An automated wrapper-based approach to the design of dependable software

The design of dependable software systems invariably comprises two main activities: (i) the design of dependability mechanisms, and (ii) the location of dependability mechanisms. It has been shown that these activities are intrinsically difficult. In this paper we propose an automated wrapper-based methodology to circumvent the problems associated with the design and location of dependability mechanisms. To achieve this we replicate important variables so that they can be used as part of standard, efficient dependability mechanisms. These well-understood mechanisms are then deployed in all relevant locations. To validate the proposed methodology we apply it to three complex software systems, evaluating the dependability enhancement and execution overhead in each case. The results generated demonstrate that the system failure rate of a wrapped software system can be several orders of magnitude lower than that of an unwrapped equivalent

Beyond the golden run : evaluating the use of reference run models in fault injection analysis

Fault injection (FI) has been shown to be an effective approach to assess- ing the dependability of software systems. To determine the impact of faults injected during FI, a given oracle is needed. This oracle can take a variety of forms, however prominent oracles include (i) specifications, (ii) error detection mechanisms and (iii) golden runs. Focusing on golden runs, in this paper we show that there are classes of software which a golden run based approach can not be used to analyse. Specifically we demonstrate that a golden run based approach can not be used when analysing systems which employ a main control loop with an irregular period. Further, we show how a simple model, which has been refined using FI, can be employed as an oracle in the analysis of such a system

On the tradeoff between privacy and energy in wireless sensor networks

Source location privacy is becoming an increasingly important property of some wireless sensor network applica- tions. The fake source technique has been proposed as an approach for handling the source location privacy problem in these situations. However, whilst the efficiency of the fake source techniques is well documented, there are several factors that limit the usefulness of current results: (i) the assumption that fake sources are known a priori, (ii) the selection of fake sources based on an prohibitively expensive pre-configuration phase and (iii) the lack of a commonly adopted attacker model. In this paper we address these limitations by investigating the efficiency of the fake source technique with respect to possible implementations, configurations and extensions that do not require a pre-configuration phase or a priori knowledge of fake sources. The results presented demonstrate that one possible implementation, in presence of a single attacker, can lead to a decrease in capture ratio of up to 60% when compared with a flooding baseline. In the presence of multiple attackers, the same implementation yields only a 30% decrease in capture ratio with respect to the same baseline. To address this problem we investigate a hybrid technique, known as phantom routing with fake sources, which achieves a corresponding 50% reduction in capture ratio

Image scoring in ad-hoc networks : an investigation on realistic settings

Encouraging cooperation in distributed Multi-Agent Systems (MAS) remains an open problem. Emergent application domains such as Mobile Ad-hoc Networks (MANETs) are characterised by constraints including sparse connectivity and a lack of direct interaction history. Image scoring, a simple model of reputation proposed by Nowak and Sigmund, exhibits low space and time complexity and promotes cooperation through indirect reciprocity, in which an agent can expect cooperation in the future without repeat interactions with the same partners. The low overheads of image scoring make it a promising technique for ad-hoc networking domains. However, the original investigation of Nowak and Sigmund is limited in that it (i) used a simple idealised setting, (ii) did not consider the effects of incomplete information on the mechanism’s efficacy, and (iii) did not consider the impact of the network topology connecting agents. We address these limitations by investigating more realistic values for the number of interactions agents engage in, and show that incomplete information can cause significant errors in decision making. As the proportion of incorrect decisions rises, the efficacy of image scoring falls and selfishness becomes more dominant. We evaluate image scoring on three different connection topologies: (i) completely connected, which closely approximates Nowak and Sigmund’s original setup, (ii) random, with each pair of nodes connected with a constant probability, and (iii) scale-free, which is known to model a number of real world environments including MANETs

Many-to-many data aggregation scheduling in wireless sensor networks with two sinks

Traditionally, wireless sensor networks (WSNs) have been deployed with a single sink. Due to the emergence of sophisticated applications, WSNs may require more than one sink. Moreover, deploying more than one sink may prolong the network lifetime and address fault tolerance issues. Several protocols have been proposed for WSNs with multiple sinks. However, most of them are routing protocols. Differently, our main contribution, in this paper, is the development of a distributed data aggregation scheduling (DAS) algorithm for WSNs with two sinks. We also propose a distributed energy-balancing algorithm to balance the energy consumption for the aggregators. The energy-balancing algorithm first forms trees rooted at nodes which are termed virtual sinks and then balances the number of children at a given level to level the energy consumption. Subsequently, the DAS algorithm takes the resulting balanced tree and assigns contiguous slots to sibling nodes, to avoid unnecessary energy waste due to frequent active-sleep transitions. We prove a number of theoretical results and the correctness of the algorithms. Through simulation and testbed experiments, we show the correctness and performance of our algorithms

