A Framework for Unified Network Security Management: Identifying and Tracking Security Threats on Converged Networks

A comprehensive network security management system must coordinate detection and scanning tools for converged networks; derive fully-integrated attack and network models; perform vulnerability and multi-stage attack analysis; support large-scale attack visualization; and possibly orchestrate strategic responses to unwarranted actions that cross network boundaries. We present an architecture that embodies these principles. The unified network security management system described in this paper gleans data from a suite of detection tools for various networking domains. Aggregate real-time network data supplies a comprehensive modeling framework used for further analysis, correlation, and visualization. The resulting system not only provides network administrators with a heads-up cockpit display of their entire network, it also supports guided response and predictive capabilities for multi-stage attacks in converged networks.Jerald Dawkins is Founder and Chief Scientist of Digital Enterprise Security Associates, LLC located in Tulsa, Oklahoma. His academic and professional endeavors have provided him with a background in computer security, attack management, risk analysis, and software engineering. He received his B.S. (Computer Science) degree from Fort Lewis College in 1999 and his M.S. and Ph.D. (Computer Science) from the University of Tulsa in 2003 and 2005, respectively.Kevin Clark is a Masters student at the University of Tulsa. He has been involved with research focusing on Security Risk Metrics, Automated Attack Generation and Analysis, and Attack Visualization.Gavin Manes is a Research Assistant Professor at the Center for Information Security and the University of Tulsa. His research interests are information assurance, digital forensics, telecommunications security, and critical infrastructure protection.     

An attack-norm separation approach for detecting cyber attacks

The two existing approaches to detecting cyber attacks on computers and networks, signature recognition and anomaly detection, have shortcomings related to the accuracy and efficiency of detection. This paper describes a new approach to cyber attack (intrusion) detection that aims to overcome these shortcomings through several innovations. We call our approach attack-norm separation. The attack-norm separation approach engages in the scientific discovery of data, features and characteristics for cyber signal (attack data) and noise (normal data). We use attack profiling and analytical discovery techniques to generalize the data, features and characteristics that exist in cyber attack and norm data. We also leverage well-established signal detection models in the physical space (e.g., radar signal detection), and verify them in the cyberspace. With this foundation of information, we build attack-norm separation models that incorporate both attack and norm characteristics. This enables us to take the least amount of relevant data necessary to achieve detection accuracy and efficiency. The attack-norm separation approach considers not only activity data, but also state and performance data along the cause-effect chains of cyber attacks on computers and networks. This enables us to achieve some detection adequacy lacking in existing intrusion detection systems. Nong Ye is a Professor of Industrial Engineering and an Affiliated Professor of Computer Science and Engineering at Arizona State University (ASU) the Director of the Information Systems Assurance Laboratory at ASU. Her research interests lie in security and Quality of Service assurance of information systems and infrastructures. She holds a Ph.D. degree in Industrial Engineering from Purdue University, West Lafayette, and M.S. and B.S. degrees in Computer Science from the Chinese Academy of Sciences and Peking University in China respectively. She is a senior member of IIE and IEEE, and an Associate Editor for IEEE Transactions on Systems, Man, and Cybernetics and IEEE Transactions on Reliability. Toni Farley is the Assistant Director of the Information and Systems Assurance Laboratory, and a doctoral student of Computer Science at Arizona State University (ASU), Tempe, Arizona. She is studying under a Graduate Fellowship from AT&T Labs-Research. Her research interests include graphs, networks and network security. She holds a B.S. degree in Computer Science and Engineering from ASU. She is a member of IEEE and the IEEE Computer Society. Her email address is toni@asu.edu. Deepak Lakshminarasimhan is a Research Assistant at the Information and Systems Assurance Laboratory, and a Master of Science student of Electrical engineering at Arizona State University (ASU), Tempe, Arizona. His research interests include network security, digital signal processing and statistical data analysis. He holds a B.S degree in Electronics and Communication Engineering from Bharathidasan University in India.     

Detecting feature interaction in CPL

This article addresses the problem of detecting feature interactions in the area of telephony systems design. The proposed approach consists of two phases: filtering and testing. The filtering phase detects possible interactions by identifying incoherencies in a logic specification of the main elements of the features, consisting of preconditions, triggers, results and constraints. If incoherencies are identified, then an interaction is suspected, test cases corresponding to the suspected interaction are generated and testing is applied to see if the interaction actually exists. Two case studies, carried out on established benchmarks, show that this approach gives good results in practice. Nicolas Gorse received a Master of Computer Science from the University of Ottawa, School of Information Technology and Engineering in 2001.He is currently a Ph.D. candidate in the Département d'Informatique et Recherche Opérationnelle of the Université de Montréal. His research interests relate to formal methods and their application in the design and verification of complex electronic systems at high levels of abstraction. Luigi Logrippo received a degree in law from the University of Rome (Italy) in 1961, and in the same year he started a career in computing. He worked for several computer companies and in 1969 he obtained a Master of Computer Science from the University of Manitoba, followed by a Ph.D. of Computer Science from the University of Waterloo in 1974.He was with the University of Ottawa for 29 years, where he was Chair of the Computer Science Department for 7 years. In 2002 he moved to the Université du Québec en Outaouais, Département d'Informatique et Ingénierie, while remaining associated with the University of Ottawa as an Adjunct Professor.His interest area is formal and logic-based methods and their applications in the design of communications systems. For a number of years he worked on the development of tools and methods for the language LOTOS. Current research deals with the formal analysis of advanced communications services made possible by internet telephony, of the policies that govern them, and of their interactions, in application areas such as presence features and e-commerce contracts. Jacques Sincennes is a research programmer/systems analyst at the University of Ottawa, School of Information Technology and Engineering. He has held this position for the past 17 years. He is coauthor of a number of papers and a patent application.An erratum to this article is available at .     

