| 801 | <b>Castillo, Eduardo J. and Mountrouidou, Xenia and Li, Xiangyang</b> |
| 802 | , "Time Lord: Covert Timing Channel Implementation and Realistic Experimentation." |
| 803 | Proceedings of the 2017 ACM SIGCSE Technical Symposium on Computer Science Education, Seattle, Washington, USA, ACM, New York, NY, USA, |
| 804 | 2017. |
| 805 | doi:10.1145/3017680.3022463. |
| 806 | <a href="http://dx.doi.org/10.1145/3017680.3022463">http://dx.doi.org/10.1145/3017680.3022463</a> |
| 807 | <br><br><b>Abstract: </b>Covert channels are unique methods for exchanging messages, since they permit sending information secretly. Unlike encryption, covert communication allows to send information covertly, using an otherwise legitimate medium of transfer, thus it is not apparent that a message is being transferred at all. There is limited research on Covert Timing Channels (CTCs), i.e., channels that manipulate packet inter-arrival time to exchange messages based on a certain encoding. Implementing and testing CTCs in real network environments is lacking in the current literature due to sensitivity to network delays that significantly affects this type of communication. Thus, it is important to implement CTC communication to analyze the challenges of creating robust, efficient, and undetectable channels in real life situations. It is also paramount to test these implementations in a wide range of realistic network conditions. In this research, we have developed and tested two implementations of CTCs. The first implementation is based on [1] using standard bits encoding and ASCII for simplicity and robustness. This implementation suffers from easy detection. On the other hand, we developed the second implementation with goal to make the channel undetectable by using encoding with five different delays, i.e., symbols, where five symbols in a specific order correspond to one letter of the alphabet. This implementation has sufficient randomness to be undetected with standard statistical mechanisms. We have tested both implementations on local networks, the Global Environment for Network Innovations (GENI) controlled environment, networks across states in the US, and internationally. |
| 808 | </li> |
| 809 | <br> |
| 810 | |
| 811 | |
| 812 | |
| 813 | <li> |
| 943 | , "An SDN-supported collaborative approach for DDoS flooding detection and containment." |
| 944 | Military Communications Conference, MILCOM 2015 - 2015 IEEE, IEEE, |
| 945 | 2015. |
| 946 | doi:10.1109/milcom.2015.7357519. |
| 947 | <a href="http://dx.doi.org/10.1109/milcom.2015.7357519">http://dx.doi.org/10.1109/milcom.2015.7357519</a> |
| 948 | <br><br><b>Abstract: </b>Software Defined Networking (SDN) has the potential to enable novel security applications that support flexible, on-demand deployment of system elements. It can offer targeted forensic evidence collection and investigation of computer network attacks. Such unique capabilities are instrumental to network intrusion detection that is challenged by large volumes of data and complex network topologies. This paper presents an innovative approach that coordinates distributed network traffic Monitors and attack Correlators supported by Open Virtual Switches (OVS). The Monitors conduct anomaly detection and the Correlators perform deep packet inspection for attack signature recognition. These elements take advantage of complementary views and information availability on both the data and control planes. Moreover, they collaboratively look for network flooding attack signature constituents that possess different characteristics in the level of information abstraction. Therefore, this approach is able to not only quickly raise an alert against potential threats, but also follow it up with careful verification to reduce false alarms. We experiment with this SDN-supported collaborative approach to detect TCP SYN flood attacks on the Global Environment for Network Innovations (GENI), a realistic virtual testbed. The response times and detection accuracy, in the context of a small to medium corporate network, have demonstrated its effectiveness and scalability. |
| 949 | </li> |
| 950 | <br> |
| 951 | |
| 952 | <li> |
| 953 | <b>Chin, Tommy and Mountrouidou, Xenia and Li, Xiangyang and Xiong, Kaiqi</b> |
939 | | <li> |
940 | | <b>Chin, Tommy and Mountrouidou, Xenia and Li, Xiangyang and Xiong, Kaiqi</b> |
941 | | , "An SDN-supported collaborative approach for DDoS flooding detection and containment." |
942 | | Military Communications Conference, MILCOM 2015 - 2015 IEEE, IEEE, |
