Confidentiality-Preserving Publish/Subscribe: A Survey

Publish/subscribe (pub/sub) is an attractive communication paradigm for large-scale distributed applications running across multiple administrative domains. Pub/sub allows event-based information dissemination based on constraints on the nature of the data rather than on pre-established communication channels. It is a natural fit for deployment in untrusted environments such as public clouds linking applications across multiple sites. However, pub/sub in untrusted environments lead to major confidentiality concerns stemming from the content-centric nature of the communications. This survey classifies and analyzes different approaches to confidentiality preservation for pub/sub, from applications of trust and access control models to novel encryption techniques. It provides an overview of the current challenges posed by confidentiality concerns and points to future research directions in this promising field

Arbitrary boolean advertisements: the final step in supporting the boolean publish/subscribe model

Publish/subscribe systems allow for an efficient filtering of incoming information. This filtering is based on the specifications of subscriber interests, which are registered with the system as subscriptions. Publishers conversely specify advertisements, describing the messages they will send later on. What is missing so far is the support of arbitrary Boolean advertisements in publish/subscribe systems. Introducing the opportunity to specify these richer Boolean advertisements increases the accuracy of publishers to state their future messages compared to currently supported conjunctive advertisements. Thus, the amount of subscriptions forwarded in the network is reduced. Additionally, the system can more time efficiently decide whether a subscription needs to be forwarded and more space efficiently store and index advertisements. In this paper, we introduce a publish/subscribe system that supports arbitrary Boolean advertisements and, symmetrically, arbitrary Boolean subscriptions. We show the advantages of supporting arbitrary Boolean advertisements and present an algorithm to calculate the practically required overlapping relationship among subscriptions and advertisements. Additionally, we develop the first optimization approach for arbitrary Boolean advertisements, advertisement pruning. Advertisement pruning is tailored to optimize advertisements, which is a strong contrast to current optimizations for conjunctive advertisements. These recent proposals mainly apply subscription-based optimization ideas, which is leading to the same disadvantages. In the second part of this paper, our evaluation of practical experiments, we analyze the efficiency properties of our approach to determine the overlapping relationship. We also compare conjunctive solutions for the overlapping problem to our calculation algorithm to show its benefits. Finally, we present a detailed evaluation of the optimization potential of advertisement pruning. This includes the analysis of the effects of additionally optimizing subscriptions on the advertisement pruning optimization

AUTOMATED CYBER OPERATIONS MISSION DATA REPLAY

The Persistent Cyber Training Environment (PCTE) has been developed as the joint force solution to provide a single training environment for cyberspace operations. PCTE offers a closed network for Joint Cyberspace Operations Forces, which provides a range of training solutions from individual sustainment training to mission rehearsal and post-operation analysis. Currently, PCTE does not have the ability to replay previously executed training scenarios or external scenarios. Replaying cyber mission data on a digital twin virtual network within PCTE would support operator training as well as enable development and testing of new strategies for offensive and defensive cyberspace operations. A necessary first step in developing such a tool is to acquire network specifications for a target network, or to extract network specifications from a cyber mission data set. This research developed a program design and proof-of-concept tool, Automated Cyber Operations Mission Data Replay (ACOMDR), to extract a portion of the network specifications necessary to instantiate a digital twin network within PCTE from cyber mission data. From this research, we were able to identify key areas for future work to increase the fidelity of the network specification and replay cyber events within PCTE.Captain, United States Marine CorpsApproved for public release. Distribution is unlimited

Multi Agent Systems for the Active Management of Electrical Distribution Networks

This Thesis presents an investigation on the technical impacts caused by the steady state operation of Small-Scale Embedded Generators (SSEGs) and also introduces the Small Scale Energy Zone (SSEZ) concept which aims to remove the technical barriers associated with SSEGs through intelligent coordination of large numbers of customerowned SSEGs, energy storage units and controllable loads. This approach represents a move away from the conventional passive, “fit-and-forget” philosophy under which the majority of Low Voltage (LV) distribution networks are currently operated and towards a higher degree of network operational management. The employment of a distributed management and control approach for an SSEZ, realised through the Multi Agent Systems (MAS) technology, is proposed due to the advantages that can potentially be realised in the areas of: (i) scalability and openness, (ii) reliability and resilience and (iii) communications efficiency. A FIPA-compliant MAS-based control approach is designed, developed and evaluated based on the specific SSEZ control requirements. The MAS is composed of three types of agents: direct control agents, indirect control agents and utility agents, exchanging information through the employment of a common ontology. In addition, a relational database management system is also designed and developed in order to be coupled with the developed MAS for data management purposes

2017 Intern Experience [at] Neil A. Armstrong Flight Research Center

These detailed individual abstracts are being included in the summer 2017 abstract book, demonstrating the knowledge learned during the summer 2017 AFRC STEM program

2013 Doctoral Workshop on Distributed Systems

The Doctoral Workshop on Distributed Systems was held at Les Plans-sur-Bex, Switzerland, from June 26-28, 2013. Ph.D. students from the Universities of Neuchâtel and Bern as well as the University of Applied Sciences of Fribourg presented their current research work and discussed recent research results. This technical report includes the extended abstracts of the talks given during the workshop

