"May I borrow Your Filter?" Exchanging Filters to Combat Spam in a Community

Leveraging social networks in computer systems can be effective in dealing with a number of trust and security issues. Spam is one such issue where the "wisdom of crowds" can be harnessed by mining the collective knowledge of ordinary individuals. In this paper, we present a mechanism through which members of a virtual community can exchange information to combat spam. Previous attempts at collaborative spam filtering have concentrated on digest-based indexing techniques to share digests or fingerprints of emails that are known to be spam. We take a different approach and allow users to share their spam filters instead, thus dramatically reducing the amount of traffic generated in the network. The resultant diversity in the filters and cooperation in a community allows it to respond to spam in an autonomic fashion. As a test case for exchanging filters we use the popular SpamAssassin spam filtering software and show that exchanging spam filters provides an alternative method to improve spam filtering performance

Novel Techniques of Using Diversity in Software Security and Information Hiding

Diversity is an important and valuable concept that has been adopted in many fields to reduce correlated risks and to increase survivability. In information security, diversity also helps to increase both defense capability and fault tolerance for information systems and communication networks, where diversity can be adopted from many different perspectives. This dissertation, in particular, focuses mainly on two aspects of diversity – the application software diversity and the diversity in data interpretation. Software diversity has many advantages over mono-culture in improving system security. A number of previous researches focused on utilizing existing off the shelf diverse software for network protection and intrusion detection, many of which depend on an important assumption – the diverse software utilized in the system is vulnerable only to different exploits. In the first work of this dissertation, we perform a systematic analysis on more than 6,000 vulnerabilities published in 2007 to evaluate the extent to which this assumption is valid. Our results show that the majority of the vulnerable application software products either do not have the same vulnerability, or cannot be compromised with the same exploit code. Following this work, we then propose an intrusion detection scheme which builds on two diverse programs to detect sophisticated attacks on security-critical data. Our model learns the underlying semantic correlation of the argument values in these programs, and consequently gains more accurate context information compared to existing schemes. Through experiments, we show that such context information is effective in detecting attacks which manipulate erratic arguments with comparable false-positive rates. Software diversity does not only exist on desktop and mainframe computers, it also exists on mobile platforms like smartphone operating systems. In our third work in this dissertation, we propose to investigate applications that run on diverse mobile platforms (e.g., Android and iOS) and to use them as the baseline for comparing their security architectures. Assuming that such applications need the same types of privileges to provide the same functionality on different mobile platforms, our analysis of more than 2,000 applications shows that those executing on iOS consistently ask for more permissions than their counterparts running on Android. We additionally analyze the underlying reasons and find out that part of the permission usage differences is caused by third-party libraries used in these applications. Different from software diversity, the fourth work in this dissertation focuses on the diversity in data interpretation, which helps to defend against coercion attacks. We propose Dummy-Relocatable Steganographic file system (DRSteg) to provide deniability in multi user environments where the adversary may have multiple snapshots of the disk content. The diverse ways of interpreting data in the storage allows a data owner to surrender only some data and attribute the unexplained changes across snapshots to the dummy data which are random bits. The level of deniability offered by our file system is configurable by the users, to balance against the resulting performance overhead. Additionally, our design guarantees the integrity of the protected data, except where users voluntarily overwrite data under duress. This dissertation makes valuable contributions on utilizing diversity in software security and information hiding. The systematic evaluation results obtained for mobile and desktop diverse software are important and useful to both research literature and industrial organizations. The proposed intrusion detection system and steganographic file system have been implemented as prototypes, which are effective in protecting valuable user data against adversaries in various threat scenarios

Recent advances in security and privacy in big data

Big data has become an important topic in science, engineering, medicine, healthcare, finance, business and ultimately society itself. Big data refers to the massive amount of digital information stored or transmitted in computer systems. Approximately, 2.5 quintillion bytes of data are created every day. Almost 90% of data in the world today are created in the last two years alone. Security and privacy issues becomes more critical due to large volumes and variety, due to data hosted in large-scale cloud infrastructures, diversity of data sources and formats, streaming nature of data acquisition and high volume inter-cloud migration. In large-scale cloud infrastructures, a diversity of software platforms provides more opportunities to attackers. Traditional security mechanisms, which are usually invented for securing small-scale data, are inadequate. With a rapid growth of big data applications, it has become critical to introduce new security technology to accommodate the need of big data applications. The objective of this special issue is to capture the latest advances in this research field

