By Topic

Dependable and Secure Computing, IEEE Transactions on

Issue 6 • Date Nov.-Dec. 2012

Filter Results

Displaying Results 1 - 17 of 17
  • [Front cover]

    Page(s): c1
    Save to Project icon | Request Permissions | PDF file iconPDF (169 KB)  
    Freely Available from IEEE
  • [Inside front cover]

    Page(s): c2
    Save to Project icon | Request Permissions | PDF file iconPDF (148 KB)  
    Freely Available from IEEE
  • A Trust-Based Framework for Fault-Tolerant Data Aggregation in Wireless Multimedia Sensor Networks

    Page(s): 785 - 797
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1227 KB) |  | HTML iconHTML  

    For wireless multimedia sensor networks (WMSNs) deployed in noisy and unattended environments, it is necessary to establish a comprehensive framework that protects the accuracy of the gathered multimedia information. In this paper, we jointly consider data aggregation, information trust, and fault tolerance to enhance the correctness and trustworthiness of collected information. Based on the multilayer aggregation architecture of WMSNs, we design a trust-based framework for data aggregation with fault tolerance with a goal to reduce the impact of erroneous data and provide measurable trustworthiness for aggregated results. By extracting statistical characteristics from different sources and extending Josang's trust model, we propose how to compute self-data trust opinion, peer node trust opinion, and peer data trust opinion. According to the trust transfer and trust combination rules designed in our framework, we derive the trust opinion of the sink node on the final aggregated result. In particular, this framework can evaluate both discrete data and continuous media streams in WMSNs through a uniform mechanism. Results obtained from both simulation study and experiments on a real WMSN testbed demonstrate the validity and efficiency of our framework, which can significantly improve the quality of multimedia information as well as more precisely evaluate the trustworthiness of collected information. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Attacks and Defenses in the Data Plane of Networks

    Page(s): 798 - 810
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1419 KB) |  | HTML iconHTML  

    Security issues in computer networks have focused on attacks on end systems and the control plane. An entirely new class of emerging network attacks aims at the data plane of the network. Data plane forwarding in network routers has traditionally been implemented with custom-logic hardware, but recent router designs increasingly use software-programmable network processors for packet forwarding. These general-purpose processing devices exhibit software vulnerabilities and are susceptible to attacks. We demonstrate-to our knowledge the first-practical attack that exploits a vulnerability in packet processing software to launch a devastating denial-of-service attack from within the network infrastructure. This attack uses only a single attack packet to consume the full link bandwidth of the router's outgoing link. We also present a hardware-based defense mechanism that can detect situations where malicious packets try to change the operation of the network processor. Using a hardware monitor, our NetFPGA-based prototype system checks every instruction executed by the network processor and can detect deviations from correct processing within four clock cycles. A recovery system can restore the network processor to a safe state within six cycles. This high-speed detection and recovery system can ensure that network processors can be protected effectively and efficiently from this new class of attacks. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Detecting Automation of Twitter Accounts: Are You a Human, Bot, or Cyborg?

    Page(s): 811 - 824
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (2268 KB) |  | HTML iconHTML  

    Twitter is a new web application playing dual roles of online social networking and microblogging. Users communicate with each other by publishing text-based posts. The popularity and open structure of Twitter have attracted a large number of automated programs, known as bots, which appear to be a double-edged sword to Twitter. Legitimate bots generate a large amount of benign tweets delivering news and updating feeds, while malicious bots spread spam or malicious contents. More interestingly, in the middle between human and bot, there has emerged cyborg referred to either bot-assisted human or human-assisted bot. To assist human users in identifying who they are interacting with, this paper focuses on the classification of human, bot, and cyborg accounts on Twitter. We first conduct a set of large-scale measurements with a collection of over 500,000 accounts. We observe the difference among human, bot, and cyborg in terms of tweeting behavior, tweet content, and account properties. Based on the measurement results, we propose a classification system that includes the following four parts: 1) an entropy-based component, 2) a spam detection component, 3) an account properties component, and 4) a decision maker. It uses the combination of features extracted from an unknown user to determine the likelihood of being a human, bot, or cyborg. Our experimental evaluation demonstrates the efficacy of the proposed classification system. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Empirical Analysis of System-Level Vulnerability Metrics through Actual Attacks

    Page(s): 825 - 837
    Multimedia
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1614 KB) |  | HTML iconHTML  

    The Common Vulnerability Scoring System (CVSS) is a widely used and well-established standard for classifying the severity of security vulnerabilities. For instance, all vulnerabilities in the US National Vulnerability Database (NVD) are scored according to this method. As computer systems typically have multiple vulnerabilities, it is often desirable to aggregate the score of individual vulnerabilities to a system level. Several such metrics have been proposed, but their quality has not been studied. This paper presents a statistical analysis of how 18 security estimation metrics based on CVSS data correlate with the time-to-compromise of 34 successful attacks. The empirical data originates from an international cyber defense exercise involving over 100 participants and were collected by studying network traffic logs, attacker logs, observer logs, and network vulnerabilities. The results suggest that security modeling with CVSS data alone does not accurately portray the time-to-compromise of a system. However, results also show that metrics employing more CVSS data are more correlated with time-to-compromise. As a consequence, models that only use the weakest link (most severe vulnerability) to compose a metric are less promising than those that consider all vulnerabilities. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Enhancing Data Trustworthiness via Assured Digital Signing