Privacy-preserving SVM classification

Traditional Data Mining and Knowledge Discovery algorithms assume free access to data, either at a centralized location or in federated form. Increasingly, privacy and security concerns restrict this access, thus derailing data mining projects. What is required is distributed knowledge discovery that is sensitive to this problem. The key is to obtain valid results, while providing guarantees on the nondisclosure of data. Support vector machine classification is one of the most widely used classification methodologies in data mining and machine learning. It is based on solid theoretical foundations and has wide practical application. This paper proposes a privacy-preserving solution for support vector machine (SVM) classification, PP-SVM for short. Our solution constructs the global SVM classification model from data distributed at multiple parties, without disclosing the data of each party to others. Solutions are sketched out for data that is vertically, horizontally, or even arbitrarily partitioned. We quantify the security and efficiency of the proposed method, and highlight future challenges. Jaideep Vaidya received the Bachelor’s degree in Computer Engineering from the University of Mumbai. He received the Master’s and the Ph.D. degrees in Computer Science from Purdue University. He is an Assistant Professor in the Management Science and Information Systems Department at Rutgers University. His research interests include data mining and analysis, information security, and privacy. He has received best paper awards for papers in ICDE and SIDKDD. He is a Member of the IEEE Computer Society and the ACM. Hwanjo Yu received the Ph.D. degree in Computer Science in 2004 from the University of Illinois at Urbana-Champaign. He is an Assistant Professor in the Department of Computer Science at the University of Iowa. His research interests include data mining, machine learning, database, and information systems. He is an Associate Editor of Neurocomputing and served on the NSF Panel in 2006. He has served on the program committees of 2005 ACM SAC on Data Mining track, 2005 and 2006 IEEE ICDM, 2006 ACM CIKM, and 2006 SIAM Data Mining. Xiaoqian Jiang received the B.S. degree in Computer Science from Shanghai Maritime University, Shanghai, 2003. He received the M.C.S. degree in Computer Science from the University of Iowa, Iowa City, 2005. Currently, he is pursuing a Ph.D. degree from the School of Computer Science, Carnegie Mellon University. His research interests are computer vision, machine learning, data mining, and privacy protection technologies.     

S-Club: an overlay-based efficient service discovery mechanism in CROWN Grid

Information service plays a key role in grid system, handles resource discovery and management process. Employing existing information service architectures suffers from poor scalability, long search response time, and large traffic overhead. In this paper, we propose a service club mechanism, called S-Club, for efficient service discovery. In S-Club, an overlay based on existing Grid Information Service (GIS) mesh network of CROWN is built, so that GISs are organized as service clubs. Each club serves for a certain type of service while each GIS may join one or more clubs. S-Club is adopted in our CROWN Grid and the performance of S-Club is evaluated by comprehensive simulations. The results show that S-Club scheme significantly improves search performance and outperforms existing approaches. Chunming Hu is a research staff in the Institute of Advanced Computing Technology at the School of Computer Science and Engineering, Beihang University, Beijing, China. He received his B.E. and M.E. in Department of Computer Science and Engineering in Beihang University. He received the Ph.D. degree in School of Computer Science and Engineering of Beihang University, Beijing, China, 2005. His research interests include peer-to-peer and grid computing; distributed systems and software architectures. Yanmin Zhu is a Ph.D. candidate in the Department of Computer Science, Hong Kong University of Science and Technology. He received his B.S. degree in computer science from Xi’an Jiaotong University, Xi’an, China, in 2002. His research interests include grid computing, peer-to-peer networking, pervasive computing and sensor networks. He is a member of the IEEE and the IEEE Computer Society. Jinpeng Huai is a Professor and Vice President of Beihang University. He serves on the Steering Committee for Advanced Computing Technology Subject, the National High-Tech Program (863) as Chief Scientist. He is a member of the Consulting Committee of the Central Government’s Information Office, and Chairman of the Expert Committee in both the National e-Government Engineering Taskforce and the National e-Government Standard office. Dr. Huai and his colleagues are leading the key projects in e-Science of the National Science Foundation of China (NSFC) and Sino-UK. He has authored over 100 papers. His research interests include middleware, peer-to-peer (P2P), grid computing, trustworthiness and security. Yunhao Liu received his B.S. degree in Automation Department from Tsinghua University, China, in 1995, and an M.A. degree in Beijing Foreign Studies University, China, in 1997, and an M.S. and a Ph.D. degree in computer science and engineering at Michigan State University in 2003 and 2004, respectively. He is now an assistant professor in the Department of Computer Science and Engineering at Hong Kong University of Science and Technology. His research interests include peer-to-peer computing, pervasive computing, distributed systems, network security, grid computing, and high-speed networking. He is a senior member of the IEEE Computer Society. Lionel M. Ni is chair professor and head of the Computer Science and Engineering Department at Hong Kong University of Science and Technology. Lionel M. Ni received the Ph.D. degree in electrical and computer engineering from Purdue University, West Lafayette, Indiana, in 1980. He was a professor of computer science and engineering at Michigan State University from 1981 to 2003, where he received the Distinguished Faculty Award in 1994. His research interests include parallel architectures, distributed systems, high-speed networks, and pervasive computing. A fellow of the IEEE and the IEEE Computer Society, he has chaired many professional conferences and has received a number of awards for authoring outstanding papers.     

