Destination Area: Integrated Security (IS)

Permanent URI for this collection

https://hdl.handle.net/10919/79979
IS focuses on advancing and assuring the security of our vital social, political, and financial networks while balancing the crucial needs and expectations of privacy and governmental oversight. This mission cuts across four other destination areas and strategic growth areas, intersecting at key points of national interest where Virginia Tech has demonstrated expertise and capability: Security for the Internet of Everything: The interconnection of the digital world, the physical world, and humans interacting with both worlds. Governance and Ethics for Security: Questions and concerns about the adoption, use, and audit of security and privacy practices as they affect citizens and their government, consumers and business, and humans and their environment. Analytics for National Security and Preparedness: Using the capabilities of big data to improve security, forecasting, awareness, and resilience in response to disasters and for national defense.

Browse

Browsing Destination Area: Integrated Security (IS) by Department "Computer Science"

Now showing 1 - 20 of 45
  • Thumbnail Image
    Adaptive Key Protection in Complex Cryptosystems with Attributes
    Wang, Zilong; Yao, Danfeng (Daphne); Feng, Rongquan (Department of Computer Science, Virginia Polytechnic Institute & State University, 2012)
    In the attribute-based encryption (ABE) model, attributes (as opposed to identities) are used to encrypt messages, and all the receivers with qualifying attributes can decrypt the ciphertext. However, compromised attribute keys may affect the communications of many users who share the same access control policies. We present the notion of forward-secure attribute-based encryption (fs-ABE) and give a concrete construction based on bilinear map and decisional bilinear Diffie-Hellman assumption. Forward security means that a compromised private key by an adversary at time t does not break the confidentiality of the communication that took place prior to t. We describe how to achieve both forward security and encryption with attributes, and formally prove our security against the adaptive chosen-ciphertext adversaries. Our scheme is non-trivial, and the key size only grows polynomially with logN (where N is the number of time periods). We further generalize our scheme to support the individualized key-updating schedule for each attribute, which provides a finer granularity for key management. Our insights on the required properties that an ABE scheme needs to possess in order to be forward-secure compatible are useful beyond the specific fs-ABE construction given. We raise an open question at the end of the paper on the escrow problem of the master key in ABE schemes.
  • Thumbnail Image
    Applications and Security of Next-Generation, User-Centric Wireless Systems
    Ramstetter, Jerry Rick; Yang, Yaling; Yao, Danfeng (Daphne) (MDPI, 2010-07-28)
    Pervasive wireless systems have significantly improved end-users quality of life. As manufacturing costs decrease, communications bandwidth increases, and contextual information is made more readily available, the role of next generation wireless systems in facilitating users daily activities will grow. Unique security and privacy issues exist in these wireless, context-aware, often decentralized systems. For example, the pervasive nature of such systems allows adversaries to launch stealthy attacks against them. In this review paper, we survey several emergent personal wireless systems and their applications. These systems include mobile social networks, active implantable medical devices, and consumer products. We explore each systems usage of contextual information and provide insight into its security vulnerabilities. Where possible, we describe existing solutions for defendingagainst these vulnerabilities. Finally, we point out promising future research directions for improving these systems robustness and security
  • Thumbnail Image
    ‘Beating the news’ with EMBERS: Forecasting Civil Unrest using Open Source Indicators
    Ramakrishnan, Naren; Butler, Patrick; Self, Nathan; Khandpur, Rupinder P.; Saraf, Parang; Wang, Wei; Cadena, Jose; Vullikanti, Anil Kumar S.; Korkmaz, Gizem; Kuhlman, Christopher J.; Marathe, Achla; Zhao, Liang; Ting, Hua; Huang, Bert; Srinivasan, Aravind; Trinh, Khoa; Getoor, Lise; Katz, Graham; Doyle, Andy; Ackermann, Chris; Zavorin, Ilya; Ford, Jim; Summers, Kristen; Fayed, Youssef; Arredondo, Jaime; Gupta, Dipak; Mares, David; Muthia, Sathappan; Chen, Feng; Lu, Chang-Tien (2014)
    We describe the design, implementation, and evaluation of EMBERS, an automated, 24x7 continuous system for forecasting civil unrest across 10 countries of Latin America using open source indicators such as tweets, news sources, blogs, economic indicators, and other data sources. Unlike retrospective studies, EMBERS has been making forecasts into the future since Nov 2012 which have been (and continue to be) evaluated by an independent T&E team (MITRE). Of note, EMBERS has successfully forecast the uptick and downtick of incidents during the June 2013 protests in Brazil. We outline the system architecture of EMBERS, individual models that leverage specific data sources, and a fusion and suppression engine that supports trading off specific evaluation criteria. EMBERS also provides an audit trail interface that enables the investigation of why specific predictions were made along with the data utilized for forecasting. Through numerous evaluations, we demonstrate the superiority of EMBERS over baserate methods and its capability to forecast significant societal happenings.
