By Topic

Dependable and Secure Computing, IEEE Transactions on

Issue 2 • Date March-April 2011

Filter Results

Displaying Results 1 - 20 of 20
  • [Front cover]

    Page(s): c1
    Save to Project icon | Request Permissions | PDF file iconPDF (113 KB)  
    Freely Available from IEEE
  • [Inside front cover]

    Page(s): c2
    Save to Project icon | Request Permissions | PDF file iconPDF (148 KB)  
    Freely Available from IEEE
  • Adaptive Fault-Tolerant QoS Control Algorithms for Maximizing System Lifetime of Query-Based Wireless Sensor Networks

    Page(s): 161 - 176
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1681 KB) |  | HTML iconHTML  

    Data sensing and retrieval in wireless sensor systems have a widespread application in areas such as security and surveillance monitoring, and command and control in battlefields. In query-based wireless sensor systems, a user would issue a query and expect a response to be returned within the deadline. While the use of fault tolerance mechanisms through redundancy improves query reliability in the presence of unreliable wireless communication and sensor faults, it could cause the energy of the system to be quickly depleted. Therefore, there is an inherent trade-off between query reliability versus energy consumption in query-based wireless sensor systems. In this paper, we develop adaptive fault-tolerant quality of service (QoS) control algorithms based on hop-by-hop data delivery utilizing “source” and “path” redundancy, with the goal to satisfy application QoS requirements while prolonging the lifetime of the sensor system. We develop a mathematical model for the lifetime of the sensor system as a function of system parameters including the “source” and “path” redundancy levels utilized. We discover that there exists optimal “source” and “path” redundancy under which the lifetime of the system is maximized while satisfying application QoS requirements. Numerical data are presented and validated through extensive simulation, with physical interpretations given, to demonstrate the feasibility of our algorithm design. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Application-Level Diagnostic and Membership Protocols for Generic Time-Triggered Systems

    Page(s): 177 - 193
    Multimedia
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (2136 KB)  

    We present online tunable diagnostic and membership protocols for generic time-triggered (TT) systems to detect crashes, send/receive omission faults, and network partitions. Compared to existing diagnostic and membership protocols for TT systems, our protocols do not rely on the single-fault assumption and also tolerate non-fail-silent (Byzantine) faults. They run at the application level and can be added on top of any TT system (possibly as a middleware component) without requiring modifications at the system level. The information on detected faults is accumulated using a penalty/reward algorithm to handle transient faults. After a fault is detected, the likelihood of node isolation can be adapted to different system configurations, including configurations where functions with different criticality levels are integrated. All protocols are formally verified using model checking. Using actual automotive and aerospace parameters, we also experimentally demonstrate the transient fault handling capabilities of the protocols. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Tamper-Resistant Programming Language System

    Page(s): 194 - 206
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (585 KB) |  | HTML iconHTML  

    An important and recurring security scenario involves the need to carry out trusted computations in the context of untrusted environments. It is shown how a tamper-resistant interpreter for a programming language-currently Lisp 1.5-combined with the use of a secure coprocessor can address this problem. This solution executes the interpreter on the secure coprocessor while the code and data of the program reside in the larger memory of an associated untrusted host. This allows the coprocessor to utilize the host's memory without fear of tampering even by a hostile host. This approach has several advantages including ease of use, and the ability to provide tamper-resistance for any program that can be constructed using the language. The language approach enabled the development of two novel mechanisms for implementing tamper resistance. These mechanisms provide alternatives to pure Merkle hash trees. Simulated relative performance of the various mechanisms is provided and shows the relative merits of each mechanism. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Chip Self-Organization and Fault Tolerance in Massively Defective Multicore Arrays

    Page(s): 207 - 217
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1118 KB) |  | HTML iconHTML  

    We study chip self-organization and fault tolerance at the architectural level to improve dependable continuous operation of multicore arrays in massively defective nanotechnologies. Architectural self-organization results from the conjunction of self-diagnosis and self-disconnection mechanisms (to identify and isolate most permanently faulty or inaccessible cores and routers), plus self-discovery of routes to maintain the communication in the array. In the methodology presented in this work, chip self-diagnosis is performed in three steps, following an ascending order of complexity: interconnects are tested first, then routers through mutual test, and cores in the last step. The mutual testing of routers is especially important as faulty routers are disconnected by good ones with no assumption on the behavior of defective elements. Moreover, the disconnection of faulty routers is not physical (“hard”) but logical (“soft”) in that a good router simply stops communicating with any adjacent router diagnosed as defective. There is no physical reconfiguration in the chip and no need for spare elements. Ultimately, the multicore array may be viewed as a black box, which incorporates protection mechanisms and self-organizes, while the external control reduces to a simple chip validation test which, in the simplest cases, reduces to counting the number of valid and accessible cores. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Comparative Evaluation of Spoofing Defenses

