More security or less insecurity (transcript of discussion)

The purpose of this talk is to explore the possibility of an exploitable analogy between approaches to secure system design and theories of jurisprudence. The prevailing theory of jurisprudence in the West at the moment goes back to Hobbes. It was developed by Immanuel Kant and later by Rousseau, and is sometimes called the contractarian model after Rousseau’s idea of the social contract. It’s not the sort of contract that you look at and think, oh gosh, that might be nice, I might think about opting in to that, it’s more like a pop up licence agreement that says, do you want to comply with this contract, or would you rather be an outlaw. So you don’t get a lot of choice about it. Sometimes the same theory, flying the flag of Immanuel Kant, is called transcendental institutionalism, because the basic approach says, you identify the legal institutions that in a perfect world would govern society, and then you look at the processes and procedures, the protocols that everyone should follow in order to enable those institutions to work, and then you say, right, that can’t be transcended, so therefore there’s a moral imperative for everyone to do it. So this model doesn’t pay any attention to the actual society that emerges, or to the incentives that these processes actually place on various people to act in a particular way. It doesn’t look at any interaction effects, it simply says, well you have to behave in this particular way because that’s what the law says you have to do, and the law is the law, and anybody who doesn’t behave in that way is a criminal, or (in our terms) is an attackerFinal Accepted Versio

Introduction : Virtually perfect security (transcript of discussion)

“Virtually Perfect Security” is an attempt to tie together three slightly different interlocking strands. The first is the fact that although we talk about security as if it were some sort of metaphysical property (so that a system is either secure or isn’t), we all know that really whether a system is secure or not depends on the context which you put it, and you can move a system to a different context and change whether it’s secure or not. In practice, we also usually prove security relative to a particular abstraction, and the danger is that we have a system that “really” is secure, and then we discover that the attacker is using a different abstraction. Our attempt to find abstractions which the attacker can’t fool with this trick with has pushed us into talking about security using abstractions that are further and further away from anything that a user might think of as comprehensible or convenien

A Note About the Semantics of Delegation

In many applications, mobile agents are used by a client to delegate a task. This task is usually performed by the agent on behalf of the client, by visiting various service provider's sites distributed over a network. This use of mobile agents raises many interesting security issues concerned with the trust relationships established through delegation mechanisms between client and agent, agent and service provider and client and service provider. In this paper we will explain why the traditional semantics of delegation used by existing access control mechanisms, either centralised or distributed, are generally not satisfactory to prevent and detect deception and why these problems are even more critical when these semantics are used in mobile agent paradigms.Non peer reviewe

Remote booting in a hostile world: to whom am I speaking? [Computer security]

“This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder." “Copyright IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.”Today's networked computer systems are very vulnerable to attack: terminal software, like that used by the X Window System, is frequently passed across a network, and a trojan horse can easily be inserted while it is in transit. Many other software products, including operating systems, load parts of themselves from a server across a network. Although users may be confident that their workstation is physically secure, some part of the network to which they are attached almost certainly is not secure. Most proposals that recommend cryptographic means to protect remotely loaded software also eliminate the advantages of remote loading-for example, ease of reconfiguration, upgrade distribution, and maintenance. For this reason, they have largely been abandoned before finding their way into commercial products. The article shows that, contrary to intuition, it is no more difficult to protect a workstation that loads its software across an insecure network than to protect a stand-alone workstation. In contrast to prevailing practice, the authors make essential use of a collision-rich hash function to ensure that an exhaustive off-line search by the opponent will produce not one, but many candidate pass words. This strategy forces the opponent into an open, on-line guessing attack and offers the user a defensive strategy unavailable in the case of an off-line attack.Peer reviewe

Resilient Misbehaviour Detection MAC Protocol (MD-MAC) for Distributed Wireless Networks

Chaminda Alocious, Hannan Xiao, B. Christianson, 'Resilient Misbehaviour Detection MAC Protocol (MD-MAC) for Distributed Wireless Networks' paper presented at the 2016 IEEE Wireless Communications and Networking Conference (IEEE WCNC). Doha, Qatar. 3-6 April 2016Wireless network security requirements are becoming more important and critical. The modern network security architectures require more attention to provide security in each network layer. This will require understanding of protocol vulnerabilities in existing protocol architectures. However, providing security requirements are not just limited to confidentiality and integrity, also availability and fairness are important security elements. IEEE 802.11 MAC protocol is one of the most common standard in modern day networks and has been designed without a consideration for providing security protection at MAC layer. IEEE 802.11 assumes all the nodes in the network are cooperative. However, nodes may purposefully misbehave in order to obtain extra bandwidth, conserve resources and disrupt network performance. This research proposes a Misbehaviour Detection MAC protocol (MD-MAC) to address the problematic scenarios of MAC layer misbehaviours, which takes a novel approach to detect misbehaviours in Mobile Adhoc Networks (MANETs). The MD-MAC modifies the CSMA/CA protocol message exchange and uses verifiable backoff value generation mechanism with an incorporated trust model which is suitable for distributed networks. The MD-MAC protocol has been implemented and evaluated in ns2, simulation results suggest that the protocol is able to detect misbehaving wireless nodes in a distributed network environment

A Candour-based Trust and Reputation Management System for Mobile Ad Hoc Networks

