Abstract: This paper describes a project that integrates real devices used in the electric power grid with a simulation of electrical power generation and distribution, and a computer/communication simulator. The testbed is designed to evaluate the cyber-security of power grid control systems. Through a combination of simulation and emulation, the testbed seamlessly integrates virtual and real components, allowing for the evaluation of both high-level design descriptions on large-scale models, and precise measurements taken from production code executing on real hardware.

Abstract: In this paper, a new wavelet-based perspiration detection algorithm is proposed for fingerprint liveness detection. It is based on processing time-series ridge lines in the wavelet domain. The existing perspiration detection algorithm proposed in the literature captures perspiration information by processing ridge lines in the time (spatial) domain. However, for some kinds of fingers (e.g., dry and perspiration-saturated fingers), changes in perspiration are minute. These changes are difficult to extract from the grey-level intensities processed in the time domain. Due to this, such fingers may be misclassified, thus reducing overall accuracy. In practice, we often encounter poor quality, dry or wet fingers. Therefore, it is necessary to take due care of such fingers, and have an enhanced algorithm that can process these fingers as well. To alleviate the problem, this paper discusses a new algorithm that processes time-series ridge lines using the multiresolution theory of wavelets. Major sweating changes are extracted at the coarse level, and then resolution is gradually increased to notice minute details. Such a coarse-to-fine strategy provides us with rich sweating information compared to that obtained directly from grey-level intensities in the time domain, which naturally leads to improved liveness results.

Abstract: We define in this paper, a formal conceptual model, which presents the most fundamental concepts for mobile agent systems and unifies their representation and defines the relations between them. On this base, we propose a formal security framework which consists of three basic frameworks. The specification framework proposes a generic definition of security policies for the entities of mobile agent systems. The verification framework checks the intra-policy consistency. The reconfiguration framework describes how to reconfigure security policies and to maintain their consistency. Finally, we examine this theoretical work by defining an operational framework for dynamic enforcement of security policies.

Abstract: In this paper, we analyse the data sharing mechanisms of *nix systems and identify an immediate need for better privacy support. For example, using a simple insider attack we were able to access over 84 GB of private data at one organisation of 825 users, including 300 000 e-mails and 579 passwords to financial and other private services websites, without exploiting any technical vulnerability. We present two solutions to address this problem: 1. an administrative auditing tool which can alert administrators and users when their private data is at risk; 2. a new View Based Access Control (VBAC) mechanism which provides stronger and yet convenient privacy support. We also describe a proof-of-concept filesystem-based implementation and performance analysis of VBAC. Our evaluations with three well-known filesystem benchmarks show little overhead of using VBAC.

Abstract: We propose an event-based access control model, called Distributed-DEBAC, that takes into account the behaviour of distributed systems. Distributed-DEBAC policies are specified using an algebraic-functional framework. The declarative nature of the model facilitates the analysis of policies, and direct implementations for access control checking even when resources and information are widely dispersed. We give examples of application.

Abstract: We present in this paper a novel approach to non-functional safety properties, combining formal methods and Aspect-Oriented Programming (AOP). The approach supports both the formal specification and the enforcement of such properties through runtime monitoring. We apply our approach for security policies and especially Role-Based Access Control (RBAC) policies including application-specific constraints such as separation of duties and delegation. For formal specification, we introduce TemporalZ, a formal language based on Z and temporal logic, which provides domain specific predicates for expressing RBAC policies. For the enforcement, we generate automatically modular enforcement code out of the formal specification using the aspect-oriented language ALPHA.

Abstract: Based on the trace representation of Boolean functions, we devise an evolutionary algorithm to design bent functions. Using this algorithm, we then construct many bent functions and perform some analyses. First, we observe that each of the four affinely inequivalent bent functions in six variables can be written as the linear sum of two or three monomial trace functions. We draw the conclusion that the affine transformation can be used to change the linear span of the Boolean functions and thereby change the trace representation of our obtained bent functions. Second, we find that certain exponents are more suitable for constructing bent functions than others. From this observation, we assign each exponent a cost function, which makes our algorithm more efficient than an exhaustive search algorithm or a random algorithm. Third, we classify the obtained bent functions into affinely inequivalent classes, and the number of classes is presented.

