Scheduled System Maintenance:
On Monday, April 27th, IEEE Xplore will undergo scheduled maintenance from 1:00 PM - 3:00 PM ET (17:00 - 19:00 UTC). No interruption in service is anticipated.
By Topic

Dependable and Secure Computing, IEEE Transactions on

Issue 1 • Date Jan.-Feb. 2011

Filter Results

Displaying Results 1 - 17 of 17
  • [Front cover]

    Publication Year: 2011 , Page(s): c1
    Save to Project icon | Request Permissions | PDF file iconPDF (121 KB)  
    Freely Available from IEEE
  • [Inside front cover]

    Publication Year: 2011 , Page(s): c2
    Save to Project icon | Request Permissions | PDF file iconPDF (221 KB)  
    Freely Available from IEEE
  • A Distributed Algorithm for Finding All Best Swap Edges of a Minimum-Diameter Spanning Tree

    Publication Year: 2011 , Page(s): 1 - 12
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (3531 KB) |  | HTML iconHTML  

    Communication in networks suffers if a link fails. When the links are edges of a tree that has been chosen from an underlying graph of all possible links, a broken link even disconnects the network. Most often, the link is restored rapidly. A good policy to deal with this sort of transient link failures is swap rerouting, where the temporarily broken link is replaced by a single swap link from the underlying graph. A rapid replacement of a broken link by a swap link is only possible if all swap links have been precomputed. The selection of high-quality swap links is essential; it must follow the same objective as the originally chosen communication subnetwork. We are interested in a minimum-diameter tree in a graph with edge weights (so as to minimize the maximum travel time of messages). Hence, each swap link must minimize (among all possible swaps) the diameter of the tree that results from swapping. We propose a distributed algorithm that efficiently computes all of these swap links, and we explain how to route messages across swap edges with a compact routing scheme. Finally, we consider the computation of swap edges in an arbitrary spanning tree, where swap edges are chosen to minimize the time required to adapt routing in case of a failure, and give efficient distributed algorithms for two variants of this problem. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An Obfuscation-Based Approach for Protecting Location Privacy

    Publication Year: 2011 , Page(s): 13 - 27
    Cited by:  Papers (31)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (2532 KB) |  | HTML iconHTML  

    The pervasive diffusion of mobile communication devices and the technical improvements of location techniques are fostering the development of new applications that use the physical position of users to offer location-based services for business, social, or informational purposes. In such a context, privacy concerns are increasing and call for sophisticated solutions able to guarantee different levels of location privacy to the users. In this paper, we address this problem and present a solution based on different obfuscation operators that, when used individually or in combination, protect the privacy of the location information of users. We also introduce an adversary model and provide an analysis of the proposed obfuscation operators to evaluate their robustness against adversaries aiming to reverse the obfuscation effects to retrieve a location that better approximates the location of the users. Finally, we present some experimental results that validate our solution. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Stochastic Model for Quantitative Security Analyses of Networked Systems

    Publication Year: 2011 , Page(s): 28 - 43
    Cited by:  Papers (1)
    Multimedia
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (2305 KB)  

    Traditional security analyses are often geared toward cryptographic primitives or protocols. Although such analyses are necessary, they cannot address a defender's need for insight into which aspects of a networked system having a significant impact on its security, and how to tune its configurations or parameters so as to improve security. This question is known to be notoriously difficult to answer, and the state of the art is that we know little about it. Toward ultimately addressing this question, this paper presents a stochastic model for quantifying security of networked systems. The resulting model captures two aspects of a networked system: (1) the strength of deployed security mechanisms such as intrusion detection systems and (2) the underlying vulnerability graph, which reflects how attacks may proceed. The resulting model brings the following insights: (1) How should a defender “tune” system configurations (e.g., network topology) so as to improve security? (2) How should a defender “tune” system parameters (e.g., by upgrading which security mechanisms) so as to improve security? (3) Under what conditions is the steady-state number of compromised entities of interest below a given threshold with a high probability? Simulation studies are conducted to confirm the analytic results, and to show the tightness of the bounds of certain important metric that cannot be resolved analytically. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Automated Derivation of Application-Aware Error Detectors Using Static Analysis: The Trusted Illiac Approach

    Publication Year: 2011 , Page(s): 44 - 57
    Cited by:  Papers (5)
    Multimedia
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (4630 KB)  

    This paper presents a technique to derive and implement error detectors to protect an application from data errors. The error detectors are derived automatically using compiler-based static analysis from the backward program slice of critical variables in the program. Critical variables are defined as those that are highly sensitive to errors, and deriving error detectors for these variables provides high coverage for errors in any data value used in the program. The error detectors take the form of checking expressions and are optimized for each control-flow path followed at runtime. The derived detectors are implemented using a combination of hardware and software and continuously monitor the application at runtime. If an error is detected at runtime, the application is stopped so as to prevent error propagation and enable a clean recovery. Experiments show that the derived detectors achieve low-overhead error detection while providing high coverage for errors that matter to the application. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Balancing Revocation and Storage Trade-Offs in Secure Group Communication

