3,770 research outputs found
Object-based Information Flow Control in Peer-to-peer Publish/Subscribe Systems
Distributed systems are getting so scalable like IoT (Internet of Things) and P2P (Peer-to-Peer) systems that millions of devices are connected and support various types of applications. Here, distributed systems are required to be secure in addition to increasing the performance, reliability, and availability and reducing the energy consumption. In distributed systems, information in objects flows to other objects by transactions reading and writing data in the objects. Here, some information of an object may illegally flow to a subject which is not allowed to get the information of the object. Especially, a leakage of sensitive information is to be prevented from occurring. In order to keep information systems secure, illegal information flow among objects has to be prevented. Types of synchronization protocols are so far discussed based on read and write access rights in the RBAC (Role-Based Access Control) model to prevent illegal information flow.In this thesis, we newly propose a P2PPSO (P2P type of topic-based PS (Publish/Subscribe) with Object concept) model and discuss the models and protocols for information flow control. A P2PPSO model is composed of peer processes (peers) which communicate with one another by publishing and subscribing event messages. Each peer can both publish and receive event messages with no centralized coordinator compared with traditional centralized PS models. Each event message published by a source peer carries information to a target peer. The contents carried by an event message are considered to be composed of objects. An object is a unit of data resource. Objects are characterized by topics, and each event message is also characterized by topics named publication topics.In order to make a P2PPSO system secure, we first newly propose a TBAC (Topic-Based Access Control) model. Here, an access right is a pair ⟨t, op⟩ of a topic t and a publish or subscribe operation op. A peer is allowed to publish an event message with publication topics and subscribe interesting topics only if the publication and subscription access rights are granted to the peer, respectively. Suppose an event message e_j published by a peer p_j carries an object on some topics into a target peer p_i. Here, information in the peer p_j illegally flows to the peer p_i if the target peer p_i is not allowed to subscribe the topics. An illegal object is an object whose topics a target peer is not allowed to subscribe. Even if an event message is received by a target peer by checking topics, objects carried by the event message may be illegal at the target peer. Hence, first, we propose a TOBS (Topics-of-Objects-Based Synchronization) protocol to prevent target peers from being delivered illegal objects in the P2PPSO system. Here, even if an event message is received by a target peer, illegal objects in the event message are not delivered to the target peer.In the TOBS protocol, every event message is assumed to be causally delivered to every common target peer in the underlying network. Suppose an event message e_2 is delivered to a target peer p_i before another event message e_1 while the event message e_1 causally precedes the event message e_2 (e_1 →_c e_2). Here, the event message e_2 is premature at the peer p_i. Hence, secondly, we propose a TOBSCO (TOBS with Causally Ordering delivery) protocol where the function to causally deliver every pair of event messages is added to the TOBS protocol. Here, we assume the underlying network supports reliable communication among every pair of peers, i.e. no event message loss, no duplicate message, and the sending order delivery of messages. Every pair of event messages received by using topics are causally delivered to every common target peer by using the vector of sequence numbers.In the TOBS and TOBSCO protocols, objects delivered to target peers are held as replicas of the objects by the target peers. If a peer updates data of an object, the peer distributes event messages, i.e. update event messages, to update every replica of the object obtained by other peers. If a peer updates an object without changing topics, the object is referred to as altered. Here, an update event message for the altered object is meaningless since peers check only topics to exchange event messages. Hence, thirdly, we propose an ETOBSCO (Efficient TOBSCO) protocol where update event messages of objects are published only if topics of the objects are updated to reduce the network overhead.In the evaluation, first, we show how many numbers of event messages and objects are prevented from being delivered to target peers in the TOBS protocol. Next, we show every pair of event messages are causally delivered but it takes longer to deliver event messages in the TOBSCO protocol than the TOBS protocol. Finally, we show the fewer number of event messages are delivered while it takes longer to update replicas of altered objects in the ETOBSCO protocol than the TOBSCO protocol.博士(工学)法政大学 (Hosei University
Practical Fine-grained Privilege Separation in Multithreaded Applications
An inherent security limitation with the classic multithreaded programming
model is that all the threads share the same address space and, therefore, are
implicitly assumed to be mutually trusted. This assumption, however, does not
take into consideration of many modern multithreaded applications that involve
multiple principals which do not fully trust each other. It remains challenging
to retrofit the classic multithreaded programming model so that the security
and privilege separation in multi-principal applications can be resolved.
