Common Representation of Information Flows for Dynamic Coalitions

We propose a formal foundation for reasoning about access control policies within a Dynamic Coalition, defining an abstraction over existing access control models and providing mechanisms for translation of those models into information-flow domain. The abstracted information-flow domain model, called a Common Representation, can then be used for defining a way to control the evolution of Dynamic Coalitions with respect to information flow

Item-specific overlap between hallucinatory experiences and cognition in the general population: A three-step multivariate analysis of international multi-site data

Hallucinatory experiences (HEs) can be pronounced in psychosis, but similar experiences also occur in nonclinical populations. Cognitive mechanisms hypothesized to underpin HEs include dysfunctional source monitoring, heightened signal detection, and impaired attentional processes. Using data from an international multisite study on non-clinical participants (N = 419), we described the overlap between two sets of variables - one measuring cognition and the other HEs - at the level of individual items. We used a three-step method to extract and examine item-specific signal, which is typically obscured when summary scores are analyzed using traditional methodologies. The three-step method involved: (1) constraining variance in cognition variables to that which is predictable from HE variables, followed by dimension reduction, (2) determining reliable HE items using split-halves and permutation tests, and (3) selecting cognition items for interpretation using a leave-one-out procedure followed by repetition of Steps 1 and 2. The results showed that the overlap between HEs and cognition variables can be conceptualized as bi-dimensional, with two distinct mechanisms emerging as candidates for separate pathways to the development of HEs: HEs involving perceptual distortions on one hand (including voices), underpinned by a low threshold for signal detection in cognition, and HEs involving sensory overload on the other hand, underpinned by reduced laterality in cognition. We propose that these two dimensions of HEs involving distortions/liberal signal detection, and sensation overload/reduced laterality may map onto psychosis-spectrum and dissociation-spectrum anomalous experiences, respectively

Discovering Application-Level Insider Attacks Using Symbolic Execution

Coordinated Science Laboratory was formerly known as Control Systems LaboratoryNational Science Foundation / 727 NSF CNS 05-5166

A Tamper-Resistant Framework for Unambiguous Detection of Attacks in User Space Using Process Monitors

Replication and redundancy techniques rely on the assumption that a majority of components are always safe and voting is used to resolve any ambiguities. This assumption may be unreasonable in the context of attacks and intrusions. An intruder could compromise any number of the available copies of a service resulting in a false sense of security. The kernel based approaches have proven to be quite effective but they cause performance impacts if any code changes are in the critical path. In this paper, we provide an alternate user space mechanism consisting of process monitors by which such user space daemons can be unambiguously monitored without causing serious performance impacts. A framework that claims to provide such a feature must itself be tamper-resistant to attacks. We theoretically analyze and compare some relevant schemes and show their fallibility. We propose our own framework that is based on some simple principles of graph theory and wellfounded concepts in topological fault tolerance, and show that it can not only unambiguously detect any such attacks on the services but is also very hard to subvert. We also present some preliminary results as a proof of concept

Handling Failures and DOS Attacks Using Network Device Groups

With the growing popularity of the Internet and the falling prices of network devices, it is not unusual to find multiple network devices in a computer system. Technologies such as Internet connection sharing and NAT are commonly being used by end users to make network connectivity more viable. In this paper, we point out that this implicit redundancy can be used to achieve fault tolerance. It is known that network devices can be grouped to achieve failover support. However, the focus has been limited to localized factors and device failures. In the context of the Internet, security against DOS attacks also becomes an important issue. While the use of multiple network devices provides a good solution for device failure, it doesn’t guarantee a good defense against DOS attacks. We show that computer systems can become tolerant to DOS attacks if some external factors are also taken into account. The main contribution of this paper is a systematic and comprehensive solution that makes a best effort to provide reliable network connectivity even when network device failures and DOS attacks occur. We have implemented and tested this technique in Linux and report our findings.