    Page(s): 218 - 232
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (3374 KB) |  | HTML iconHTML  

    IP spoofing exacerbates many security threats, and reducing it would greatly enhance Internet security. Seven defenses that filter spoofed traffic have been proposed to date; three are designed for end-network deployment, while four assume some collaboration with core routers for packet marking or filtering. Because each defense has been evaluated in a unique setting, the following important questions remain unanswered: 1) Can end networks effectively protect themselves or is core support necessary? 2) Which defense performs best assuming sparse deployment? 3) How to select core participants to achieve best protection with fewest deployment points? This paper answers the above questions by: 1) formalizing the problem of spoofed traffic filtering and defining novel effectiveness measures, 2) observing each defense as selfish (it helps its participants) or altruistic (it helps everyone) and differentiating their performance goals, 3) defining optimal core deployment points for defenses that need core support, and 4) evaluating all defenses in a common and realistic setting. Our results offer a valuable insight into advantages and limitations of the proposed defenses, and uncover the relationship between any spoofing defense's performance and the Internet's topology. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Cross-Layer Detection of Sinking Behavior in Wireless Ad Hoc Networks Using SVM and FDA

    Page(s): 233 - 245
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (3384 KB) |  | HTML iconHTML  

    The uniqueness of security vulnerabilities in ad hoc networks has given rise to the need for designing novel intrusion detection algorithms, different from those present in conventional networks. In this work, we propose an autonomous host-based intrusion detection system for detecting malicious sinking behavior. The proposed detection system maximizes the detection accuracy by using cross-layer features to define a routing behavior. For learning and adaptation to new attack scenarios and network environments, two machine learning techniques are utilized. Support Vector Machines (SVMs) and Fisher Discriminant Analysis (FDA) are used together to exploit the better accuracy of SVM and faster speed of FDA. Instead of using all cross-layer features, features from MAC layer are associated/correlated with features from other layers, thereby reducing the feature set without reducing the information content. Various experiments are conducted with varying network conditions and malicious node behavior. The effects of factors such as mobility, traffic density, and the packet drop ratios of the malicious nodes are analyzed. Experiments based on simulation show that the proposed cross-layer approach aided by a combination of SVM and FDA performs significantly better than other existing approaches. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Diagnosability of Two-Matching Composition Networks under the MM{}^{ast} Model

    Page(s): 246 - 255
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (3018 KB) |  | HTML iconHTML  

    Diagnosability is an important metric for measuring the reliability of multiprocessor systems. In this paper, we study the diagnosability of a class of networks, called Two-Matching Composition Networks (2-MCNs), each of which is constructed by connecting two graphs via two perfect matchings. By applying our result to multiprocessor systems, we also compute the diagnosability of folded hypercubes and augmented cubes, both of which belong to two-matching composition networks. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Nymble: Blocking Misbehaving Users in Anonymizing Networks

    Page(s): 256 - 269
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1294 KB) |  | HTML iconHTML  

    Anonymizing networks such as Tor allow users to access Internet services privately by using a series of routers to hide the client's IP address from the server. The success of such networks, however, has been limited by users employing this anonymity for abusive purposes such as defacing popular Web sites. Web site administrators routinely rely on IP-address blocking for disabling access to misbehaving users, but blocking IP addresses is not practical if the abuser routes through an anonymizing network. As a result, administrators block all known exit nodes of anonymizing networks, denying anonymous access to misbehaving and behaving users alike. To address this problem, we present Nymble, a system in which servers can “blacklist” misbehaving users, thereby blocking users without compromising their anonymity. Our system is thus agnostic to different servers' definitions of misbehavior-servers can blacklist users for whatever reason, and the privacy of blacklisted users is maintained. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • On Complexity and Approximability of Optimal DoS Attacks on Multiple-Tree P2P Streaming Topologies

    Page(s): 270 - 281
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1089 KB) |  | HTML iconHTML  

    We investigate the hardness of malicious attacks on multiple-tree topologies of push-based Peer-to-Peer streaming systems. In particular, we study the optimization problem of finding a minimum set of target nodes to achieve a certain damage objective. For this, we differentiate between three natural and increasingly complex damage types: global packet loss, service loss when using Multiple Description Coding, and service loss when using Forward Error Correction. We show that each of these attack problems is NP-hard, even for an idealized attacker with global knowledge about the topology. Despite tree-based topologies seem susceptible to such attacks, we can even prove that (under strong assumptions about NP) there is no polynomial time attacker, capable of guaranteeing a general solution quality within factors of c1 log(n) and c22log1-δn (with n topology nodes, δ = 1/log logd n for d <; 1/2 and constants c1, c2), respectively. To our knowledge, these are the first lower bounds on the quality of polynomial time attacks on P2P streaming topologies. The results naturally apply to major real-world DoS attackers and show hard limits for their possibilities. In addition, they demonstrate superior stability of Forward Error Correction systems compared to Multiple Description Coding and give theoretical foundation to properties of stable topologies. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Online Intrusion Alert Aggregation with Generative Data Stream Modeling

