James F. Riordan

Environmental Key Generation Towards Clueless Agents

In this paper, we introduce a collection of cryptographic key constructions built from environmental data that are resistant to adversarial analysis and deceit. We expound upon their properties and discuss some possible applications; the primary envisioned use of these constructions is in the creation of mobile agents whose analysis does not reveal their exact purpose.

A certified e-mail protocol

Protocols to facilitate secure electronic delivery are necessary if the Internet is to achieve its true potential as a business communications tool. We present a protocol for secure e-mail that protects both the sender and the receiver, and can be implemented using current e-mail products and existing Internet infrastructure.

Computational Results for a Two-Dimensional Model of Crystalline Microstructure

We describe a two-dimensional model of crystalline martensitic microstructure, and we present a new visualization of computational results for the finite element approximation of solutions to the variational problem with microstructure on a sequence of refined meshes.

Deriving Expertise Profiles from Tags

We propose a novel approach to the problem of expertise mining in an enterprise, taking advantage of online social applications deployed within the enterprise. Based on the assumption that the users’ interactions with such social software reflect to some extent their expertise, we devise a probabilistic method for identifying the main areas of expertise of users based solely on their set of tags extracted from a social bookmarking system. We base our approach on statistical language models, which we adapt to fit our unique setting. We train and validate our model on a real world dataset extracted from two IBM-internal applications. Our results show that our approach provides a viable alternative to other methods that rely on documents extracted from the enterprise corpora.

Die PERSEUS Systemarchitektur

Sichere Anwendungen sind ohne ein sicheres Betriebssystem unmoglich. Wir zeigen auf, wie bestehende Sicherheitsmechanismen wie kryptographische Protokolle oder Smartcards umgangen werden konnen und prasentieren eine Systemarchitektur fur eine allgemeine Sicherheitsplattform, die es Nutzern ermoglicht, ihre vorhandenen Anwendungen bequem weiterzubenutzen. Das Design enthalt alle notigen Dienste, um auch sichere Softwareinstallationen durch den Endbenutzer durchfuhren zu lassen. Um eine verbreitete Applikationsschnittstelle zur Verfugung zu stellen, arbeitet das Perseus System als Host, der als eine Clientapplikation ein existierendes Betriebssystem (Client OS) ausfuhrt. Da das Client OS alle nicht sicherheitskritischen Aufgaben ubernimmt, konnen wir den Sicherheitskern klein und uberschaubar halten und legen damit den Grundstein fur eine spatere Evaluation nach den Common Criteria oder ITSEC.

Target Naming and Service Apoptosis

The volume of traffic on security mailing lists, bulletin boards, news forums, et cetera has grown so sharply in recent times that it is no longer feasible for a systems administrator to follow all relevant news as a background task; it has become a full-time job. Even when relevant information does eventually reach the systems administrator, there is, often a dangerous window between public knowledge of a vulnerability and the administrators ability to correct it. Automated responses mechanisms are the key to closing these vulnerability windows. We propose a database of likely areas of vulnerability, called targets, in a machine readable and filterable manner so that administrators can greatly reduce the amount of security mail to be read. We then propose a cryptographically secure service with which semi-trusted third parties can act in a manner limited by the system administrator, say shutting down a specific service while not allowing general access, to diminish the window of vulnerability.

How to hook worms [computer network security]

This paper discusses the use of intrusion detection systems to protect against the various threats faced by computer systems by way of worms, viruses and other forms of attacks. Intrusion detection systems attempt to detect things that are wrong in a computer network or system. The main problems of these systems, however, are the many false alarms they produce, their lack of resistance to both malicious attacks and accidental failures, and the constant appearance of new attacks and vulnerabilities. IBM Zurich Research Laboratory has developed a system that specifically targets worms rather than trying to prevent all breaches of computer security. Called Billy Goat, the specialized worm detection system runs on a dedicated machine connected to the network and detects worm-infected machines anywhere in it. Billy Goat has been proven effective at detecting worm-infected machines in a network. It is currently used in several large corporate intranets, and it is normally able to detect infected machines within seconds of their becoming infected. Furthermore, not only is it able to detect the presence of a worm in the network, it can even provide the addresses of the infected machines. This makes it considerably easier to remedy the problem.