96 research outputs found
Formal Verification of Cyberphysical Systems
17 USC 105 interim-entered record; under review.Computer hosts a virtual roundtable with seven
experts to discuss the formal specification and
verification of cyberphysical systems.http://hdl.handle.net/10945/6944
Formalizing and Verifying Workflows Used in Blood Banks
AbstractBlood banks use automation to decrease errors in delivering safe blood for transfusion. The Food and Drug Administration (FDA) of the United States and other organizations recommend blood banks to validate their computer system process, which is resource and labor intensive. For this reason, we have created a formal workflow model for blood bank operations and used an automated tool to verify that it satisfies safety properties. Our methodology started by understanding and gathering information about blood bank procedure. Then we mapped all procedures into processes in a workflow engine. Then we used the verification packages provided by the workflow engine to check the safety properties
Money Laundering Detection Framework to Link the Disparate and Evolving Schemes
Money launderers hide traces of their transactions with the involvement of entities that participate in sophisticated schemes. Money laundering detection requires unraveling concealed connections among multiple but seemingly unrelated human money laundering networks, ties among actors of those schemes, and amounts of funds transferred among those entities. The link among small networks, either financial or social, is the primary factor that facilitates money laundering. Hence, the analysis of relations among money laundering networks is required to present the full structure of complex schemes. We propose a framework that uses sequence matching, case-based analysis, social network analysis, and complex event processing to detect money laundering. Our framework captures an ongoing single scheme as an event, and associations among such ongoing sequence of events to capture complex relationships among evolving money laundering schemes. The framework can detect associated multiple money laundering networks even in the absence of some evidence. We validated the accuracy of detecting evolving money laundering schemes using a multi-phases test methodology. Our test used data generated from real-life cases, and extrapolated to generate more data from real-life schemes generator that we implemented
Money Laundering Detection Framework to Link the Disparate and Evolving Schemes
Money launderers hide traces of their transactions with the involvement of entities that participate in sophisticated schemes. Money laundering detection requires unraveling concealed connections among multiple but seemingly unrelated human money laundering networks, ties among actors of those schemes, and amounts of funds transferred among those entities. The link among small networks, either financial or social, is the primary factor that facilitates money laundering. Hence, the analysis of relations among money laundering networks is required to present the full structure of complex schemes. We propose a framework that uses sequence matching, case-based analysis, social network analysis, and complex event processing to detect money laundering. Our framework captures an ongoing single scheme as an event, and associations among such ongoing sequence of events to capture complex relationships among evolving money laundering schemes. The framework can detect associated multiple money laundering networks even in the absence of some evidence. We validated the accuracy of detecting evolving money laundering schemes using a multi-phases test methodology. Our test used data generated from real-life cases, and extrapolated to generate more data from real-life schemes generator that we implemented.
Keywords: Anti Money Laundering, Social Network Analysis, Complex Event Processin
A Framework to Reveal Clandestine Organ Trafficking in the Dark Web and Beyond
Due to the scarcity of transplantable organs, patients have to wait on long lists for many years to get a matching kidney. This scarcity has created an illicit market place for wealthy recipients to avoid long waiting times. Brokers arrange such organ transplants and collect most of the payment that is sometimes channeled to fund other illicit activities. In order to collect and disburse payments, they often resort to money laundering-like schemes of money transfers. As the low-cost Internet arrives in some of the affected countries, social media and the dark web are used to illegally trade human organs. This paper presents a model to assess the risk of human organ trafficking in specific areas and shows methods and tools to discover digital traces of organ trafficking using publicly available tools
Relating Admissibility Standards for Digital Evidence to Attack Scenario Reconstruction
Attackers tend to use complex techniques such as combining multi-step, multi-stage attack with anti-forensic tools to make it difficult to find incriminating evidence and reconstruct attack scenarios that can stand up to the expected level of evidence admissibility in a court of law. As a solution, we propose to integrate the legal aspects of evidence correlation into a Prolog based reasoner to address the admissibility requirements by creating most probable attack scenarios that satisfy admissibility standards for substantiating evidence. Using a prototype implementation, we show how evidence extracted by using forensic tools can be integrated with legal reasoning to reconstruct network attack scenarios. Our experiment shows this implemented reasoner can provide pre-estimate of admissibility on a digital crime towards an attacked network
Optimizing Lawful Responses to Cyber Intrusions
Cyber intrusions are rarely met with the most effective possible response, less for technical than legal reasons. Different rogue actors (terrorists, criminals, spies, etc.) are governed by overlapping but separate domestic and international legal regimes. Each of these regimes has unique limitations, but also offers unique opportunities for evidence collection, intelligence gathering, and use of force. We propose a framework which automates the mechanistic aspects of the decision-making process, with human intervention for only those legal judgments that necessitate human judgment and official responsibility. The basis of our framework is a pair of decision trees, one executable solely by the threatened system, the other by the attorneys responsible for the lawful pursuit of the intruders. These parallel decision trees are interconnected, and contain pre-distilled legal resources for making an objective, principled determination at each decision point. We offer an open-source development strategy for realizing and maintaining the framework
Quality of Service for Continuous Media Metrics, Validation, Implementation and Performance Evaluation
Multimedia, delivered for human consumption consist of a collection of media streams
delivered in a cohesive and comprehensible manner. A methodology for designing
multimedia systems modeling some aspect of the real world, designing Quality of
Service (QoS) metrics to measure its quality, performing user studies to validate them,
evaluating existing systems on validated metrics, and if found deficient, improving
them or redesigning new systems.