Privacy preservation for data cubes

A range query finds the aggregated values over all selected cells of an online analytical processing (OLAP) data cube where the selection is specified by the ranges of contiguous values for each dimension. An important issue in reality is how to preserve the confidential information in individual data cells while still providing an accurate estimation of the original aggregated values for range queries. In this paper, we propose an effective solution, called the zero-sum method, to this problem. We derive theoretical formulas to analyse the performance of our method. Empirical experiments are also carried out by using analytical processing benchmark (APB) dataset from the OLAP Council. Various parameters, such as the privacy factor and the accuracy factor, have been considered and tested in the experiments. Finally, our experimental results show that there is a trade-off between privacy preservation and range query accuracy, and the zero-sum method has fulfilled three design goals: security, accuracy, and accessibility. Sam Y. Sung is an Associate Professor in the Department of Computer Science, School of Computing, National University of Singapore. He received a B.Sc. from the National Taiwan University in 1973, the M.Sc. and Ph.D. in computer science from the University of Minnesota in 1977 and 1983, respectively. He was with the University of Oklahoma and University of Memphis in the United States before joining the National University of Singapore. His research interests include information retrieval, data mining, pictorial databases and mobile computing. He has published more than 80 papers in various conferences and journals, including IEEE Transaction on Software Engineering, IEEE Transaction on Knowledge & Data Engineering, etc. Yao Liu received the B.E. degree in computer science and technology from Peking University in 1996 and the MS. degree from the Software Institute of the Chinese Science Academy in 1999. Currently, she is a Ph.D. candidate in the Department of Computer Science at the National University of Singapore. Her research interests include data warehousing, database security, data mining and high-speed networking. Hui Xiong received the B.E. degree in Automation from the University of Science and Technology of China, Hefei, China, in 1995, the M.S. degree in Computer Science from the National University of Singapore, Singapore, in 2000, and the Ph.D. degree in Computer Science from the University of Minnesota, Minneapolis, MN, USA, in 2005. He is currently an Assistant Professor of Computer Information Systems in the Management Science & Information Systems Department at Rutgers University, NJ, USA. His research interests include data mining, databases, and statistical computing with applications in bioinformatics, database security, and self-managing systems. He is a member of the IEEE Computer Society and the ACM. Peter A. Ng is currently the Chairperson and Professor of Computer Science at the University of Texas—Pan American. He received his Ph.D. from the University of Texas–Austin in 1974. Previously, he had served as the Vice President at the Fudan International Institute for Information Science and Technology, Shanghai, China, from 1999 to 2002, and the Executive Director for the Global e-Learning Project at the University of Nebraska at Omaha, 2000–2003. He was appointed as an Advisory Professor of Computer Science at Fudan University, Shanghai, China in 1999. His recent research focuses on document and information-based processing, retrieval and management. He has published many journal and conference articles in this area. He had served as the Editor-in-Chief for the Journal on Systems Integration (1991–2001) and as Advisory Editor for the Data and Knowledge Engineering Journal since 1989.     

A study of the model and algorithms for handling location-dependent continuous queries