943 | | 2015. |
944 | | doi:10.1109/milcom.2015.7357519. |
945 | | <a href="http://dx.doi.org/10.1109/milcom.2015.7357519">http://dx.doi.org/10.1109/milcom.2015.7357519</a> |
946 | | <br><br><b>Abstract: </b>Software Defined Networking (SDN) has the potential to enable novel security applications that support flexible, on-demand deployment of system elements. It can offer targeted forensic evidence collection and investigation of computer network attacks. Such unique capabilities are instrumental to network intrusion detection that is challenged by large volumes of data and complex network topologies. This paper presents an innovative approach that coordinates distributed network traffic Monitors and attack Correlators supported by Open Virtual Switches (OVS). The Monitors conduct anomaly detection and the Correlators perform deep packet inspection for attack signature recognition. These elements take advantage of complementary views and information availability on both the data and control planes. Moreover, they collaboratively look for network flooding attack signature constituents that possess different characteristics in the level of information abstraction. Therefore, this approach is able to not only quickly raise an alert against potential threats, but also follow it up with careful verification to reduce false alarms. We experiment with this SDN-supported collaborative approach to detect TCP SYN flood attacks on the Global Environment for Network Innovations (GENI), a realistic virtual testbed. The response times and detection accuracy, in the context of a small to medium corporate network, have demonstrated its effectiveness and scalability. |
947 | | </li> |
948 | | <br> |
949 | | |
950 | | |
| 963 | |
| 964 | |
| 965 | <li> |
| 966 | <b>Chin, Tommy and Xiong, Kaiqi</b> |
| 967 | , "MPBSD: A Moving Target Defense Approach for Base Station Security in Wireless Sensor Networks." |
| 968 | Wireless Algorithms, Systems, and Applications, Springer International Publishing, |
| 969 | 2016. |
| 970 | doi:10.1007/978-3-319-42836-9_43. |
| 971 | <a href="http://dx.doi.org/10.1007/978-3-319-42836-9_43">http://dx.doi.org/10.1007/978-3-319-42836-9_43</a> |
| 972 | <br><br><b>Abstract: </b>This paper addresses one major concern on how to secure the location information of a base station in a compromised Wireless Sensor Network (WSN). In this concern, disrupting or damaging the wireless base station can be catastrophic for a WSN. To aid in the mitigation of this challenge, we present Moving Proximity Base Station Defense (MPBSD), a Moving Target Defense (MTD) approach to concealing the location of a base station within a WSN. In this approach, we employ multiple base stations to serve a WSN where one of the multiple base stations is elected to serve the WSN in a specific period of time. Specifically, our approach periodically changes the designation over a period of time to provide obscurity in the location information of the base station. We further evaluate MPBSD using a real-world testbed environment utilizing Wi-Fi frequencies. Our results show that MPBSD is an effective MTD approach to securing base stations for a WSN in term of sensory performance such as end-to-end delay. |
| 973 | </li> |
| 974 | <br> |
960 | | </li> |
961 | | <br> |
962 | | |
963 | | <li> |
964 | | <b>Chin, Tommy and Xiong, Kaiqi</b> |
965 | | , "MPBSD: A Moving Target Defense Approach for Base Station Security in Wireless Sensor Networks." |
966 | | Wireless Algorithms, Systems, and Applications, Springer International Publishing, |
967 | | 2016. |
968 | | doi:10.1007/978-3-319-42836-9_43. |
969 | | <a href="http://dx.doi.org/10.1007/978-3-319-42836-9_43">http://dx.doi.org/10.1007/978-3-319-42836-9_43</a> |
970 | | <br><br><b>Abstract: </b>This paper addresses one major concern on how to secure the location information of a base station in a compromised Wireless Sensor Network (WSN). In this concern, disrupting or damaging the wireless base station can be catastrophic for a WSN. To aid in the mitigation of this challenge, we present Moving Proximity Base Station Defense (MPBSD), a Moving Target Defense (MTD) approach to concealing the location of a base station within a WSN. In this approach, we employ multiple base stations to serve a WSN where one of the multiple base stations is elected to serve the WSN in a specific period of time. Specifically, our approach periodically changes the designation over a period of time to provide obscurity in the location information of the base station. We further evaluate MPBSD using a real-world testbed environment utilizing Wi-Fi frequencies. Our results show that MPBSD is an effective MTD approach to securing base stations for a WSN in term of sensory performance such as end-to-end delay. |
