By Topic

Information Assurance Workshop, 2003. IEEE Systems, Man and Cybernetics Society

Date 18-20 June 2003

Filter Results

Displaying Results 1 - 25 of 53
  • An evolutionary approach to generate fuzzy anomaly (attack) signatures

    Publication Year: 2003 , Page(s): 251 - 259
    Cited by:  Papers (10)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (914 KB) |  | HTML iconHTML  

    We describe the generation of fuzzy signatures to detect some cyber attacks. This approach is an enhancement to our previous work, which was based on the principle of negative selection for generating anomaly detectors using genetic algorithms. The present work includes a different genetic representation scheme for evolving efficient fuzzy detectors. To determine the performance of the proposed ap... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • On the large-scale deployment of a distributed embedded firewall

    Publication Year: 2003 , Page(s): 296 - 297
    Cited by:  Patents (1)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (311 KB) |  | HTML iconHTML  

    We were recently challenged to deploy a scalable network of host based defenses using the 3com embedded firewall (EFW). The goal was to test EFW scalability in a fully operational environment. A host-based, distributed firewall like EFW requires a different perspective on policy configuration and management than a conventional perimeter firewall. They can improve overall network security by pushin... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Kerf toolkit for intrusion analysis

    Publication Year: 2003 , Page(s): 301 - 303
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (297 KB) |  | HTML iconHTML  

    We consider the problem of intrusion analysis and present the Kerf toolkit, whose purpose is to provide an efficient and flexible infrastructure for the analysis of attacks. The Kerf toolkit includes a mechanism for securely recording host and network logging information for a network of workstations, a domain-specific language for querying this stored data, and an interface for viewing the result... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security-auditing in a softswitch

    Publication Year: 2003 , Page(s): 292 - 293
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (249 KB)  

    The trend in the industry is to use the Internet protocol (IP) networks to provide the voice services. This trend is referred to as the convergence of the voice and data traffic over the same network, usually the IP network. Though this concept is attractive, there are formidable difficulties in actually realizing it. This is because the IP networks are inherently unsuitable to provide voice servi... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Costs and benefits of integrating biometrics with a navy tactical weapons system

    Publication Year: 2003 , Page(s): 303 - 304
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (285 KB) |  | HTML iconHTML  

    We investigate the cost and benefit of integrating biometrics with existing Navy tactical weapons systems. The approach to this investigation is to select a system and biometric technology to work with, build a prototype application, and evaluate it with system users. The Advanced Tomahawk Weapons Control System (ATWCS) was selected for integration with the Bioscrypt MV1200 finger scan device. Aft... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Army Reserve Information Operations Command overview

    Publication Year: 2003
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (179 KB)  

    Summary form only given. Army Reserve Information Operations Command (ARIOC) is a US Army Reserve asset charged to conduct information operations. The organization commanded by COL Bert Mizusawa, has five subordinate information operation centers (IOCs). Each IOC is commanded by a lieutenant colonel and has authorized 90 soldiers with the mission to conduct information-assurance and computer-netwo... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Information assurance for enterprise fiber optic networks

    Publication Year: 2003 , Page(s): 282 - 287
    Cited by:  Papers (2)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (705 KB) |  | HTML iconHTML  

    A recent practical experience and emerging concepts in the protection of enterprise optical networks, such as those used by Fortune 500 companies worldwide is reviewed. Critical elements of data integrity are reviewed, including the cryptographic coprocessor features on mainframe enterprise-class servers, security issues on Fibre Channel networks with cascaded switching, and the hardening of untru... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A distributed multipurpose mail guard

    Publication Year: 2003 , Page(s): 268 - 275
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (1033 KB) |  | HTML iconHTML  

    We describe a mechanism for incorporating a mail guard mechanism together with automatic, mandatory, and fully transparent digital signatures and encryption for message traffic embedded into the operating system of individual network nodes. By intercepting all inbound and outbound network traffic and analyzing for pertinent information using generalized Buchi automata, the guard mechanism can enfo... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Network viruses: their working principles and marriages with hacking programs