Advances in wireless and mobile computing environments allow a mobile user to access a wide range of applications. For example, mobile users may want to retrieve data about unfamiliar places or local life styles related to their location. These queries are called location-dependent queries. Furthermore, a mobile user may be interested in getting the query results repeatedly, which is called location-dependent continuous querying. This continuous query emanating from a mobile user may retrieve information from a single-zone (single-ZQ) or from multiple neighbouring zones (multiple-ZQ). We consider the problem of handling location-dependent continuous queries with the main emphasis on reducing communication costs and making sure that the user gets correct current-query result. The key contributions of this paper include: (1) Proposing a hierarchical database framework (tree architecture and supporting continuous query algorithm) for handling location-dependent continuous queries. (2) Analysing the flexibility of this framework for handling queries related to single-ZQ or multiple-ZQ and propose intelligent selective placement of location-dependent databases. (3) Proposing an intelligent selective replication algorithm to facilitate time- and space-efficient processing of location-dependent continuous queries retrieving single-ZQ information. (4) Demonstrating, using simulation, the significance of our intelligent selective placement and selective replication model in terms of communication cost and storage constraints, considering various types of queries. Manish Gupta received his B.E. degree in Electrical Engineering from Govindram Sakseria Institute of Technology & Sciences, India, in 1997 and his M.S. degree in Computer Science from University of Texas at Dallas in 2002. He is currently working toward his Ph.D. degree in the Department of Computer Science at University of Texas at Dallas. His current research focuses on AI-based software synthesis and testing. His other research interests include mobile computing, aspect-oriented programming and model checking. Manghui Tu received a Bachelor degree of Science from Wuhan University, P.R. China, in 1996, and a Master's Degree in Computer Science from the University of Texas at Dallas 2001. He is currently working toward the Ph.D. degree in the Department of Computer Science at the University of Texas at Dallas. Mr. Tu's research interests include distributed systems, wireless communications, mobile computing, and reliability and performance analysis. His Ph.D. research work focuses on the dependent and secure data replication and placement issues in network-centric systems. Latifur R. Khan has been an Assistant Professor of Computer Science department at University of Texas at Dallas since September 2000. He received his Ph.D. and M.S. degrees in Computer Science from University of Southern California (USC) in August 2000 and December 1996, respectively. He obtained his B.Sc. degree in Computer Science and Engineering from Bangladesh University of Engineering and Technology, Dhaka, Bangladesh, in November of 1993. Professor Khan is currently supported by grants from the National Science Foundation (NSF), Texas Instruments, Alcatel, USA, and has been awarded the Sun Equipment Grant. Dr. Khan has more than 50 articles, book chapters and conference papers focusing in the areas of database systems, multimedia information management and data mining in bio-informatics and intrusion detection. Professor Khan has also served as a referee for database journals, conferences (e.g. IEEE TKDE, KAIS, ADL, VLDB) and he is currently serving as a program committee member for the 11th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (SIGKDD2005), ACM 14th Conference on Information and Knowledge Management (CIKM 2005), International Conference on Database and Expert Systems Applications DEXA 2005 and International Conference on Cooperative Information Systems (CoopIS 2005), and is program chair of ACM SIGKDD International Workshop on Multimedia Data Mining, 2004. Farokh Bastani received the B.Tech. degree in Electrical Engineering from the Indian Institute of Technology, Bombay, and the M.S. and Ph.D. degrees in Computer Science from the University of California, Berkeley. He is currently a Professor of Computer Science at the University of Texas at Dallas. Dr. Bastani's research interests include various aspects of the ultrahigh dependable systems, especially automated software synthesis and testing, embedded real-time process-control and telecommunications systems and high-assurance systems engineering. Dr. Bastani was the Editor-in-Chief of the IEEE Transactions on Knowledge and Data Engineering (IEEE-TKDE). He is currently an emeritus EIC of IEEE-TKDE and is on the editorial board of the International Journal of Artificial Intelligence Tools, the International Journal of Knowledge and Information Systems and the Springer-Verlag series on Knowledge and Information Management. He was the program cochair of the 1997 IEEE Symposium on Reliable Distributed Systems, 1998 IEEE International Symposium on Software Reliability Engineering, 1999 IEEE Knowledge and Data Engineering Workshop, 1999 International Symposium on Autonomous Decentralised Systems, and the program chair of the 1995 IEEE International Conference on Tools with Artificial Intelligence. He has been on the program and steering committees of several conferences and workshops and on the editorial boards of the IEEE Transactions on Software Engineering, IEEE Transactions on Knowledge and Data Engineering and the Oxford University Press High Integrity Systems Journal. I-Ling Yen received her B.S. degree from Tsing-Hua University, Taiwan, and her M.S. and Ph.D. degrees in Computer Science from the University of Houston. She is currently an Associate Professor of Computer Science at University of Texas at Dallas. Dr. Yen's research interests include fault-tolerant computing, security systems and algorithms, distributed systems, Internet technologies, E-commerce and self-stabilising systems. She has published over 100 technical papers in these research areas and received many research awards from NSF, DOD, NASA and several industry companies. She has served as Program Committee member for many conferences and Program Chair/Cochair for the IEEE Symposium on Application-Specific Software and System Engineering & Technology, IEEE High Assurance Systems Engineering Symposium, IEEE International Computer Software and Applications Conference, and IEEE International Symposium on Autonomous Decentralized Systems. She has also served as a guest editor for a theme issue of IEEE Computer devoted to high-assurance systems.     