| 1717 | , "PVNs: Making virtualized network infrastructure usable." |
| 1718 | 2012 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS), |
| 1719 | 2012. |
| 1720 | |
| 1721 | <a href="http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=7846352">http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=7846352</a> |
| 1722 | <br><br><b>Abstract: </b>Network virtualization is becoming a fundamental building block of future Internet architectures. Although the underlying network infrastructure needed to dynamically create and deploy custom virtual networks is rapidly taking shape ( e.g., GENI), constructing and using a virtual network is still a challenging and labor intensive task, one best left to experts. In this paper, we present the concept of a Packaged Virtual Network (PVN), that enables normal users to easily download, deploy and use application-specific virtual networks. At the heart of our approach is a PVN Hypervisor that ” runs” a PVN by allocating the virtual network resources needed by the PVN and then connecting the PVN's participants into the network on demand. To demonstrate our PVN approach, we implemented a multicast PVN that runs on the PVN hypervisor prototype using ProtoGENI as the underlying virtual network, allowing average users to create their own private multicast network. |
| 1723 | </li> |
| 1724 | <br> |
| 1725 | |
| 1726 | <li> |
| 1727 | <b>Huang, Shufeng and Griffioen, James and Calvert, Ken</b> |
| 1832 | , "SARA: Segment aware rate adaptation algorithm for dynamic adaptive streaming over HTTP." |
| 1833 | Communication Workshop (ICCW), 2015 IEEE International Conference on, IEEE, |
| 1834 | 2015. |
| 1835 | doi:10.1109/iccw.2015.7247436. |
| 1836 | <a href="http://dx.doi.org/10.1109/iccw.2015.7247436">http://dx.doi.org/10.1109/iccw.2015.7247436</a> |
| 1837 | <br><br><b>Abstract: </b>Dynamic adaptive HTTP (DASH) based streaming is steadily becoming the most popular online video streaming technique. DASH streaming provides seamless playback by adapting the video quality to the network conditions during the video playback. A DASH server supports adaptive streaming by hosting multiple representations of the video and each representation is divided into small segments of equal playback duration. At the client end, the video player uses an adaptive bitrate selection (ABR) algorithm to decide the bitrate to be selected for each segment depending on the current network conditions. Currently, proposed ABR algorithms ignore the fact that the segment sizes significantly vary for a given video bitrate. Due to this, even though an ABR algorithm is able to measure the network bandwidth, it may fail to predict the time to download the next segment In this paper, we propose a segment-aware rate adaptation (SARA) algorithm that considers the segment size variation in addition to the estimated path bandwidth and the current buffer occupancy to accurately predict the time required to download the next segment We also developed an open source Python based emulated DASH video player, that was used to compare the performance of SARA and a basic ABR. Our results show that SARA provides a significant gain over the basic algorithm in the video quality delivered, without noticeably impacting the video switching rates. |
| 1838 | </li> |
| 1839 | <br> |
| 1840 | |
| 1841 | <li> |
| 1842 | <b>Juluri, Parikshit and Tamarapalli, Venkatesh and Medhi, Deep</b> |
1812 | 1847 | <a href="http://dx.doi.org/10.1109/noms.2016.7502805">http://dx.doi.org/10.1109/noms.2016.7502805</a> |
1813 | 1848 | <br><br><b>Abstract: </b>Dynamic Adaptive Streaming over HTTP (DASH) enables the video player to adapt the bitrate of the video while streaming to ensure playback without interruptions even with varying throughput. A DASH server hosts multiple representations of the same video, each of which is broken down into small segments of fixed playback duration. The video bitrate adaptation is purely driven by the player at the endhost. Typically, the player employs an Adaptive Bitrate (ABR) algorithm, that determines the most appropriate representation for the next segment to be downloaded, based on the current network conditions and user preferences. The aim of an ABR algorithm is to dynamically manage the Quality of Experience (QoE) of