Computer Network Security (eBook)

Preface 5
Organization 7
Table of Contents 11
Surreptitious Software: Models from Biology and History 15
Introduction 15
Notation 17
Attacks 18
Defenses 19
The Cover Primitive 19
The Copy Primitives 21
The Split and Merge Primitives 23
The Reorder Primitive 25
The Indirect Primitive 26
The Map Primitive 27
The Mimic Primitive 28
The Advertise Primitive 29
The Tamperproof Primitive 30
The Dynamic Primitive 32
Summary 33
Characterizing Software Self-healing Systems 36
Introduction 36
Self-healing Systems: What 37
Self-healing Systems: Why 38
Self-healing Systems: How 40
Self-healing Techniques 41
Self-healing Systems: Future Directions 43
Conclusions 44
Assumptions: The Trojan Horses of Secure Protocols 48
Introduction 48
Classical Distributed Algorithms Design 49
Assumptions as Vulnerabilities 50
On Resource Exhaustion 51
On the Substance of Assumptions 53
Conclusion 54
Smart Cards and Digital Security 56
Introduction 56
Network Authentication 57
Virtual Private Network with PKI 57
WiFi Authentication 57
Internet Services Authentication 58
Authentication with PKI and Certificates 59
One-Time Passwords 59
Extensible Web Authentication Framework 61
Web Authentication for Identity Frameworks 62
PC Software Integrity 65
Trusted Platform Module and Smart Cards 66
USB Smart Cards 67
Conclusion 68
References 69
Virus Throttle as Basis for ProActive Defense 71
Introduction 71
Adaptive Networks and ProActive Defense 72
Basis for the Adaptive Network: Intelligence 73
ProCurve ProActive Defense 74
Virus Throttle: From HP Labs to ProCurve 76
Need for Adaption 76
Resulting Throttle Algorithm 77
Proving ProCurve Virus Throttle Works 79
Analysis of Hash-Based Approach 79
Analysis with Real Network Traffic 82
Current Status and Future Work 86
References 87
Technologies for Protection Against Insider Attacks on Computer Systems 89
Introduction 89
Common Model of Insider Attack 90
Technologies for Protection Against Insider Attacks 91
Organizational Security Controls 92
Technical Security Controls 92
Overview of Existing Security Solutions for Protection Against Insiders 93
Microsoft Rights Management Service 93
InfoWatch Enterprise Solution 94
The Security Policy Management System “Enterprise Guard” 95
Security Control System “DeviceLock” 96
Conclusion 97
References 98
Access Control and Declassification 99
Introduction 99
The language 101
Security (pre-)Lattices 101
Syntax and Operational Semantics 102
The Type and Effect System 105
Type Safety 108
Secure Information Flow 109
Conclusion 111
Reasoning About Delegation and Account Access in Retail Payment Systems 113
Introduction 113
A Logic for Reasoning About Access Control 114
Overview of the Logic 114
Semantics 115
Inference Rules 115
Delegation and Its Properties 116
Checking Using an Electronic Clearing House Network 119
Conclusions 127
Performance Evaluation of Keyless Authentication Based on Noisy Channel 129
Introduction 129
Model for Key Distribution in Presence of Active Eavesdropper 129
Authentication Based on Noisy Channels 131
Performance Evaluation of AC's 131
Asymptotic Code Rate for AC's 135
Authentication Based on Bit-Wise Method 138
Conclusion 139
Avoiding Key Redistribution in Key Assignment Schemes 141
Introduction 141
Preliminaries 142
Key Assignment Schemes 143
Implementation Considerations 144
Remaining Difficulties and Motivation 146
Avoiding Key Redistribution in KASs 146
User-Based KASs 147
Performance Evaluation 148
Discussion 149
Is HKE KAS the Best Two-Step Scheme? 150
Related work 151
Existing KASs 151
Optimised KASs 151
Conclusion and Future Research 152
Fern : An Updatable Authenticated Dictionary Suitable for Distributed Caching 155
Introduction 155
Fern 156
Analysis: Number of Refresh Queries 158
Conclusion 160
Class of Provably Secure Information Authentication Systems 161
Introduction 161
Class of Public Key Cryptosystems 162
Provable Security 164
