By Topic

Dependable and Secure Computing, IEEE Transactions on

Issue 1 • Date Jan.-Feb. 2012

Filter Results

Displaying Results 1 - 18 of 18
  • [Front cover]

    Page(s): c1
    Save to Project icon | Request Permissions | PDF file iconPDF (113 KB)  
    Freely Available from IEEE
  • [Cover 2]

    Page(s): c2
    Save to Project icon | Request Permissions | PDF file iconPDF (107 KB)  
    Freely Available from IEEE
  • Editorial

    Page(s): 1
    Save to Project icon | Request Permissions | PDF file iconPDF (33 KB)  
    Freely Available from IEEE
  • A Flexible Approach to Improving System Reliability with Virtual Lockstep

    Page(s): 2 - 15
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1711 KB) |  | HTML iconHTML  

    There is an increasing need for fault tolerance capabilities in logic devices brought about by the scaling of transistors to ever smaller geometries. This paper presents a hypervisor-based replication approach that can be applied to commodity hardware to allow for virtually lockstepped execution. It offers many of the benefits of hardware-based lockstep while being cheaper and easier to implement and more flexible in the configurations supported. A novel form of processor state fingerprinting is also presented, which can significantly reduce the fault detection latency. This further improves reliability by triggering rollback recovery before errors are recorded to a checkpoint. The mechanisms are validated using a full prototype and the benchmarks considered indicate an average performance overhead of approximately 14 percent with the possibility for significant optimization. Finally, a unique method of using virtual lockstep for fault injection testing is presented and used to show that significant detection latency reduction is achievable by comparing only a small amount of data across replicas. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Flexible Approach to Multisession Trust Negotiations

    Page(s): 16 - 29
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (398 KB) |  | HTML iconHTML  

    Trust Negotiation has shown to be a successful, policy-driven approach for automated trust establishment, through the release of digital credentials. Current real applications require new flexible approaches to trust negotiations, especially in light of the widespread use of mobile devices. In this paper, we present a multisession dependable approach to trust negotiations. The proposed framework supports voluntary and unpredicted interruptions, enabling the negotiating parties to complete the negotiation despite temporary unavailability of resources. Our protocols address issues related to validity, temporary loss of data, and extended unavailability of one of the two negotiators. A peer is able to suspend an ongoing negotiation and resume it with another (authenticated) peer. Negotiation portions and intermediate states can be safely and privately passed among peers, to guarantee the stability needed to continue suspended negotiations. We present a detailed analysis showing that our protocols have several key properties, including validity, correctness, and minimality. Also, we show how our negotiation protocol can withstand the most significant attacks. As by our complexity analysis, the introduction of the suspension and recovery procedures, and mobile negotiations does not significantly increase the complexity of ordinary negotiations. Our protocols require a constant number of messages whose size linearly depend on the portion of trust negotiation that has been carried before the suspensions. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Stochastic Model of Multivirus Dynamics

    Page(s): 30 - 45
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1572 KB) |  | HTML iconHTML  

    Understanding the spreading dynamics of computer viruses (worms, attacks) is an important research problem, and has received much attention from the communities of both computer security and statistical physics. However, previous studies have mainly focused on single-virus spreading dynamics. In this paper, we study multivirus spreading dynamics, where multiple viruses attempt to infect computers while possibly combating against each other because, for example, they are controlled by multiple botmasters. Specifically, we propose and analyze a general model (and its two special cases) of multivirus spreading dynamics in arbitrary networks (i.e., we do not make any restriction on network topologies), where the viruses may or may not coreside on computers. Our model offers analytical results for addressing questions such as: What are the sufficient conditions (also known as epidemic thresholds) under which the multiple viruses will die out? What if some viruses can "rob” others? What characteristics does the multivirus epidemic dynamics exhibit when the viruses are (approximately) equally powerful? The analytical results make a fundamental connection between two types of factors: defense capability and network connectivity. This allows us to draw various insights that can be used to guide security defense. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Conditional Diagnosability of Augmented Cubes under the PMC Model

