VTechWorks staff will be away for the Thanksgiving holiday beginning at noon on Wednesday, November 27, through Friday, November 29. We will resume normal operations on Monday, December 2. Thank you for your patience.

Destination Area: Integrated Security (IS)

Permanent URI for this collection

https://hdl.handle.net/10919/79979
IS focuses on advancing and assuring the security of our vital social, political, and financial networks while balancing the crucial needs and expectations of privacy and governmental oversight. This mission cuts across four other destination areas and strategic growth areas, intersecting at key points of national interest where Virginia Tech has demonstrated expertise and capability: Security for the Internet of Everything: The interconnection of the digital world, the physical world, and humans interacting with both worlds. Governance and Ethics for Security: Questions and concerns about the adoption, use, and audit of security and privacy practices as they affect citizens and their government, consumers and business, and humans and their environment. Analytics for National Security and Preparedness: Using the capabilities of big data to improve security, forecasting, awareness, and resilience in response to disasters and for national defense.

Browse

Browsing Destination Area: Integrated Security (IS) by Issue Date

Filter results by year or month
Now showing 1 - 20 of 119
  • Thumbnail Image
    Medical Monitoring Applications for Wearable Computing
    Raskovic, Dejan; Martin, Thomas L.; Jovanov, Emil (The British Computer Society, 2004-04-01)
    Medical monitors have benefited from technological advances in the field of wireless communication, processing and power sources. These advances have made possible miniaturization and prolonged operating times of medical monitors, as well as their global integration into telemedical systems. This allows patients to have real-time feedback about medical conditions while going about their normal daily activities. System designers are facing specific issues related to monitor acceptability, application requirements, power consumption and system connectivity. In this paper we discuss system design issues, present a survey of existing systems and sensors, and introduce two taxonomies of medical monitoring applications for wearable computing.
  • Thumbnail Image
    An Early Event in Adipogenesis, the Nuclear Selection of the CCAAT Enhancer-binding Protein ß (C/EBP ß ) mRNA by HuR and its Translocation to the Cytosol2006
    Gantt, Kira (American Society for Biochemistry and Molecular Biology, 2006-07)
    HuR is a ligand for nuclear mRNAs containing adenylate-uridylate-rich elements in the 3_-untranslated region. Once bound to the mRNA, HuR is recognized by adapter proteins that then facilitate nuclear export of the complex. In the cytosol, HuR is thought to function to control stability and translation of its ligand message. In the 3T3-L1 cells HuR is constitutively expressed and localized predominantly to the nucleus in the preadipocytes. However, within 30 min of exposure to the differentiation stimulus the HuR content in the cytosol increases, consistent with HuR regulating the availability of relevant mRNAs for translation. Using in vitro RNA gel shifts, we have demonstrated that the CCAAT enhancer binding protein ß (C/EBP ß) message is a ligand for HuR. Within 2 h of initiation of the differentiation process, HuR complexes containing C/EBP ß mRNA could be isolated from the cytosolic compartment. Importantly, the process appears to be highly selective, as cyclin D1, which contains a putative HuR binding site and is expressed on the same time frame as C/EBP ß, was not found in the immunoprecipitated messenger ribonucleoprotein complexes. The proximity of this event to adipogenic stimuli and the importance of C/EBP ß to the differentiation process have led us to hypothesize a role for HuR in the regulation of the onset of adipogenesis. In support of this hypothesis, small interfering RNA suppression of HuR protein content resulted in an inhibition of C/EBP ß protein expression and an attenuation of the differentiation process.
  • Thumbnail Image
    Keystroke-Dynamics Authentication Against Synthetic Forgeries
    Stefan, Deian; Yao, Danfeng (Daphne) (IEEE, 2010)
    We describe the use of keystroke-dynamics patterns for authentication and detecting infected hosts, and evaluate its robustness against forgery attacks. Specifically, we present a remote authentication framework called TUBA for monitoring a user’s typing patterns. We evaluate the robustness of TUBA through comprehensive experimental evaluation including two series of simulated bots. Support vector machine is used for classification. Our results based on 20 users’ keystroke data are reported. Our work shows that keystroke dynamics is robust against synthetic forgery attacks studied, where attacker draws statistical samples from a pool of available keystroke datasets other than the target. TUBA is particularly suitable for detecting extrusion in organizations and protecting the integrity of hosts in collaborative environments, as well as authentication.