    Page(s): 838 - 851
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1041 KB) |  | HTML iconHTML  

    Digital signatures are an important mechanism for ensuring data trustworthiness via source authenticity, integrity, and source nonrepudiation. However, their trustworthiness guarantee can be subverted in the real world by sophisticated attacks, which can obtain cryptographically legitimate digital signatures without actually compromising the private signing key. This problem cannot be adequately addressed by a purely cryptographic approach, by the revocation mechanism of Public Key Infrastructure (PKI) because it may take a long time to detect the compromise, or by using tamper-resistant hardware because the attacker does not need to compromise the hardware. This problem will become increasingly more important and evident because of stealthy malware (or Advanced Persistent Threats). In this paper, we propose a novel solution, dubbed Assured Digital Signing (ADS), to enhancing the data trustworthiness vouched by digital signatures. In order to minimize the modifications to the Trusted Computing Base (TCB), ADS simultaneously takes advantage of trusted computing and virtualization technologies. Specifically, ADS allows a signature verifier to examine not only a signature's cryptographic validity but also its system security validity that the private signing key and the signing function are secure, despite the powerful attack that the signing application program and the general-purpose Operating System (OS) kernel are malicious. The modular design of ADS makes it application-transparent (i.e., no need to modify the application source code in order to deploy it) and almost hypervisor-independent (i.e., it can be implemented with any Type I hypervisor). To demonstrate the feasibility of ADS, we report the implementation and analysis of an Xen-based ADS system. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Jamming-Resilient Multipath Routing

    Page(s): 852 - 864
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (3981 KB) |  | HTML iconHTML  

    Jamming attacks are especially harmful to the reliability of wireless communication, as they can effectively disrupt communication between any node pairs. Existing jamming defenses primarily focus on repairing connectivity between adjacent nodes. In this paper, we address jamming at the network level and focus on restoring the end-to-end data delivery through multipath routing. As long as all paths do not fail concurrently, the end-to-end path availability is maintained. Prior work in multipath selection improves routing availability by choosing node-disjoint paths or link-disjoint paths. However, through our experiments on jamming effects using MicaZ nodes, we show that disjointness is insufficient for selecting fault-independent paths. Thus, we address multipath selection based on the knowledge of a path's availability history. Using Availability History Vectors (AHVs) of paths, we present a centralized AHV-based algorithm to select fault-independent paths, and a distributed AHV-based routing protocol built on top of a classic routing algorithm in ad hoc networks. Our extensive simulation results validate that both AHV-based algorithms are effective in overcoming the jamming impact by maximizing the end-to-end availability of the selected paths. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • On Energy Security of Server Systems

    Page(s): 865 - 876
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1895 KB)  

    Power management has become increasingly important for server systems. Numerous techniques have been proposed and developed to optimize server power consumption and achieve energy proportional computing. However, the security perspective of server power management has not yet been studied. In this paper, we investigate energy attacks, a new type of malicious exploits on server systems. Targeted solely at abusing server power consumption, energy attacks exhibit very different attacking behaviors and cause very different victim symptoms from conventional cyberspace attacks. First, we unveil that today's server systems with improved power saving technologies are more vulnerable to energy attacks. Then, we demonstrate a realistic energy attack on a stand-alone server system in three steps: 1) by profiling energy cost of an open web service under different operation conditions, we identify the vulnerabilities that subject a server to energy attacks; 2) exploiting the discovered attack vectors, we design an energy attack that can be launched anonymously from remote; and 3) we execute the attack and measure the extent of its damage in a systematic manner. Finally, we highlight the challenges in defending against energy attacks, and we propose an effective defense scheme to meet the challenges and evaluate its effectiveness. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Preserving Structural Properties in Edge-Perturbing Anonymization Techniques for Social Networks

    Page(s): 877 - 889
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (832 KB) |  | HTML iconHTML  

    Social networks are attracting significant interest from researchers in different domains, especially with the advent of social networking systems which enable large-scale collection of network information. However, as much as analysis of such social networks can benefit researchers, it raises serious privacy concerns for the people involved in them. To address such privacy concerns, several techniques, such as k-anonymity-based approaches, have been proposed in the literature to provide user anonymity in published social networks. However, these methods usually introduce a large amount of distortion to the original social network graphs, thus, raising serious questions about their utility for useful social network analysis. Consequently, these techniques may never be applied in practice. We propose two methods to enhance edge-perturbing anonymization methods based on the concepts of structural roles and edge betweenness in social network theory. We experimentally show significant improvements in preserving structural properties in an anonymized social network achieved by our approach compared to the original algorithms over several data sets. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Robust Network Covert Communications Based on TCP and Enumerative Combinatorics

    Page(s): 890 - 902
    Multimedia
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (3830 KB) |  | HTML iconHTML  

