See
full paper here
The
Web of Governance and Democratic Accountability
Terrell A. Northrup, Stuart J.
Thorson
Developments
in e-government are resulting in fundamental reorganizations
of the ways in which democratic governments operate as well
as in the ways in which citizens relate to their own and
to other governments and to each other. Of special relevance
here are the manners in which institutions and citizens
are becoming interconnected into a complex web of governance
via largely uncoordinated information networks. This paper
examines how this web of governance is simultaneously producing
changes in individual citizen's senses of identity and challenges
to conventional notions of accountability in liberal democratic
systems. Together, it is argued these suggest moving focus
from e-government (the institutions of government) to e-governance
(the larger web of formal and informal institutions, organizations,
norms, traditions, authority structures, groups and behaviors
within which individuals and groups live their lives.
See
full paper here
Highly Assured Computer Engineering
Shiu-Kai Chin, Susan Older
Engineering
is fundamentally about the creation of systems with desired
properties. Engineers strive to calculate properties of
their implementations before actual construction begins.
Our goal is to elevate professional practice in computer
engineering to the point where system properties such as
correctness, safety, and security are routinely verified
for hardware and software systems. Achieving this goal requires
devising a practical "linear-systems theory" for
computer engineering, as well as incorporating the engineering
curriculum design and analysis techniques that use predicate
calculus and mathematical logic. If successful, the consequences
are that rigorous design assurance would be routine and
complexity would be managed by a theory of composition or
block-diagram algebra similar to the way linear-systems
theory and system-transfer functions manage complexity in
electrical engineering.
See
full paper here
Building
a Rigorous Foundation for Assurance into Information Assurance
Education
Shiu-Kai
Chin, Susan Older
Syracuse
University is one of thirty six National Security Agency
designated Centers of Academic Excellence in Information
Assurance Education. Our IA program was developed within
the Center for Systems Assurance (CSA), whose mission is
to promote improvement in systems and information assurance
through research, education, and technology transfer. A
key, and we believe unique, component of our program is
our emphasis on using formal mathematics and logic to provide
a rigorous basis for the assurance of information and information
systems. All students in our program must take a combination
of courses that provide hands-on experience both in building
systems and in using formal models to analyze and evaluate
system behavior. In this paper, we discuss our experiences
in developing and delivering a Systems Assurance program
in which mathematical logic is an integral component.
See
full paper here
A Broader
Look at Competition and Cooperation:
New Abstractions for Building and Regulating the Communications
Sector
P.H. Longstaff
Just when it looked like almost
everyone (from business leaders to academics to politicians)
had reached some agreement that more competition could bring
real benefits to economic systems, the rules seem to have
changed. This may mean that everyone was operating with
an inaccurate or incomplete view of "how things work"
with regard to competition. This paper takes a broad view
of how competition and cooperation work and finds some surprising
clues for how to "burst through" our current abstractions.
See
full paper here
Competition
in the Communications Sector: Can Unpredicable Systems be
Regulated?
P.H.
Longstaff
Who
is responsible for the fact that competition did not thrive
in the communications sector? Unless you can believe in
a giant conspiracy theory that involves virtually every
elected official, countless staffers, agency heads, civil
servants, and industry leaders in dozens of countries, the
answer may be "no one." It certainly did not work
out the way many people thought it would, but is that somebody's
fault? Or was the real mistake a failure to manage expectations?
During
the 20th Century experts in many fields came to the conclusion
that when many forces are at work on a system it tends to
get very complex and essentially unpredictable. Some have
even concluded that in complex organizations unintended
consequences are virtually inevitable. This was not easy
to accept for people (particularly in western cultures)
who had spent hundreds of years trying to describe and predict
the world with mathematical accuracy. But it has become
an article of faith for many (but not all) practitioners
in disciplines from physics to economics. It remains a difficult
concept for business managers and policy makers who want
to believe that their actions will lead to predictable outcomes.
But the unanticipated outcomes of competition policy are
now too frequent and too important to ignore. It is time
to seriously reconsider our assumptions about the processes
we are trying to regulate and the process of regulation
itself.
See
full paper here
Declining
Competition in Telecommunications: Could This Have Been
Predicted?
P.H.
Longstaff
This
paper is an interdisciplinary work that looks at the forces
of intraindustry competition and how they are similar to
intraspecies competition. In both systems competition is
seen in two different modes: the scramble and the contest.
