Integrating security and real-time requirements using covertchannel capacity

Database systems for real-time applications must satisfy timing constraints associated with transactions in addition to maintaining data consistency. In addition to real-time requirements, security is usually required in many applications. Multi-level security requirements introduce a new dimension to transaction processing in real-time database systems. In this paper, we argue that, due to the conflicting goals of each requirement, tradeoffs need to be made between security and timeliness. We first define mutual information, a measure of the degree to which security is being satisfied by a system. A secure two-phase locking protocol is then described and a scheme is proposed to allow partial violations of security for improved timeliness. Analytical expressions for the mutual information of the resultant covert channel are derived, and a feedback control scheme is proposed that does not allow the mutual information to exceed a specified upper bound. Results showing the efficacy of the scheme obtained through simulation experiments are also discussed     

Exploring the role of the spacers and acceptors on the triphenylamine-based dyes for dye-sensitized solar cells

Six triphenylamine-based dyes were explored for their application in dye-sensitized solar cells (DSSCs). Dyes 1–3 and dyes 4–6 possess cyanoacrylic acid (C-acceptor) and rhodanine-3-acetic acid (R-acceptor), respectively. Stilbene (in dyes 2 and 5) and bis(styryl)benzene (in dyes 3 and 6) were used as π-spacers. There is no π-spacer in the dye 1 and 4. To elucidate the role of π-spacers, optical, electrochemical, and photovoltaic properties of the dyes were studied. Among C-acceptor dyes, dye 2 exhibits the highest light-to-electricity conversion efficiency of 4.45%, followed by dye 3 (4.16%). Similarly, among R-acceptor dyes, dye 5 is the best. These results indicate that stilbene is a better π-spacer over bis(styryl)benzene. Although bis(styryl)benzene could extend the light absorption range (in dye-adsorbed TiO₂ film), its tendency to promote intermolecular π-π stacking is possibly the reason for its poor performance in DSSCs. Furthermore, the conjugation break in the R-acceptor moiety attached to the TiO₂ surface limits the electron injection of R-acceptor dyes poorer than C-acceptor dyes. Density functional theory calculations were performed for the dye-(TiO₂)₈ cluster, assuming a bidentate chelation of a carboxylic acid group with Ti⁴⁺ of TiO₂ anatase. The natural bond orbital (NBO) analysis indicated relatively more electron-accepting ability of cyanoacrylic acid over rhodanine-3-acetic acid.     

Dynamic key management in sensor networks

Numerous key management schemes have been proposed for sensor networks. The objective of key management is to dynamically establish and maintain secure channels among communicating nodes. Desired features of key management in sensor networks include energy awareness, localized impact of attacks, and scaling to a large number of nodes. A primary challenge is managing the trade-off between providing acceptable levels of security and conserving scarce resources, in particular energy, needed for network operations. Many schemes, referred to as static schemes, have adopted the principle of key predistribution with the underlying assumption of a relatively static short-lived network (node replenishments are rare, and keys outlive the network). An emerging class of schemes, dynamic key management schemes, assumes long-lived networks with more frequent addition of new nodes, thus requiring network rekeying for sustained security and survivability. In this article we present a classification of key management schemes in sensor networks delineating their similarities and differences. We also describe a novel dynamic key management scheme, localized combinatorial keying (LOCK), and compare its security and performance with a representative static key management scheme. Finally, we outline future research directions.     

A model order selection criterion with applications to cardio-respiratory-renal systems

We introduce a model order selection criterion called signal prediction error (SPE) for the identification of a linear regression model, which can be an adequate representation of a resting physiologic system. SPE is an estimate of the prediction error variance due only to model estimation error and not unobserved noise, which distinguishes it from the widely used final prediction error (FPE). We then present a theoretical analysis of SPE, which predicts that its ability to select correctly the model order is more dependent on the signal-to-noise ratio (SNR) and less dependent on the number of data samples available for analysis. We next propose a heuristic procedure based on SPE (called SPE(D)) to improve its robustness to SNR levels. We then demonstrate, through simulated physiologic data at high SNR levels, that SPE will be equivalent to consistent model order selection criteria for long data records but will become superior to FPE and other model order selection criteria as the size of the data record decreases. The simulated data results also show that SPE(D) is indeed a significant improvement over SPE in terms of robustness to SNR. Finally, we demonstrate the applicability of SPE and SPE(D) to actual cardio-respiratory-renal data.     

Detection of shellcodes in drive-by attacks using kernel machines

In this paper, we propose a light-weight framework using kernel machines for the detection of shellcodes used in drive-by download attacks. As the shellcodes are passed in webpages as JavaScript strings, we studied the effectiveness of the proposed approach on about 9850 shellcodes and 10000 JavaScript strings collected from the wild. Our analysis shows that the trained SVMs (Support Vector Machines) classified with an accuracy of over 99 %. Our evaluation of the trained SVM models with different proportions of training datasets proved to perform consistently with an average accuracy of 99.51 % and the proposed static approach proved to be effective against detecting even the polymorphic shellcode variants. The performance of our approach was compared to an emulation based approach and observed that our approach performed with slightly better accuracies by consuming about 33 % of the time consumed by the emulation based approach.     