Behavioural notions for elementary net systems

We study the relationships between a number of behavioural notions that have arisen in the theory of distributed computing. In order to sharpen the under-standing of these relationships we apply the chosen behavioural notions to a basic net-theoretic model of distributed systems called elementary net systems. The behavioural notions that are considered here are trace languages, non-sequential processes, unfoldings and event structures. The relationships between these notions are brought out in the process of establishing that for each elementary net system, the trace language representation of its behaviour agrees in a strong way with the event structure representation of its behaviour. M. Nielsen received a Master of Science degree in mathematics and computer science in 1973, and a Ph.D. degree in computer science in 1976 both from Aarhus University, Denmark. He has held academic positions at Department of Computer Science, Aarhus University, Denmark since 1976, and was visiting researcher at Computer Science Department, University of Edinburgh, U.K., 1977–79, and Computer Laboratory, Cambridge University, U.K., 1986. His research interest is in the theory of distributed computing. Grzegorz Rozenberg received a master of engineering degree from the Department of Electronics (section computers) of the Technical University of Warsaw in 1964 and a Ph.D. in mathematics from the Institute of Mathematics of the Polish Academy of Science in 1968. He has held acdeemic positions at the Institute of Mathematics of the Polish Academy of Science, the Department of Mathematics of Utrecht University, the Department of Computer Science at SUNY at Buffalo, and the Department of Mathematics of the University of Antwerp. He is currently Professor at the Department of Computer Science of Leiden University and Adjoint Professor at the Department of Computer Science of the University of Colorado at Boulder. His research interests include formal languages and automata theory, theory of graph transformations, and theory of concurrent systems. He is currently President of the European Association for Theoretical Computer Science (EATCS). P.S. Thiagarajan received the Bachelor of Technology degree from the Indian Institute of Technology, Madras, India in 1970. He was awarded the Ph.D. degree by Rice University, Houston Texas, U.S.A, in 1973. He has been a Research Associate at the Massachusetts Institute of Technology, Cambridge a Staff Scientist at the Geosellschaft für Mathematik und Datenverarbeitung, St. Augustin, a Lektor at Århus University, Århus and an Associate Professor at the Institute of Mathematical Sciences, Madras. He is currently a Professor at the School of Mathematics, SPIC Science Foundation, Madras. He research intest is in the theory of distributed computing.     

On the suitability of Biological structure determination by electron microscopy to Grid Computing

The present contribution describes a potential application of Grid Computing in Bioinformatics. High resolution structure determination of biological specimens is critical in BioSciences to understanding the biological function. The problem is computational intensive. Distributed and Grid Computing are thus becoming essential. This contribution analyzes the use of Grid Computing and its potential benefits in the field of electron microscope tomography of biological specimens. Jose-Jesus Fernandez, Ph.D.: He received his M.Sc. and Ph.D. degrees in Computer Science from the University of Granada, Spain, in 1992 and 1997, respectively. He was a Ph.D. student at the Bio-Computing unit of the National Center for BioTechnology (CNB) from the Spanish National Council of Scientific Research (CSIC), Madrid, Spain. He became an Assistant Professor in 1997 and, subsequently, Associate Professor in 2000 in Computer Architecture at the University of Almeria, Spain. He is a member of the supercomputing-algorithms research group. His research interests include high performance computing (HPC), image processing and tomography. Jose-Roman Bilbao-Castro: He received his M.Sc. degree in Computer Science from the University of Almeria in 2001. He is currently a Ph.D. student at the BioComputing unit of the CNB (CSIC) through a Ph.D. CSIC-grant in conjuction with Dept. Computer Architecture at the University of Malaga (Spain). His current research interestsinclude tomography, HPC and distributed and grid computing. Roberto Marabini, Ph.D.: He received the M.Sc. (1989) and Ph.D. (1995) degrees in Physics from the University Autonoma de Madrid (UAM) and University of Santiago de Compostela, respectively. He was a Ph.D. student at the BioComputing Unit at the CNB (CSIC). He worked at the University of Pennsylvania and the City University of New York from 1998 to 2002. At present he is an Associate Professor at the UAM. His current research interests include inverse problems, image processing and HPC. Jose-Maria Carazo, Ph.D.: He received the M.Sc. degree from the Granada University, Spain, in 1981, and got his Ph.D. in Molecular Biology at the UAM in 1984. He left for Albany, NY, in 1986, coming back to Madrid in 1989 to set up the BioComputing Unit of the CNB (CSIC). He was involved in the Spanish Ministry of Science and Technology as Deputy General Director for Research Planning. Currently, he keeps engaged in his activities at the CNB, the Scientific Park of Madrid and Integromics S.L. Immaculada Garcia, Ph.D.: She received her B.Sc. (1977) and Ph.D. (1986) degrees in Physics from the Complutense University of Madrid and University of Santiago de Compostela, respectively. From 1977 to 1987 she was an Assistant professor at the University of Granada, from 1987 to 1996 Associate professor at the University of Almeria and since 1997 she is a Full Professor and head of Dept. Computer Architecture. She is head of the supercomputing-algorithms research group. Her research interest lies in HPC for irregular problems related to image processing, global optimization and matrix computation.     