  • Thumbnail Image
    User-Behavior Based Detection of Infection Onset
    Xu, Kui; Yao, Danfeng (Daphne); Ma, Qiang; Crowell, Alexander (Department of Computer Science, Virginia Polytechnic Institute & State University, 2010)
    A major vector of computer infection is through exploiting software or design flaws in networked applications such as the browser. Malicious code can be fetched and executed on a victim’s machine without the user’s permission, as in drive-by download (DBD) attacks. In this paper, we describe a new tool called DeWare for detecting the onset of infection delivered through vulnerable applications. DeWare explores and enforces causal relationships between computer-related human behaviors and system properties, such as file-system access and process execution. Our tool can be used to provide real time protection of a personal computer, as well as for diagnosing and evaluating untrusted websites for forensic purposes. Besides the concrete DBD detection solution, we also formally define causal relationships between user actions and system events on a host. Identifying and enforcing correct causal relationships have important applications in realizing advanced and secure operating systems. We perform extensive experimental evaluation, including a user study with 21 participants, thousands of legitimate websites (for testing false alarms), as well as 84 malicious websites in the wild. Our results show that DeWare is able to correctly distinguish legitimate download events from unauthorized system events with a low false positive rate (< 1%).
  • Thumbnail Image
    Virtual Secure Circuit: Porting Dual-Rail Pre-charge Technique into Software on Multicore
    Chen, Zhimin; Schaumont, Patrick R. (Cryptology ePrint Archive, 2010)
    This paper discusses a novel direction for multicore cryptographic software, namely the use of multicore to protect a design against side-channel attacks.We present a technique which is based on the principle of dual-rail pre-charge, but which can be completely implemented in software. The resulting protected software is called a Virtual Secure Circuit (VSC). Similar to the dual-rail pre-charge technique, a VSC executes as two complementary programs on two identical processor cores. Our key contributions include (1) the analysis of the security properties of a VSC, (2) the construction of a VSC AES prototype on a dual-PowerPC architecture, (3) the demonstration of VSC’s protection effectiveness with real side-channel attack experiments. The attack results showed that the VSC protected AES needs 80 times more measurements than the unprotected AES to find the first correct key byte. Even one million measurements were not sufficient to fully break VSC protected AES, while unprotected AES was broken using only 40000 measurements. We conclude that VSC can provide a similar side-channel resistance as WDDL, the dedicated hardware equivalent of dual-rail pre-charge. However, in contrast to WDDL, VSC is a software technique, and therefore it is flexible.
  • Thumbnail Image
    Personal Anomaly Detection and Smart-Phone Security
    Xiong, Huijun; Yao, Danfeng (Daphne) (Virginia Tech, 2010-04-22)
    Mobile devices increasingly become the computing platform for networked applications such as Web and email. This development requires strong guarantees on the system integrity and data security of mobile devices against malicious software (malware in short). This work introduces a new personalized anomaly detection approach that is able to achieve host security by modeling and enforcing the legitimate behavior characteristics of a human user. Specifically, we identify characteristic human-user behaviors (namely application-level user inputs via keyboard and mouse), developing protocols for fine-grained traffic-input analysis, and preventing forgeries and attacks by malware. Our solution contains a combination of cryptographic techniques, correlation analysis, and hardware-based integrity measures. Our evaluation is done in computers with real-world and synthetic malware. The uniqueness of this personalized anomaly detection technique is that it allows computer security to be realized without the need for continually monitoring ever-changing malware patterns.