Cryptosystem with Minimum Value z 165
Conclusion 166
References 166
A New Modeling Paradigm for Dynamic Authorization in Multi-domain Systems 167
Introduction 167
Characteristics of Multi-domain Interactions 167
New Modeling Paradigm for Dynamic Authorization 168
The Extended UCON_$ABC$ Model 169
EUCON Attributes 169
EUCON Authorizations 171
EUCON Obligations and Conditions 171
Related Work 172
Conclusion and Future Work 172
Synthesis of Non-interferent Distributed Systems 173
Introduction 173
Preliminaries 175
Labeled Transition Systems 175
Bisimulation, Restriction and Abstraction 176
The Modal $/mu$ -Calculus and Characteristic Formulæ 176
Control and Non-interference 177
Control Problems 177
Non-interference Problems 179
Control of Non-interference 179
SNNI Control Problem 180
BSNNI Control Problem 181
Conclusion 183
Privacy-Preserving Credential Verification for Non-monotonic Trust Management Systems 185
Introduction 185
Problem Definition 186
Credential Verification Scheme 188
Overview of the Scheme 188
Architecture 189
Cryptographic Building Blocks 191
Profile Entry 191
Credential Verification Protocol 192
Zero-Knowledge Proof Protocol 193
Security Analysis 194
Related Work 194
Conclusion and Future Work 195
Covert Channel Invisibility Theorem 201
Introduction 201
Mathematical Model 203
The Example 207
Conclusion 209
Policy-Based Proactive Monitoring of Security Policy Performance 211
Introduction 211
Related Work and the Approach Suggested 212
Main Stages and Techniques 213
Restrictions and Optimization Approaches 215
System Architecture, Implementation and Experiments 221
Conclusion 224
References 225
Comparing Electronic Battlefields: Using Mean Time-To- Compromise as a Comparative Security Metric 227
Introduction 227
Lessons Learnt from Physical Security 229
Attack Zones 230
Predator Model 231
Attack Path Model 233
Estimating State Times 233
The State-Time Estimation Algorithm (STEA)^2 234
Estimating Strike State Times Using Attack Trees 236
Building MTTC Intervals 237
Case Study 238
Future Research 239
Conclusions 240
References 240
Abstraction Based Verification of a Parameterised Policy Controlled System 242
Introduction 242
Related Work 243
Collaboration Scenario 245
Verification of System Properties 246
Formal Modelling Technique 247
Abstraction Based Verification Concept 249
Verification Tool 250
Verification of the Collaboration Scenario 251
Proving Security and Liveness of the Collaboration Example 253
Conclusions and Future Work 254
Algebraic Models to Detect and Solve Policy Conflicts 256
Introduction 256
Motivation and Related Work 257
A Model for Conflict Detection 258
A Model for Conflict Resolution 259
The Tool 260
Conclusions and Future Work 261
Event Calculus Based Checking of Filtering Policies 262
Introduction 262
Filtering Policy Anomalies 263
Event Calculus and Axiomatization 263
Software Prototype 265
Conclusions 267
References 267
A New Approach to Security Evaluation of Operating Systems 268
Introduction 268
The Related Works 269
A Security Fundament in Modern Operating Systems 270
Calculation of the Effective Permissions 271
Conclusion 273
References 273
Multi-agent Peer-to-Peer Intrusion Detection 274
Introduction: Modern Information Technology Trends 274
Security of P2P Agent-Based Service-Oriented Systems 276
Related Works 278
P2P Agent Platform and P2P Provider 278
Multi-agent P2P Intrusion Detection 279
P2P IDS Agent Learning of Decision Combining 281
Conclusions and Future Work 283
References 284
An Interval Temporal Logic-Based Matching Framework for Finding Occurrences of Multi-event Attack Signatures 286
Introduction 286
Locating Matches of Attack Signatures 288
Matching SigITL Signatures 289
$Sig$ITL Model 289
$Sig$ITL* Matching Model 290
Algorithm $Sig$ITL*-Match 292
Basic Notation 292
Matching Mechanism 293
$Sig$ITL* Matching Framework 294
All Matches 294
First Match, $k$-Match and Shortest Match 295