  • Thumbnail Image
    Between a Rock and a Cell Phone: Social Media Use during Mass Protests in Iran, Tunisia and Egypt
    Kavanaugh, Andrea L.; Yang, Seungwon; Sheetz, Steven D.; Li, Lin Tzy; Fox, Edward A. (Department of Computer Science, Virginia Polytechnic Institute & State University, 2011-05-01)
    In this paper we examine the use of social media, and especially Twitter, in Iran, Tunisia and Egypt during the mass political demonstrations and protests in June 2009, December 2010 - January 2011, and February 2011, respectively. We compare this usage with methods and findings from other studies on the use of Twitter in emergency situations, such as natural and man-made disasters. We draw on our own experiences and participant-observations as an eyewitness in Iran (first author), and on Twitter data from Iran, Tunisia and Egypt. In these three cases, Twitter filled a unique technology and communication gap at least partially. We summarize suggested directions for future research with a view of placing this work in the larger context of social media use in conditions of crisis and social convergence.
  • Thumbnail Image
    BRIoT: Behavior Rune Specification-Based Misbehavior Detection for IoT-Embedded Cyber-Physical Systems
    Sharma, Vishal; You, Ilsun; Vim, Kangbin; Chen, Ing-Ray; Cho, Jin-Hee (IEEE, 2019)
    The identification of vulnerabilities in a mission-critical system is one of the challenges faced by a cyber-physical system (CPS). The incorporation of embedded Internet of Things (IoT) devices makes it tedious to identify vulnerability and difficult to control the service-interruptions and manage the operations losses. Rule-based mechanisms have been considered as a solution in the past. However, rule-based solutions operate on the goodwill of the generated rules and perform assumption-based detection. Such a solution often is far from the actual realization of the IoT runtime performance and can be fooled by zero-day attacks. Thus, this paper takes this issue as motivation and proposes better lightweight behavior rule specification-based misbehavior detection for the IoT-embedded cyber-physical systems (BRIoT). The key concept of our approach is to model a system with which misbehavior of an IoT device manifested as a result of attacks exploiting the vulnerability exposed may be detected through automatic model checking and formal verification, regardless of whether the attack is known or unknown. Automatic model checking and formal verification are achieved through a 2-layer Fuzzy-based hierarchical context-aware aspect-oriented Petri net (HCAPN) model, while effective misbehavior detection to avoid false alarms is achieved through a Barycentric-coordinated-based center of mass calculation method. The proposed approach is verified by an unmanned aerial vehicle (UAV) embedded in a UAV system. The feasibility of the proposed model is demonstrated with high reliability, low operational cost, low false-positives, low false-negatives, and high true positives in comparison with existing rule-based solutions.