NetGlean: A Methodology for Distributed Network Security Scanning

Network vulnerability analysis tools today do not provide a complete security awareness solution. Currently, network administrators utilize multiple analysis tools in succession or randomly in a patchwork fashion that provides only temporary assurance. This paper introduces NetGlean as a methodology for distributed network security scanning with a holistic approach to network analysis. NetGlean uses new and existing techniques in a continual, autonomous, evolutionary manner to provide powerful real-time and historical views of large and complex networks. This paper introduces the methodology and describes one implementation NetGleanIP, a scanner for IP and converged networks.Gavin W. Manes is a Research Assistant Professor at the Center for Information Security and the University of Tulsa. His research interests are information assurance, digital forensics, telecommunications security, and critical infrastructure protection.Dominic Schulte graduate with his Masters of Computer Science from the University of Tulsa in May 2003. Currently he works as an information security professional.Seth Guenther graduate with his Masters of Computer Science from the University of Tulsa in May 2003. Currently he works as an information security professional.Sujeet Shenoi is the F.P.Walter Professor of Computer Science at the University of Tulsa, Tulsa, Oklahoma. His research interests are in information assurance, digital forensics, critical infrastructure protection, and intelligent control.     

An Attack-Finding Algorithm for Security Protocols

This paper proposes an automatic attack construction algorithm in order to find potential attacks on ecurity protocols.It is based on a dynamic strand space model,which enhances the original strand space model by introducing active nodes on strands so as to characterize the dynamic procedure of protocol execution.With exact causal dependency relations between messages considered in the model,this algorithm can avoid state space explo-sion caused by asynchronous composition.In order to get a finite state space,a new method called strand-added on demand is exploited,which extends a bundle in an incremental manner without requiring explicit configuration of protocol execution parameters.A finer granularity model of term structure is also introduced, in which subterms are divided into check subterms and data subterms .Moreover,data subterms can be further classified based on the compatible data subterm relation to obtain automatically the finite set of valid acceptable terms for an honest principal.In this algorithm,terms core is designed to represent the intruder‘s knowledge compactly,and forward search technology is used to simulate attack patterns easily.Using this algorithm,a new attack on the Dolve-Yao protocol can be found,which is even more harmful beeause the secret is revealed before the session terminates.     

Block cipher based on reversible cellular automata

We propose a new encryption algorithm relying on reversible cellular automata (CA). The behavior complexity of CA and their parallel nature makes them interesting candidates for cryptography. The proposed algorithm belongs to the class of symmetric key systems. Marcin Seredynski: He is a Ph.D. student at University of Luxembourg and Polish Academy of Sciences. He received his M.S. in 2004 from Faculty of Electronics and Information Technology in Warsaw University of Technology. His research interests include cryptography, cellular automata, nature inspired algorithms and network security. Currently he is working on intrusion detection algorithms for ad-hoc networks. Pascal Bouvry, Ph.D.: He earned his undergraduate degree in Economical & Social Sciences and his Master degree in Computer Science with distinction (’91) from the University of Namur, Belgium. He went on to obtain his Ph.D. degree (’94) in Computer Science with great distinction at the University of Grenoble (INPG), France. His research at the IMAG laboratory focussed on Mapping and scheduling task graphs onto Distributed Memory Parallel Computers. Next, he performed post-doctoral researches on coordination languages and multi-agent evolutionary computing at CWI in Amsterdam. He gained industrial experience as manager of the technology consultant team for FICS in the banking sector (Brussels, Belgium). Next, he worked as CEO and CTO of SDC (Ho Chi Minh city, Vietnam) in the telecom, semi-conductor and space industry. After that, He moved to Montreal Canada as VP Production of Lat45 and Development Director for MetaSolv Software in the telecom industry. He is currently serving as Professor in the group of Computer Science and Communications (CSC) of the Faculty of Sciences, Technology and Communications of Luxembourg University and he is heading the Intelligent & Adaptive Systems lab. His current research interests include: ad-hoc networks & grid-computing, evolutionary algorithms and multi-agent systems.     

Segmentation of stick text based on sub connected area analysis

A new stick text segmentation method based on the sub connected area analysis is introduced in this paper.The foundation of this method is the sub connected area representation of text image that can represent all connected areas in an image efficiently.This method consists mainly of four steps:sub connected area classification,finding initial boundary following point,finding optimal segmentation point by boundary tracing,and text segmentaton.This method is similar to boundary analysis method but is more efficient than boundary analysis.     

A Novel Computer Architecture to Prevent Destruction by Viruses

In today‘s Internet computing world,illegal activities by crackers pose a serious threat to computer security.It is well known that computer viruses,Trojan horses and other intrusive programs may cause sever and often catastrophic consequences. This paper proposes a novel secure computer architecture based on security-code.Every instruction/data word is added with a security-code denoting its security level.External programs and data are automatically addoed with security-code by hadware when entering a computer system.Instruction with lower security-code cannot run or process instruction/data with higher security level.Security-code cannot be modified by normal instruction.With minor hardware overhead,then new architecture can effectively protect the main computer system from destruction or theft by intrusive programs such as computer viruses.For most PC systems it includes an increase of word-length by 1 bit on register,the memory and the hard disk.     

