Development and Evaluation of a Secure Web Gateway Using Existing ICAP Open Source Tools

This work in progress paper discusses the development and evaluation of an open source secure web gateway. The proof of concept system uses a combination of open source software (including the Greasyspoon ICAP Server, Squid HTTP proxy, and Clam Antivirus) to perform the various security tasks that range from simple (such as passive content insertion) to more advanced (such as active content alteration) by modules installed on the server. After discussing the makeup of the proof of concept system we discuss our evaluation methodology for both effectiveness and performance. The effectiveness was tested using comparative analysis of groups of self-browsing high interaction client honeypots (employing a variety of security measures) and recording different system alteration rates. Performance was tested across a wide range of variables to determine the failure conditions and optimal set up for the components used

Flexible Booms, Momentum Wheels, and Subtle Gravity-Gradient Instabilities

A gravity-gradient boom and a momentum wheel provides a passive, three-axis attitude control system for a small satellite requiring 10° Earth-oriented pointing In a low Earth orbit. The Polar BEAR satellite Is a small satellite using just such a system that has experienced unexpected attitude instabilities during some of Its full-sun orbit periods. This paper examines the attitude dynamles and disturbances associated with gravlty-gradientlmomentum-wheel systems In an attempt to identify potential destabilizing mechanisms common to the configuration. Polar BEAR is not the only such configuration to experience problems In full sun. and several other examples are briefiy discussed. Although we place particular emphasis on trying to understand Polar BEAR\u27s anomaly, Its performance may be symptomatic of problems with the Dexible-boom/momentum-wheel configuration

A Proposed Policy-Based Management Architecture for Wireless Clients Operating in a Heterogeneous Mobile Environment

The objective of this paper is to provide a managed always best connected service to mobile entities over underlying heterogeneous wireless and mobile platforms while maintaining negotiated security and quality of service (QoS). This paper proposes a new model and its architecture which is based upon Policy-based Management but provides a new framework based on layered-approach for the centralised management of mobile clients. In particular, we propose and implement a new model of a policy-managed mobile client and its architecture to support seamless handoff across multiple access networks. The proposed mobile client supports multi-domain authentication, authorisation and security based on user profiles as well as the ability to negotiate management services over interconnected heterogeneous mobile platforms. We have also proposed a new handoff initiation algorithm to select an optimum time to handoff. This algorithm combines metrics in a novel way using standard deviations without resorting to other computationally intensive methods. Finally, this paper describes a proof-of-concept implementation based upon Microsoft Windows presenting a performance analysis to validate our architectural approach

A Novel Design and Implementation of Dos-Resistant Authentication and Seamless Handoff Scheme for Enterprise WLANs

With the advance of wireless access technologies, the IEEE 802.11 wireless local area network (WLAN) has gained significant increase in popularity and deployment due to the substantially improved transmission rate and decreased deployment costs. However, this same widespread deployment makes WLANs an attractive target for network attacks. Several vulnerabilities have been identified and reported regarding the security of the current 802.11 standards. To address those security weaknesses, IEEE standard committees proposed the 802.11i amendment to enhance WLAN security. The 802.11i standard has demonstrated the capability of providing satisfactory mutual authentication, better data confidentiality, and key management support, however, the design of 802.11i does not consider network availability. Thus 802.11i is highly susceptible to malicious denial-of-service (DoS) attacks, which exploit the vulnerability of unprotected management frames. This paper proposes, tests and evaluates a combination of three novel methods by which the exploitation of 802.11i by DoS attacks can be improved. These three methods include an access point nonce dialogue scheme, a fast access point transition protocol handoff scheme and a location management based selective scanning scheme. This combination is of particular value to real-time users running time-dependant applications such as VoIP. In order to acquire practical data to evaluate the proposed schemes, a prototype network has been implemented as an experimental testbed using open source tools and drivers. This testbed allows practical data to be collected and analysed. The result demonstrates that not only the proposed authentication scheme eradicates most of the DoS vulnerabilities, but also substantially improved the handoff performance to a level suitable for supporting real-time services

New Approaches to Mitigation of Malicious Traffic in VoIP Networks

Voice over IP (VoIP) telephony is becoming widespread in use, and is often integrated into computer networks. Because of this, malicious software threatens VoIP systems in the same way that traditional computer systems have been attacked by viruses, worms, and other automated agents. VoIP networks are a challenge to secure against such malware as much of the network intelligence is focused on the edge devices and access environment. This paper describes the design and implementation of a novel VoIP security architecture in which evaluation of, and mitigation against, malicious traffic is demonstrated by the use of virtual machines to emulate vulnerable clients and servers through the use of apparent attack vectors. This new architecture, which is part of an ongoing research project, establishes interaction between the VoIP backend and the end users, thus providing information about ongoing and unknown attacks to users