Recognizing which mode is important to predicting the future
of the system and any attempts to regulate it. The paper
concludes with a discussion of the implications of these
similarities on competition policy and how they can be seen
in the 2001 Report on Competition Policy by the European
Commission. The paper is an expansion and refinement of
some of the work done in the author's new book and includes
a list of possible overlaps in biology and business, with
examples from the communications sector. This can serve
as a list of possible research projects to test the validity
of these ideas. The author believes the ideas in this paper
can be used to analyze any situation in which two or more
entities must either compete or cooperate to get a scarce
resource. Scenarios for business planning and regulation
can be developed with this these ideas, even in complex
systems where competitive and cooperative behavior cannot
not always be predicted. The author hopes that this work
will stimulate interest in an interdisciplinary and international
study of the fundamentals of competition and cooperation.
See
full paper here
Competition
in Networks: Moving Forward by Going Back to the Basics
P.H.
Longstaff
This
paper will help business leaders and regulators make sense
of the chaos that developed in networked industries after
privatization and liberalization. It asserts that the best
way to make predictions about the future of networked industries
is to learn the characteristics and problems that are "basic"
to all of them. This new and broader perspective will be
especially helpful when (and if) various networks "converge"
and set up a situation where the business and regulatory
models of several networks must come together, often in
more than one country.
The paper begins with a review of the nature networked systems
and then identifies ten characteristics that are common
to all networked industries (including communication, transportation
and energy): senders, receivers, channels, transport, traffic/payload,
security, signaling, scheduling, terminals and ancillaries.
It then discusses four problems that are common to all networked
industries: bottlenecks access to the network, and the special
economics of small vs. large traffic and short vs. long
hauls. Since all networks have these things in common we
can look to all of them for clues about how networks really
operate. We are not restricted to looking at communications
networks when we need new insights about some of our most
pressing problems. For example, this paper sets out some
important lessons for telecommunications networks that can
be found in the introduction of competition into airline
networks. The paper also identifies special considerations
for internetwork and intranetwork competition. It discusses
the role of cooperation in networks and why this makes them
difficult for competition regulators to analyze.
See
full paper here
Reliable Heterogeneous Applications
Joohan
Lee, Steve J. Chapin, Stephen Taylor
This
paper explores the notion of computational resiliency to
provide reliability in heterogeneous distributed applications.
The notion of reliability provides both software fault tolerance
and the ability to tolerate information warfare (IW) attacks.
This technology seeks to strengthen a military mission,
rather than protect its network infrastructure using static
defense measures such as network security, intrusion sensors,
and firewalls. Even if a failure or attack is successful
and never detected, it should be possible to continue information
operations and achieve mission objectives.
Computational
resiliency involves the dynamic use of replicated software
structures, guided by mission policy, to achieve reliable
operation. This paper examines a prototype concurrent programming
technology to support computational resiliency in a heterogeneous
distributed computing environment. The performance of the
technology is explored through two example applications.
See
full paper here
Type-Assisted
Dynamic Buffer Overflow Detection
Kyung-suk
Lhee, Steve J. Chapin
Programs
written in C are inherently vulnerable to buffer overflow
attacks. Functions are frequently passed pointers as parameters
without any hint of their sizes. Since their sizes are unknown,
most run time buffer overflow detection techniques rely
on signatures of known attacks or loosely estimate the range
of the referenced buffers. Although they are effective in
detecting most attacks, they are not infallible. In this
paper, we present a buffer overflow detection technique
that range checks the referenced buffers at run time. Our
solution is a small extension to a generic C compiler that
augments executable files with type information of automatic
buffers (local variable and parameters of functions) and
static buffers (global variables in data/bss section) in
order to detect the actual occurrence of buffer overflow.
It also maintains the sizes of allocated heap buffers. A
simple implementation is described with which we currently
protect vulnerable copy functions in the C library.