This paper proposes ARBITER, a run-time system and a set of security
primitives, aimed at fine-grained and data-centric privilege separation in
multithreaded applications. While enforcing effective isolation among
principals, ARBITER still allows flexible sharing and communication between
threads so that the multithreaded programming paradigm can be preserved. To
realize controlled sharing in a fine-grained manner, we created a novel
abstraction named ARBITER Secure Memory Segment (ASMS) and corresponding OS
support. Programmers express security policies by labeling data and principals
via ARBITER's API following a unified model. We ported a widely-used, in-memory
database application (memcached) to ARBITER system, changing only around 100
LOC. Experiments indicate that only an average runtime overhead of 5.6% is
induced to this security enhanced version of application
Protocols to Prevent Illegal Information Flow in Peer-to-Peer Publish/Subscribe Systems
In a peer-to-peer (P2P) type of topic-based subscribe/publish (P2PPS) model, each peer (process) can be a publisher and subscriber. Here, a peer publishes an event message and then the event message is notified to a target peer which is interested in the event message. Publications and subscriptions are specified in terms of topics. In the topic-based access control (TBAC) model proposed in our previous studies,only a peer granted publication and subscription access rights is allowed to publish event messages with publication topics and subscribe events, respectively. In our previous studies, the illegal information flow relation among peers is defined and the subscription-based synchronization (SBS) protocol is proposed to prevent illegal information flow. Here, topics carried by event messages are just accumulated in the target peers and notification of event messages which may cause illegal information flow are banned in each target peer. The more number of event messages are published, the more number of event messages are not notified in the system. In this paper, we newly propose a subscription initialization (SI) protocol where topics accumulated in peers are removed to reduce the number of notifications banned. We show the number of notifications banned is reduced in the SI protocol compared with the SBS protocol in the evaluation.Key Words : Information flow control, Peer-to-peer (P2P) model, Publish/subscribe (PS) systems, Subscription initialization (SI) protocol, Implicit topics, Topic-based access control (TBAC) mode
Efficient and Low-Cost RFID Authentication Schemes
Security in passive resource-constrained Radio Frequency Identification
(RFID) tags is of much interest nowadays. Resistance against illegal tracking,
cloning, timing, and replay attacks are necessary for a secure RFID
authentication scheme. Reader authentication is also necessary to thwart any
illegal attempt to read the tags. With an objective to design a secure and
low-cost RFID authentication protocol, Gene Tsudik proposed a timestamp-based
protocol using symmetric keys, named YA-TRAP*. Although YA-TRAP* achieves its
target security properties, it is susceptible to timing attacks, where the
timestamp to be sent by the reader to the tag can be freely selected by an
adversary. Moreover, in YA-TRAP*, reader authentication is not provided, and a
tag can become inoperative after exceeding its pre-stored threshold timestamp
value. In this paper, we propose two mutual RFID authentication protocols that
aim to improve YA-TRAP* by preventing timing attack, and by providing reader
authentication. Also, a tag is allowed to refresh its pre-stored threshold
value in our protocols, so that it does not become inoperative after exceeding
the threshold. Our protocols also achieve other security properties like
forward security, resistance against cloning, replay, and tracking attacks.
