sich im Laufe der Zeit immer mehr zu einem wertvollem Asset entwickelt. Aus diesem Grund ist für Rechteinhaber die Kontrolle über die eigenen Daten von zentraler Bedeutung. Die Fähigkeit des Rechteinhabers selbstbestimmt über die Nutzung seiner Daten zu verfügen wird als Datensouveränität bezeichnet. Diese Arbeit beschäftigt sich mit der Frage, wie die Erlangung sowie der Erhalt der Datensouveränität technisch durch Usage Control Mechanismen unterstützt werden kann. In der vorliegenden Arbeit wird eine flexible und erweiterbare Programmiersprache entwickelt, welche über integrierte Usage Control Mechanismen verfügt und den Namen D° trägt. Durch die Umsetzung des Programmierparadigmas der policy-agnostischen Programmierung wird die Komplexität der Usage Control Mechanismen gekapselt und kann durch Experten adressiert werden. Ein Teil dieser Komplexität ist in den Compiler verlagert und gelöst worden und muss von Anwendern der Sprache nicht mehr beachtet werden. Hierdurch wird der Applikationsentwickler entlastet und die korrekte Nutzung von Usage Control Mechanismen vereinfacht. Des Weiteren wird präsentiert, wie das Remote Evaluation Paradigma für D° umgesetzt werden kann. Das Paradigma zielt auf Szenarien der kooperativen Datennutzung ab und verzichtet auf den Versand von Daten an Dritte, welche die Daten verwenden möchten. Stattdessen werden die datenverarbeitenden Applikationen und deren Berechnungsergebnisse hin- und hergeschickt. Hierdurch verbleiben die Daten stets auf den Systemen des Rechteinhabers, welche gleichzeitig auf die Vorteile der Usage Control Mechanismen in D° zurückgreifen können. Dies erlaubt die kooperative Datennutzung in Szenarien, in denen die Weitergabe von Daten ausgeschlossen ist und technische Maßnahmen zur Datennutzungskontrolle notwendig sind. Die erzielten Ergebnisse werden mithilfe eines größeren Demonstrators präsentiert und validiert. Dabei werden die einzelnen Aspekte von D° anhand von Beispielen praktisch vorgestellt. Außerdem findet eine Einordnung der Lösung in die International Data Spaces statt, welche die vorliegende Arbeit maßgeblich motiviert und geprägt haben. Bei dieser Einordnung wird gezeigt, dass die Mächtigkeit der Usage Control Mechanismen von D° gleich oder besser zu der von anderen Usage Control Mechanismen, welche in den International Data Spaces verwendet werden, ist

Improving efficiency, scalability and efficacy of adaptive computation offloading in pervasive computing environments

As computing becomes more mobile and pervasive, there is a growing demand for increasingly rich, and therefore more computationally heavy, applications to run in mobile spaces. However, there exists a disparity between mobile platforms and the desktop environments upon which computationally heavy applications have traditionally run, which is likely to persist as both domains evolve at a competing pace. Consequently, an active research area is Adaptive Computation Offloading or cyber foraging that dynamically distributes application functionality to available peer devices according to resource availability and application behaviour. Integral to any offloading strategy is an adaptive decision making algorithm that computes the optimal placement of application components to remote devices based on changing environmental context. As this decision is typically computed by constrained devices and may occur frequently in dynamic environments, such algorithms should be both resource efficient and yield efficacious adaptation results. However, existing adaptive offloading approaches incur a number of overheads, which limit their applicability in mobile and pervasive spaces. This thesis is concerned with improving upon these limitations by specifically focusing on the efficiency, scalability and efficacy aspects of two major sub processes of adaptation: 1) Adaptive Candidate Device Selection and 2) Adaptive Object Topology Computation. To this end, three novel approaches are proposed. Firstly, a distributed approach to candidate device selection, which reduces the need to communicate collaboration metrics, and allows for the partial distribution of adaptation decision-making, is proposed. The approach is shown to reduce network consumption by over 90% and power consumption by as much as 96%, while maintaining linear memory complexity in contrast to the quadratic complexity of an existing approach. Hence, the approach presents a more efficient and scalable alternative for candidate device selection in mobile and pervasive environments. Secondly, with regards to the efficacy of adaptive object topology computation, a new type of adaptation granularity that combines the efficacy of fine-grained adaptation with the efficiency of coarse level approaches is proposed. The approach is shown to improve the efficacy of adaptation decisions by reducing network overheads by a minimum of 17% to as much 99%, while maintaining comparable decision making efficiency to coarse level adaptation. Thirdly, with regards to efficiency and scalability of object topology computation, a novel distributed approach to computing adaptation decisions is proposed, in which each device maintains a distributed local application sub-graph, consisting only of components in its own memory space. The approach is shown to reduce network cost by 100%, collaboration-wide memory cost by between 37% and 50%, battery usage by between 63% and 93%, and adaptation time by between 19% and 98%. Lastly, since improving the utility of adaptation in mobile and pervasive environments requires the simultaneous improvement of its sub processes, an adaptation engine, which consolidates the individual approaches presented above, is proposed. The consolidated adaptation engine is shown to improve the overall efficiency, scalability and efficacy of adaptation under a varying range of environmental conditions, which simulate dynamic and heterogeneous mobile environments

Investigating communicating sequential processes for Java to support ubiquitous computing

Ubiquitous Computing promises to enrich our everyday lives by enabling the environment to be enhanced via computational elements. These elements are designed to augment and support our lives, thus allowing us to perform our tasks and goals. The main facet of Ubiquitous Computing is that computational devices are embedded in the environment, and interact with users and themselves to provide novel and unique applications. Ubiquitous Computing requires an underlying architecture that helps to promote and control the dynamic properties and structures that the applications require. In this thesis, the Networking package of Communicating Sequential Processes for Java (JCSP) is examined to analyse its suitability as the underlying architecture for Ubiquitous Computing. The reason to use JCSP Networking as a case study is that one of the proposed models for Ubiquitous Computing, the ?-Calculus, has the potential to have its abstractions implemented within JCSP Networking. This thesis examines some of the underlying properties of JCSP Networking and examines them within the context of Ubiquitous Computing. There is also an examination into the possibility of implementing the mobility constructs of the ?-Calculus and similar mobility models within JCSP Networking. It has been found that some of the inherent properties of Java and JCSP Networking do cause limitations, and hence a generalisation of the architecture has been made that should provide greater suitability of the ideas behind JCSP Networking to support Ubiquitous Computing. The generalisation has resulted in the creation of a verified communication protocol that can be applied to any Communicating Process Architecture