HiveSec: security in resource-constrained wireless networks inspired by beehives and bee swarms

Cryptographic algorithms rely on the strengths of all their fundamental components and expect them to be harmonious in accomplishing desired levels of security in applications. In order for a security solution to be sophisticated and to provide high security (measured in terms of the security goals it satisfies), the solution needs to typically involve complex mathematical operations and/or multiple stages of operation. While these might offer increased security, such solutions might not be applicable to all systems. We refer to resource-constrained wireless networks, such as radio frequency identification and wireless body area networks, where the resources available on-chip are often decided by the balance between device costs, requirements of longevity and usability. The constraints, thus, require designing solutions that use simple logical operations and are based on reuse of functions, while introducing sufficient unpredictability to increase security. In this paper, we present a key management and message signature generation scheme called HiveSec, whose design is inspired by the symmetry in beehives and the nature of bee swarms, and which offers security through unpredictability and reduced resource usage. We validate our work through simulation studies and security analysis.     

An approach for modeling and analysis of security system architectures

Security system architecture governs the composition of components in security systems and interactions between them. It plays a central role in the design of software security systems that ensure secure access to distributed resources in networked environment. In particular, the composition of the systems must consistently assure security policies that it is supposed to enforce. However, there is currently no rigorous and systematic way to predict and assure such critical properties in security system design. A systematic approach is introduced to address the problem. We present a methodology for modeling security system architecture and for verifying whether required security constraints are assured by the composition of the components. We introduce the concept of security constraint patterns, which formally specify the generic form of security policies that all implementations of the system architecture must enforce. The analysis of the architecture is driven by the propagation of the global security constraints onto the components in an incremental process. We show that our methodology is both flexible and scalable. It is argued that such a methodology not only ensures the integrity of critical early design decisions, but also provides a framework to guide correct implementations of the design. We demonstrate the methodology through a case study in which we model and analyze the architecture of the Resource Access Decision (RAD) Facility, an OMG standard for application-level authorization service.     

Interventions for long-term software security: Creating a lightweight program of assurance techniques for developers

Though some software development teams are highly effective at delivering security, others either do not care or do not have access to security experts to teach them how. Unfortunately, these latter teams are still responsible for the security of the systems they build: systems that are ever more important to ever more people. We propose that a series of lightweight interventions, six hours of facilitated workshops delivered over three months, can improve a team's motivation to consider security and awareness of assurance techniques, changing its security culture even when no security experts are involved. The interventions were developed after an Appreciative Inquiry and Grounded Theory survey of security professionals to find out what approaches work best. We tested the interventions in a participatory action research field study where we delivered the workshops to three software development organizations and evaluated their effectiveness through interviews beforehand, immediately afterwards, and after twelve months. We found that the interventions can be effective with teams with limited or no security experience and that improvement is long-lasting. This approach and the learning points arising from the work here have the potential to be applied in many development teams, improving the security of software worldwide.     

自治系统内部路由的仿真实验分析

阐述了RIP和OSPF,然后使用OPNET仿真软件对RIP和OSPF进行收敛速度和开销的仿真实验,根据结果可以得出RIP和OSPF路由协议这两方面的特点,最后总结了RIP和OSPF的最佳使用环境.RIP协议适合用于网络规模较小、拓扑结构比较简单、性能要求不严格和易用性要求较高的环境,OSPF适合网络规模大、拓扑结构复杂和性能要求高的环境.     

A framework for expressing the relationships between multiple viewsin requirements specification

Composite systems are generally comprised of heterogeneous components whose specifications are developed by many development participants. The requirements of such systems are invariably elicited from multiple perspectives that overlap, complement, and contradict each other. Furthermore, these requirements are generally developed and specified using multiple methods and notations, respectively. It is therefore necessary to express and check the relationships between the resultant specification fragments. We deploy multiple ViewPoints that hold partial requirements specifications, described and developed using different representation schemes and development strategies. We discuss the notion of inter-ViewPoint communication in the context of this ViewPoints framework, and propose a general model for ViewPoint interaction and integration. We elaborate on some of the requirements for expressing and enacting inter-ViewPoint relationships-the vehicles for consistency checking and inconsistency management. Finally, though we use simple fragments of the requirements specification method CORE to illustrate various components of our work, we also outline a number of larger case studies that we have used to validate our framework. Our computer-based ViewPoints support environment, The Viewer, is also briefly described     

Real-time force doors detection system using distributed sensors and neural networks

Intelligent security systems have evolved enormously in the last few years. Most of these security systems use a group of physics sensors and algorithms for data analysis and communication systems to notify security alarms. Many security systems that are included in doors can detect intruders when they have already opened the door, but not while intruders are forcing upon the door. However, some security systems include preventive systems, which can detect intruders before they open the door. These preventive systems are usually based on video cameras (image processing) or in-presence sensors, which can generate many false positives, for instance, when a person is next to the door for a few seconds, even if this person is not manipulating the door. This research work proposes a novel force door detection system. The system includes a specific device for monitoring door small vibrations and movements; it analyzes these data using neural networks to detect accurately if someone is forcing upon the door. Artificial intelligence must be able to categorize data records without confusing when someone is forcing upon the door with other actions, like knocking on the door.     