Abstract: The last few years have witnessed a rapid growth in cyber attacks, with daily new vulnerabilities being discovered in computer applications. Various security-related technologies, e.g., anti-virus programs, Intrusion Detection Systems (IDSs)/Intrusion Prevention Systems (IPSs), firewalls, etc., are deployed to minimise the number of attacks and incurred losses. However, such technologies are not enough to completely eliminate the attacks to some extent; they can only minimise them. Therefore, software assurance is becoming a priority and an important characteristic of the software development life cycle. Application code analysis is gaining importance, as it can help in writing safe code during the development phase by detecting bugs that may lead to vulnerabilities. As a result, tremendous research on code analysis has been carried out by industry and academia and there exist many commercial and open source tools and approaches for this purpose. These have their own pros and cons. Therefore, the main objective of this article is to explore the state-of-the-art in code analysis and a few major tools which benefit not only security professionals, but also novice Information Technology (IT) professionals. We study the tools and techniques under the basic four types of analysis (Static Source Code (SSC), Static Binary Code (SBC), Dynamic Source Code (DSC) and Dynamic Binary Code (DBC) analysis) and briefly discuss them.

Abstract: Denial of Service (DoS)/Distributed DoS (DDoS) attack is an eminent threat to an Authentication Server (AS), which is used to guard access to firewalls, virtual private networks and resources connected by wired/wireless networks. In this paper, a new protocol called Identity-Based Privacy-Protected Access Control Filter (IPACF) is proposed to counter DoS/DDoS attacks. The IPACF is stateless for both user and AS since a user and responder must authenticate each other. The value and identity for authentication are changed in every frame. Thus, the privacy of both user and server is protected. The performance of the implementation is reported in this paper. In order to counter more DoS/DDoS attacks that issue fake requests, parallel processing technique is used to implement the AS. The performance comparison of dual server and single server is also reported. To study the capability of IPACF when facing massive DDoS attacks, simulations using OPNET for a network consisting of 1000 nodes with 10 Gbps pipe to the AS are carried out. The simulations show that the performance of AS has very little degradation in terms of packet latency and CPU utilisation for users. Queueing models are used to compare simulations and agreement between models and simulations is acceptable.

Abstract: Survivable systems must identify and isolate any damage as quickly as possible to avoid infection epidemic and outbreak in case of a malicious attack. Any delay during the fault detection and isolation process may lead to system unavailability and is unacceptable in mission-critical applications. In this paper a model is presented to perform damage assessment, fault identification and advance warning. The objective is to help confine the damage propagation (direct or transitive), while making the system survive ongoing attacks and performing necessary self-healing. Our major contribution is the study of the patterns of interconnection communications among applications and the use of communication graphs in damage identification and containment.

Abstract: Nodes in mobile ad hoc networks have limited transmission ranges that necessitate multihop communication. Hence the nodes expect their neighbours to relay the packets meant for nodes out of the transmission range of the source. Ad hoc networks are based on the fundamental assumption that if a node promises to relay a packet, it will relay the packet and will not cheat. This assumption becomes invalid when the nodes in the network have contradictory goals. As a result, routing protocols for ad hoc networks become vulnerable to rogue nodes. The reputations of the intermediate nodes, based on their past history of relaying packets, can be used by their neighbours to ensure that the packet will be relayed by the intermediate nodes. This paper introduces a reputation scheme for ad hoc networks that can motivate the intermediate nodes to relay packets. The source performs a route discovery (using Ad hoc on Demand Distance Vector Routing Protocol (AODV)) and finds a set of routes to the destination. Instead of choosing the shortest route to the destination, the source node chooses a path whose next hop node has the highest reputation. This policy, when used recursively, in the presence of 40% rogue nodes, improves the throughput of the system to 65%, from the 22% throughput provided by AODV with same number of rogue nodes. This improvement is obtained at the cost of a higher number of route discoveries with a minimal increase in the average hop length.