the user during the playback. ABR algorithms manage the QoE by maximizing the bitrate while at the same time trying to minimize the other QoE metrics: playback start time, duration and number of buffering events, and the number of bitrate switching events. Typically, the ABR algorithms manage the QoE by using the measured network throughput and buffer occupancy to adapt the playback bitrate. However, due to the video encoding schemes employed, the sizes of the individual segments may vary significantly. For low bandwidth networks, fluctuation in the segment sizes results in inaccurate estimation the expected segment fetch times, thereby resulting in inaccurate estimation of the optimum bitrate. In this paper we demonstrate how the Segment-Aware Rate Adaptation (SARA) algorithm, that considers the measured throughput, buffer occupancy, and the variation in segment sizes helps in better management of the users' QoE in a DASH system. By comparing with a typical throughput-based and buffer-based adaptation algorithm under varying network conditions, we demonstrate that SARA manages the QoE better, especially in a low bandwidth network. We also developed AStream, an open-source Python-based emulated DASH-video player that was used to evaluate three different ABR algor- thms and measure the QoE metrics with each of them. |
1814 | | </li> |
1815 | | <br> |
1816 | | |
1817 | | <li> |
1818 | | <b>Juluri, Parikshit and Tamarapalli, Venkatesh and Medhi, Deep</b> |
1819 | | , "SARA: Segment aware rate adaptation algorithm for dynamic adaptive streaming over HTTP." |
1820 | | Communication Workshop (ICCW), 2015 IEEE International Conference on, IEEE, |
1821 | | 2015. |
1822 | | doi:10.1109/iccw.2015.7247436. |
1823 | | <a href="http://dx.doi.org/10.1109/iccw.2015.7247436">http://dx.doi.org/10.1109/iccw.2015.7247436</a> |
1824 | | <br><br><b>Abstract: </b>Dynamic adaptive HTTP (DASH) based streaming is steadily becoming the most popular online video streaming technique. DASH streaming provides seamless playback by adapting the video quality to the network conditions during the video playback. A DASH server supports adaptive streaming by hosting multiple representations of the video and each representation is divided into small segments of equal playback duration. At the client end, the video player uses an adaptive bitrate selection (ABR) algorithm to decide the bitrate to be selected for each segment depending on the current network conditions. Currently, proposed ABR algorithms ignore the fact that the segment sizes significantly vary for a given video bitrate. Due to this, even though an ABR algorithm is able to measure the network bandwidth, it may fail to predict the time to download the next segment In this paper, we propose a segment-aware rate adaptation (SARA) algorithm that considers the segment size variation in addition to the estimated path bandwidth and the current buffer occupancy to accurately predict the time required to download the next segment We also developed an open source Python based emulated DASH video player, that was used to compare the performance of SARA and a basic ABR. Our results show that SARA provides a significant gain over the basic algorithm in the video quality delivered, without noticeably impacting the video switching rates. |
| 2012 | , "Performance of GENI Cloud Testbeds for Real Time Scientific Application." |
| 2013 | First GENI Research and Educational Experiment Workshop (GREE 2012), Los Angeles, |
| 2014 | 2012. |
| 2015 | |
| 2016 | |
| 2017 | <br><br><b>Abstract: </b>Dedicating high end servers for short-term execution of scientific applications such as weather forecasting wastes resources. Cloud platforms IaaS model seems well suited for applications which are executed on an irregular basis and for short duration. In this paper, we evaluate the performance of research testbed cloud platforms such as GENICloud and ORCA cloud clusters for our real-time scientific application of short-term weather forecasting called Nowcasting. In this paper, we evaluate the network capabilities of these research cloud testbeds for our real-time application of weather forecasting. In addition, we evaluate the computation time of executing Nowcasting on each cloud platform for weather data collected from real weather events. We also evaluate the total time taken to generate and transmit short-term forecast images to end users with live data from our own radar on campus. We also compare the performance of each of these clusters for Nowcasting with commercial cloud services such as Amazon's EC2. The results obtained from our measurement show that cloud testbeds are suitable for real-time application experiments to be carried out on a cloud platform. |