A Modelling Framework for Addressing the Synergies between Global Conventions through Land Use Changes: Carbon Sequestration, Biodiversity Conservation, Prevention of Land Degradation and Food Security in Agricultural and Forested Lands in Developing Countries

This paper proposed a methodological framework for the assessment of carbon stocks and the development and identification of land use, land use change and land management scenarios, whereby enhancing carbon sequestration synergistically increases biodiversity, the prevention of land degradation and food security through the increases in crop yields. The framework integrates satellite image interpretation, computer modelling tools (i.e. software customization of off-the-shelf soil organic matter turnover simulation models) and Geographical Information Systems (GIS). The framework addresses directly and indirectly the cross-cutting ecological concerns foci of major global conventions: climate change, biodiversity, the combat of desertification and food security. Their synergies are targeted by providing procedures for assessing and identifying simultaneously carbon sinks, potential increases in plant diversity, measures to prevent land degradation and enhancements in food security through crop yields, implicit in each land use change and land management scenario. The scenarios aim at providing “win-win” options to decision makers through the framework’s decision support tools. Issues concerning complex model parameterization and spatial representation were tackled through tight coupling soil carbon models to GIS via software customization. Results of applying the framework in the field in two developing countries indicate that reasonably accurate estimates of carbon sequestration can be obtained through modeling; and that alternative best soil organic matter management practices that arrest shifting “slash-and-burn” cultivation and prevent burning and emissions, can be identified. Such options also result in increased crop yields and food security for an average family size in the area, while enhancing biodiversity and preventing land degradation. These options demonstrate that the judicious management of organic matter is central to greenhouse gas mitigation and the attainment of synergistic ecological benefits, which is the concern of global conventions. The framework is to be further developed through successive approximations and refinement in future, extending its applicability to other landscapes.Climate Change, Greenhouse Gas Mitigation, Carbon Sequestration, Soil Organic Matter, Modeling, Land-Use Change, Land Management, Ecological Synergies, Agriculture

Beyond the Prisoner’s Dilemma: Using the Game Theory Security Model to Develop Robust Information Security Policies

In this research I explore and apply game theory to security policy creation and maintenance for network, mobile, and Internet of Things systems. After introducing game theory’s tenets, I describe the generational development of information security policy and how contemporary socio-technical policy formation fails to address the dynamic nature of ubiquitous computing. Next I assert that the Game Theory Security Model (GTSM) can protect networked, mobile, and IoT systems from a diversity of cyberattacks. Using the zero-sum game strategy, in which losses are a requirement for wins (Davis, 1983), I propose organizational strategies necessary to achieve a state of pragmatic equilibrium (Gintis, 2009, 2011). Further using this model, I recommend policies an organization can implement to minimize data loss and protect critical systems. Finally, I will test the GTSM’s viability through a series of software implementations in diverse contexts. The paper ends with recommendations for effectively implementing the GTSM

Verification of information flow security in cyber-physical systems

With a growing number of real-world applications that are dependent on computation, securing the information space has become a challenge. The security of information in such applications is often jeopardized by software and hardware failures, intervention of human subjects such as attackers, incorrect design specification and implementation, other social and natural causes. Since these applications are very diverse, often cutting across disciplines a generic approach to detect and mitigate these issues is missing. This dissertation addresses the fundamental problem of verifying information security in a class of real world applications of computation, the Cyber-physical systems (CPSs). One of the motivations for this work is the lack of a unified theory to specify and verify the complex interactions among various cyber and physical processes within a CPS. Security of a system is fundamentally characterized by the way information flows within the system. Information flow within a CPS is dependent on the physical response of the system and associated cyber control. While formal techniques of verifying cyber security exist, they are not directly applicable to CPSs due to their inherent complexity and diversity. This Ph.D. research primarily focuses on developing a uniform framework using formal tools of process algebras to verify security properties in CPSs. The merits in adopting such an approach for CPS analyses are three fold- i) the physical and continuous aspects and the complex CPS interactions can be modeled in a unified way, and ii) the problem of verifying security properties can be reduced to the problem of establishing suitable equivalences among the processes, and iii) adversarial behavior and security properties can be developed using the features like compositionality and process equivalence offered by the process algebras --Abstract, page iii