  • Thumbnail Image
    Applications and Security of Next-Generation, User-Centric Wireless Systems
    Ramstetter, Jerry Rick; Yang, Yaling; Yao, Danfeng (Daphne) (MDPI, 2010-07-28)
    Pervasive wireless systems have significantly improved end-users quality of life. As manufacturing costs decrease, communications bandwidth increases, and contextual information is made more readily available, the role of next generation wireless systems in facilitating users daily activities will grow. Unique security and privacy issues exist in these wireless, context-aware, often decentralized systems. For example, the pervasive nature of such systems allows adversaries to launch stealthy attacks against them. In this review paper, we survey several emergent personal wireless systems and their applications. These systems include mobile social networks, active implantable medical devices, and consumer products. We explore each systems usage of contextual information and provide insight into its security vulnerabilities. Where possible, we describe existing solutions for defendingagainst these vulnerabilities. Finally, we point out promising future research directions for improving these systems robustness and security
  • Thumbnail Image
    Storytelling Security: User-Intention Based Traffic Sanitization
    Xiong, Huijun; Yao, Danfeng (Daphne); Zhang, Zhibin (Department of Computer Science, Virginia Polytechnic Institute & State University, 2010-12-01)
    Malicious software (malware) with decentralized communication infrastructure, such as peer-to-peer botnets, is difficult to detect. In this paper, we describe a traffic-sanitization method for identifying malware-triggered outbound connections from a personal computer. Our solution correlates user activities with the content of outbound traffic. Our key observation is that user-initiated outbound traffic typically has corresponding human inputs, i.e., keystroke or mouse clicks. Our analysis on the causal relations between user inputs and packet payload enables the efficient enforcement of the inter-packet dependency at the application level. We formalize our approach within the framework of protocol-state machine. We define new application-level traffic-sanitization policies that enforce the inter-packet dependencies. The dependency is derived from the transitions among protocol states that involve both user actions and network events. We refer to our methodology as storytelling security. We demonstrate a concrete realization of our methodology in the context of peer-to-peer file-sharing application, describe its use in blocking traffic of P2P bots on a host. We implement and evaluate our prototype in Windows operating system in both online and offline deployment settings. Our experimental evaluation along with case studies of real-world P2P applications demonstrates the feasibility of verifying the inter-packet dependencies. Our deep packet inspection incurs overhead on the outbound network flow. Our solution can also be used as an offline collect-and-analyze tool.
  • Thumbnail Image
    Privacy and Security in the Implementation of Health Information Technology (Electronic Health Records): U.S. and EU Compared
    Hiller, Janine S.; McMullen, Matthew S.; Chumney, Wade M.; Baumer, David L. (Boston University School of Law, 2011)
    The importance of the adoption of Electronic Health Records (EHRs) and the associated cost savings cannot be ignored as an element in the changing delivery of health care. However, the potential cost savings predicted in the use of EHR are accompanied by potential risks, either technical or legal, to privacy and security. The U.S. legal framework for healthcare privacy is a combination of constitutional, statutory, and regulatory law at the federal and state levels. In contrast, it is generally believed that EU protection of privacy, including personally identifiable medical information, is more comprehensive than that of U.S. privacy laws. Direct comparisons of U.S. and EU medical privacy laws can be made with reference to the five Fair Information Practices Principles (FIPs) adopted by the Federal Trade Commission and other international bodies. The analysis reveals that while the federal response to the privacy of health records in the U.S. seems to be a gain over conflicting state law, in contrast to EU law, U.S. patients currently have little choice in the electronic recording of sensitive medical information if they want to be treated, and minimal control over the sharing of that information. A combination of technical and legal improvements in EHRs could make the loss of privacy associated with EHRs de minimis. The EU has come closer to this position, encouraging the adoption of EHRs and confirming the application of privacy protections at the same time. It can be argued that the EU is proactive in its approach; whereas because of a different viewpoint toward an individual’s right to privacy, the U.S. system lacks a strong framework for healthcare privacy, which will affect the implementation of EHRs. If the U.S. is going to implement EHRs effectively, technical and policy aspects of privacy must be central to the discussion.
