RADIS: Remote Attestation of Distributed IoT Services

Remote attestation is a security technique through which a remote trusted party (i.e., Verifier) checks the trustworthiness of a potentially untrusted device (i.e., Prover). In the Internet of Things (IoT) systems, the existing remote attestation protocols propose various approaches to detect the modified software and physical tampering attacks. However, in an interoperable IoT system, in which IoT devices interact autonomously among themselves, an additional problem arises: a compromised IoT service can influence the genuine operation of other invoked service, without changing the software of the latter. In this paper, we propose a protocol for Remote Attestation of Distributed IoT Services (RADIS), which verifies the trustworthiness of distributed IoT services. Instead of attesting the complete memory content of the entire interoperable IoT devices, RADIS attests only the services involved in performing a certain functionality. RADIS relies on a control-flow attestation technique to detect IoT services that perform an unexpected operation due to their interactions with a malicious remote service. Our experiments show the effectiveness of our protocol in validating the integrity status of a distributed IoT service.Comment: 21 pages, 10 figures, 2 table

Know Your Enemy: Stealth Configuration-Information Gathering in SDN

Software Defined Networking (SDN) is a network architecture that aims at providing high flexibility through the separation of the network logic from the forwarding functions. The industry has already widely adopted SDN and researchers thoroughly analyzed its vulnerabilities, proposing solutions to improve its security. However, we believe important security aspects of SDN are still left uninvestigated. In this paper, we raise the concern of the possibility for an attacker to obtain knowledge about an SDN network. In particular, we introduce a novel attack, named Know Your Enemy (KYE), by means of which an attacker can gather vital information about the configuration of the network. This information ranges from the configuration of security tools, such as attack detection thresholds for network scanning, to general network policies like QoS and network virtualization. Additionally, we show that an attacker can perform a KYE attack in a stealthy fashion, i.e., without the risk of being detected. We underline that the vulnerability exploited by the KYE attack is proper of SDN and is not present in legacy networks. To address the KYE attack, we also propose an active defense countermeasure based on network flows obfuscation, which considerably increases the complexity for a successful attack. Our solution offers provable security guarantees that can be tailored to the needs of the specific network under consideratio

Bootstrap approximations for Bayesian analysis of Geo/G/1 discrete-time queueing models

In this paper we consider a Bayesian nonparametric approach to the analysis of discrete-time queueing models. The main motivation consists in applications to telecommunications, and in particular to asynchronous transfer mode (ATM) systems. Attention is focused on the posterior distribution of the overflow rate. Since the exact distribution of such a quantity is not available in a closed form, an approximation based on "proper" Bayesian bootstrap is proposed, and its properties are studied. Some possible alternatives to proper Bayesian bootstrap are also discussed. Finally, an application to real data is provided. (C) 2002 Elsevier B.V. All rights reserved

Soft Infrastructure as Landscape – A Methodology for the Assessment and Improvement of the User Experience of Soft Mobility

AbstractHow could Soft Infrastructure qualify the landscape around them? This study aims to provide a methodological framework for the analysis and for the design of cycling paths as a mean to discover the landscape and its qualities. The research project used case studies from the Western United States and in particular the city of Eugene, Oregon to envision a methodology to qualify Cycling Paths in the Landscape

On the estimation of the Lorenz curve under complex sampling designs

This paper focuses on the estimation of the concentration curve of a finite population, when data are collected according to a complex sampling design with different inclusion probabilities. A (design-based) Hajek type estimator for the Lorenz curve is proposed, and its asymptotic properties are studied. Then, a resampling scheme able to approximate the asymptotic law of the Lorenz curve estimator is constructed. Applications are given to the construction of (i) a confidence band for the Lorenz curve, (ii) confidence intervals for the Gini concentration ratio, and (iii) a test for Lorenz dominance. The merits of the proposed resampling procedure are evaluated through a simulation study

A measure of interrater absolute agreement for ordinal categorical data

A measure of interrater absolute agreement for ordinal scales is proposed capitalizing on the dispersion index for ordinal variables proposed by Giuseppe Leti. The procedure allows to overcome the limits affecting traditional measures of interrater agreement in different fields of application. An unbiased estimator of the proposed measure is introduced and its sampling properties are investigated. In order to construct confidence intervals for interrater absolute agreement both asymptotic results and bootstrapping methods are used and their performance is evaluated. Simulated data are employed to demonstrate the accuracy and practical utility of the new procedure for assessing agreement. Finally, an application to a real case is provided

On the ultraviolet behavior of conformally reduced quadratic gravity

We study the conformally reduced $R+R^2$ theory of gravity and we show that the theory is asymptotically safe with an ultraviolet critical manifold of dimension three. In particular, we discuss the universality properties of the fixed point and its stability under the use of different regulators with the help of the proper-time flow equation. We find three relevant directions, corresponding to the $\sqrt{g}$, $\sqrt{g} R$ and $\sqrt{g} R^2$ operators, whose critical properties are very similar to the ones shared by the full theory. Our result shows that the basic mechanism at the core of the Asymptotic Safety program is still well described by the conformal sector also beyond the Einstein-Hilbert truncation. Possible consequences for the asymptotic safety program are discussed.Comment: 14 pages, 4 figure