Real-time classification of variable length multi-attribute motions

Multi-attribute motion data can be generated in many applications/ devices, such as motion capture devices and animations. It can have dozens of attributes, thousands of rows, and even similar motions can have different durations and different speeds at corresponding parts. There are no row-to-row correspondences between data matrices of two motions. To be classified and recognized, multi-attribute motion data of different lengths are reduced to feature vectors by using the properties of singular value decomposition (SVD) of motion data. The reduced feature vectors of similar motions are close to each other, while reduced feature vectors are different from each other if their motions are different. By applying support vector machines (SVM) to the feature vectors, we efficiently classify and recognize real-world multi-attribute motion data. With our data set of more than 300 motions with different lengths and variations, SVM outperforms classification by related similarity measures, in terms of accuracy and CPU time. The performance of our approach shows its feasibility of real-time applications to real-world data. Chuanjun Li is a Ph.D. candidate in Computer Science at the University of Texas at Dallas. His Ph.D. research works primarily on efficient segmentation and recognition of human motion streams, and development of indexing and clustering techniques for the multi-attribute motion data as well as classification of motion data. Dr. Latifur R. Khan has been an Assistant Professor of Computer Science Department at University of Texas at Dallas since September, 2000. He received his Ph.D. and M.S. degree in Computer Science from University of Southern California (USC) in August 2000 and December 1996, respectively. He obtained his B.Sc. degree in Computer Science and Engineering from Bangladesh University of Engineering and Technology, Dhaka, Bangladesh in November 1993. Professor Khan is currently supported by grants from the National Science Foundation (NSF), Texas Instruments, NOKIA, Alcatel, USA and has been awarded the Sun Equipment Grant. Dr. Khan has more than 50 articles, book chapters, and conference papers focusing in the areas of: database systems, multimedia information management, and data mining in bio-informatics and intrusion detection. Professor Khan has also served as a referee for database journals, conferences (e.g., IEEE TKDE, KAIS, ADL, VLDB) and he is currently serving as a program committee member for Eleventh ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (SIGKDD2005), ACM Fourteenth Conference on Information and Knowledge Management (CIKM 2005), International Conference on Database and Expert Systems Applications DEXA 2005, and International Conference on Cooperative Information Systems (CoopIS 2005), and program chair of ACM SIGKDD International Workshop on Multimedia Data Mining, 2004. Dr. Balakrishnan Prabhakaran is currently with the Department of Computer Science, University of Texas at Dallas. Dr. B. Prabhakaran has been working in the area of multimedia systems: multimedia databases, authoring & presentation, resource management, and scalable web-based multimedia presentation servers. He has published several research papers in prestigious conferences and journals in this area.Dr. Prabhakaran received the NSF CAREER Award FY 2003 for his proposal on Animation Databases. Dr. Prabhakaran has served as an Associate Chair of the ACM Multimedia’2003 (November 2003, California), ACM MM 2000 (November 2000, Los Angeles), and ACM Multimedia’99 conference (Florida, November 1999). He has served as guest-editor (special issue on Multimedia Authoring and Presentation) for ACM Multimedia Systems journal. He is also serving on the editorial board of Multimedia Tools and Applications Journal, Kluwer Academic Publishers. He has also served as program committee member on several multimedia conferences and workshops. Dr. Prabhakaran has presented tutorials in several conferences on topics such as network resource management, adaptive multimedia presentations, and scalable multimedia servers.B. Prabhakaran has served as a visiting research faculty with the Department of Computer Science, University of Maryland, College Park. He also served as a faculty in the Department of Computer Science, National University of Singapore as well as in the Indian Institute of Technology, Madras, India     

Secure software infrastructure in the internet age

The rapid growth and penetration of the Internet are now leading us to a world where networks are ubiquitous and everything is connected. Breaking the distance barrier by the ubiquitous connection, however, is a two-edged sword. Our network infrastructure today is still fragile and thus “everything is connected” may simply mean “everything can be attacked from whatever place on the earth.” In this paper, we first point out the importance and inherent problems of software systems that underlay open and extensible networks, especially the Internet. We put emphasis on software since software vulnerabilities account for most attacks, incidents, or even disasters on the Internet today. Next we present general ideas of promising techniques in defense of software systems, including theoretical, language-based, and runtime solutions. Finally, we show our experience in developing a secure mail system. Etsuya Shibayama, D.Sc.: He is a professor of the Graduate School of Information Science and Engineering at Tokyo Institute of Technology. He received B.Sc. and M.Sc. in mathematical sciences from Kyoto University in 1981 and 1983, respectively, and D.Sc. in information science from the University of Tokyo in 1991. He is interested in various topics in software including design and implementation of textual and visual programming languages, system software, and user interface software. Recently, he has been doing research on language-based software security and methodologies for building secure software. Akinori Yonezawa, Ph.D.: He is a Professor of computer science at Department of Computer Science, the University of Tokyo. He received his Ph.D. in Computer Science form the Massachusetts Institute of Technology in 1977. His current major research interests are in the areas of concurrent/parallel computation models, programming languages, object-oriented computing and distributed computing. He is the designer of and object-oriented concurrent language ABCL/1 and the editor of several books and served as an associate editor of ACM Transaction of Programming Language and Systems (TOPLAS). Since 1998, he has been an ACM Fellow.     