Choosing to model the aspect of the real world as lossy continuous media, this
dissertation consists developing metrics to model intra-stream continuity and interstream
synchronization of lossy continuous media streams, validating them through
user experiments, and evaluating the Berkeley Continuous Media Toolkit (GMT) on
proposed metrics, and designing improvements to CMT to make it adhere to programmer
specified QoS metrics.
Proposed metrics specify continuity and synchronization, with tolerable limits on
average and bursty defaults from perfect continuity, timing and synchronization constraints.
Continuity specification of a CM stream consists of its sequencing, display
rate and drift profiles. The sequencing profile of a CM stream consists of tolerable
aggregate and consecutive frame miss ratios. Rate profiles specify the average rendition
rate and its variation. Given a rate profile, the ideal time unit for frame display
is determined as an offset from the beginning of the stream. Drift profile specifies the
average and bursty deviation of schedules for frames from such fixed points in time.
Synchronization requirements of a collection of CM streams are specified by mixing,
rate and synchronization drift profiles. Mixing profiles specify vectors of frames
that can be displayed simultaneously. They consist of average and bursty losses of
synchronization. Rate profiles consist of average rates and permissible deviations
thereof. Synchronization drift profiles specify permissible aggregate and bursty time
drifts between schedules of simultaneously displayable frames. It is shown that rate
profiles of a collection of synchronized streams is definable in terms of rate profiles
of its component streams. It is also shown that mixing and drift profiles of a collection
of streams are non-definable in terms of sequencing and drift profiles of its
constituents. An important consequence of the mutual independence of synchronization
and continuity specification is that, in a general purpose platform with limited
resources, synchronized display of CM streams may require QoS tradeoffs. An algori
thm that makes such tradeoffs is presented as a proof of applicability of our metrics
in a realistic environment. The proposed metrics were validated by means of a user survey. It consisted of presenting
user with a series of professionally edited CM clips with controlled defects and
obtain their opinion by means of Likert and imperceptible/tolerable/annoying scale.
Viewer discontent for aggregate video losses gradually increases with the amount of
loss. We concluded that 17 /100 to 23/100 average video losses are tolerated, and
above 23/100 is unacceptable. Furthermore, as observed, a consecutive video loss of
about two video frames in 100 does not cause user dissatisfaction. Although losing
two consecutive video frames is noticed by most users, once this threshold is reached
there is not much room for quality degradation due to consecutive losses. This figure
for audio is 3 frames. Our results indicate that even a 20% rate variation in a newscast
type video does not result is significant user dissatisfaction. The situation of
audio rate variations are much more different. Even about 5% rate variation in audio
is noticed by most observers. Our results also indicate that at aggregate audio-video
synchronization loss of about 20/lO0n human tolerance plateaus out. This figure is
about 3 frames for consecutive audio-video synchronization loss.
For the performance evaluation part, losses and timing drift in stream continuity
and synchronization were measured in the presence of processor and network
loads. For stream continuity it was observed that increasing loads at lower frame
rates significantly increases the aggregate frame drops, and similarly at higher rates,
increasing loads at higher frame rates significantly increases consecutive frame drops.
Because at a higher rates a large number of consecutive frames are dropped, the ones
that are played appear in a more timely manner. For synchronization losses, it was
shown that according to Steinmetz' metric CMT provides imperceptible audio-video
mis-synchronization for about 10 seconds, and tolerable synchronization for about 13
seconds from the start of the clips for local clients under low processor loads. It is
also shown that under high loads, synchronization is achieved at the cost of losing
media frames.
In order to control continuity and synchronization losses we propose four solutions.
Firstly, to control losses, objects processing CM streams in CMT to be made QoS
aware, in the sense that delaying vs. dropping frames be based on user specified QoS
parameters. Secondly, in order to achieve QoS based synchronization a new paradigm
Stream Groups, where grouped objects simultaneously fetch, transport and render
corresponding streams from respective constituent streams. Thirdly, to introduce
buffers at client sites, where servers can fill them up and clients run independent
of servers. Fourthly, to have a feed-back mechanism from clients to control their
respective servers
- …