Implementing chain of custody requirements in database audit records for forensic purposes

During forensic database investigations, audit records become a crucial evidential element; particularly, when certain events can be attributed to insider activity. However, traditional reactive forensic methods may not be suitable, urging the adoption of proactive approaches that can be used to ensure accountability through audit records whilst satisfying Chain of Custody (CoC) requirements for forensic purposes. In this paper, role segregation, evidence provenance, event timeliness and causality are considered as CoC requirements in order to implement a forensically ready architecture for the proactive generation, collection and preservation of database audit records that can be used as digital evidence for the investigation of insider activity. Our proposal implements triggers and stored procedures as forensic routines in order to build a vector-clockbased timeline for explaining causality in transactional events recorded in audit tables. We expect to encourage further work in the field of proactive digital forensics and forensic readiness; in particular, for justifying admissibility of audit records under CoC restrictions

A methodology for the generation of efficient error detection mechanisms

A dependable software system must contain error detection mechanisms and error recovery mechanisms. Software components for the detection of errors are typically designed based on a system specification or the experience of software engineers, with their efficiency typically being measured using fault injection and metrics such as coverage and latency. In this paper, we introduce a methodology for the design of highly efficient error detection mechanisms. The proposed methodology combines fault injection analysis and data mining techniques in order to generate predicates for efficient error detection mechanisms. The results presented demonstrate the viability of the methodology as an approach for the development of efficient error detection mechanisms, as the predicates generated yield a true positive rate of almost 100% and a false positive rate very close to 0% for the detection of failure-inducing states. The main advantage of the proposed methodology over current state-of-the-art approaches is that efficient detectors are obtained by design, rather than by using specification-based detector design or the experience of software engineers

Bring your own disclosure : analysing BYOD threats to corporate information

Mobile device consumerisation has introduced the Bring-Your-Own-Device (BYOD) trend to the organisational context, allowing employees to work using their personal devices. However, as personal mobile devices are perceived as less secure than those provided by the organisation, BYOD has risen security concerns about corporate information being accessed by mobile devices from inside and outside the corporate perimeter. Moreover, this uncontrolled mobile device activity makes it difficult to differentiate external (outsider) malicious activity from reckless/naive employee (insider) behaviour, preventing effective correlation of unauthorised actions with the perpetrators. In this paper, a STRIDE-based BYOD Threat Model is proposed to analyse BYOD Threat Interactions from inside and outside the corporate perimeter. Our research contributes to a better understanding and awareness about the influence of BYOD Threats on disclosure and contamination of corporate information, encouraging future work in the field of BYOD security and digital forensics in order to protect information and manage an increasing number of evidence sources

Towards understanding source location privacy in wireless sensor networks through fake sources

Source location privacy is becoming an increasingly important property in wireless sensor network applications, such as asset monitoring. The original source location problem is to protect the location of a source in a wireless sensor network from a single distributed eavesdropper attack. Several techniques have been proposed to address the source location problem, where most of these apply some form of traffic analysis and engineering to provide enhanced privacy. One such technique, namely fake sources, has proved to be promising for providing source location privacy. Recent research has concentrated on investigating the efficiency of fake source approaches under various attacker models. In this paper, we (i) provide a novel formalisation of the source location privacy problem, (ii) prove the source location privacy problem to be NP-complete, and (iii) provide a heuristic that yields an optimal level of privacy under appropriate parameterisation. Crucially, the results presented show that fake sources can provide a high, sometimes optimal, level of privacy

A dynamic fake source algorithm for source location privacy in wireless sensor networks

Wireless sensor networks (WSNs) are commonly used in asset monitoring applications, where it is often desirable for the location of the asset being monitored to be kept private. The source location privacy (SLP) problem involves protecting the location of a WSN source node from an attacker who is attempting to locate it. Among the most promising approaches to the SLP problem is the use of fake sources, with much existing research demonstrating their efficacy. Despite the effectiveness of the approach, the most effective algorithms providing SLP require network and situational knowledge that makes their deployment impractical in many contexts. In this paper, we develop a novel dynamic fake sources-based algorithm for SLP. We show that the algorithm provides state-of-the-art levels of location privacy under practical operational assumptions