  • Thumbnail Image
    A Declarative Approach to Hardening Services Against QoS Vulnerabilities
    Kwon, Young-Wo; Tilevich, Eli (IEEE, 2011)
    The Quality of Service (QoS) in a distributed service-oriented application can be negatively affected by a variety of factors. Network volatility, hostile exploits, poor service management, all can prevent a service-oriented application from delivering its functionality to the user. This paper puts forward a novel approach to improving the reliability, security, and availability of service-oriented applications. To counter service vulnerabilities, a special service detects vulnerabilities as they emerge at runtime, and then hardens the applications by dynamically deploying special components. The novelty of our approach lies in using a declarative framework to express both vulnerabilities and hardening strategies in a domain-specific language, independent of the service infrastructure in place. Thus, our approach will make it possible to harden serviceoriented applications in a disciplined and systematic fashion.
  • Thumbnail Image
    Social Media for Cities, Counties and Communities
    Kavanaugh, Andrea L.; Fox, Edward A.; Sheetz, Steven D.; Yang, Seungwon; Li, Lin Tzy; Whalen, Travis; Shoemaker, Donald J.; Natsev, Apostol; Xie, Lexing (Department of Computer Science, Virginia Polytechnic Institute & State University, 2011)
    Social media (i.e., Twitter, Facebook, Flickr, YouTube) and other tools and services with user- generated content have made a staggering amount of information (and misinformation) available. Some government officials seek to leverage these resources to improve services and communication with citizens, especially during crises and emergencies. Yet, the sheer volume of social data streams generates substantial noise that must be filtered. Potential exists to rapidly identify issues of concern for emergency management by detecting meaningful patterns or trends in the stream of messages and information flow. Similarly, monitoring these patterns and themes over time could provide officials with insights into the perceptions and mood of the community that cannot be collected through traditional methods (e.g., phone or mail surveys) due to their substantive costs, especially in light of reduced and shrinking budgets of governments at all levels. We conducted a pilot study in 2010 with government officials in Arlington, Virginia (and to a lesser extent representatives of groups from Alexandria and Fairfax, Virginia) with a view to contributing to a general understanding of the use of social media by government officials as well as community organizations, businesses and the public. We were especially interested in gaining greater insight into social media use in crisis situations (whether severe or fairly routine crises, such as traffic or weather disruptions).
  • Thumbnail Image
    Identifying Native Applications with High Assurance
    Almohri, Hussain M.J.; Yao, Danfeng (Daphne); Kafura, Dennis G. (Department of Computer Science, Virginia Polytechnic Institute & State University, 2011)
    The work described in this paper investigates the problem of identifying and deterring stealthy malicious processes on a host. We point out the lack of strong application iden- tication in main stream operating systems. We solve the application identication problem by proposing a novel iden- tication model in which user-level applications are required to present identication proofs at run time to be authenti- cated by the kernel using an embedded secret key. The se- cret key of an application is registered with a trusted kernel using a key registrar and is used to uniquely authenticate and authorize the application. We present a protocol for secure authentication of applications. Additionally, we de- velop a system call monitoring architecture that uses our model to verify the identity of applications when making critical system calls. Our system call monitoring can be integrated with existing policy specication frameworks to enforce application-level access rights. We implement and evaluate a prototype of our monitoring architecture in Linux as device drivers with nearly no modication of the ker- nel. The results from our extensive performance evaluation shows that our prototype incurs low overhead, indicating the feasibility of our model.
  • Thumbnail Image
    Microblogging in Crisis Situations: Mass Protests in Iran, Tunisia, Egypt
    Kavanaugh, Andrea L.; Yang, Seungwon; Li, Lin Tzy; Sheetz, Steven D.; Fox, Edward A. (2011-05-01)
    In this paper we briefly examine the use of Twitter in Iran, Tunisia and Egypt during the mass political demonstrations and protests in June 2009, December 2010 and January 2011 respectively. We compare this usage with methods and findings from other studies on the use of Twitter in emergency situations, such as natural and man-made disasters. We draw on my own experiences and participant-observations as an eyewitness in Iran, and on Twitter data from Tunisia and Egypt. In these three cases, Twitter filled a unique technology and communication gap at least partially. We summarize suggested directions for future research with a view of placing this work in the larger context of social media use in conditions of crisis or social convergence.