    Publication Year: 2011 , Page(s): 58 - 73
    Cited by:  Papers (2)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (3660 KB) |  | HTML iconHTML  

    In this paper, we focus on trade-offs between storage cost and rekeying cost for secure multicast. Membership in secure multicast groups is dynamic and requires multiple updates in a single time frame. We present a family of algorithms that provide a trade-off between the number of keys maintained by users and the time required for rekeying due to revocation of multiple users. We show that some well-known algorithms in the literature are members of this family. We show that algorithms in this family can be used to reduce the cost of rekeying by 43-79 percent when compared with previous solutions while keeping the number of keys manageable. We also describe a scheme to reduce the number of secrets further when revocations are periodic. Furthermore, we describe techniques to provide preferential treatment for long standing members of the group without affecting the performance of the algorithms. Using our techniques, as the group size increases, long standing members need to store smaller number of keys than short-lived members. This property is useful for adapting to the variable storage requirements of users in current day heterogeneous networks. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Deadlock-Free Adaptive Routing in Meshes with Fault-Tolerance Ability Based on Channel Overlapping

    Publication Year: 2011 , Page(s): 74 - 88
    Cited by:  Papers (6)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (5290 KB) |  | HTML iconHTML  

    A new deadlock-free routing scheme for meshes is proposed based on a new virtual network partitioning scheme, called channel overlapping. Two virtual networks can share some common virtual channels based on the new virtual network partitioning scheme. The deadlock-free adaptive routing method is then extended to deadlock-free adaptive fault-tolerant routing in 3D meshes still with two virtual channels. A few faulty nodes can make a higher dimensional mesh unsafe for fault-tolerant routing methods based on the block fault model, where the whole system (n-dimensional space) forms a fault block. Planar safety information in meshes is proposed to guide fault-tolerant routing and classifies fault-free nodes inside 2D planes. Many nodes globally marked as unsafe in the whole system become locally enabled inside 2D planes. This fault-tolerant deadlock-free adaptive routing algorithm is also extended to the one in an n-dimensional meshes with two virtual channels. Extensive simulation results are presented and compared to previous methods. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Mechanism Design-Based Secure Leader Election Model for Intrusion Detection in MANET

    Publication Year: 2011 , Page(s): 89 - 103
    Cited by:  Papers (9)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (2239 KB) |  | HTML iconHTML  

    In this paper, we study leader election in the presence of selfish nodes for intrusion detection in mobile ad hoc networks (MANETs). To balance the resource consumption among all nodes and prolong the lifetime of an MANET, nodes with the most remaining resources should be elected as the leaders. However, there are two main obstacles in achieving this goal. First, without incentives for serving others, a node might behave selfishly by lying about its remaining resources and avoiding being elected. Second, electing an optimal collection of leaders to minimize the overall resource consumption may incur a prohibitive performance overhead, if such an election requires flooding the network. To address the issue of selfish nodes, we present a solution based on mechanism design theory. More specifically, the solution provides nodes with incentives in the form of reputations to encourage nodes in honestly participating in the election process. The amount of incentives is based on the Vickrey, Clarke, and Groves (VCG) model to ensure truth-telling to be the dominant strategy for any node. To address the optimal election issue, we propose a series of local election algorithms that can lead to globally optimal election results with a low cost. We address these issues in two possible application settings, namely, Cluster-Dependent Leader Election (CDLE) and Cluster-Independent Leader Election (CILE). The former assumes given clusters of nodes, whereas the latter does not require any preclustering. Finally, we justify the effectiveness of the proposed schemes through extensive experiments. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Providing e-Transaction Guarantees in Asynchronous Systems with No Assumptions on the Accuracy of Failure Detection

    Publication Year: 2011 , Page(s): 104 - 121
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (2709 KB) |  | HTML iconHTML  

    In this paper, we address reliability issues in three-tier systems with stateless application servers. For these systems, a framework called e-Transaction has been recently proposed, which specifies a set of desirable end-to-end reliability guarantees. In this article, we propose an innovative distributed protocol providing e-Transaction guarantees in the general case of multiple, autonomous back-end databases (typical of scenarios with multiple parties involved within a same business process). Differently from existing proposals coping with the e-Transaction framework, our protocol does not rely on any assumption on the accuracy of failure detection. Hence, it reveals suited for a wider class of distributed systems. To achieve such a target, our protocol exploits an innovative scheme for distributed transaction management (based on ad hoc demarcation and concurrency control mechanisms), which we introduce in this paper. Beyond providing the proof of protocol correctness, we also discuss hints on the protocol integration with conventional systems (e.g., database systems) and show the minimal overhead imposed by the protocol. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • RITAS: Services for Randomized Intrusion Tolerance

