Norman S. Matloff

A modified random perturbation method for database security

The random data perturbation (RDP) method of preserving the privacy of individual records in a statistical database is discussed. In particular, it is shown that if confidential attributes are allowed as query-defining variables, severe biases may result in responses to queries. It is also shown that even if query definition through confidential variables is not allowed, biases can still occur in responses to queries such as those involving proportions or counts. In either case, serious distortions may occur in user statistical analyses. A modified version of RDP is presented, in the form of a query adjustment procedure and specialized perturbation structure which will produce unbiased results.

Future applications of ordered polymeric thin films

Abstract Polymeric ultrathin film systems need to be developed in the context of applications where their unique combinations of properties promise revolutionary improvements in performance or cost effectiveness. The applications examined include electron beam resists for microlithography and nanolithography, insulating films in semiconductor devices, non-linear optical elements and coatings for communications and computing, as well as highly permselective membranes in biotechnology. In this paper, we will review some of the most appealing suggestions and evaluate their current status. Improvements in film characterization and deposition based on Langmuir-Blodgett techniques are also suggested.

Offshoring: what can go wrong?

Offshoring has sustained much criticism, mainly over the issue of whether shipping IT work abroad is good for the US as a whole. Does it benefit a US firm to offshore its IT work - specifically software development and maintenance? This paper discusses several reasons for firms to be wary of this practice. For some managers, these considerations might tip the balance against offshoring. For those who wish to offshore anyway, this article can serve as a map of the pitfalls to try to avoid.

Dynamic control and accuracy of the p/sub i/-persistent protocol using channel feedback

The p/sub i/-persistent protocol is based on a probabilistic scheduling mechanism (see Mukherjee and Meditch, 1988). The authors further develop the protocol to make it easily implementable, by allowing it to be sensitive to changing load conditions. They study various properties of a simple algorithm which stations execute independently by using channel feedback information. This results in a fully distributed control mechanism that continuously adjusts the station probabilities p/sub i/ at their proper levels as governed by the offered traffic. An extensive simulation model has been developed to study properties of this control mechanism such as p/sub i/ settling time and accuracy, behavior under step changes in traffic load, effect of injection of additional packets, and effect of various parameters associated with the underlying algorithm. These experiments indicate that this algorithm is suitable for implementing the protocol. >

Another Look at the Use of Noise Addition for Database Security

A number of mechanisms have been proposed for protecting the privacy of individual records in statistical databases. One such method is to perturb the data by adding random noise. It has been previously thought that this method, although increasing estimation variance, produces unbiased estimates. This paper demonstrates that in fact the addition of noise may introduce quite serious biases in the responses given to user queries.

Globalization and the American IT worker

Exporting IT jobs and importing IT workers not only harms U.S. IT workers, it also harms U.S. firms and the broader economy.

Estimation of internet file-access/modification rates from indirect data

Consider an Internet file for which data on last time of access/modification (A/M) of the file are collected at periodic intervals, but for which direct A/M data are not available. Methodology is developed here that enables estimation of the A/M rates, in spite of having only indirect data of this nature. Both parametric and nonparametric methods are developed. Theoretical and empirical analyses are presented that indicate that the problem is indeed statistically tractable, and that the methods developed are of practical value. Behavior of the parametric estimators is examined when these assumptions are violated, and these estimators are found to be robust against some such violations.

A comparison of two methods for estimating optimal weights in regression analysis

Two methods for estimating the variance function Var{Y\X = X) in weighted regression analysis are studied via simulation.The first method assumes that Var(Y|X= x) is a known power of the regression function E(Y|X= x), and estimates the coefficient vector susing iteratively reweighted least squares. In the second method, Var(Y|X= x) is estimated directly using a nonparametric regression technique.The results show that the first method can perform very poorly in the presence of strong heteroscedasticity, and that the second method may provide an effective alternative in such cases.

A probabilistic limit on the virtual size of replicated disk systems

Recently, there has been considerable interest in parallel disk drive systems, in which full or partial replication of the stored data is used for both fault tolerance and enhanced performance. The performance-enhancement derives both from the ability to do parallel reads, and from the reduction of seek time which results from being able to assign a read to whichever drive will produce the shortest seek. Although earlier work implied that for a k-drive system, mean seek distance for read converges to 0 as k to alpha , a refined analysis is presented which shows that this limit is actually nonzero. It is further shown that the system behaves probabilistically as if k were small, no matter how large the physical value of k is. >

A Synchronization Attack and Defense in Energy-Efficient Listen-Sleep Slotted MAC Protocols

As wireless motes are battery powered, many listen-sleep Medium Access Control (MAC) protocols have been proposed to reduce energy consumption. Security issues related to the design of these protocols have, however, largely been ignored. In this paper, we present a novel attack (the synchronization attack) on listen-sleep MAC protocols. This attack can cause 100% message loss and approximately 30% higher energy drain throughout either a cluster or the entire network, with only a single constrained malicious node modifying its schedule. We show this attack can be applied to many slotted listen-sleep protocols such as Sensor MAC (S-MAC), its enhanced version Global Schedule Adoption (GSA), Timeout MAC (T-MAC), Dynamic Sensor-MAC (DSMAC), and Mobile S-MAC (MS-MAC). We propose a heuristically near-optimal threshold-based scheme to defend against large scale synchronization attack. Depending on the traffic rate, our defense can limit the message delay to at most 20% and the message drop to at most 12%. We performed extensive simulations to show the attack and its defense. Our theoretical analysis proves these results in a general listen-sleep framework. An important impact of this work is that without a reliable MAC layer, higher layer secure protocols cannot be developed, e.g. secure routing depends on a reliable exchange of messages and our attack disrupts this exchange.