  • Thumbnail Image
    A Database Driven Initial Ontology for Crisis, Tragedy, and Recovery
    Sheetz, Steven D. (2011-05-01)
    Many databases and supporting software have been developed to track the occurrences of natural disasters, manmade disasters, and combinations of the two. Each of the databases developed in this context, define their own representations of a disaster that describe the nature of the disaster and the data elements to be tracked for each type of disaster. The elements selected are not the same for the different databases, yet they are substantively similar. One capability common to many ontology development efforts is to describe data from diverse sources. Thus, we began our ontology development process by identifying several existing databases currently tracking disasters and derived the "ontology in situ" of their database. That is, we identified how the designers of the databases classify the types of disasters in their systems. We then merged these individual ontologies to identify an ontology that includes all of the classifications from the databases. Several aspects of disasters from the databases were highly consistent and therefore fit well together, e.g., the types of natural disasters, while others, e.g., geographic descriptions, were idiosyncratic and do not fit together seamlessly. The resulting ontology consists of 185 elements and has the potential to support data sharing/aggregation across the databases considered.
  • Thumbnail Image
    Between a Rock and a Cell Phone: Social Media Use during Mass Protests in Iran, Tunisia and Egypt
    Kavanaugh, Andrea L.; Yang, Seungwon; Sheetz, Steven D.; Li, Lin Tzy; Fox, Edward A. (Department of Computer Science, Virginia Polytechnic Institute & State University, 2011-05-01)
    In this paper we examine the use of social media, and especially Twitter, in Iran, Tunisia and Egypt during the mass political demonstrations and protests in June 2009, December 2010 - January 2011, and February 2011, respectively. We compare this usage with methods and findings from other studies on the use of Twitter in emergency situations, such as natural and man-made disasters. We draw on our own experiences and participant-observations as an eyewitness in Iran (first author), and on Twitter data from Iran, Tunisia and Egypt. In these three cases, Twitter filled a unique technology and communication gap at least partially. We summarize suggested directions for future research with a view of placing this work in the larger context of social media use in conditions of crisis and social convergence.
  • Thumbnail Image
    A policy review of the impact existing privacy principles have on current and emerging transportation safety technology
    Pethtel, Ray D.; Phillips, James D.; Hetherington, Gene (National Surface Transportation Safety Center for Excellence, 2011-05-12)
    Ensuring the safety of travelers by the use of technology, and protecting the personal information that is collected for those applications, is an important transportation policy concern. Perceptions of an abuse of privacy protection is a growing obstacle to speed monitoring and red-light-running applications. Many states and numerous localities have barred the use of technology for these safety applications. This report offers a detailed review, from a legal and operational perspective, of how personal privacy is (or is not) protected. Two unique sections contained in the report are (1) a state-by-state and court-involved inventory of relevant laws, and (2) a survey of the members of ITS America questioning how developers, manufacturers, operators, marketers, researchers, and deplorers of transportation technology comply with current privacy principles. -- Report website.
  • Thumbnail Image
    Twitter Use During an Emergency Event: The Case of UT Austin Shooting
    Li, Lin Tzy; Yang, Seungwon; Kavanaugh, Andrea L.; Fox, Edward A.; Sheetz, Steven D.; Shoemaker, Donald J. (2011-06-01)
    This poster presents one of our efforts developed in the context of Crisis, Tragedy, and Recovery Network (CTRnet) project. One of our derived works from this project is the use of social media by government to respond to emergency events in towns and counties. Monitoring social media information for unusual behavior can help identify these events once we can characterize their patterns. As an example, we analyzed the campus shooting occurred in the University of Texas, Austin, on September 28, 2010. In order to study the pattern of communication and the information communicated using social media on that day, we collected publicly available data from Twitter. Collected tweets were analyzed and visualized using Natural Language Toolkit, word clouds, and graphs. They showed how news and posts related to this event swamped the discussions of other issues.