    Publication Year: 2011 , Page(s): 122 - 136
    Cited by:  Papers (5)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (2219 KB) |  | HTML iconHTML  

    Randomized agreement protocols have been around for more than two decades. Often assumed to be inefficient due to their high expected communication and computation complexities, they have remained overlooked by the community-at-large as a valid solution for the deployment of fault-tolerant distributed systems. This paper aims to demonstrate that randomization can be a very competitive approach even in hostile environments where arbitrary faults can occur. A stack of randomized intrusion-tolerant protocols is described and its performance evaluated under several settings in both local-area-network (LAN) and wide-area-network environments. The stack provides a set of relevant services ranging from basic communication primitives up to atomic broadcast. The experimental evaluation shows that the protocols are efficient, especially in LAN environments where no performance reduction is observed under certain Byzantine faults. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Soft Error Rate Analysis for Combinational Logic Using an Accurate Electrical Masking Model

    Publication Year: 2011 , Page(s): 137 - 146
    Cited by:  Papers (10)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1799 KB) |  | HTML iconHTML  

    Accurate electrical masking modeling represents a significant challenge in soft error rate analysis for combinational logic circuits. In this paper, we use table lookup MOSFET models to accurately capture the nonlinear properties of submicron MOS transistors. Based on these models, we propose and validate the transient pulse generation model and propagation model for soft error rate analysis. The pulse generated by our pulse generation model matches well with that of HSPICE simulation, and the pulse propagation model provides nearly one order of magnitude improvement in accuracy over the previous models. Using these two models, we propose an accurate and efficient block-based soft error rate analysis method for combinational logic circuits. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Geometric Efficient Matching Algorithm for Firewalls

    Publication Year: 2011 , Page(s): 147 - 159
    Cited by:  Papers (3)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (2764 KB) |  | HTML iconHTML  

    Since firewalls need to filter all the traffic crossing the network perimeter, they should be able to sustain a very high throughput, or risk becoming a bottleneck. Firewall packet matching can be viewed as a point location problem: Each packet (point) has five fields (dimensions), which need to be checked against every firewall rule in order to find the first matching rule. Thus, algorithms from computational geometry can be applied. In this paper, we consider a classical algorithm that we adapted to the firewall domain. We call the resulting algorithm “Geometric Efficient Matching” (GEM). The GEM algorithm enjoys a logarithmic matching time performance. However, the algorithm's theoretical worst-case space complexity is O(n4) for a rule-base with n rules. Because of this perceived high space complexity, GEM-like algorithms were rejected as impractical by earlier works. Contrary to this conclusion, this paper shows that GEM is actually an excellent choice. Based on statistics from real firewall rule-bases, we created a Perimeter rules model that generates random, but nonuniform, rule-bases. We evaluated GEM via extensive simulation using the Perimeter rules model. Our simulations show that on such rule-bases, GEM uses near-linear space, and only needs approximately 13 MB of space for rule-bases of 5,000 rules. Moreover, with use of additional space improving heuristics, we have been able to reduce the space requirement to 2-3 MB for 5,000 rules. But most importantly, we integrated GEM into the code of the Linux iptables open-source firewall, and tested it on real traffic loads. Our GEM-iptables implementation managed to filter over 30,000 packets-per-second on a standard PC, even with 10,000 rules. Therefore, we believe that GEM is an efficient and practical algorithm for firewall packet matching. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • TDSC 2010 Reviewers List

    Publication Year: 2011 , Page(s): 160
    Save to Project icon | Request Permissions | PDF file iconPDF (30 KB)  
    Freely Available from IEEE
  • TDSC 2010 Annual Index

    Publication Year: 2011 , Page(s): Not in Print
    Save to Project icon | Request Permissions | PDF file iconPDF (235 KB)  
    Freely Available from IEEE
  • TDSC Information for authors

    Publication Year: 2011 , Page(s): c3
    Save to Project icon | Request Permissions | PDF file iconPDF (137 KB)  
    Freely Available from IEEE
  • [Back cover]

    Publication Year: 2011 , Page(s): c4
    Save to Project icon | Request Permissions | PDF file iconPDF (121 KB)  
    Freely Available from IEEE

Aims & Scope

The purpose of TDSC is to publish papers in dependability and security, including the joint consideration of these issues and their interplay with system performance.

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Elisa Bertino
CS Department
Purdue University