Phillip G. Bradford

Applying role based access control and genetic algorithms to insider threat detection

An insider threat is caused by authorized users potentially performing unsanctioned or inappropriate actions that endanger the computer security of an organization. This paper describes a novel approach that employs the ideas of Role-Based Access Control (RBAC) to initiate role-action mapping rules in line with organization specific security policies. These rules can be refined by genetic algorithms (GAs) to identify discrepancies between user roles and processes.

Deferred Assignment Scheduling in Cluster-Based Servers

This paper proposes a new scheduling policy for cluster-based servers called DAS (Deferred Assignment Scheduling). The main idea in DAS is to defer scheduling as much as possible in order to make better use of the accumulated information on job sizes. In broad outline, DAS operates as follows: (1) incoming jobs are held by the dispatcher in a buffer; (2) the dispatcher monitors the number of jobs being processed by each server; (3) when the number of jobs at a server queue drops below a prescribed threshold, the dispatcher sends to it the shortest job in its buffer.To gauge the efficacy of DAS, the paper presents simulation studies, using various data traces. The studies collected response times and slowdowns for two cluster configurations under multi-threaded and multi-process back-end server architectures. The experimental results show that in both architectures, DAS outperforms the Round-Robin policy in all traffic regimes, and the JSQ (Join Shortest Queue) policy in medium and heavy traffic regimes.

Towards proactive computer-system forensics

We examine principles and approaches for proactive computer-system forensics. Proactive computer-system forensics is the design, construction and configuring of systems to make them most amenable to digital forensics analyses in the future. The primary goals of proactive computer-system forensics are system structuring and augmentation for automated data discovery, lead formation, and efficient data preservation. We propose: (1) using the Neyman-Pearson Lemma to proactively build online forensics tests with the best possible critical regions for hypothesis testing, and (2) using classical stopping rules for sequential hypothesis testing to determine which users are deviating from standard usage behavior and should be the focus of more investigative resources. Here the focus is on security breaches by the employees or stakeholders of an organization. The main measurements are event-driven logs of program executions.

A Hierarchical Anonymous Routing Scheme for Mobile Ad-Hoc Networks

Privacy and anonymity are critical security issues to many large-scale MANET applications such as military communication networks. These applications are more likely deploying the networks heterogeneously and hierarchically due to administrative needs or routing efficiency. When the size of the network scales up, the routing overhead incurred by existing flat anonymous routing protocols increases fast as the required number of public key operations increases. This results in deteriorated routing and data communication performance. In this paper, we introduce a novel hierarchical anonymous on-demand routing protocol tackling this limitation. In addition to guaranteeing routing and data delivering security, the scheme provides two levels of anonymity: intra-group and inter-group. By exploiting the hierarchical network structure, it effectively controls computational overhead while preserving anonymity, hence accommodates to larger-scale MANETs

Optimal Prefix-Free Codes for Unequal Letter Costs

In this paper we discuss the problem of finding optimal prefix-free codes for unequal letter costs, a variation of the classical Huffman coding problem. Our problem consists of finding a minimal cost prefix-free code in which the encoding alphabet consists of unequal cost (length) letters, with lengths ? and β. The most efficient algorithm known previously requires O(n2+max(?,β)) time to construct such a minimal-cost set of n codewords, provided ? and β are integers. In this paper we provide an O(nmax(?,β)) time algorithm. Our improvement comes from the use of a more sophisticated modeling of the problem, combined with the observation that the problem possesses a “Monge property” and that the SMAWK algorithm on monotone matrices can therefore be applied.

Implementing the TEA algorithm on sensors

Sensors are tiny computers with limited computational capability and physical resources. The implementation of secure protocols for sensor network is a big challenge. In order to provide high security for sensor networks, it is very important to choose a small, efficient and effiective encryption algorithm as a security primitive. The TEA (Tiny Encryption Algorithm) is an efficient algorithm that requires little memory and resources. These features make the TEA a good candidate for security mechanism for sensors.In this paper we describe an implementation of the TEA algorithm on the platform of sensor networks (Berkeley Motes). In our experiment, the data packets obtained from photo and temperature sensors are encrypted on the sensor node using the TEA algorithm. After that, they are sent to the base station by radio. The base station will receive the data packets and forward them to attached PC, where the data packets are decrypted and displayed. We also propose a particular approach to efficiently evaluate the performance of the TEA in terms of execution time on sensor nodes.

Protocol completion incentive problems in cryptographic Vickrey auctions

Despite attractive theoretical properties, Vickrey auctions are seldom used due to the risk of information revelation and fear of cheating. CVAs (Cryptographic Vickrey Auctions) have been proposed to protect bidders’ privacy or to prevent cheating by the bid taker. This paper focuses on incentive issues for certain CVAs. First, it defines the CVAs of interest and identifies ideal goals for this class of CVAs. One of the criteria identifies an incentive problem that is new to the literature on CVAs, the disincentive of bidders to complete the protocol once they have learned that they lost the auction. Any auction protocol that requires losing bidders to do additional work after learning they have lost the auction must provide the losers with proper incentives to follow the protocol. Second, this paper shows that for a class of CVAs, some losers must continue to participate even though they know they have lost. Finally, it describes two new CVA protocols that solve the protocol-completion incentive problem. Both protocols use bidder-bidder comparisons based on a modified Yao’s Millionaires’ protocol. The first protocol performs O(n2) bidder-bidder comparisons, while the second protocol performs O(n) comparisons.

Foundations of security for hash chains in ad hoc networks

Nodes in ad hoc networks generally transmit data at regular intervals over long periods of time. Recently, ad hoc network nodes have been built that run on little power and have very limited memory. Authentication is a significant challenge in ad hoc networks, even without considering size and power constraints. Expounding on idealized hashing, this paper examines lower bounds for ad hoc broadcast authentication for μTESLA-like protocols. In particular, this paper explores idealized hashing for generating preimages of hash chains. Building on Bellare and Rogaway’s classical definition, a similar definition for families of hash chains is given. Using these idealized families of hash chain functions, this paper gives a time-space product Ω(k2 log 4n) bit operation1 lower-bound for optimal preimage hash chain generation for k constant. This bound holds where n is the total length of the hash chain and the hash function family is k-wise independent. These last results follow as corollaries to a lower bound of Coppersmith and Jakobsson.

Efficient Matrix Chain Ordering in Polylog Time

The matrix chain ordering problem is to find the cheapest way to multiply a chain of n matrices, where the matrices are pairwise compatible but of varying dimensions. Here we give several new parallel algorithms including

Security for fixed sensor networks

O(\lg^3 n)