  • Thumbnail Image
    Social Media Use by Government: From the Routine to the Critical
    Kavanaugh, Andrea L.; Fox, Edward A.; Sheetz, Steven D.; Yang, Seungwon; Li, Lin Tzy; Whalen, Travis; Shoemaker, Donald J.; Natsev, Paul; Xie, Lexing (2011-06-01)
    Social media (i.e., Twitter, Facebook, Flickr, YouTube) and other services with user-generated content have made a staggering amount of information (and misinformation) available. Government officials seek to leverage these resources to improve services and communication with citizens. Yet, the sheer volume of social data streams generates substantial noise that must be filtered. Nonetheless, potential exists to identify issues in real time, such that emergency management can monitor and respond to issues concerning public safety. By detecting meaningful patterns and trends in the stream of messages and information flow, events can be identified as spikes in activity, while meaning can be deciphered through changes in content. This paper presents findings from a pilot study we conducted between June and December 2010 with government officials in Arlington, Virginia (and the greater National Capitol Region around Washington, DC) with a view to understanding the use of social media by government officials as well as community organizations, businesses and the public. We are especially interested in understanding social media use in crisis situations (whether severe or fairly common, such as traffic or weather crises).
  • Thumbnail Image
    Security and Privacy produced by nHCP Unique Identifiers
    Tront, Joseph G.; Groat, Stephen; Dunlop, Matthew; Marchany, Randolph C. (IEEE, 2011-10)
    As protection against the current privacy weaknesses of StateLess Address AutoConfiguration (SLAAC) in the Internet Protocol version 6 (IPv6), network administrators may choose to deploy the new Dynamic Host Configuration Protocol for IPv6 (DHCPv6). Similar to the Dynamic Host Configuration Protocol (DHCP) for the Internet Protocol version 4 (IPv4), DHCPv6 uses a clientserver model to manage addresses in networks, providing statefol address assignment. While DHCPv6 can be configured to assign randomly distributed addresses to clients, the DHCP Unique Identifier (DUID) was designed to identify uniquely identify clients to servers and remains static to clients as they move between different subnets and networks. Since the DUID is globally unique and exposed in the clear, attackers can geotemporally track clients by sniffing DHCPv6 messages on the local network or by using unauthenticated protocol-valid queries that request systems' DUIDs or leased addresses. DUIDs can also be formed with systemspecific iriformation, forther compromising the privacy and security of the host. To combat the threat of the static DUID, a dynamic DUID was implemented and analyzed for its effect on privacy and security as well as its computational overhead. The privacy implications of DHCPv6 must be addressed before large-scale IPv6 deployment.
  • Thumbnail Image
    Privacy in the Digital Age: A Review of Information Privacy Research in Information Systems
    Bélanger, France; Crossler, Robert E. (University of Minnesota, Management Information Systems Research Center, 2011-12)
    Information privacy refers to the desire of individuals to control or have some influence over data about themselves. Advances in information technology have raised concerns about information privacy and its impacts, and have motivated Information Systems researchers to explore information privacy issues, including technical solutions to address these concerns. In this paper, we inform researchers about the current state information privacy research in IS through a critical analysis of the IS literature that considers information privacy as a key construct. The review of the literature reveals that information privacy is a multilevel concept, but rarely studied as such. We also find that information privacy research has been heavily reliant on student- based and USA-centric samples, which results in findings of limited generalizability. Information privacy research focuses on explaining and predicting theoretical contributions, with few studies in journal articles focusing on design and action contributions. We recommend that future research should consider different levels of analysis as well as multilevel effects of information privacy. We illustrate this with a multilevel framework for information privacy concerns. We call for research on information privacy to use a broader diversity of sampling populations, and for more design and action information privacy research to be published in journal articles that can result in IT artifacts for protection or control of information privacy.