  • Thumbnail Image
    CCS 2017- Women in Cyber Security (CyberW) Workshop
    Yao, Danfeng (Daphne); Bertino, Elisa (ACM, 2017)
    The CyberW workshop is motivated by the significant gender imbalance in all security conferences, in terms of the number of publishing authors, PC members, organizers, and attendees. What causes this gender imbalance remains unclear. However, multiple research studies have shown that a diverse group is more creative, diligent, and productive than a homogeneous group. Achieving cyber security requires a diverse group. To maintain a sustainable and creative workforce, substantial efforts need to be made by the security community to broaden the participation from underrepresented groups in cyber security research conferences. We hope this workshop can attract all underrepresented cybersecurity professionals, students, and researchers to attend top security and privacy conferences, engage in cutting-edge security and privacy research, excel in cyber security professions, and ultimately take on leadership positions.
  • Thumbnail Image
    Cyber War Game in Temporal Networks
    Cho, Jin-Hee; Gao, Jianxi (PLOS, 2016-02-09)
    In a cyber war game where a network is fully distributed and characterized by resource constraints and high dynamics, attackers or defenders often face a situation that may require optimal strategies to win the game with minimum effort. Given the system goal states of attackers and defenders, we study what strategies attackers or defenders can take to reach their respective system goal state (i.e., winning system state) with minimum resource consumption. However, due to the dynamics of a network caused by a node’s mobility, failure or its resource depletion over time or action(s), this optimization problem becomes NP-complete. We propose two heuristic strategies in a greedy manner based on a node’s two characteristics: resource level and influence based on k-hop reachability. We analyze complexity and optimality of each algorithm compared to optimal solutions for a small-scale static network. Further, we conduct a comprehensive experimental study for a large-scale temporal network to investigate best strategies, given a different environmental setting of network temporality and density. We demonstrate the performance of each strategy under various scenarios of attacker/defender strategies in terms of win probability, resource consumption, and system vulnerability.
  • Thumbnail Image
    Cyberbiosecurity Challenges of Pathogen Genome Databases
    Vinatzer, Boris A.; Heath, Lenwood S.; Almohri, Hussain M.J.; Stulberg, Michael J.; Lowe, Christopher; Li, Song (Frontiers, 2019-05-15)
    Pathogen detection, identification, and tracking is shifting from non-molecular methods, DNA fingerprinting methods, and single gene methods to methods relying on whole genomes. Viral Ebola and influenza genome data are being used for real-time tracking, while food-borne bacterial pathogen outbreaks and hospital outbreaks are investigated using whole genomes in the UK, Canada, the USA and the other countries. Also, plant pathogen genomes are starting to be used to investigate plant disease epidemics such as the wheat blast outbreak in Bangladesh. While these genome-based approaches provide never-seen advantages over all previous approaches with regard to public health and biosecurity, they also come with new vulnerabilities and risks with regard to cybersecurity. The more we rely on genome databases, the more likely these databases will become targets for cyber-attacks to interfere with public health and biosecurity systems by compromising their integrity, taking them hostage, or manipulating the data they contain. Also, while there is the potential to collect pathogen genomic data from infected individuals or agricultural and food products during disease outbreaks to improve disease modeling and forecast, how to protect the privacy of individuals, growers, and retailers is another major cyberbiosecurity challenge. As data become linkable to other data sources, individuals and groups become identifiable and potential malicious activities targeting those identified become feasible. Here, we define a number of potential cybersecurity weaknesses in today's pathogen genome databases to raise awareness, and we provide potential solutions to strengthen cyberbiosecurity during the development of the next generation of pathogen genome databases.
