Stephanos Androutsellis-Theotokis

Security applications of peer-to-peer networks

Open networks are often insecure and provide an opportunity for viruses and DDOS activities to spread. To make such networks more resilient against these kind of threats, we propose the use of a peer-to-peer architecture whereby each peer is responsible for: (a) detecting whether a virus or worm is uncontrollably propagating through the network resulting in an epidemic; (b) automatically dispatching warnings and information to other peers of a security-focused group; and (c) taking specific precautions for protecting their host by automatically hardening their security measures during the epidemic. This can lead to auto-adaptive secure operating systems that automatically change the trust level of the services they provide. We demonstrate our approach through a prototype application based on the JXTA peer-to-peer infrastructure.

Open Source Software: A Survey from 10,000 Feet

Open source software (oss), the origins of which can be traced back to the 1950s, is software distributed with a license that allows access to its source code, free redistribution, the creation of derived works, and unrestricted use. oss applications cover most areas of consumer and business software and their study touches many disciplines, including computer science, information systems, economics, psychology, and law. Behind a successful oss project lies a community of actors, ranging from core developers to passive users, held together by a flexible governance structure and membership, leadership and contribution policies that align their interests. The motivation behind individuals participating in oss projects can be, among others, social, ideological, hedonistic, or signaling, while companies gain from their access to high-quality, innovative projects and an increase in their reputation and visibility. Nowadays many business models rely on oss as a product through the provision of associated services, or in coexistence with proprietary software, hardware, services, or licensing. The numerous oss licenses mainly differ on how they treat derived software: some contain provisions that maintain its availability in open source form while others allow more flexibility. Through its widespread adoption, oss is affecting the software industry, science, engineering, research, teaching, the developing countries, and the society at large through its ability to democratize technology and innovation.

The MoR-Trust Distributed Trust Management System: Design and Simulation Results

MoR-Trust is a purely decentralized peer-to-peer trust management system, targeted towards networks and applications supporting transactions or collaborations of a quantitative nature. MoR-Trust is based on the notion of expressing trust in terms of monetary units, thus directly coupling the trust estimates circulated in the network with the values of the transactions taking place and their outcomes. We have validated our design decisions and algorithms through simulation. The results indicate that our system converges towards a small error in the trust estimates distributed throughout the network.

Open Source Licensing Across Package Dependencies

Licensing dependencies among open source software (oss) packages reveal a lot about software compatibility relationships and the practicalities of oss licensing. There is, however, limited information on these in the literature. In this paper, we discuss various aspects of oss licensing, and we present an empirical study on FreeBSD ports collections concerning their licensing dependencies, in an attempt to identify specific patterns. Our results highlight different types of dependencies, that could be used to explain, or even guide the license selection process of oss projects.

Software Development Tooling: Information, Opinion, Guidelines, and Tools

The article depicts in two infographics a summary of what has been presented in the Tools of the Trade column over the past 10 years. The first figure categorizes the major points of each column into information, opinion, and prescriptive guidelines. The second figure associates with each broad theme specific indicative tools.

Biological Aspects of Computer Virology

Recent malware epidemics proved beyond any doubt that frightful predictions of fast-spreading worms have been well founded. While we can identify and neutralize many types of malicious code, often we are not able to do that in a timely enough manner to suppress its uncontrolled propagation. In this paper we discuss the decisive factors that affect the propagation of a worm and evaluate their effectiveness.

A market-based approach to managing the risk of peer-to-peer transactions

Market-based principles can be used to manage the risk of distributed peer-to-peer transactions. This is demonstrated by Ptrim, a system that builds a transaction default market on top of a main transaction processing system, within which peers offer to underwrite the transaction risk for a slight increase in the transaction cost. The insurance cost, determined through market-based mechanisms, is a way of identifying untrustworthy peers and perilous transactions. The risk of the transactions is contained, and at the same time members of the peer-to-peer network capitalise on their market knowledge by profiting as transaction insurers. We evaluated the approach through trials with the deployed Ptrim prototype, as well as composite experiments involving real online transaction data and real subjects participating in the transaction default market. We examine the efficacy of our approach both from a theoretical and an experimental perspective. Our findings suggest that the Ptrim market layer functions in an efficient manner, and is able to support the transaction processing system through the insurance offers it produces, thus acting as an effective means of reducing the risk of peer-to-peer transactions. In our conclusions we discuss how a system like Ptrim assimilates properties of real world markets, and its potential exposure and possible countermeasures to events such as those witnessed in the recent global financial turmoil.