Static vulnerability detection in Java service-oriented components

Extensible component-based platforms allow dynamic discovery, installation and execution of components. Such platforms are service-oriented, as components may directly interact with each other via the services they provide. Even robust languages such as Java were not designed to handle safe code interaction between trusted and untrusted parties. Dynamic installation of code provided by different third parties leads to several security issues. The different security layers adopted by Java or component-based platforms cannot fully address the problem of untrusted components trying to tamper with other components via legitimate interactions. A malicious component might even use vulnerable ones to compromise the whole component-based platform. Our approach identifies vulnerable components in order to prevent them from threatening services security. We use static analysis to remain as exhaustive as possible and to avoid the need for non-standard or intrusive environments. We show that a static analysis through tainted object propagation is well suited to detect vulnerabilities in Java service-oriented components. We present STOP, a Service-oriented Tainted Object Propagation tool, which applies this technique to statically detect those security flaws. Finally, the audit of several trusted Apache Felix bundles shows that nowadays component-based platforms are not prepared for malicious Java interactions.     

Active Security—A proactive approach for computer security systems

Computer systems and especially networking environments are growing and changing very rapidly. Such growth introduces major security risks, as current computer and networking security components are not able to dynamically adopt themselves for the changing needs. Especially the growth of the Internet and electronic commerce have made it necessary to have centralized security policies in place which are enforced by a distributed environment. ‘Active Security’ is the result of a research and development project, introducing a new approach for implementing security systems, being able to automatically respond to new security threats. The focus of this work is encompassing a security infrastructure where multiple components including intrusion detection systems, vulnerability assessment scanners, firewalls and other security devices are able to communicate and respond to changing security threats. Design and implementation of Active Security is based on a public key infrastructure using digital certificates for providing authenticated communication. A number of sites on the Internet have participated during the pilot phase of Active Security protecting their networks. The United States patent titled ‘Active Firewall System and Methodology’ is pending for this architecture.     

Tutorial on telecommunications and security

Telecommunications, although around for many years, is finally beginning to get the attention it deserves. There are more applications utilizing telecommunication principles than ever before and many of these applications are facing security problems much like those faced by batch applications of a few years ago. Although this paper is not a definitive work about telecommunication security, it is a tutorial which will help “jog” the minds of the reader to remember key elements and components of telecommunication systems. By remembering these elements and components, system designers will be better able to utilize existing security functions to make current and planned telecommunication systems more secure. This paper describes general security issues in telecommunications and then uses those generalities to discuss two specific areas of concern: access and authorization.     

Issues and approaches to supporting timeliness and security in real-time database systems

Databases for real-time systems are essential in supporting time-critical applications. However, there has not been much work in supporting security in real-time database systems, although sensitive information must be safeguarded in real-time systems as well. In this paper we address the issues that need to be considered for supporting both requirements of timeliness and security in real-time database systems. We present an adaptive policy to achieve the balance between the two requirements dynamically. We also present the notion of flexible security and the specification language that allows the designer to specify important properties of the database at an appropriate level.     

Cetratus: A framework for zero downtime secure software updates in safety-critical systems

Safety-critical systems are evolving into complex, networked, and distributed systems. As a result of the high interconnectivity among all networked systems and of potential security threats, security countermeasures need to be incorporated. Nonetheless, albeit cutting-edge security measures are adopted and incorporated during the system development, such as latest recommended encryption algorithms, these protection mechanisms may turn out obsolete because of the long operational periods. New security flaws and bugs are continuously detected. Software updates are then essential to restore the security level of the system. However, system shutdowns may not be acceptable when high availability is required. As expressed by the European Union Agency for Network and Information Security (ENISA) “the research in the area of patching and updating equipment without disruption of service and tools” is needed. In this article, a novel live updating approach for zero downtime safety-critical systems named Cetratus is presented. Cetratus, which is based on a quarantine-mode execution and monitoring, enables the update of non-safety-critical software components while running, without compromising the safety integrity level of the system. The focus of this work lies on the incorporation of leading-edge security mechanisms while safety-related software components will remain untouched. Other non-safety-related software components could also be updated.     