    Publication Year: 2003 , Page(s): 306 - 307
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (296 KB) |  | HTML iconHTML  

    We coin the name "network viruses", which refer to those viruses spreading through networks. Security attacks can come from both viruses and hacking programs. A network virus makes use of networking protocols and/or applications to spread. We surveyed several hundreds of computer viruses and classified them based on their spreading and infecting mechanisms. Virus intelligence is introduced to desc... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Static verification of worm and virus behavior in binary executables using model checking

    Publication Year: 2003 , Page(s): 298 - 300
    Cited by:  Papers (3)  |  Patents (1)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (336 KB) |  | HTML iconHTML  

    Use of formal methods in any application scenario requires a precise characterization and representation of the properties that need to be verified. The target, which is desired to be verified for these properties, needs to be abstracted in a suitable form that can be fed to a mechanical theorem prover. The most challenging question that arises in the case of malicious code is: "What are the prope... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Quantitative analysis of security protocols in wireless networks

    Publication Year: 2003 , Page(s): 290 - 291
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (364 KB) |  | HTML iconHTML  

    Security has been a major concern for computer networks, and required levels of security continue to increase and become more complicated to provide. Wireless devices face new challenges in securely exchanging information due to their limitations such as power and bandwidth. Powerful algorithms have also been developed to provide authentication, confidentially, and integrity to information exchang... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The TrustedFlow™ protocol - idiosyncratic signatures for authenticated execution

    Publication Year: 2003 , Page(s): 288 - 289
    Cited by:  Papers (1)  |  Patents (1)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (300 KB) |  | HTML iconHTML  

    We present a software solution to the problem of remotely authenticating software during execution, which aims at assuring that the software is not changed prior to and during execution. The solution is based on a flow of idiosyncratic signatures that is generated by a function hidden in the software to be authenticated and validated by a remote computing component. The TrustedFlow™ approach... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security assurance for an RBAC/MAC security model

    Publication Year: 2003 , Page(s): 260 - 267
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (1107 KB) |  | HTML iconHTML  

    Corporations and government agencies rely on inter-operating software artifacts (e.g., legacy, COTS, GOTS, databases, servers, etc.) and client applications, brought together by middleware (e.g., CORBA, JINI, .NET, etc.), supporting unrestricted access to application programmer interfaces, APIs. As part of our ongoing research, we have designed and prototyped a unified role-based/mandatory access ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A cryptographic protocol to protect MPLS labels

    Publication Year: 2003 , Page(s): 237 - 242
    Cited by:  Papers (1)  |  Patents (1)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (566 KB) |  | HTML iconHTML  

    We have designed a cryptographic protocol to protect the Multiprotocol Label Switching (MPLS) header used in an Internet service provider (ISP) network. This protocol protects the MPLS header primarily against tampering for purposes of hijacking ISP resources. Secondary goals are protection against replay attack and traffic analysis of ISP traffic. The protocol is fast so as to minimize delay intr... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Secure Web-based applications with XML and RBAC

    Publication Year: 2003 , Page(s): 276 - 281
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (499 KB) |  | HTML iconHTML  

    A role-based access control model for Web-based applications (ORBAC) is introduced. Also, an efficient method for managing ORBAC security policies using XML and a role assignment algorithm are presented. Unlike most existing approaches, with our approach the authorization is independently defined and is separated from implementation mechanisms. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Risk probability estimating based on clustering

    Publication Year: 2003 , Page(s): 229 - 233
    Cited by:  Papers (1)  |  Patents (1)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (479 KB) |  | HTML iconHTML  

    Ubiquitous computing environments are highly dynamic, with new unforeseen circumstances and constantly changing environments, which introduces new risks that cannot be assessed through traditional means of risk analysis. Mobile entities in a ubiquitous computing environment require the ability to perform an autonomous assessment of the risk incurred by a specific interaction with another entity in... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Counterplanning deceptions to foil cyber-attack plans