Malware detection using assembly and API call sequences

One of the major problems concerning information assurance is malicious code. To evade detection, malware has also been encrypted or obfuscated to produce variants that continue to plague properly defended and patched networks with zero day exploits. With malware and malware authors using obfuscation techniques to generate automated polymorphic and metamorphic versions, anti-virus software must always keep up with their samples and create a signature that can recognize the new variants. Creating a signature for each variant in a timely fashion is a problem that anti-virus companies face all the time. In this paper we present detection algorithms that can help the anti-virus community to ensure a variant of a known malware can still be detected without the need of creating a signature; a similarity analysis (based on specific quantitative measures) is performed to produce a matrix of similarity scores that can be utilized to determine the likelihood that a piece of code under inspection contains a particular malware. Two general malware detection methods presented in this paper are: Static Analyzer for Vicious Executables (SAVE) and Malware Examiner using Disassembled Code (MEDiC). MEDiC uses assembly calls for analysis and SAVE uses API calls (Static API call sequence and Static API call set) for analysis. We show where Assembly can be superior to API calls in that it allows a more detailed comparison of executables. API calls, on the other hand, can be superior to Assembly for its speed and its smaller signature. Our two proposed techniques are implemented in SAVE) and MEDiC. We present experimental results that indicate that both of our proposed techniques can provide a better detection performance against obfuscated malware. We also found a few false positives, such as those programs that use network functions (e.g. PuTTY) and encrypted programs (no API calls or assembly functions are found in the source code) when the thresholds are set 50% similarity measure. However, these false positives can be minimized, for example by changing the threshold value to 70% that determines whether a program falls in the malicious category or not.     

Continuous cardiac output monitoring by peripheral blood pressure waveform analysis

A clinical method for monitoring cardiac output (CO) should be continuous, minimally invasive, and accurate. However, none of the conventional CO measurement methods possess all of these characteristics. On the other hand, peripheral arterial blood pressure (ABP) may be measured reliably and continuously with little or no invasiveness. We have developed a novel technique for continuously monitoring changes in CO by mathematical analysis of a peripheral ABP waveform. In contrast to the previous techniques, our technique analyzes the ABP waveform over time scales greater than a cardiac cycle in which the confounding effects of complex wave reflections are attenuated. The technique specifically analyzes 6-min intervals of ABP to estimate the pure exponential pressure decay that would eventually result if pulsatile activity abruptly ceased (i.e., after the high frequency wave reflections vanish). The technique then determines the time constant of this exponential decay, which equals the product of the total peripheral resistance and the nearly constant arterial compliance, and computes proportional CO via Ohm's law. To validate the technique, we performed six acute swine experiments in which peripheral ABP waveforms and aortic flow probe CO were simultaneously measured over a wide physiologic range. We report an overall CO error of 14.6%.     

Fragmented malware through RFID and its defenses

Malware, in essence, is an infiltration to one’s computer system. Malware is created to wreak havoc once it gets in through weakness in a computer’s barricade. Anti-virus companies and operating system companies are working to patch weakness in systems and to detect infiltrators. However, with the advance of fragmentation, detection might even prove to be more difficult. Malware detection relies on signatures to identify malware of certain shapes. With fragmentation, functionality and size can change depending on how many fragments are used and how the fragments are created. In this paper we present a robust malware detection technique, with emphasis on detecting fragmentation malware attacks in RFID systems that can be extended to detect complex obfuscated and mutated malware. After a particular fragmented malware has been first identified, it can be analyzed to extract the signature, which provides a basis for detecting variants and mutants of similar types of malware in the future. Encouraging experimental results on a limited set of recent malware are presented.     

Statistical accuracy of a moving equivalent dipole method to identify sites of origin of cardiac electrical activation

While radio frequency (RF) catheter ablation (RCA) procedures for treating ventricular arrhythmias have evolved significantly over the past several years, the use of RCA has been limited to treating slow ventricular tachycardias (VTs). In this paper, we present preliminary results from computer and animal studies to evaluate the accuracy of an algorithm that uses the single equivalent moving dipole (SEMD) model in an infinite homogeneous volume conductor to guide the RF catheter to the site of origin of the arrhythmia. Our method involves measuring body surface electrocardiographic (ECG) signals generated by arrhythmic activity and by bipolar current pulses emanating from a catheter tip, and representing each of them by a SEMD model source at each instant of the cardiac cycle, thus enabling rapid repositioning of the catheter tip requiring only a few cycles of the arrhythmia. We found that the SEMD model accurately reproduced body surface ECG signals with a correlation coefficients > 0.95. We used a variety of methods to estimate the uncertainty of the SEMD parameters due to measurement noise and found that at the time when the arrhythmia is mostly localized during the cardiac cycle, the estimates of the uncertainty of the spatial SEMD parameters (from ECG signals) are between 1 and 3 mm. We used pacing data from spatially separated epicardial sites in a swine model as surrogates for focal ventricular arrhythmic sources and found that the spatial SEMD estimates of the two pacing sites agreed with both their physical separation and orientation with respect to each other. In conclusion, our algorithm to estimate the SEMD parameters from body surface ECG can potentially be a useful method for rapidly positioning the catheter tip to the arrhythmic focus during an RCA procedure.