| 2018 | </li> |
| 2019 | <br> |
| 2020 | |
| 2021 | <li> |
| 2022 | <b>Krishnappa, Dilip K. and Lyons, Eric and Irwin, David and Zink, Michael</b> |
1992 | 2027 | <a href="http://dx.doi.org/10.1109/lcn.2012.6423665">http://dx.doi.org/10.1109/lcn.2012.6423665</a> |
1993 | 2028 | <br><br><b>Abstract: </b>Dedicating high-end servers for executing scientific applications that run intermittently, such as severe weather detection or generalized weather forecasting, wastes resources. While the Infrastructure-as-a-Service (IaaS) model used by today's cloud platforms is well-suited for the bursty computational demands of these applications, it is unclear if the network capabilities of today's cloud platforms are sufficient. In this paper, we analyze the networking capabilities of multiple commercial (Amazon's EC2 and Rackspace) and research (GENICloud and ExoGENI cloud) platforms in the context of a Nowcasting application, a forecasting algorithm for highly accurate, near-term, e.g., 5-20 minutes, weather predictions. The application has both computational and network requirements. While it executes rarely, whenever severe weather approaches, it benefits from an IaaS model; However, since its results are time-critical, enough bandwidth must be available to transmit radar data to cloud platforms before it becomes stale. We conduct network capacity measurements between radar sites and cloud platforms throughout the country. Our results indicate that ExoGENI cloud performs the best for both serial and parallel data transfer with an average throughput of 110.22 Mbps and 17.2 Mbps, respectively. We also found that the cloud services perform better in the distributed data transfer case, where a subset of nodes transmit data in parallel to a cloud instance. Ultimately, we conclude that commercial and research clouds are capable of providing sufficient bandwidth for our real-time Nowcasting application. |
1994 | | </li> |
1995 | | <br> |
1996 | | |
1997 | | <li> |
1998 | | <b>Krishnappa, Dilip K. and Lyons, Eric and Irwin, David and Zink, Michael</b> |
1999 | | , "Performance of GENI Cloud Testbeds for Real Time Scientific Application." |
2000 | | First GENI Research and Educational Experiment Workshop (GREE 2012), Los Angeles, |
2001 | | 2012. |
2002 | | |
2003 | | |
2004 | | <br><br><b>Abstract: </b>Dedicating high end servers for short-term execution of scientific applications such as weather forecasting wastes resources. Cloud platforms IaaS model seems well suited for applications which are executed on an irregular basis and for short duration. In this paper, we evaluate the performance of research testbed cloud platforms such as GENICloud and ORCA cloud clusters for our real-time scientific application of short-term weather forecasting called Nowcasting. In this paper, we evaluate the network capabilities of these research cloud testbeds for our real-time application of weather forecasting. In addition, we evaluate the computation time of executing Nowcasting on each cloud platform for weather data collected from real weather events. We also evaluate the total time taken to generate and transmit short-term forecast images to end users with live data from our own radar on campus. We also compare the performance of each of these clusters for Nowcasting with commercial cloud services such as Amazon's EC2. The results obtained from our measurement show that cloud testbeds are suitable for real-time application experiments to be carried out on a cloud platform. |
| 2411 | , "Software-Defined Network Exchanges (SDXs): Architecture, services, capabilities, and foundation technologies." |
| 2412 | Teletraffic Congress (ITC), 2014 26th International, IEEE, |
| 2413 | 2014. |
| 2414 | doi:10.1109/itc.2014.6932970. |
| 2415 | <a href="http://dx.doi.org/10.1109/itc.2014.6932970">http://dx.doi.org/10.1109/itc.2014.6932970</a> |
| 2416 | <br><br><b>Abstract: </b>Software Defined Networks (SDNs), primarily based on OpenFlow, are being deployed in single domain networks around the world. The popularity of SDNs has given rise to multiple considerations about designing, implementing, and operating Software-Defined Network Exchanges (SDXs), to enable SDNs to interconnect SDN islands and to extend SDNs across multiple domains. These goals can be accomplished only by developing new techniques that extend the single domain orientation of current SDN/OpenFlow approaches to include capabilities for multidomain control, including those for resource discovery, signaling, and dynamic provisioning. Several networking research communities have begun to investigate these concepts. Early architectural models of SDXs have been designed and implemented as prototypes. These SDXs are being used to conduct experiments and to demonstrate the potentials of SDXs. |