Development and performance assessment of an integrated vermifiltration based treatment system for the treatment of feedlot runoff

The objective of this study was to treat feedlot runoff by developing an ecologically sustainable, affordable, and resilient treatment system having a relatively long life span. Three horizontal flow soil biofilters were utilized in this study: 1) without earthworms and plants (Biofilter (BF)), 2) with earthworms only (Vermifilter (VF)), and 3) with earthworms and plants (Macrophyte Assisted Vermifilter (MAVF)). The experiments were conducted with a hydraulic retention time of four days using Lumbricus terestrris earthworms and Carex frankii wetland plants. The average COD removal from the BF, VF, and MAVF were 23.2–30.4%, 61.4–69.1%, and 68.3–78.1%, respectively. Average TN removal efficiencies for BF, VF, and MAVF were 15.5–21.4%, 34.4–38.8%, and 39.1–44.0%, respectively. Additionally, average TP removals for BF, VF, and MAVF were 31.9–40.8%, 48.0–54.0%, and 51.1–58.3%, respectively. Comparison of results with literature indicate that the developed system can facilitate more nitrogen removal. Plant roots, along with earthworms, create an aerobic ecosystem within the treatment filter, leading to high organics oxidation and nitrification efficiency among BF, VF, and MAVF. Observational analysis indicates the system with earthworms is prone to clogging while the system with earthworms and plants was less prone to clogging. Thus, it can be concluded that if modularized, the application of MAVF systems can treat feedlot runoffs with higher removal efficiency and expanded life span

Where People Meet the Muck: An Integrated Assessment of Beach Muck and Public Perception at the Bay City State Recreation Area, Saginaw Bay, Lake Huron

In several regions of the Great Lakes, including Saginaw Bay, the proliferation of muck, decaying organics largely from aquatic plants such as Cladophora, has washed ashore, and is blamed for negatively affecting water quality and economic losses in the region. The current view is that excess nutrient loading into the system is a leading cause of this type of organic debris, though changes in food web dynamics may also be a contributing factor. Through an Integrated Assessment (IA) framework, we summarized the current state of knowledge on the causes and consequences of muck conditions at the Bay City State Recreation Area (BCSRA), including the socio-economic impacts of muck at the park and on the Saginaw Bay Region. Through this framework we identify potential management scenarios for addressing beach fouling at the BCSRA. Through a robust stakeholder engagement process, the IA team implemented a suite of models and surveys to understand public perception of muck-related issues and identified a series of feasible short and long-term management actions that could help alleviate and better manage the impacts of muck. Results indicate that even drastic reductions in external phosphorus loads will not eliminate Cladophora growth in the bay. Beach muck is likely a historical part of the system, and nutrient reduction programs may not prevent muck from fouling Saginaw Bay beaches. We identify a sustainable park management practice maybe reallocating resources previously designated for cleaning efforts to achieve bare, sandy beaches and promoting alternative ecological activities and attractions such as bird watching, kayaking, and nature walks in the park’s coastal marshes

Autoantibodies to Type VII Collagen Recognize Epitopes in a Fibronectin-Like Region of the Noncollagenous (NC1) Domain

Autoantibodies to type VII collagen are characteristic of the blistering diseases epidermolysis bullosa acquisita and bullous systemic lupus erythematosus (SLE). Blisters in those diseases are due to defective adhesion of the lamina densa subregion of the epithelial basement membrane to the underlying dermis. Previous studies indicating that type VII collagen contributes to lamina densa-dermal adhesion by cross-linking lamina densa and dermal matrix proteins suggests that autoantibodies may contribute to blisters by interfering with type VII collagen function. That hypothesis is supported by previous studies showing autoantibodies from a small number of epidermolysis bullosa acquisita patients recognize proteolytic fragments containing the 145-kD noncollagenous domain of type VII collagen. In this study, we examined reactivity of autoantibodies from a large number of epidermolysis bullosa acquisita and bullous SLE patients with fusion proteins representing most of the noncollagenous domain of type VII collagen and that those regions are homologous to type III repeats of fibronectin. These results suggest autoantibodies binding to fibronectin homology regions within the 145-kD noncollagenous domain may interfere with the adhesion function of type VII collagen and contribute to lamina densa-dermal dysadhesion in epidermolysis bullous acquisita and bullous SLE