Enhancing Forensic-Tool Security with Rust: Development of a String Extraction Utility

The paper evaluates the suitability of the Rust ecosystem for forensic tool development. As a case study, a forensic tool named Stringsext is developed. Starting from analyzing the specefic requirements of forensic software in general and those of the present case study, all stages of the software development life-cycle are executed and evaluated. Stringsext is a re-implementation and enhancement of the GNU-strings tool, a widely used program in forensic investigations. Stringsext recognizes Cyrillic, CJKV East Asian characters and other scripts in all supported multi-byte-encodings while GNU-strings fails in finding these in UTF-16 and other encodings. During the case study it has become apparent that the Rust ecosystem provides good support for secure coding principles and unit testing. Furthermore, the bench-marks showed a satisfactory performance of the resulting Stringsext binaries comparable to the original C version

Security and privacy issues in cloud computing

International audienceCloud computing is a state-of-the-art technological innovation providing an extensive list of benefits for almost every business and governmental, small or medium-sized organizations. It has truly revolutionized the computational era by cutting down cost and reducing complexities of infrastructural configurations for computational platforms. This state-of-the-art technology is rapidly being adapted by various large organizations from healthcare to critical infrastructure to carry out their business processes that, otherwise, would require large storage capacity, huge computational power, and expensive hardware. The purpose of this special issue was to arrange a venue for cloud researchers around the world to share their state-of-the-art research and development that could benefit the cloud community. This helped collect high-quality articles that reported recent research advances regarding security and privacy issues in cloud computing, covering various topics of interest

Improving Network Troubleshooting using Virtualization

Diagnosing problems, deploying new services, testing protocol interactions, or validating network configurations are hard problems in today’s Internet. This paper proposes to leverage the concept of Network Virtualization to overcome such problems: (1) Monitoring VNets can be created on demand along side any production network to enable network-wide monitoring in a robust and cost-efficient manner; (2) Shadow VNets enable troubleshooting as well as safe upgrades to both the software components and their configurations. Both approaches build on the agility and isolation properties of the underlying virtualized infrastructure. Neither requires changes to the physical or logical structure of the production network. Thus, they have the potential to substantially ease network operation and improve resilience against mistakes

HAIR: Hierarchical Architecture for Internet Routing

Super-linear routing table growth, high update churn, lack of mobility and security, insufficient support for multi-homing and traffic engineering are some of the significant deficiencies of today’s Internet. More and more researchers are convinced that these shortcomings cannot be resolved by incremental and band-aid solutions. In this paper, we introduce HAIR, a scalable routing architecture for the future Internet. It addresses many of the problems the Internet is facing today. The focus is on limiting routing table size and update churn while supporting legacy hosts and avoiding unnecessary burden for transit providers. The key idea is to combine a hierarchical routing approach with locator/identifier separation: The routing as well as the mapping system are organized in a hierarchical manner where updates to both systems are not globally visible as far as possible. First experiences with a prototype implementation are promising and demonstrate a potential migration path where legacy devices are supported as well

Implementing Network Virtualization for a Future Internet

Abstract — The Internet has become an essential communication medium upon which billions of people rely every day. However, necessary evolution of the Internet has been severely limited by reliability constrains and social-economic factors. Experts fear that current growth rates will threaten the future of the Internet as a whole, despite the fact that new core technologies already exist. Network virtualization presents a promising approach to overcome ossification and facilitate service deployment for a future Internet. Exploring this approach, we present a prototype implementation which realizes a subset of the 4WARD virtual network (VNet) architecture, allowing multiple VNets to coexist on top of a shared physical infrastructure. We discuss the functionality of our prototype and demonstrate experimental results to assess its performance. I

The BGP Visibility Toolkit: detecting anomalous internet routing behavior

In this paper, we propose the BGP Visibility Toolkit, a system for detecting and analyzing anomalous behavior in the Internet. We show that interdomain prefix visibility can be used to single out cases of erroneous demeanors resulting from misconfiguration or bogus routing policies. The implementation of routing policies with BGP is a complicated process, involving fine-tuning operations and interactions with the policies of the other active ASes. Network operators might end up with faulty configurations or unintended routing policies that prevent the success of their strategies and impact their revenues. As part of the Visibility Toolkit, we propose the BGP Visibility Scanner, a tool which identifies limited visibility prefixes in the Internet. The tool enables operators to provide feedback on the expected visibility status of prefixes. We build a unique set of ground-truth prefixes qualified by their ASes as intended or unintended to have limited visibility. Using a machine learning algorithm, we train on this unique dataset an alarm system that separates with 95% accuracy the prefixes with unintended limited visibility. Hence, we find that visibility features are generally powerful to detect prefixes which are suffering from inadvertent effects of routing policies. Limited visibility could render a whole prefix globally unreachable. This points towards a serious problem, as limited reachability of a non-negligible set of prefixes undermines the global connectivity of the Internet. We thus verify the correlation between global visibility and global connectivity of prefixes.This work was sup-ported in part by the European Community's Seventh Framework Programme (FP7/2007-2013) under Grant 317647 (Leone)

CyberGenomics: Application of behavioral genetics in cybersecurity

Cybersecurity (CS) is a contemporary field for research and applied study of a range of aspects from across multiple disciplines. A cybersecurity expert has an in-depth knowledge of technology but is often also recognized for the ability to view technology in a non-standard way. This paper explores how CS specialists are both a combination of professional computing-based skills and genetically encoded traits. Almost every human behavioral trait is a result of many genome variants in action altogether with environmental factors. The review focuses on contextualizing the behavior genetics aspects in the application of cybersecurity. It reconsiders methods that help to identify aspects of human behavior from the genetic information. And stress is an illustrative factor to start the discussion within the community on what methodology should be used in an ethical way to approach those questions. CS positions are considered stressful due to the complexity of the domain and the social impact it can have in cases of failure. An individual risk profile could be created combining known genome variants linked to a trait of particular behavior using a special biostatistical approach such as a polygenic score. These revised advancements bring challenging possibilities in the applications of human behavior genetics and CS.publishedVersio

IPv4 address sharing mechanism classification and tradeoff analysis

The growth of the Internet has made IPv4 addresses a scarce resource. Due to slow IPv6 deployment, IANA-level IPv4 address exhaustion was reached before the world could transition to an IPv6-only Internet. The continuing need for IPv4 reachability will only be supported by IPv4 address sharing. This paper reviews ISP-level address sharing mechanisms, which allow Internet service providers to connect multiple customers who share a single IPv4 address. Some mechanisms come with severe and unpredicted consequences, and all of them come with tradeoffs. We propose a novel classification, which we apply to existing mechanisms such as NAT444 and DS-Lite and proposals such as 4rd, MAP, etc. Our tradeoff analysis reveals insights into many problems including: abuse attribution, performance degradation, address and port usage efficiency, direct intercustomer communication, and availability