Abstract: The requirements for the efficient management of authorisations in web-based collaborative applications lead to new access control administration paradigms during run-time. The need for fine-grained and just-in-time access control can effectively be addressed by dynamic administration of authorisations, via either proper role or permission activation. In this paper, an authorisation architecture that is based on the Dynamically Administering Role-based Access Control (DARBAC) model, and provides access control and meta-access control capabilities, is presented. The paper describes the implementation of the components and the structure of the architecture within the.NET framework. The application of the implemented access control system is also demonstrated. Based on the results of this demonstration, a more detailed investigation of the benefits of the proposed approach, which are related to improvements in the administration of Role-based Access Control (RBAC) during run-time, is presented.

Abstract: To effectively manage network resources and to serve different traffic needs, several studies have been done in the Quality of Service (QoS) area. Basically, 'Multi-Field' (MF) packet classifiers classify a packet by looking for multiple fields of the IP-TCP headers, recognise which flow the packet belongs to, and according to this information, provide service differentiation in IP networks. However, for security purposes, existing security protocols (such as the IPSec ESP) hide much of this information in their encrypted payloads, preventing network control devices such as routers and switches from utilising this information in performing classification appropriately. The ESPQ protocol deals with this problem but it has some security weaknesses. In this paper, we present the ESPQ vulnerabilities and we propose QoS-friendly Encapsulated Security Payload (Q-ESP) as a security protocol that provides both security and QoS support.

Abstract: Wireless sensor networks are the emerging information technology for monitoring equipment and ambient conditions of production lines in modern factories. A salient feature of wireless sensor networks is that nodes can relay sensing data to a factory data centre in a multihop fashion. Existing security solutions to sensor networks focus on hop-by-hop encryption and message authentication, as the wireless medium is of an open nature. From an end-to-end perspective, a challenging security problem arises when computer hackers compromise some nodes in a network and these adversarial nodes modify or drop data packets destined to a data centre. In this paper, we propose the Secure Quasimultipath Forwarding (SQF) scheme with the novel idea of dynamic en route retransmission upon encountering adversary nodes. Modelling techniques are employed to study the impact of the data-forwarding security design on packet delivery latency and energy consumption. The simulation results demonstrate that SQF circumvents adversaries with a several-fold reduction in sensor node energy consumption, compared to the existing multipath routing method.

Abstract: Most of the cryptographic work in privacy-preserving distributed data mining deals with semi-honest adversaries, which are assumed to follow the prescribed protocol but try to infer private information using the messages they receive during the protocol. Although the semi-honest model is reasonable in some cases, it is unrealistic to assume that adversaries will always follow the protocols exactly. In particular, malicious adversaries could deviate arbitrarily from their prescribed protocols. Secure protocols that are developed against malicious adversaries require utilisation of complex techniques. Clearly, protocols that can withstand malicious adversaries provide more security. However, there is an obvious trade-off: protocols that are secure against malicious adversaries are generally more expensive than those secure against semi-honest adversaries only. In this paper, our goal is to make an analysis of trade-offs between performance and security in privacy-preserving distributed data mining algorithms in the two models. In order to make a realistic comparison, we enhance commonly used subprotocols that are secure in the semi-honest model with zero knowledge proofs to be secure in the malicious model. We compare the performance of these protocols in both models.

Abstract: The password era is drawing to a close. The latest technology is being released without keyboards, which makes password entry insecure and arduous. Furthermore, everyone is straining under the burden of multiple passwords and Personal Identification Numbers (PINs), and a viable knowledge-based alternative is urgently required. In the last few years a number of innovative graphical authentication mechanisms, which use pictures instead of alphanumeric strings, have been proposed. There is long-standing evidence that people remember pictures far better than they remember alphanumeric strings, so in terms of easing the memory load, pictures seem to offer a viable alternative. However, what is emerging from current research is that the design of such a graphical authentication mechanism interface can either make or break it, both in terms of security and usability. This paper will discuss various design options and make recommendations about how such systems should be designed in order to make them maximally efficacious while considering the level of risk associated with the resource being protected by the mechanism.