| 2417 | </li> |
| 2418 | <br> |
| 2419 | |
| 2420 | <li> |
| 2421 | <b>Mambretti, Joe and Chen, Jim and Yeh, Fei</b> |
2393 | | </li> |
2394 | | <br> |
2395 | | |
2396 | | <li> |
2397 | | <b>Mambretti, Joe and Chen, Jim and Yeh, Fei</b> |
2398 | | , "Software-Defined Network Exchanges (SDXs): Architecture, services, capabilities, and foundation technologies." |
2399 | | Teletraffic Congress (ITC), 2014 26th International, IEEE, |
2400 | | 2014. |
2401 | | doi:10.1109/itc.2014.6932970. |
2402 | | <a href="http://dx.doi.org/10.1109/itc.2014.6932970">http://dx.doi.org/10.1109/itc.2014.6932970</a> |
2403 | | <br><br><b>Abstract: </b>Software Defined Networks (SDNs), primarily based on OpenFlow, are being deployed in single domain networks around the world. The popularity of SDNs has given rise to multiple considerations about designing, implementing, and operating Software-Defined Network Exchanges (SDXs), to enable SDNs to interconnect SDN islands and to extend SDNs across multiple domains. These goals can be accomplished only by developing new techniques that extend the single domain orientation of current SDN/OpenFlow approaches to include capabilities for multidomain control, including those for resource discovery, signaling, and dynamic provisioning. Several networking research communities have begun to investigate these concepts. Early architectural models of SDXs have been designed and implemented as prototypes. These SDXs are being used to conduct experiments and to demonstrate the potentials of SDXs. |
| 2616 | <b>Mehto, RInkel and Sachdeva, Monika and Behal, Sunny</b> |
| 2617 | , "Performance Measurement of Web Services under UDP Attack using GENI Testbed." |
| 2618 | International Journal of Innovations in Engineering and Technology (IJIET), |
| 2619 | 2016. |
| 2620 | |
| 2621 | <a href="http://ijiet.com/wp-content/uploads/2017/01/64.pdf">http://ijiet.com/wp-content/uploads/2017/01/64.pdf</a> |
| 2622 | <br><br><b>Abstract: </b>Today, Internet is the primary medium for communication which is used by number of users across the Network. As one of the major security problems in the current Internet, a denial-of-service (DoS) attack always attempts to stop the victim from serving legitimate users. A Distributed Denial of Service (DDoS) attack is a DoS attack utilizing multiple distributed attack sources. The majority of DDoS attacks target the network and transport layers. During study of all work we came to know that most of the researchers had done similar work on Simulation based techniques. In this paper, we have measured the performance of Web services under DDoS attack using Real time testbed (GENI). GENI is Global Environment for network innovations. In this work, GENI test bed has been explored and topology has been created on which HTTP legitimate traffic and UDP attack traffic have been generated. Another application i.e User Datagram Protocol (UDP) is simplest Transport Layer communication protocol available of the TCP/IP protocol suite. It involves minimum amount of communication mechanism. Avg.Response Time , Avg.Round Trip Time (RTT) and Throughput in terms of good-put and bad-put is computed to measure impact of DDoS attacks on Web HTTP services. |
| 2623 | </li> |
| 2624 | <br> |
| 2625 | |
| 2626 | |
| 2627 | |
| 2628 | <li> |
2781 | | </li> |
2782 | | <br> |
2783 | | |
2784 | | <li> |
2785 | | <b>Ozcelik, Ilker and Brooks, Richard R.</b> |
2786 | | , "Operational System Testing for Designed in Security." |
2787 | | Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop, Oak Ridge, Tennessee, ACM, New York, NY, USA, |
2788 | | 2013. |
2789 | | doi:10.1145/2459976.2460038. |
2790 | | <a href="http://dx.doi.org/10.1145/2459976.2460038">http://dx.doi.org/10.1145/2459976.2460038</a> |