  • Thumbnail Image
    Data Leak Detection As a Service: Challenges and Solutions
    Shu, Xiaokui; Yao, Danfeng (Daphne) (Department of Computer Science, Virginia Polytechnic Institute & State University, 2012)
    We describe a network-based data-leak detection (DLD) technique, the main feature of which is that the detection does not require the data owner to reveal the content of the sensitive data. Instead, only a small amount of specialized digests are needed. Our technique – referred to as the fuzzy fingerprint – can be used to detect accidental data leaks due to human errors or application flaws. The privacy-preserving feature of our algorithms minimizes the exposure of sensitive data and enables the data owner to safely delegate the detection to others.We describe how cloud providers can offer their customers data-leak detection as an add-on service with strong privacy guarantees. We perform extensive experimental evaluation on the privacy, efficiency, accuracy and noise tolerance of our techniques. Our evaluation results under various data-leak scenarios and setups show that our method can support accurate detection with very small number of false alarms, even when the presentation of the data has been transformed. It also indicates that the detection accuracy does not degrade when partial digests are used. We further provide a quantifiable method to measure the privacy guarantee offered by our fuzzy fingerprint framework.
  • Thumbnail Image
    A Database Driven Initial Ontology for Crisis, Tragedy, and Recovery
    Sheetz, Steven D. (2011-05-01)
    Many databases and supporting software have been developed to track the occurrences of natural disasters, manmade disasters, and combinations of the two. Each of the databases developed in this context, define their own representations of a disaster that describe the nature of the disaster and the data elements to be tracked for each type of disaster. The elements selected are not the same for the different databases, yet they are substantively similar. One capability common to many ontology development efforts is to describe data from diverse sources. Thus, we began our ontology development process by identifying several existing databases currently tracking disasters and derived the "ontology in situ" of their database. That is, we identified how the designers of the databases classify the types of disasters in their systems. We then merged these individual ontologies to identify an ontology that includes all of the classifications from the databases. Several aspects of disasters from the databases were highly consistent and therefore fit well together, e.g., the types of natural disasters, while others, e.g., geographic descriptions, were idiosyncratic and do not fit together seamlessly. The resulting ontology consists of 185 elements and has the potential to support data sharing/aggregation across the databases considered.
  • Thumbnail Image
    A Declarative Approach to Hardening Services Against QoS Vulnerabilities
    Kwon, Young-Wo; Tilevich, Eli (IEEE, 2011)
    The Quality of Service (QoS) in a distributed service-oriented application can be negatively affected by a variety of factors. Network volatility, hostile exploits, poor service management, all can prevent a service-oriented application from delivering its functionality to the user. This paper puts forward a novel approach to improving the reliability, security, and availability of service-oriented applications. To counter service vulnerabilities, a special service detects vulnerabilities as they emerge at runtime, and then hardens the applications by dynamically deploying special components. The novelty of our approach lies in using a declarative framework to express both vulnerabilities and hardening strategies in a domain-specific language, independent of the service infrastructure in place. Thus, our approach will make it possible to harden serviceoriented applications in a disciplined and systematic fashion.
  • Thumbnail Image
    Detecting Malicious Landing Pages in Malware Distribution Networks
    Wang, Gang Alan; Stokes, Jack W.; Herley, Cormac; Felstead, David (IEEE, 2013-06)
    Drive-by download attacks attempt to compromise a victim’s computer through browser vulnerabilities. Often they are launched from Malware Distribution Networks (MDNs) consisting of landing pages to attract traffic, intermediate redirection servers, and exploit servers which attempt the compromise. In this paper, we present a novel approach to discovering the landing pages that lead to drive-by downloads. Starting from partial knowledge of a given collection of MDNs we identify the malicious content on their landing pages using multiclass feature selection. We then query the webpage cache of a commercial search engine to identify landing pages containing the same or similar content. In this way we are able to identify previously unknown landing pages belonging to already identified MDNs, which allows us to expand our understanding of the MDN. We explore using both a rule-based and classifier approach to identifying potentially malicious landing pages. We build both systems and independently verify using a high-interaction honeypot that the newly identified landing pages indeed attempt drive-by downloads. For the rule-based system 57%of the landing pages predicted as malicious are confirmed, and this success rate remains constant in two large trials spaced five months apart. This extends the known footprint of the MDNs studied by 17%. The classifier-based system is less successful, and we explore possible reasons.
