Liyong Tang

CuboidTrust: a global reputation-based trust model in peer-to-peer networks

Peer-to-Peer communication model has the potential to harness huge amounts of resources. However, some recent studies indicate that most of current Peer-to-Peer systems suffer from inauthentic resource attacks. One way to cope with these attacks is to constitute a reputation-based trust model to help evaluating the trust values of peers and predicting their future behaviors. In this paper, we propose a global reputation-based trust model, called CuboidTrust. It builds four relations among three trust factors including contribution, trustworthiness and quality of resource, and applies power iteration to compute the global trust value of each peer. The experimental results show that CuboidTrust performs efficiently, and significantly decreases the count of inauthentic resource downloads under various threat models.

Securing Peer-to-Peer Content Sharing Service from Poisoning Attacks

Poisoning attacks in the Peer-to-Peer (P2P) content sharing service have become a serious security problem on the global Internet due to the features of P2P systems such as self-organization, self-maintenance, etc. In this paper, we propose a novel poisoning-resistant security framework based on the notion that the content providers would be the only trusted sources to verify the integrity of the requested content. To provide the mechanisms of availability and scalability, a content provider publishes the information of his shared contents to a group of content maintainers self-organized in a security overlay, so that a content requestor can verify the integrity of the requested content from the associated content maintainers. Two defense functions are first carried out - filtering out malicious activities and selecting the authentic content version. Then, the content requestor can perform the content integrity verification while downloading and take prompt protection actions to handle content poisoning attacks. To further enhance the system performance, we devise a scalable probabilistic verification scheme. The evaluation results illustrate that our framework can effectively and efficiently defend against content poisoning in various scenarios.

Exploiting Consumer Reviews for Product Feature Ranking

Web 2.0 technology leads Web users to publish a large number of consumer reviews about products and services on various websites. Major product features extracted from consumer reviews may let product providers find what features are mostly cared by consumers, and also may help potential consumers to make purchasing decisions. In this work, we propose a linear regression with rules-based approach to ranking product features according to their importance. Empirical experiments show our approach is effective and promising. We also demonstrate two applications using our proposed approach. The first application decomposes overall ratings of products into product feature ratings. And the second application seeks to generate consumer surveys automatically.

Secure Information Flow by Model Checking Pushdown System

We propose an approach on model checking information flow for imperative language with procedures. We characterize our model with pushdown system, which has a stack of unbounded length that naturally models the execution of procedural programs. Because the type-based static analysis is sometimes too conservative and rejects safe program as ill-typed, we take a semantic-based approach by self-composing symbolic pushdown system and specifying noninterference with LTL formula. Then we verify this LTL-expressed property via model checker Moped. Except for overcoming the conservative characteristic of type-based approach, our motivation also includes the insufficient state of arts on precise information flow analysis under interprocedural setting. To remedy the inefficiency of model checking compared with type system, we propose both compact form and contracted form of self-composition. According to experimental results, they can greatly increase the efficiency of realistic verification. Our method provides flexibility on separating program abstraction from noninterference verification, thus could be expected to use on different programming languages.

Scalable Byzantine Fault Tolerant Public Key Authentication for Peer-to-Peer Networks

Peer-to-Peer (P2P) communication model has the potential to harness huge amounts of resources. However, due to the self-organizing and self-maintaining nature, current P2P networks suffer from various kinds of attacks. Public key authentication can provide a fundamental building block for P2P communication security. In this paper, we propose a scalable Byzantine fault tolerant public key authentication scheme for P2P networks, in which each participating peer dynamically maintains a trusted group to perform distributed challenge-response authentication without centralized infrastructure. To guarantee the authentication correctness, we additionally present a complementary trusted group maintenance scheme. The experimental results demonstrate that our authentication scheme can work in various different P2P scenarios effectively and efficiently.

Secure Information Flow in Java via Reachability Analysis of Pushdown System

Automated verification of noninterference is commonly considered more precise than type-based approach on enforcing secure information flow for program. We propose an approach on model checking symbolic pushdown system generated from Java bytecode, and develop a deployment-time verification framework to ensure noninterference of bytecode. In order to overcome the constraints brought by the nature of object-oriented language and application scenario, we extend self-composition to low-recorded self-composition to reduce the partial correctness judgements on safety property to reachability analysis. In this variation, meta-level indices of heap are recorded into the self-composed pushdown system for the construction of auxiliary interleaving assignments and branch condition to illegal-flow state. Our experiments show that the approach is more scalable than previous work based on automated verification.

Automatic Data Extraction from Web Discussion Forums

This paper presents an approach to extract information from web discussion forums automatically. HTML tag paths built from a HTML DOM tree are employed to generate the post extraction template. Visual text features and HTML structure information in the same page are also combined together to extract author profile, posted date and post content automatically. Experiment results show that our approach is effective.

SKIP: A Secure Key Issuing Scheme for Peer-to-Peer Networks

Identity based cryptography (IBC) was introduced into peer-to-peer (P2P) networks recently for identity verification and authentication purposes. However, current IBC-based solutions could not address the problem of secure private key issuing. In this paper we propose SKIP: a novel secure key issuing scheme for P2P networks using IBC. We present an IBC infrastructure setup phase, a peer registration solution using Shamirs (k, n) secret sharing scheme, and a secure key issuing scheme, which adopts key generate center (KGC) and key privacy authorities (KPAs) to issue private keys to peers securely in order to enable the IBC systems to be more acceptable and applicable in real-world P2P networks. Furthermore, to maintain the security of KPAs, we develop a scheme to authenticate KPAs using Byzantine fault tolerance protocol. The theoretical analysis and experimental results show that SKIP performs effectively and efficiently, and is able to support large scale networks.

A new enforcement on declassification with reachability analysis

Language-based information flow security aims to decide whether an action-observable program can unintentionally leak confidential information if it has the authority to access confidential data. Recent concerns about declassification polices have provided many choices for practical intended information release, but more precise enforcement mechanism for these policies is insufficiently studied. In this paper, we propose a security property on the where-dimension of declassification and present an enforcement based on automated verification. The approach automatically transforms the abstract model with a variant of self-composition, and checks the reachability of illegal-flow state of the model after transformation. The self-composition is equipped with a store-match pattern to reduce the state space and to model the equivalence of declassified expressions in the premise of property. The evaluation shows that our approach is more precise than type-based enforcement.

Hybrid Overlay Structure Based on Virtual Node

Current peer-to-peer architectures generally can be grouped into three categories: centralized architectures that utilize central directory servers to process queries, decentralized structured architectures that accurately build an underlying topology to support distributed hash table efficiently, and decentralized unstructured architectures that impose no structure on the topology and typically propagate queries to neighbors for searching. Aiming at integrating the flexibility of unstructured architectures with the regularity of structured architectures, we propose a hybrid overlay structure based on virtual node. Especially, the hybrid architecture utilizes virtual nodes to build a distributed ring with random links. We can use the distributed ring to perform short jumps, and apply random links to long jumps. With our hybrid design, keyword searching, even multi-keyword searching, can be performed efficiently; both popular and rare keywords can be quickly located. Furthermore, our architecture is robust to the change of system scale, and it can work well with low maintenance cost in the dynamic environment.