Community-Based Intrusion Detection

Today, virtually every company world-wide is connected to the Internet. This wide-spread connectivity has given rise to sophisticated, targeted, Internet-based attacks. For example, between 2012 and 2013 security researchers counted an average of about 74 targeted attacks per day. These attacks are motivated by economical, financial, or political interests and commonly referred to as “Advanced Persistent Threat (APT)” attacks. Unfortunately, many of these attacks are successful and the adversaries manage to steal important data or disrupt vital services. Victims are preferably companies from vital industries, such as banks, defense contractors, or power plants. Given that these industries are well-protected, often employing a team of security specialists, the question is: How can these attacks be so successful? Researchers have identified several properties of APT attacks which make them so efficient. First, they are adaptable. This means that they can change the way they attack and the tools they use for this purpose at any given moment in time. Second, they conceal their actions and communication by using encryption, for example. This renders many defense systems useless as they assume complete access to the actual communication content. Third, their actions are stealthy — either by keeping communication to the bare minimum or by mimicking legitimate users. This makes them “fly below the radar” of defense systems which check for anomalous communication. And finally, with the goal to increase their impact or monetisation prospects, their attacks are targeted against several companies from the same industry. Since months can pass between the first attack, its detection, and comprehensive analysis, it is often too late to deploy appropriate counter-measures at businesses peers. Instead, it is much more likely that they have already been attacked successfully. This thesis tries to answer the question whether the last property (industry-wide attacks) can be used to detect such attacks. It presents the design, implementation and evaluation of a community-based intrusion detection system, capable of protecting businesses at industry-scale. The contributions of this thesis are as follows. First, it presents a novel algorithm for community detection which can detect an industry (e.g., energy, financial, or defense industries) in Internet communication. Second, it demonstrates the design, implementation, and evaluation of a distributed graph mining engine that is able to scale with the throughput of the input data while maintaining an end-to-end latency for updates in the range of a few milliseconds. Third, it illustrates the usage of this engine to detect APT attacks against industries by analyzing IP flow information from an Internet service provider. Finally, it introduces a detection algorithm- and input-agnostic intrusion detection engine which supports not only intrusion detection on IP flow but any other intrusion detection algorithm and data-source as well

Specifying Single-user and Collaborative Profiles for Alerting Systems

The 21st century is the age of information overload. Often, humans are incapable of processing all of the information that surrounds them and determining its relevance. The impact of overlooking crucial information ranges from annoying to fatal. Alerting systems help users deal with this vast amount of information by employing a push-based rather than a pull-based approach to information delivery. In this way, users receive the information they require at the appropriate moment. Users specify their alerting needs in a profile that is subscribed to the alerting system. The alerting system is continuously fed with data, and filters this data against all subscribed profiles. Whenever incoming data matches a profile, the subscriber is alerted. Although alerting systems solve the problem of information overload, the potential of these systems has not been fully put into practice. Alerting systems are either realised as dedicated systems that, at best, offer a set of possible profiles to choose from or, at worst, offer a preset profile for one purpose only. Alternatively, they are application frameworks that offer no support for the average user; that is, the specification of profiles is realised using a programming interface. Collaboration between users when specifying profiles is not supported. This thesis verifies the described situation by considering the example application domain of health care. Within this context, a requirements analysis was undertaken involving a patient-based online survey and interviews with health care providers. This analysis revealed the utility of alerting systems but a need for support for profile specification by end-users. It also identified the need for such a system to support the collaborative nature of health care. The shortcomings of alerting systems identified for the health-care area also exist in other domains. Hence, a variety of application areas will benefit from providing universal solutions to eliminate these shortcomings. Based on these findings, this thesis proposes the graphical profile specification language GPDL and an interactive single-user software tool that supports its use (GPDL-UI). The thesis introduces a novel collaborative alerting model for Information Systems. A collaborative extension of GPDL is implemented in the software tool CoastEd, an editor for the graphical specification of collaborative profiles. The developed languages and software tools target average users who have no expertise in specifying profiles involving logics and temporal constraints. The efficacy of the proposed languages and software were evaluated through three user studies. The first study examined interpretation and specification with GPDL. Based on the results of this first study, the single-user system GPDL-UI was designed and implemented and then evaluated in a second study. In turn, the lessons learned from the implementation and user studies for the single-user system influenced the development of the collaborative approach CoastEd; this editor was evaluated in the third study. The studies have shown that GPDL and GPDL-UI are suitable means for average users to effectively specify profiles in single-user alerting systems. High levels of accuracy were reached for specification and interpretation in both studies. GPDL-UI turned out to be a usable and effective software tool. The collaborative approach and CoastEd succeed in conveying the idea of collaborative profile specification to average users. Most types of collaborative profiles were successfully specified by users. For the initiator of the collaborative profile specification process, two types of profiles call for further research. Overall, the approach, languages and software tools developed are shown to be effective and merit future research in that area