  • Thumbnail Image
    Determining Relative Airport Threats from News and Social Media
    Khandpur, Rupinder P.; Ji, Taoran; Ning, Yue; Zhao, Liang; Lu, Chang-Tien; Smith, Erik R.; Adams, Christopher; Ramakrishnan, Naren (AAAI, 2017)
    Airports are a prime target for terrorist organizations, drug traffickers, smugglers, and other nefarious groups. Traditional forms of security assessment are not real-time and often do not exist for each airport and port of entry. Thus, homeland security professionals must rely on measures of attractiveness of an airport as a target for attacks.We present an open source indicators approach, using news and social media, to conduct relative threat assessment, i.e., estimating if one airport is under greater threat than another. The three ingredients of our approach are a dynamic query expansion algorithm for tracking emerging threat-related chatter, news-Twitter reciprocity modeling for capturing interactions between social and traditional media, and a ranking scheme to provide an ordered assessment of airport threats. Case studies based on actual aviation incidents are presented.
  • Thumbnail Image
    Device-Based Isolation for Securing Cryptographic Keys
    Elish, Karim O.; Deng, Yipan; Yao, Danfeng (Daphne); Kafura, Dennis G. (Department of Computer Science, Virginia Polytechnic Institute & State University, 2012)
    In this work, we describe an eective device-based isolation approach for achieving data security. Device-based isolation leverages the proliferation of personal computing devices to provide strong run-time guarantees for the condentiality of secrets. To demonstrate our isolation approach, we show its use in protecting the secrecy of highly sensitive data that is crucial to security operations, such as cryptographic keys used for decrypting ciphertext or signing digital signatures. Private key is usually encrypted when not used, however, when being used, the plaintext key is loaded into the memory of the host for access. In our threat model, the host may be compromised by attackers, and thus the condentiality of the host memory cannot be preserved. We present a novel and practical solution and its prototype called DataGuard to protect the secrecy of the highly sensitive data through the storage isolation and secure tunneling enabled by a mobile handheld device. DataGuard can be deployed for the key protection of individuals or organizations.
  • Thumbnail Image
    Dynamical Processes on Large Networks (CS Seminar Lecture Series)
    Prakash, B. Aditya (2012-03-23)
    How do contagions spread in population networks? Which group should we market to, for maximizing product penetration? Will a given YouTube video go viral? Who are the best people to vaccinate? What happens when two products compete? Any insights on these problems, involving dynamical processes on networks, promise great scientific as well as commercial value. In this talk, we present a multi-pronged attack on such research questions, which includes: (a) Theoretical results on the tipping-point behavior of fundamental models; (b) Scalable Algorithms for changing the behavior of these processes, like for immunization, marketing etc.; and (c) Empirical Studies on tera-bytes of data for developing more realistic information-diffusion models. The problems we focus on are central in surprisingly diverse areas: from cyber-security, epidemiology and public health, viral marketing to spreading of hashtags on Twitter and propagation of memes on blogs. B. Aditya Prakash (http://www.cs.cmu.edu/~badityap) is a Ph.D. student in the Computer Science Department at Carnegie Mellon University. He got his B.Tech (in CS) from the Indian Institute of Technology (IIT) - Bombay. He has published 14 refereed papers in major venues and holds two U.S. patents. His interests include Data Mining, Applied Machine Learning and Databases, with emphasis on large real-world networks and time-series. Some of the inter-disciplinary questions he investigates deal with identifying the precise role of networks in diffusion of contagion (like viruses, products, ideas). The mission of his research is to enable us to understand and eventually influence such processes for our benefit. The Computer Science Seminar Lecture Series is a collection of weekly lectures about topics at the forefront of contemporary computer science research, given by speakers knowledgeable in their field of study. These speakers come from a variety of different technical and geographic backgrounds, with many of them traveling from other universities across the globe to come here and share their knowledge. These weekly lectures were recorded with an HD video camera, edited with Apple Final Cut Pro X, and outputted in such a way that the resulting .mp4 video files were economical to store and stream utilizing the university's limited bandwidth and disk space resources.