    Page(s): 282 - 294
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (2640 KB) |  | HTML iconHTML  

    Alert aggregation is an important subtask of intrusion detection. The goal is to identify and to cluster different alerts-produced by low-level intrusion detection systems, firewalls, etc.-belonging to a specific attack instance which has been initiated by an attacker at a certain point in time. Thus, meta-alerts can be generated for the clusters that contain all the relevant information whereas the amount of data (i.e., alerts) can be reduced substantially. Meta-alerts may then be the basis for reporting to security experts or for communication within a distributed intrusion detection system. We propose a novel technique for online alert aggregation which is based on a dynamic, probabilistic model of the current attack situation. Basically, it can be regarded as a data stream version of a maximum likelihood approach for the estimation of the model parameters. With three benchmark data sets, we demonstrate that it is possible to achieve reduction rates of up to 99.96 percent while the number of missing meta-alerts is extremely low. In addition, meta-alerts are generated with a delay of typically only a few seconds after observing the first alert belonging to a new attack instance. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • SAT: A Security Architecture Achieving Anonymity and Traceability in Wireless Mesh Networks

    Page(s): 295 - 307
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (523 KB) |  | HTML iconHTML  

    Anonymity has received increasing attention in the literature due to the users' awareness of their privacy nowadays. Anonymity provides protection for users to enjoy network services without being traced. While anonymity-related issues have been extensively studied in payment-based systems such as e-cash and peer-to-peer (P2P) systems, little effort has been devoted to wireless mesh networks (WMNs). On the other hand, the network authority requires conditional anonymity such that misbehaving entities in the network remain traceable. In this paper, we propose a security architecture to ensure unconditional anonymity for honest users and traceability of misbehaving users for network authorities in WMNs. The proposed architecture strives to resolve the conflicts between the anonymity and traceability objectives, in addition to guaranteeing fundamental security requirements including authentication, confidentiality, data integrity, and nonrepudiation. Thorough analysis on security and efficiency is incorporated, demonstrating the feasibility and effectiveness of the proposed architecture. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Fault Injection in Modern Microprocessors Using On-Chip Debugging Infrastructures

    Page(s): 308 - 314
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1318 KB) |  | HTML iconHTML  

    In this paper, a new fault injection approach to measure SEU sensitivity in COTS microprocessors is presented. It consists in a hardware-implemented module that performs fault injection through the available JTAG-based On-Chip Debugger (OCD). This approach can be applied to most microprocessors, since JTAG standard is a widely supported interface and OCDs are usually available in current microprocessors. Hardware implementation avoids the communication between the target system and the software debugging tool, increasing significantly the fault injection efficiency. The method has been applied to a complex microprocessor (ARM). Experimental results demonstrate the approach is a fast, efficient, and cost-effective solution. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • On the Security of Chien's Ultralightweight RFID Authentication Protocol

    Page(s): 315 - 317
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (301 KB) |  | HTML iconHTML  

    Security issues become more and more significant in RFID development. Recently, Chien proposed an ultralightweight RFID authentication protocol in order to achieve privacy and authenticity with limited computation and transmission resources. However, we find two desynchronization attacks to break the protocol. In order to repair the protocol, two patches that slightly modify the protocol are presented in the paper. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • CPS Handles the Details for you [advertisement]

    Page(s): 318
    Save to Project icon | Request Permissions | PDF file iconPDF (190 KB)  
    Freely Available from IEEE
  • Distinguish yourself with the CSDP [advertisement]

    Page(s): 319
    Save to Project icon | Request Permissions | PDF file iconPDF (431 KB)  
    Freely Available from IEEE
  • IEEE and IEEE Computer Society Special Student Offer

    Page(s): 320
    Save to Project icon | Request Permissions | PDF file iconPDF (468 KB)  
    Freely Available from IEEE
  • TDSC Information for authors

    Page(s): c3
    Save to Project icon | Request Permissions | PDF file iconPDF (148 KB)  
    Freely Available from IEEE
  • [Back cover]

    Page(s): c4
    Save to Project icon | Request Permissions | PDF file iconPDF (113 KB)  
    Freely Available from IEEE

Aims & Scope

The purpose of TDSC is to publish papers in dependability and security, including the joint consideration of these issues and their interplay with system performance.

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Elisa Bertino
CS Department
Purdue University