Lisa Cingiser DiPippo

RTSORAC: A Real-Time Object-Oriented Database Model

A real-time database is a database in which both the data and the operations upon the data may have timing constraints. We have integrated real-time, object-oriented, semantic and active database approaches to develop a formal model called RTSORAC for real-time databases. This paper describes the components of the RTSORAC model including objects, relationships, constraints, updates, and transactions.

Expressing and Enforcing Timing Constraints in a DynamicReal-Time CORBA System

Distributed real-time applications have presented the need to extend the Object Management Groups Common Object Request Broker Architecture (CORBA) standard to support real-time. This paper describes a Dynamic Real-Time CORBA system, which supports the expression and enforcement of end-to-end timing constraints as an extension to a commercial CORBA system. The paper also describes performance tests that demonstrate the systems ability to enforce expressed timing constraints.

Trust Management for Defending On-Off Attacks

A trust management scheme can be used to aid an automated decision-making process for an access control policy. Since unintentional temporary errors are possible, the trust management solution must provide a redemption scheme to allow nodes to recover trust. However, if a malicious node tries to disguise its malicious behaviors as unintentional temporary errors, the malicious node may be given more opportunities to attack the system by disturbing the redemption scheme. Existing trust management schemes that employ redemption schemes fail to discriminate between temporary errors and disguised malicious behaviors in which the attacker cleverly behaves well and badly alternatively. In this paper, we present the vulnerabilities of existing redemption schemes, and describe a new trust management and redemption scheme that can discriminate between temporary errors and disguised malicious behaviors with a flexible design. We show the analytical results of the trust management scheme, and demonstrate the advantages of the proposed scheme with simulation conducted in a Wireless Sensor Network.

CyberSAVe: situational awareness visualization for cyber security of smart grid systems

We offer algorithms and visualization techniques for cyber trust in a Smart Grid system. Cyber trust is evaluated in terms of a mathematical model consisting of availability, detection and false alarm trust values, as well as a model of predictability. We develop a prototype Cyber Situational Awareness Visualization (CyberSAVe) tool to visualize cyber trust. We provide Operational Decision Aids (ODAs) displayed in context with a SCADA management information. We define cyber trust metrics, which are calculated and displayed in real-time in the Metric Assessment System (MAS) of CyberSAVe. We demonstrate the use of trust combined with visualization of trust to detect various types of attacks on the Smart Grid.

Identifying Remnants of Evidence in the Cloud

With the advent of cloud computing, law enforcement investigators are facing the challenge that instead of the evidence being on a device that they can seize, the evidence is likely located in remote data centers operated by a service provider; and may even be in multiple locations (and jurisdictions) across the world. The most practical approach for an investigator when cloud computing has been used is to execute a warrant that requires the service provider to deliver the evidence. However, to do this, the investigator must be able to determine that a cloud application was used, and then must issue a warrant with reasonable scope (e.g. the subject’s username at the cloud provider, the name of the documents, the dates accessed, etc). Fortunately, most cloud applications leave remnants (e.g. cached web sites, cookies, registry entries, installed files, etc) on the client devices. This paper describes the process for identifying those remnants and parsing them to generate the data required by law enforcement to form warrants to cloud service providers. It illustrates the process by obtaining remnants from: Google Docs accessed by Internet Explorer, Dropbox, and Windows Live Mesh.

Epidemiological Study of Browser-Based Malware for University Network with Partially Observed Flow Data

The presence of personal financial data, intellectual property, and classified documents on University computer systems makes them particularly attractive to hackers, but not well prepared for their attacks. The University of Rhode Island (URI) is one of the few institutions collecting network traffic data (NetFlow) for inference and analysis of normal and potentially malicious activity. This research focuses on web-based traffic with client-server architecture and adopts simple probability-based transmission models to explore the vulnerability of the URI web-network to anticipated threats. The fact that the URI firewall captures only traffic data in- and out- of URI necessitates the modeling of internal un-observed traffic. Relying on a set of intuitive assumptions, we simulate the spread of infection on the dynamic bipartite graph inferred from observed external and modeled unobserved internal web-browsing traffic and evaluate the susceptibility of URI nodes to threats initiated by random clients and clients from specific countries. Overall, the results suggest higher rates of infection for client nodes compared to servers with maximum rates achieved when infection is initiated randomly. Remarkably, very similar rates are observed when infection is initiated from 100 different clients from each of selected countries (e.g., China, Germany, UK) or from one most active node from Denmark. Interestingly, the daily analysis over a three-month period reveals that the simulated infection rates that are not consistent with the intensity of the flow traffic may indicate the presence of compromised node activity and possible intrusion.

Adaptive Threshold Selection for Trust-Based Detection Systems

Data analysis of complex behaviors, intrusion attacks and system failures inherent in the Information Technology systems became one of the key strategies for ensuring the security of cyber assets. Data-driven anomaly detection methods can offer an appealing alternative to existing signature-based intrusion detection systems by capturing known and previously unseen attacks. In this paper, we try to develop efficient rules that distinguish between normal and abnormal behavior in a given period and over time that can also adapt to relational and dynamic changes in cyber environment. Specifically, we represent the network flow data as a bipartite graph and then adopt an outlier detection approach for heavy-tailed distributions to develop an adaptive threshold method for node behavior characterization. Further, we introduce a trust management scheme for aggregation of node behaviors over time and evaluation of overall node trustworthiness over full time period. Using the data collected by European Internet Service Provider, we demonstrate superior performance of the proposed adaptive threshold selection method for Trust-based detection systems. Overall, the proposed framework can adjust to changing conditions of the system and can be used for detection of anomalous node behaviors in real-time.

Pseudo-scheduling: A New Approach to the Broadcast Scheduling Problem

The broadcast scheduling problem asks how a multihop network of broadcast transceivers operating on a shared medium may share the medium in such a way that communication over the entire network is possible. This can be naturally modeled as a graph coloring problem via distance-2 coloring (L(1,1)-labeling, strict scheduling). This coloring is difficult to compute and may require a number of colors quadratic in the graph degree. This paper introduces pseudo-scheduling, a relaxation of distance-2 coloring. Centralized and decentralized algorithms that compute pseudo-schedules with colors linear in the graph degree are given and proved.