    Publication Year: 2003 , Page(s): 221 - 228
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (775 KB) |  | HTML iconHTML  

    Tactics involving deception are important in military strategies. We have been exploring deliberate deception in defensive tactics by information systems under cyber-attack as during information warfare. We have developed a tool to systematically "counterplan" or find ways to foil a particular attack plan. Our approach is to first find all possible atomic "ploys" that can interfere with the plan. ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • LLSIM: network simulation for correlation and response testing

    Publication Year: 2003 , Page(s): 243 - 250
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (817 KB) |  | HTML iconHTML  

    The Lincoln Laboratory Simulator, LLSIM, is an easily configurable network simulator that can produce a wide variety of data sets without expensive testbeds. These data sets are useful for researchers who are developing general-purpose correlation and response systems. LLSIM is a Java-based, event-driven simulator consisting of user-configurable core models of networks and hosts. Event generators ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • IEEE Systems, Man and Cybernetics Society Information Assurance Workshop (IEEE Cat. No.03EX676)

    Publication Year: 2003
    Save to Project icon | Request Permissions | PDF file iconPDF (465 KB)  
    Freely Available from IEEE
  • IEEE information assurance activities

    Publication Year: 2003 , Page(s): 294 - 295
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (192 KB) |  | HTML iconHTML  

    An information assurance (IA) community is forming around core activities of the Institute of Electrical and Electronics Engineers, Inc. (IEEE) that include the recently approved IA Standards Committee (IASC), the Task Force on IA (TFIA), and an existing base of related IEEE groups and projects. A brief description is provided of the ideas and activities concerning redefinition of information assu... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An undergraduate information assurance curriculum

    Publication Year: 2003 , Page(s): 10 - 16
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (614 KB) |  | HTML iconHTML  

    Recognizing that most information assurance education programs are intended for professional graduate students, we investigate whether a curriculum can be designed for undergraduates who desire entry level positions in information assurance. We find that this task must be constrained before it can be solved and so, for that reason, will specify four requirements that our undergraduate curriculum w... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An architecture for making data available ceaselessly during recovery

    Publication Year: 2003 , Page(s): 196 - 202
    Cited by:  Papers (2)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (755 KB) |  | HTML iconHTML  

    Existing recovery schemes, developed for defensive information warfare scenario, range from completely prohibiting access to affected databases to prohibiting access specifically to damaged data items. In many cases this prohibition is undesirable. We have introduced a recovery model that can substantially reduce the database down-time during the recovery process, while attempting to provide repai... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A virtual environment for IA education

    Publication Year: 2003 , Page(s): 17 - 23
    Cited by:  Papers (4)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (910 KB) |  | HTML iconHTML  

    With the increased potential of a bona fide cyber terrorist attack and the possibility of a future "war in the wires", we must continue to improve the education, training, and resourcing of individuals responsible for defending our national borders-whether those borders be physical or electronic. The Information Analysis and Research (IWAR) laboratory at the United States Military Academy (USMA) h... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Automatic backdoor analysis with a network intrusion detection system and an integrated service checker

    Publication Year: 2003 , Page(s): 122 - 126
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (408 KB) |  | HTML iconHTML  

    We examine how a network intrusion detection system can be used as a trigger for service checking and reporting. This approach reduces the amount of false alerts (false positives) and raises the quality of the alert report. A sample data over the Christmas period of year 2002 is analyzed as an example and detection of unauthorized SSH servers used as the main application. Unauthorized interactive ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The use of Honeynets to detect exploited systems across large enterprise networks

    Publication Year: 2003 , Page(s): 92 - 99
    Cited by:  Papers (25)  |  Patents (12)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (832 KB) |  | HTML iconHTML  

    Computer networks connected to the Internet continue to be compromised and exploited by hackers. This is in spite of the fact that many networks run some type of security mechanism at their connection to the Internet. Large enterprise networks, such as the network for a major university, are very inviting targets to hackers who are looking to exploit networks. Large enterprise networks may consist... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.