    Page(s): 46 - 60
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1398 KB) |  | HTML iconHTML  

    Processor fault diagnosis has played an important role in measuring the reliability of a multiprocessor system, and the diagnosability of many well-known multiprocessor systems has been widely investigated. The conditional diagnosability is a novel measure of diagnosability by adding an additional condition that any faulty set cannot contain all the neighbors of any node in a system. In this paper, we evaluate the conditional diagnosability for augmented cubes under the PMC model. We show that the conditional diagnosability of an n-dimensional augmented cube is 8n - 27 for n≥5. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Dynamic Security Risk Management Using Bayesian Attack Graphs

    Page(s): 61 - 74
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (2118 KB) |  | HTML iconHTML  

    Security risk assessment and mitigation are two vital processes that need to be executed to maintain a productive IT infrastructure. On one hand, models such as attack graphs and attack trees have been proposed to assess the cause-consequence relationships between various network states, while on the other hand, different decision problems have been explored to identify the minimum-cost hardening measures. However, these risk models do not help reason about the causal dependencies between network states. Further, the optimization formulations ignore the issue of resource availability while analyzing a risk model. In this paper, we propose a risk management framework using Bayesian networks that enable a system administrator to quantify the chances of network compromise at various levels. We show how to use this information to develop a security mitigation and management plan. In contrast to other similar models, this risk model lends itself to dynamic analysis during the deployed phase of the network. A multiobjective optimization platform provides the administrator with all trade-off information required to make decisions in a resource constrained environment. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Extending Attack Graph-Based Security Metrics and Aggregating Their Application

    Page(s): 75 - 85
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (571 KB) |  | HTML iconHTML  

    The attack graph is an abstraction that reveals the ways an attacker can leverage vulnerabilities in a network to violate a security policy. When used with attack graph-based security metrics, the attack graph may be used to quantitatively assess security-relevant aspects of a network. The Shortest Path metric, the Number of Paths metric, and the Mean of Path Lengths metric are three attack graph-based security metrics that can extract security-relevant information. However, one's usage of these metrics can lead to misleading results. The Shortest Path metric and the Mean of Path Lengths metric fail to adequately account for the number of ways an attacker may violate a security policy. The Number of Paths metric fails to adequately account for the attack effort associated with the attack paths. To overcome these shortcomings, we propose a complimentary suite of attack graph-based security metrics and specify an algorithm for combining the usage of these metrics. We present simulated results that suggest that our approach reaches a conclusion about which of two attack graphs correspond to a network that is most secure in many instances. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Low Energy Online Self-Test of Embedded Processors in Dependable WSN Nodes

    Page(s): 86 - 100
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (926 KB)  

    Wireless Sensor Network (WSN) nodes are often deployed in harsh environments where the possibility of permanent and especially intermittent faults due to environmental hazards is significantly increased, while silicon aging effects are also exacerbated. Thus, online and in-field testing is necessary to guarantee correctness of operation. At the same time, online testing of processors integrated in WSN nodes has the requirement of minimum energy consumption, because these devices operate on battery, cannot be connected to any external power supply, and the battery duration determines the lifetime of the system. Software-Based Self-Test (SBST) has emerged as an effective strategy for online testing of processors integrated in nonsafety critical applications. However, the notion of dependability includes not only reliability but also availability. Thus, in order to encase both aspects we present a methodology for the optimization of SBST routines from the energy perspective. The refined methodology presented in this paper is able to be effectively applied in the case that the SBST routines are not initially available and need to be downloaded to the WSN nodes, as well as the case that the SBST routines are available in a flash memory. The methodology is extended to maximize the energy gains for WSN architectures offering clock gating or Dynamic Frequency Scaling features. Simulation results show that energy savings at processor level are up to 36.5 percent, which depending on the characteristics of the WSN system, can translate in several weeks of increased lifetime, especially if the routines need to be downloaded to the WSN node. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Packet-Hiding Methods for Preventing Selective Jamming Attacks

    Page(s): 101 - 114
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (720 KB) |  | HTML iconHTML  