    The problem of communicating covertly over the Internet has recently received considerable attention from both industry and academic communities. However, the previously proposed network covert channels are plagued by their unreliability and very low data rate. In this paper, we show through a new class of timing channels coined as Cloak that it is possible to devise a 100 percent reliable covert channel and yet offer a much higher data rate (up to an order of magnitude) than the existing timing channels. Cloak is novel in several aspects. First, Cloak uses the different combinations of N packets sent over X flows in each round to represent a message. The combinatorial nature of the encoding methods increases the channel capacity largely with (N,X). Second, based on the well-known 12-fold Way, Cloak offers 10 different encoding and decoding methods, each of which has a unique tradeoff among several important considerations, such as channel capacity and camouflage capability. Third, the packet transmissions modulated by Cloak can be carefully crafted to mimic normal TCP flows for evading detection. We have implemented Cloak and evaluated it in the PlanetLab and a controlled testbed. The results show that it is not uncommon for Cloak to have an order of channel goodput improvement over the IP Timing channel and JitterBug. Moreover, Cloak does not suffer from any message loss under various loss and reordering scenarios. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Secure Overlay Cloud Storage with Access Control and Assured Deletion

    Page(s): 903 - 916
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1126 KB) |  | HTML iconHTML  

    We can now outsource data backups off-site to third-party cloud storage services so as to reduce data management costs. However, we must provide security guarantees for the outsourced data, which is now maintained by third parties. We design and implement FADE, a secure overlay cloud storage system that achieves fine-grained, policy-based access control and file assured deletion. It associates outsourced files with file access policies, and assuredly deletes files to make them unrecoverable to anyone upon revocations of file access policies. To achieve such security goals, FADE is built upon a set of cryptographic key operations that are self-maintained by a quorum of key managers that are independent of third-party clouds. In particular, FADE acts as an overlay system that works seamlessly atop today's cloud storage services. We implement a proof-of-concept prototype of FADE atop Amazon S3, one of today's cloud storage services. We conduct extensive empirical studies, and demonstrate that FADE provides security protection for outsourced data, while introducing only minimal performance and monetary cost overhead. Our work provides insights of how to incorporate value-added security features into today's cloud storage services. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Surviving Attacks in Challenged Networks

    Page(s): 917 - 929
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1262 KB) |  | HTML iconHTML  

    In the event of a disaster, telecommunication infrastructures can be severely damaged or overloaded. Hastily formed networks can provide communication services in an ad hoc manner. These networks are challenging due to the chaotic context where intermittent connection is the norm and the identity and number of participants cannot be assumed. In such environments malicious actors may try to disrupt the communications to create more chaos for their own benefit. This paper proposes a general security framework for monitoring and reacting to disruptive attacks. It includes a collection of functions to detect anomalies, diagnose them, and perform mitigation. The measures are deployed in each node in a fully distributed fashion, but their collective impact is a significant resilience to attacks, so that the actors can disseminate information under adverse conditions. The approach has been evaluated in the context of a simulated disaster area network with a manycast dissemination protocol, Random Walk Gossip, with a store-and-forward mechanism. A challenging threat model where adversaries may attempt to reduce message dissemination or drain network resources without spending much of their own energy has been adopted. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Virus Propagation in Heterogeneous Bluetooth Networks with Human Behaviors

    Page(s): 930 - 943
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (2286 KB) |  | HTML iconHTML  

    The growth in the use of Smartphones and other mobile computing devices continues to grow rapidly. As mobile wireless communications become ubiquitous, the networks and systems that depend upon them will become more complex. In parallel with this, the spread of digital viruses and malicious content will be an ever increasing threat within this interconnected paradigm requiring counteracting mechanisms to continuously adapt. Current security solutions for mobile devices remain limited in their ability to protect particularly against zero-day attacks. Understanding the propagation characteristics of malware could provide a means to planning protection strategies, but modeling virus propagation behavior in mobile wireless and peer-to-peer communications devices is still immature. A compartmental-based virus propagation model has been developed for Bluetooth communication networks incorporating wireless technological traits and factors that are known to affect virus propagation including human behaviors, heterogeneous devices, and antivirus measures. The model is novel in the richness of its treatment of human factors alongside the technology factors that could impact spread. A simulation scenario, together with an analysis of the spreading dynamics has been conducted to determine how a Bluetooth virus might spread under different conditions. Although demonstrated through Bluetooth, the approach is applicable to malware propagation in general. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • TDSC Call for Papers

    Page(s): 944
    Save to Project icon | Request Permissions | PDF file iconPDF (127 KB)  
    Freely Available from IEEE
  • [Information for authors]

    Page(s): c3
    Save to Project icon | Request Permissions | PDF file iconPDF (148 KB)  
    Freely Available from IEEE
  • [Back cover]

    Page(s): c4
    Save to Project icon | Request Permissions | PDF file iconPDF (169 KB)  
    Freely Available from IEEE

Aims & Scope

The purpose of TDSC is to publish papers in dependability and security, including the joint consideration of these issues and their interplay with system performance.

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Elisa Bertino
CS Department
Purdue University