Simulation Experiments 296
Conclusion and Future Work 297
Towards Fully Automatic Defense Mechanism for a Computer Network Emulating Active Immune Response 300
Introduction 300
Existing Research 302
Mathematical Model of the Immune-Type Response of the Network 305
Principle of System Operation and Major System Components 310
Attack Detection/Identification 311
Generation of the Feedback Signal 312
The Control Station 313
The Control Law 315
System Implementation 317
Mathematical Models of Intrusion Detection by an Intelligent Immunochip 322
Introduction 322
Mathematical Models 323
Formal Immune Network 323
Singular Value Decomposition 324
Discrete Tree Transform 324
Entropy and Separability 325
Computing Scheme 326
Test Examples 327
Discussion 330
Conclusion 331
References 332
A Novel Intrusion Detection System for a Local Computer Network 334
Background 334
Dynamic Code Analyzer 335
Dealing with Computer Worms 338
Server-Level Analysis of Local Alarms 341
The Implementation Aspects and Results 344
Investigation of the Effectiveness of Alert Correlation Methods in a Policy-Based Security Framework 348
Introduction 348
Outline of Alert Correlation Methods 349
Investigation of Alert Correlation Effectiveness 349
The Architecture of the Testbed 349
Metrics of Alert Correlation Effectiveness Employed 350
Results of the Experiment 350
Conclusions 352
Host-Based Intrusion Detection System: Model and Design Features 354
Introduction 354
Development of the Analysis Module 354
System Model Identifying Security Policy Violations 355
Intrusion Detection Model 356
Unified Model 356
Features of Development of the Data Acquisition Module 357
Conclusion 359
References 359
Interval Approach to Preserving Privacy in Statistical Databases: Related Challenges and Algorithms of Computational Statistics 360
Interval Approach to Preserving Privacy in Statistical Databases 360
Related Challenges and Algorithms of Computational Statistics 362
New Problem: Hierarchical Statistical Analysis Under Privacy-Related Interval Uncertainty 365
Formulation of the Problem in Precise Terms and Main Result 366
Proof 367
Auxiliary Result: What If the Frequencies Are Also Only Known with Interval Uncertainty? 370
Conclusion 373
Fast Service Restoration Under Shared Protection at Lightpath Level in Survivable WDM Mesh Grooming Networks 376
Introduction 376
Sharing the Backup Path Capacities in WDM Grooming Networks Under PAL 379
ILP Model of Sharing the Backup Capacities for Traffic Grooming (FSR-SLL-VCO) 382
Heuristic Algorithm of Sharing the Backup Capacities in WDM Grooming Networks (FSR-SLL-VCH) 383
Modeling Assumptions 384
Modeling Results 386
WDM Layer Link Capacity Utilization Ratio 386
Length of a Backup Lightpath 387
Values of Service Restoration Time at WDM Layer 388
Modeling Results for Varying Network Load 389
Conclusion 390
References 390
Anycast Communication – A New Approach to Survivability of Connection-Oriented Networks 392
Introduction 392
Anycasting in Connection-Oriented Networks 393
Problem Formulation 394
Algorithm 396
Results 398
Conclusion 402
References 402
Privacy Preserving Context Transfer in All-IP Networks 404
Introduction 404
The Problem: Privacy Issues in Context Transfer Protocol 405
The Proposed Solution 405
Mobile Node Submitted Context 406
Frequent NAI Change 407
Discussion 408
Conclusions 409
References 409
Environment-Aware Trusted Data Delivery in Multipath Wireless Protocols 410
Introduction 410
Technique 411
Performance Evaluation and Discussion 413
References 415
A Spatial Watermarking Algorithm for Video Images 416
Introduction 416
Watermarking Algorithms 417
Experiments 419
Conclusions 421
References 421
Watermarking Software to Signal Copy Protection 422
Introduction 422
Background 423
The Copy Protection Scheme 424
The Software Watermarking Technique 425
Results 426
Conclusions 426
Summary 427
References 427
Author Index 428