    The open nature of the wireless medium leaves it vulnerable to intentional interference attacks, typically referred to as jamming. This intentional interference with wireless transmissions can be used as a launchpad for mounting Denial-of-Service attacks on wireless networks. Typically, jamming has been addressed under an external threat model. However, adversaries with internal knowledge of protocol specifications and network secrets can launch low-effort jamming attacks that are difficult to detect and counter. In this work, we address the problem of selective jamming attacks in wireless networks. In these attacks, the adversary is active only for a short period of time, selectively targeting messages of high importance. We illustrate the advantages of selective jamming in terms of network performance degradation and adversary effort by presenting two case studies; a selective attack on TCP and one on routing. We show that selective jamming attacks can be launched by performing real-time packet classification at the physical layer. To mitigate these attacks, we develop three schemes that prevent real-time packet classification by combining cryptographic primitives with physical-layer attributes. We analyze the security of our methods and evaluate their computational and communication overhead. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • pCloud: A Distributed System for Practical PIR

    Page(s): 115 - 127
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1005 KB) |  | HTML iconHTML  

    Computational Private Information Retrieval (cPIR) protocols allow a client to retrieve one bit from a database, without the server inferring any information about the queried bit. These protocols are too costly in practice because they invoke complex arithmetic operations for every bit of the database. In this paper, we present pCloud, a distributed system that constitutes the first attempt toward practical cPIR. Our approach assumes a disk-based architecture that retrieves one page with a single query. Using a striping technique, we distribute the database to a number of cooperative peers, and leverage their computational resources to process cPIR queries in parallel. We implemented pCloud on the PlanetLab network, and experimented extensively with several system parameters. Our results indicate that pCloud reduces considerably the query response time compared to the traditional client/server model, and has a very low communication overhead. Additionally, it scales well with an increasing number of peers, achieving a linear speedup. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Revisiting Defenses against Large-Scale Online Password Guessing Attacks

    Page(s): 128 - 141
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1339 KB) |  | HTML iconHTML  

    Brute force and dictionary attacks on password-only remote login services are now widespread and ever increasing. Enabling convenient login for legitimate users while preventing such attacks is a difficult problem. Automated Turing Tests (ATTs) continue to be an effective, easy-to-deploy approach to identify automated malicious login attempts with reasonable cost of inconvenience to users. In this paper, we discuss the inadequacy of existing and proposed login protocols designed to address large-scale online dictionary attacks (e.g., from a botnet of hundreds of thousands of nodes). We propose a new Password Guessing Resistant Protocol (PGRP), derived upon revisiting prior proposals designed to restrict such attacks. While PGRP limits the total number of login attempts from unknown remote hosts to as low as a single attempt per username, legitimate users in most cases (e.g., when attempts are made from known, frequently-used machines) can make several failed login attempts before being challenged with an ATT. We analyze the performance of PGRP with two real-world data sets and find it more promising than existing proposals. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • 2011 Reviewers List

    Page(s): 142 - 143
    Save to Project icon | Request Permissions | PDF file iconPDF (27 KB)  
    Freely Available from IEEE
  • 2011 Annual Index

    Page(s): not in print
    Save to Project icon | Request Permissions | PDF file iconPDF (161 KB)  
    Freely Available from IEEE
  • Advertisement - There now is a quick and easy way to find out about our collection of transactions [new respository for journal updates]

    Page(s): 144
    Save to Project icon | Request Permissions | PDF file iconPDF (339 KB)  
    Freely Available from IEEE
  • TDSC Information for authors

    Page(s): c3
    Save to Project icon | Request Permissions | PDF file iconPDF (107 KB)  
    Freely Available from IEEE
  • [Cover 4]

    Page(s): c4
    Save to Project icon | Request Permissions | PDF file iconPDF (113 KB)  
    Freely Available from IEEE

Aims & Scope

The purpose of TDSC is to publish papers in dependability and security, including the joint consideration of these issues and their interplay with system performance.

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Elisa Bertino
CS Department
Purdue University