Self-stabilizing depth-first token circulation on networks

Summary This paper proposes a self-stabilizing protocol which circulates a token on a connected network in nondeterministic depth-first-search order, rooted at a special node. Starting with any initial state in which the network may have no token at all or more than one token, the protocol eventually makes the system stabilize in states having exactly one circulating token. With a slight modification to the protocol —by removing nondeterminism in the search — a depth-first-search tree on the network can be constructed. The proposed protocol runs on systems that allow parallel operations. Shing-Tsaan Huang was born in Taiwan on September 4, 1949. He got his Ph.D. degree in 1985 from Department of Computer Science, University of Maryland at College Park. Before he pursued his Ph.D. degree, he had worked several years in the computer industry in Taiwan. Professor Huang is currently the chairman of the Department of Computer Science, Tsing Hua University, Taiwan, Republic of China. His research interests include interconnection networks, operating systems and distributed computing. He is a senior member of the IEEE Computer Society and a member of the Association for Computing Machinery. Nian-Shing Chen was born in Taiwan on October 21, 1961. He received his Ph.D. degree in computer science from National Tsing Hua University in 1990. Dr. Chen is currently an associate professor with the Department of Information Management at Sun Yat-Sen University of Taiwan. His research interests include distributed systems, computer networks, computer viruses and expert systems. He is a member of IEEE and Phi Tau Phi honorary society.This research is supported by National Science Council of the Republic of China under the contract NSC81-0408-E-007-05 and NSC82-0408-E-007-027     

HarkMan—A Vocabulary-Independent Keyword Spotter for Spontaneons Chinese Speech

In this paper,a noverl technique adopted in HarkMan is introduced.HarkMan is a keywore-spotter designed to automatically spot the given words of a vocabulary-independent task in unconstrained Chinese telephone speech.The speaking manner and the number of keywords are not limited.This paper focuses on the novel technique which addresses acoustic modeling,keyword spotting network,search strategies,robustness,and rejection.The underlying technologies used in HarkMan given in this paper are useful not only for keyword spotting but also for continuous speech recognition.The system has achieved a figure-of-merit value over 90%.     

Minimizing TTP's involvement in signature validation

A digital signature applied on a message could serve as irrefutable cryptographic evidence to prove its origin and integrity. However, evidence solely based on digital signatures may not enforce strong non-repudiation. Additional mechanisms are needed to make digital signatures as valid non-repudiation evidence in the settlement of possible disputes. Most of existing mechanisms for maintaining the validity of digital signatures rely on the supporting services from trusted third parties, e.g., time-stamping and certificate revocation. Obviously, this is less efficient for on-line transactions. In this paper, we propose two new schemes for validating digital signatures as non-repudiation evidence that minimize the trusted third party's involvement. Major results have been published at ACISP'02 [21] and ISC'03 [22]. Jianying Zhou is a lead scientist at Institute for Infocomm Research (I2R), and heads the Internet Security Lab. He is also an adjunct professor in University of Science and Technology of China and an adjunct senior scientist in University of Malaga. Dr. Zhou worked in China, Singapore, and USA before joining I2R. He was a security consultant at the headquarters of Oracle Corporation, and took an architect role on securing e-business applications. He was a project manager at Kent Ridge Digital Labs, and led an R&D team to develop network security technologies. He was a post-doctoral fellow in National University of Singapore, and involved in a strategic research programme on computer security funded by National Science and Technology Board. He was formerly employed in Chinese Academy of Sciences, and played a critical role in a couple of national information security projects. Dr. Zhou obtained PhD degree in Information Security from University of London (sponsored by UK government and K C Wong Education Foundation), MSc degree in Computer Science from Chinese Academy of Sciences, and BSc degree in Computer Science from University of Science and Technology of China. His research interests are in computer and network security, cryptographic protocol, digital signature and non-repudiation, mobile communications security, public-key infrastructure, secure electronic commerce, and virtual private network. Dr. Zhou is actively involved in the academic community, serving on international conference committees and publishing papers at prestigious technical conferences and journals. He is a world-leading researcher on non-repudiation, and authored the book Non-repudiation in Electronic Commerce which was published by Artech House in 2001. He is a director in the board of International Communications and Information Security Association. He is a co-founder and steering committee member of International Conference on Applied Cryptography and Network Security, and served as program chair of ACNS 2003 and general chair of ACNS 2004. He received National Science and Technology Progress Award from State Commission of Science and Technology in 1995 in recognition of his achievement in the research and development of information security in China.