See
full paper here
Assuring
Consistency and Increasing Reliability in Group Communication
Mechanisms in Computational Resiliency
Norka
Lucena, Steve J. Chapin, Joohan Lee
The
Computational Resiliency library (CRLib) provides distributed
systems with the ability to sustain operation and dynamically
restore the level of assurance in system function during
attacks or failures. In the presence of arbitrary faults,
replicated threads need to agree on the values received
in order to achieve consistency, when doing group communication
in CRLib. To guarantee data integrity and increase reliability,
we have implemented a variant of the Lamport-Shostak-Pease
oral message algorithm for the Byzantine Generals problem,
which provides fuzzy agreement as well as a reduction of
the expected communication overhead. Instead of agreeing
on the original messages, which could be extremely large,
agreement is performed over the 160-bit hashes of normalized
messages computed using SHA-1. Performance measurements
of applications using CRLib supporting both fail-stop and
arbitrary failure models indicate that a reasonable overhead
in execution time is worth paying in cases when Byzantine
failures are expected.
See
full paper here
Oblivious
SignatureBased Envelope
Ninghui
Li, Wenliang(Kevin) Du, Dan Boneh
Exchange
of digitally signed certificates is often used to establish
mutual trust between strangers that wish to share resources
or to conduct business transactions. Automated Trust Negotiation
(ATN) is an approach to regulate the flow of sensitive information
during such an exchange. Previous work on ATN are based
on access control techniques and cannot handle cyclic policy
interdependence satisfactorily. We show that the problem
can be modeled as a 2-party secure function evaluation (SFE)
problem and propose a scheme called oblivious signature-based
envelope (OSBE) for efficiently solving the SFE problem.
See
full paper here
Using
Randomized Response Techniques for Privacy-Preserving Data
Mining
Wenliang(Kevin)
Du, Zhijun Zhan
Privacy
is an important issue in data mining and knowledge discovery.
In this paper, we propose to use the randomized response
techniques to conduct the data mining computation. Specifically,
we present a method to build decision tree classifiers from
the disguised data. Our results show that although the data
are disguised, our method can still achieve fairly high
accuracy. We also show how the parameters used in the randomized
response techniques affects the accuracy of the results.
See
full paper here
A
Witness-Based Approach For Data Fusion Assurance In Wireless
Sensor Networks
Wenliang(Kevin)
Du, Jing Deng, Yunghsiang S. Han, Pramod K. Varshney
In
wireless sensor networks, sensor nodes are spread randomly
over the coverage area to collect information of interest.
Data fusion is used to process these collected information
before they are sent to the base station, the observer of
the sensor network. We study the security of the data fusion
process in this work. In particular, we propose a witness-based
solution to assure the validation of the data sent from
data fusion nodes to the base station. We also present the
theoretical analysis for the overhead associated with the
mechanism, which indicates that even in an extremely harsh
environment, the overhead is low for the proposed mechanism.
See
full paper here
Using
An Instructional Operating System In Teaching Computer Security
Courses
Wenliang(Kevin)
Du
To
address national needs for computer security education,
many universities have incorporated computer and security
courses into their undergraduate and graduate curricula.
In these courses, students learn how to design, implement,
analyze, test, and operate a system or a network to achieve
security. Pedagogical research has shown that effective
laboratory exercises are critically important to the success
of this type of courses. However, such effective laboratories
do not exist in computer security education.
To fill this gap, we have developed an instructional operating
system, SMinix, based on the instructional OS (Minix) developed
for operating system and network courses.
See
full paper here
Testing
for Software Vulnerability Using Environmental Perturbation
Wenliang(Kevin)
Du, Aditya P. Mathur
We
describe a methodology for testing a software system for
possible security flaws. Based on the observation that most
security flaws are caused by the program's inappropriate
interactions with the environment, and triggered by user's
malicious perturbation on the environment (which we call
an environment fault), we view the the security testing
problem as the problem of testing for the fault-tolerance
properties of a software system. We consider each environment
perturbation as a fault and the resulting security compromise
a failure in the toleration of such faults. Our approach
is based on the well known technique of fault-injection.
Environment faults are injected into the system under test
and system behavior observed. The failure to tolerate faults
is an indicator of a potential security flaw in the system.
An Environmental-Application Interaction (EAI) fault model
is proposed which guides us to decide what faults to inject.
Based on EAI, we have developed a security testing methodology,
and apply it to several applications. We successfully identified
a number of vulnerabilities including vulnerabilities in
Windows NT operating system.