  • Thumbnail Image
    Enterprise data breach: causes, challenges, prevention, and future directions
    Cheng, Long; Liu, Fang; Yao, Danfeng (Daphne) (Wiley, 2017)
    A data breach is the intentional or inadvertent exposure of confidential information to unauthorized parties. In the digital era, data has become one of the most critical components of an enterprise. Data leakage poses serious threats to organizations, including significant reputational damage and financial losses. As the volume of data is growing exponentially and data breaches are happening more frequently than ever before, detecting and preventing data loss has become one of the most pressing security concerns for enterprises. Despite a plethora of research efforts on safeguarding sensitive information from being leaked, it remains an active research problem. This review helps interested readers to learn about enterprise data leak threats, recent data leak incidents, various state-of-the-art prevention and detection techniques, new challenges, and promising solutions and exciting opportunities.
  • Thumbnail Image
    Fast Detection of Transformed Data Leaks
    Shu, Xiaokui; Zhang, Jing; Yao, Danfeng (Daphne); Feng, Wu-chun (IEEE, 2016-03-01)
  • Thumbnail Image
    Identifying Native Applications with High Assurance
    Almohri, Hussain M.J.; Yao, Danfeng (Daphne); Kafura, Dennis G. (Department of Computer Science, Virginia Polytechnic Institute & State University, 2011)
    The work described in this paper investigates the problem of identifying and deterring stealthy malicious processes on a host. We point out the lack of strong application iden- tication in main stream operating systems. We solve the application identication problem by proposing a novel iden- tication model in which user-level applications are required to present identication proofs at run time to be authenti- cated by the kernel using an embedded secret key. The se- cret key of an application is registered with a trusted kernel using a key registrar and is used to uniquely authenticate and authorize the application. We present a protocol for secure authentication of applications. Additionally, we de- velop a system call monitoring architecture that uses our model to verify the identity of applications when making critical system calls. Our system call monitoring can be integrated with existing policy specication frameworks to enforce application-level access rights. We implement and evaluate a prototype of our monitoring architecture in Linux as device drivers with nearly no modication of the ker- nel. The results from our extensive performance evaluation shows that our prototype incurs low overhead, indicating the feasibility of our model.
  • Thumbnail Image
    Intrusion Detection System for Applications using Linux Containers
    Abed, Amr S.; Clancy, Thomas Charles III; Levy, David S. (Springer, 2015-12-09)
    Linux containers are gaining increasing traction in both individual and industrial use, and as these containers get integrated into mission-critical systems, real-time detection of malicious cyber attacks becomes a critical operational requirement. This paper introduces a real-time host-based intrusion detection system that can be used to passively detect malfeasance against applications within Linux containers running in a standalone or in a cloud multi-tenancy environment. The demonstrated intrusion detection system uses bags of system calls monitored from the host kernel for learning the behavior of an application running within a Linux container and determining anomalous container behavior. Performance of the approach using a database application was measured and results are discussed.
  • Thumbnail Image
    Keystroke-Dynamics Authentication Against Synthetic Forgeries
    Stefan, Deian; Yao, Danfeng (Daphne) (IEEE, 2010)
    We describe the use of keystroke-dynamics patterns for authentication and detecting infected hosts, and evaluate its robustness against forgery attacks. Specifically, we present a remote authentication framework called TUBA for monitoring a user’s typing patterns. We evaluate the robustness of TUBA through comprehensive experimental evaluation including two series of simulated bots. Support vector machine is used for classification. Our results based on 20 users’ keystroke data are reported. Our work shows that keystroke dynamics is robust against synthetic forgery attacks studied, where attacker draws statistical samples from a pool of available keystroke datasets other than the target. TUBA is particularly suitable for detecting extrusion in organizations and protecting the integrity of hosts in collaborative environments, as well as authentication.