Helix++: A platform for efficiently securing software

The open-source Helix++ project improves the security posture of computing platforms by applying cutting-edge cybersecurity techniques to diversify and harden software automatically. A distinguishing feature of Helix++ is that it does not require source code or build artifacts; it operates directly on software in binary form--even stripped executables and libraries. This feature is key as rebuilding applications from source is a time-consuming and often frustrating process. Diversification breaks the software monoculture and makes attacks harder to execute as information needed for a successful attack will have changed unpredictably. Diversification also forces attackers to customize an attack for each target instead of attackers crafting an exploit that works reliably on all similarly configured targets. Hardening directly targets key attack classes. The combination of diversity and hardening provides defense-in-depth, as well as a moving target defense, to secure the Nation's cyber infrastructure.Comment: 4 pages, 1 figure, white pape

Execution Integrity with In-Place Encryption

Instruction set randomization (ISR) was initially proposed with the main goal of countering code-injection attacks. However, ISR seems to have lost its appeal since code-injection attacks became less attractive because protection mechanisms such as data execution prevention (DEP) as well as code-reuse attacks became more prevalent. In this paper, we show that ISR can be extended to also protect against code-reuse attacks while at the same time offering security guarantees similar to those of software diversity, control-flow integrity, and information hiding. We present Scylla, a scheme that deploys a new technique for in-place code encryption to hide the code layout of a randomized binary, and restricts the control flow to a benign execution path. This allows us to i) implicitly restrict control-flow targets to basic block entries without requiring the extraction of a control-flow graph, ii) achieve execution integrity within legitimate basic blocks, and iii) hide the underlying code layout under malicious read access to the program. Our analysis demonstrates that Scylla is capable of preventing state-of-the-art attacks such as just-in-time return-oriented programming (JIT-ROP) and crash-resistant oriented programming (CROP). We extensively evaluate our prototype implementation of Scylla and show feasible performance overhead. We also provide details on how this overhead can be significantly reduced with dedicated hardware support

The Database Query Support Processor (QSP)

The number and diversity of databases available to users continues to increase dramatically. Currently, the trend is towards decentralized, client server architectures that (on the surface) are less expensive to acquire, operate, and maintain than information architectures based on centralized, monolithic mainframes. The database query support processor (QSP) effort evaluates the performance of a network level, heterogeneous database access capability. Air Force Material Command's Rome Laboratory has developed an approach, based on ANSI standard X3.138 - 1988, 'The Information Resource Dictionary System (IRDS)' to seamless access to heterogeneous databases based on extensions to data dictionary technology. To successfully query a decentralized information system, users must know what data are available from which source, or have the knowledge and system privileges necessary to find out this information. Privacy and security considerations prohibit free and open access to every information system in every network. Even in completely open systems, time required to locate relevant data (in systems of any appreciable size) would be better spent analyzing the data, assuming the original question was not forgotten. Extensions to data dictionary technology have the potential to more fully automate the search and retrieval for relevant data in a decentralized environment. Substantial amounts of time and money could be saved by not having to teach users what data resides in which systems and how to access each of those systems. Information describing data and how to get it could be removed from the application and placed in a dedicated repository where it belongs. The result simplified applications that are less brittle and less expensive to build and maintain. Software technology providing the required functionality is off the shelf. The key difficulty is in defining the metadata required to support the process. The database query support processor effort will provide quantitative data on the amount of effort required to implement an extended data dictionary at the network level, add new systems, adapt to changing user needs, and provide sound estimates on operations and maintenance costs and savings