路由网络RIP协议安全配置

在路由网络中,RIP协议由于简单便捷得到了广泛的使用,但是网络安全的问题逐渐突出,如何保证RIP协议的安全运行成为了路由网络不容忽视的问题,通过在路由器之间建立RIP协议的验证机制,从而保证路由网络的正常安全运行。     

扩展的基于角色访问控制模型的设计

协作系统的动态特性要求特定访问主体能够在安全监控下自主地进行访问主体角色关系配置．在研究开发的扩展的基于角色访问控制模型的基础上，应用对象建模方法对模型应用的关键问题提出了解决方案，包括一致性问题、动态监控、约束处理、安全控制等．该研究为扩展的角色的访问控制模型的实际应用提供指导，它可以应用到大型复杂系统，特别适用于动态协作系统，结合认证技术，可以实现大型复杂系统的安全保护．     

A logical approach to multilevel security of probabilistic systems

Summary. We set out a modal logic for reasoning about multilevel security of probabilistic systems. This logic contains expressions for time, probability, and knowledge. Making use of the Halpern-Tuttle framework for reasoning about knowledge and probability, we give a semantics for our logic and prove it is sound. We give two syntactic definitions of perfect multilevel security and show that their semantic interpretations are equivalent to earlier, independently motivated characterizations. We also discuss the relation between these characterizations of security and between their usefulness in security analysis.     

A game-theoretic approach for integrity assurance in resource-bounded systems

Assuring communication integrity is a central problem in security. However, overhead costs associated with cryptographic primitives used toward this end introduce significant practical implementation challenges for resource-bounded systems, such as cyber-physical systems. For example, many control systems are built on legacy components which are computationally limited, but have strict timing constraints. If integrity protection is a binary decision, it may simply be infeasible to introduce into such systems; without it, however, an adversary can forge malicious messages, which can cause significant physical or financial harm. To bridge the gap between such binary decisions, we propose a stochastic message authentication approach that can explicitly trade computational cost off for security. We introduce a formal game-theoretic framework for optimal stochastic message authentication, providing provable guarantees for resource-bounded systems based on an existing message authentication scheme. We use our framework to investigate attacker deterrence, as well as optimal stochastic message authentication when deterrence is impossible, in both short-term and long-term equilibria. Additionally, we propose two schemes for implementing stochastic message authentication in practice, one for saving computation only at the receiver and one for saving computation at both ends, and demonstrate the associated computational savings using an actual implementation.     

A SCADA testbed for investigating cyber security vulnerabilities in critical infrastructures

Supervisory Control and Data Acquisition (SCADA) systems are widely used in critical infrastructures such as water distribution networks, electricity generation and distribution plants, oil refineries, nuclear plants, and public transportation systems. However, the increased use of standard protocols and interconnectivity has exposed SCADA systems for potential cyber-attacks. In recent years, the cyber-security of SCADA systems has become a hot issue for governments, industrial sectors and academic community. Recently some security solutions have been proposed to secure SCADA systems. However, due to the critical nature of SCADA systems, evaluation of such proposed solutions on real system is im-practical. In this paper, we proposed an easily scalable and reconfigurable virtual SCADA security testbed, which can be used for developing and evaluating SCADA specific security solutions. With Distributed Denial of Service (DDoS) and false data injection attack scenarios, we demonstrated how attackers could disrupt the normal operation of SCADA systems. Experimental results show that, the pro-posed testbed can be effectively used for cyber security assessment and vulner-ability investigation on SCADA systems. One of the outcomes of this work is a labeled dataset, which can be used by researchers in the area of SCADA security.     

Security threats scenarios in trust and reputation models for distributed systems

Trust and reputation management over distributed systems has been proposed in the last few years as a novel and accurate way of dealing with some security deficiencies which are inherent to those environments. Thus, many models and theories have been developed in order to effective and accurately manage trust and reputation in those communities. Nevertheless, very few of them take into consideration all the possible security threats that can compromise the system. In this paper, we present some of the most important and critical security threats that could be applied in a trust and reputation scheme. We will describe and analyze each of those threats and propose some recommendations to face them when developing a new trust and reputation mechanism. We will also study how some trust and reputation models solve them. This work expects to be a reference guide when designing secure trust and reputation models.     

开放网络环境下客户端的安全

开放网络环境下进行信息传输时,用户在客户端面临很大的安全风险,因为客户程序的真实性得不到保障。目前使用的绝大部分系统中,用户不得不信任所在的客户节点。可采取的办法之一是采用智能卡,而且理想的情况下,智能卡拥有足够的计算能力和附加的输入输出设备,提供全部的密码处理以及必要的输入输出,但由于目前的工艺水平,,智能卡只能提供有限的计算资源。文中针对客户端的安全问题,对于基于对称密销密码体制的身份监别系统,给出了一个合理的增强客户安全的方法。该方法采用一个预先鉴别交换协议,在客户程序和KDC之间达成共享密钥,而不暴露用户的密钥,并保证对后继身分鉴别的透明性。文中还给出了协议的分析,对完全解决客户端的安全也进行了探讨。