See
full paper here
Implementing
a Calculus for Distributed Access Control in Higher Order
Logic and HOL
Thumrongsak
Kosiyatrakul, Susan Older, Polar Humenn, Shiu-Kai Chin
Access control - determining
which requests for services should be honored or not - is
particularly difficult in networked systems. Assuring that
access-control decisions are made correctly involves determining
identities, privileges, and delegations. The basis for making
such decisions often relies upon cryptographically signed
statements that are evaluated within the context of an access-control
policy.
An
important class of access-control decisions involves brokered
services. The CORBA (Common Object Request Broker Architecture)
CSIv2 (Common Secure Interoperability version 2) protocol
is an internationally accepted standard for secure brokered
services. Showing that protocols such as CSIv2 fulfill their
purpose requires reasoning about identities, statements,
delegations, authorizations, and policies and their interactions.
We use formal logic and a theorem prover to meet this challenge.
See
full paper here
Wireless
Internet Access: 3G vs. WiFi?
Lee W. McKnight, William Lehr
This
article compares and contrasts two technologies for delivering
broadband wireless Internet access services: "3G"
vs. "WiFi". The former, 3G, refers to the collection
of third generation mobile technologies that are designed
to allow mobile operators to offer integrated data and voice
services over mobile networks. The latter, WiFi, refers
to the 802.11b wireless Ethernet standard that was designed
to support wireless LANs. Although the two technologies
reflect fundamentally different service, industry, and architectural
design goals, origins, and philosophies, each has recently
attracted a lot of attention as candidates for the dominant
platform for providing broadband wireless access to the
Internet. It remains an open question as to the extent to
which these two technologies are in competition or, perhaps,
may be complementary. If they are viewed as in competition,
then the triumph of one at the expense of the other would
be likely to have profound implications for the evolution
of the wireless Internet and structure of the service provider
industry.
See
full paper here
Internet,
Social Capital, and Democracy in the Information Age:
Korea’s Defeat Movement, the Red Devils, Candle Light
Anti-U.S.
Demonstration, and Presidential Election during 2000-2002
Jongwoo Han
Drawn
to unparalleled opportunities created by cyberspace, social
scientists have attempted to identify the impact of the
information technology revolution on democratic governance.
Will new technologies promote democracy? If so, how will
they change the political landscape and interact with preexisting
factors in society? These questions are closely related
to one of the most distressing indicators for the future
of democracy, the undiminishing presence of an apolitical
constituency, especially within the young generation. Thus,
the excluded young generation had no voice, leaving the
foundation of political systems vulnerable to the issues
of democratic unaccountability and weak legitimacy. This
phenomenon arose from the mechanism of the public sphere
in the industrial age, which is geared toward maintaining
the existing power relationships rather than toward reflecting
changes in society. Korea’s recent experience has clearly
indicated that in the information age, the Internet, when
combined with social capital, can change such disproportionate
power relationships. The Internet as a new public sphere
successfully serves as an explosive means of reconnecting
the tacit majority with social issues and empowering the
mostly apolitical young generation as a new political force.
In so doing, it will be the most critical feature on the
future map of power configuration in democracy. This article
argues that information technology alone does not determine
the successful evolution of democracy. Rather, it is social
capital that produced unprecedented political revolution
in Korea. This suggests that the impact of information technology
on the prospects for a country’s democracy is highly dependent
upon its social capital. This article analyzes how major
socio-political breakthroughs were accomplished and how
the transitions in social capital from offline to online
were facilitated in Korea by the Internet.
See
full paper here
Context
Sensitive Anomaly Monitoring of Process Control Flow to
Detect Mimicry Attacks and Impossible Paths
Haizhi Xu,Wenliang Du, and Steve J.
Chapin
Many
intrusions amplify rights or circumvent defenses by issuing
system calls in ways that the original process did not.
Defense against these attacks emphasizes preventing attacking
code from being introduced to the system and detecting or
preventing execution of the injected code. Another approach,
where this paper fits in, is to assume that both injection
and execution have occurred, and to detect and prevent the
executing code from subverting the target system. We propose
a method using waypoints: marks along the normal execution
path that a process must follow to successfully access operating
system services.Waypoints actively log trustworthy context
information as the program executes, allowing our anomaly
monitor to both monitor control flow and restrict system
call permissions to conform to the legitimate needs of application
functions. We describe our design and implementation of
waypoints and present results showing that waypoint-based
anomaly monitors can detect a subset of mimicry attacks
and impossible paths.
See
full paper here