The decentralized administrative controlled-nature of mobile ad hoc networks (MANETs) presents security vulnerabilities which can lead to attacks such as malicious modification of packets. To enhance security in MANETs, Trust and Reputation Management systems (TRM) have been developed to serve as measures in mitigating threats arising from unusual behaviours of nodes. In this paper we propose a candour-based trust and reputation system which measures and models reputation and trust propagation in MANETs. In the proposed model Dirichlet Probability Distribution is employed in modelling the individual reputation of nodes and the trust of each node is computed based on the node’s actual network performance and the quality of the recommendations it gives about other nodes. Cooperative nodes in our model will be rewarded for expanding their energy in forwarding packets for other nodes or for disseminating genuine recommenda-tions. Uncooperative nodes are isolated and denied the available network resources. We employed the Ruffle algorithm which will ensure that cooperative nodes are allowed to activate sleep mode when their service is not required in forwarding packets for its neighbouring trustworthy nodes. The proposed TRM system enshrines fairness in its mode of operation as well as creating an enabling environment free from bias. It will also ensure a connected and capacity preserving network of trustworthy node

A Media Access Control Protocol for Wireless Adhoc Networks with Misbehaviour Avoidance

The most common wireless Medium Access Control (MAC) protocol is IEEE 802.11. Currently IEEE 802.11 standard protocol is not resilient for many identified MAC layer attacks, because the protocol is designed without intention for providing security and with the assumption that all the nodes in the wireless network adhere to the protocol. However, nodes may purposefully show misbehaviours at the MAC layer in order to obtain extra bandwidth con-serve resources and degrade or disrupt the network performance. This research proposes a secure MAC protocol for MAC layer which has integrated with a novel misbehaviour detection and avoidance mechanism for Mobile Ad Hoc Networks (MANETs). The proposed secure MAC protocol the sender and receiver work collaboratively together to handshakes prior to deciding the back-off values. Common neighbours of the sender and receiver contributes effectively to misbehaviours detection and avoidance process at MAC layer. In addition the proposed solution introduces a new trust distribution model in the network by assuming none of the wireless nodes need to trust each other. The secure MAC protocol also assumes that misbehaving nodes have significant levels of intelligence to avoid the detectio

Sharing storage using dirty vectors

Consider a computation F with n inputs (independent variables) and m outputs (dependent variables) and suppose that we wish to evaluate the Jacobian of F. Automatic differentiation commonly performs this evaluation by associating vector storage either with the program variables (in the case of forward-mode automatic differentiation) or with the adjoint variables (in the case of reverse). Each vector component contains a partial derivative with respect to an independent variable, or a partial derivative of a dependent variable, respectively. The vectors may be full vectors, or they may be dynamically managed sparse data structures. In either case, many of these vectors will be scalar multiples of one another. For example, any intermediate variable produced by a unary operation in the forward mode will have a derivative vector that is a multiple of the derivative for the argument. Any computational graph node that is read just once during its lifetime will have an adjoint vector that is a multiple of the adjoint of the node that reads it. It is frequently wasteful to perform component multiplications explicitly. A scalar multiple of another vector can be replaced by a single multiplicative "scale factor" together with a pointer to the other vector. Automated use of this "dirty vector" technique can save considerable memory management overhead and dramatically reduce the number of floating-point operations required. In particular, dirty vectors often allow shared threads of computation to be reverse-accumulated cheaply. The mechanism permits a number of generalizations, some of which give efficient techniques for preaccumulation

Analysis of DoS Attacks at MAC Layer in Mobile Adhoc Networks

—Wireless network security has received tremendous attention due to the vulnerabilities exposed in the open communication medium. The most common wireless Medium Access Control (MAC) protocol is IEEE 802.11, which assumes all the nodes in the network are cooperative. However, nodes may purposefully misbehave in order to disrupt network performance, obtain extra bandwidth and conserve resources. These MAC layer misbehaviours can lead to Denial of Service (DoS) attacks which can disrupt the network operation. There is a lack of comprehensive analysis of MAC layer misbehaviour driven DoS attacks for the IEEE 802.11 protocol. This research studied possible MAC layer DoS attack strategies that are driven by the MAC layer malicious/selfish nodes and investigates the performance of the IEEE 802.11 protocol. Such DoS attacks caused by malicious and selfish nodes violating backoff timers associated with the protocol. The experimental and analytical approach evaluates several practical MAC layer backoff value manipulation and the impact of such attacks on the network performance and stability in MANETs. The simulation results show that introducing DoS attacks at MAC layer could significantly affect the network throughput and data packet collision rate. This paper concludes that DoS attacks with selfish/malicious intend can obtain a larger throughput by denying well-behaved nodes to obtain deserved throughput, also DoS attacks with the intend of complete destruction of the network can succee

Modular design of data-parallel graph algorithms

Amorphous Data Parallelism has proven to be a suitable vehicle for implementing concurrent graph algorithms effectively on multi-core architectures. In view of the growing complexity of graph algorithms for information analysis, there is a need to facilitate modular design techniques in the context of Amorphous Data Parallelism. In this paper, we investigate what it takes to formulate algorithms possessing Amorphous Data Parallelism in a modular fashion enabling a large degree of code re-use. Using the betweenness centrality algorithm, a widely popular algorithm in the analysis of social networks, we demonstrate that a single optimisation technique can suffice to enable a modular programming style without loosing the efficiency of a tailor-made monolithic implementation