Moreover, the computation and communication costs are kept as low as possible
for the tags. It is important to keep the communication cost as low as possible
when many tags are authenticated in batch-mode. By introducing aggregate
function for the reader-to-server communication, the communication cost is
reduced. We also discuss different possible applications of our protocols. Our
protocols thus capture more security properties and more efficiency than
YA-TRAP*. Finally, we show that our protocols can be implemented using the
current standard low-cost RFID infrastructures.Comment: 21 pages, Journal of Wireless Mobile Networks, Ubiquitous Computing,
and Dependable Applications (JoWUA), Vol 2, No 3, pp. 4-25, 201
A Review on Security Issues and Attacks in Wireless Sensor Networks
Wireless Sensor networks consists of hundreds or thousands of low cost, low power and self-organizing nodes which are highly distributed. Due to the reason that the sensor nodes are highly distributed, there is a need of security in the network. Security is an important issue nowadays in almost every network. There are some security issues and many attacks that need to be look around and work upon. This paper discusses some of the issues and the denial of service attacks of security
Network Interface Design for Network-on-Chip
In the culture of globalized integrated circuit (IC, a.k.a chip) production, the use of Intellectual Property (IP) cores, computer aided design tools (CAD) and testing services from un-trusted vendors are prevalent to reduce the time to market. Unfortunately, the globalized business model potentially creates opportunities for hardware tampering and modification from adversary, and this tampering is known as hardware Trojan (HT). Network-on-chip (NoC) has emerged as an efficient on-chip communication infrastructure. In this work, the security aspects of NoC network interface (NI), one of the most critical components in NoC will be investigated and presented. Particularly, the NI design, hardware attack models and countermeasures for NI in a NoC system are explored.
An OCP compatible NI is implemented in an IBM0.18ìm CMOS technology. The synthesis results are presented and compared with existing literature. Second, comprehensive hardware attack models targeted for NI are presented from system level to circuit level. The impact of hardware Trojans on NoC functionality and performance are evaluated. Finally, a countermeasure method is proposed to address the hardware attacks in NIs
A Comprehensive Survey on the Cyber-Security of Smart Grids: Cyber-Attacks, Detection, Countermeasure Techniques, and Future Directions
One of the significant challenges that smart grid networks face is
cyber-security. Several studies have been conducted to highlight those security
challenges. However, the majority of these surveys classify attacks based on
the security requirements, confidentiality, integrity, and availability,
without taking into consideration the accountability requirement. In addition,
some of these surveys focused on the Transmission Control Protocol/Internet
Protocol (TCP/IP) model, which does not differentiate between the application,
session, and presentation and the data link and physical layers of the Open
System Interconnection (OSI) model. In this survey paper, we provide a
classification of attacks based on the OSI model and discuss in more detail the
cyber-attacks that can target the different layers of smart grid networks
communication. We also propose new classifications for the detection and
countermeasure techniques and describe existing techniques under each category.
Finally, we discuss challenges and future research directions
Security and Privacy Issues in Wireless Mesh Networks: A Survey
This book chapter identifies various security threats in wireless mesh
network (WMN). Keeping in mind the critical requirement of security and user
privacy in WMNs, this chapter provides a comprehensive overview of various
possible attacks on different layers of the communication protocol stack for
WMNs and their corresponding defense mechanisms. First, it identifies the
security vulnerabilities in the physical, link, network, transport, application
layers. Furthermore, various possible attacks on the key management protocols,
user authentication and access control protocols, and user privacy preservation
protocols are presented. After enumerating various possible attacks, the
chapter provides a detailed discussion on various existing security mechanisms
and protocols to defend against and wherever possible prevent the possible
attacks. Comparative analyses are also presented on the security schemes with
regards to the cryptographic schemes used, key management strategies deployed,
use of any trusted third party, computation and communication overhead involved
etc. The chapter then presents a brief discussion on various trust management
approaches for WMNs since trust and reputation-based schemes are increasingly
becoming popular for enforcing security in wireless networks. A number of open
problems in security and privacy issues for WMNs are subsequently discussed
before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the
author's previous submission in arXiv submission: arXiv:1102.1226. There are
some text overlaps with the previous submissio
The Politics of Micro-Decisions
Be it in the case of opening a website, sending an email, or high-frequency trading, bits and bytes of information have to cross numerous nodes at which micro-decisions are made. These decisions concern the most efficient path through the network, the processing speed, or the priority of incoming data packets. Despite their multifaceted nature, micro-decisions are a dimension of control and surveillance in the twenty-first century that has received little critical attention. They represent the smallest unit and the technical precondition of a contemporary network politics – and of our potential opposition to it. The current debates regarding net neutrality and Edward Snowden’s revelation of NSA surveillance are only the tip of the iceberg. What is at stake is nothing less than the future of the Internet as we know it
- …