2791 | | <br><br><b>Abstract: </b>To design secure systems, one needs to understand how attackers use system vulnerabilities in their favor. This requires testing vulnerabilities on operational systems. However, working on operational systems is not always possible because of the risk of disturbance. In this study, we introduce an approach to experimenting using operational system data and performing real attacks without disturbing the original system. We applied this approach to a network security experiment and tested the performance of three detection methods. The approach used in this study can be used when developing systems with Designed-in Security to identify and test system vulnerabilities. |
| 2832 | <li> |
| 2833 | <b>Ozcelik, Ilker and Brooks, Richard R.</b> |
| 2834 | , "Operational System Testing for Designed in Security." |
| 2835 | Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop, Oak Ridge, Tennessee, ACM, New York, NY, USA, |
| 2836 | 2013. |
| 2837 | doi:10.1145/2459976.2460038. |
| 2838 | <a href="http://dx.doi.org/10.1145/2459976.2460038">http://dx.doi.org/10.1145/2459976.2460038</a> |
| 2839 | <br><br><b>Abstract: </b>To design secure systems, one needs to understand how attackers use system vulnerabilities in their favor. This requires testing vulnerabilities on operational systems. However, working on operational systems is not always possible because of the risk of disturbance. In this study, we introduce an approach to experimenting using operational system data and performing real attacks without disturbing the original system. We applied this approach to a network security experiment and tested the performance of three detection methods. The approach used in this study can be used when developing systems with Designed-in Security to identify and test system vulnerabilities. |
| 2840 | </li> |
| 2841 | <br> |
| 2842 | |
| 3379 | <b>Sevinc, Soner</b> |
| 3380 | , "A Framework for Access Control and Resource Allocation for Federations (Doctoral Dissertation)." |
| 3381 | Princeton, NJ, |
| 3382 | 2016. |
| 3383 | |
| 3384 | <a href="http://arks.princeton.edu/ark:/88435/dsp01n583xx39b">http://arks.princeton.edu/ark:/88435/dsp01n583xx39b</a> |
| 3385 | <br><br><b>Abstract: </b>In this thesis we address the access control and resource allocation problems in computational federations, such as testbeds and cloud computing federations. The computational federations of today are growing in their number of participant organizations, where one challenge is to allow organizations participate autonomously by expressing how much of their resources should be used and by whom, through complex policies. In addition, such organizations should be able to exchange resources with any other organizations without necessarily knowing all of them beforehand. We introduce our federation framework which allows to build federations in varying complexities easily, by synthesizing trust management, policy languages and resource discovery into a single system. Although these three have been studied separately in the past, we show that they are in fact related, and can be viewed as separate layers of a more general system. We argue that complex agreements that involve indirect trust relationships is one key way to enable resource exchange in a federation with numerous organizations, and this can be realized by our synthesis architecture that provides usability as well as expressiveness. As part of our framework, federation policy language (FPL) is used to express both the security and allocation policies, by providing simple primitives such as contracts that hide the underlying complexity. FPL primitives allow system administrators to express policies such as indirect trust and resource restrictions within the same construct. Underneath, FPL uses our distributed trust management system (CERTDIST) to implement and impose policy primitives. CERTDIST uses digital certificates to allow or deny resource requests and a DHT for complex distributive proofs in an e!cient way. The Resource discovery part of our framework (CODAL) is layered on top of FPL, and uses contracts to discover peers, FPL security and allocation policies to authorize for resources that are located possibly in many di↵erent organizations. We evaluate the federation framework with a realistic emulation of a large scale federation using real PlanetLab traces, that shows that complex policies can be expressed with a minimal amount of code, and we can e!ciently perform the access control and resource discovery operations in a federation. |
| 3386 | </li> |
| 3387 | <br> |
| 3388 | |
| 3389 | |
| 3390 | |
| 3391 | <li> |
| 3782 | <b>Turi, Leo</b> |
| 3783 | , "Contribution to the Federation of the asynchronous SmartSantander service layer within the European Fed4FIRE context (Master's Thesis)." |
| 3784 | |
| 3785 | 2015. |
| 3786 | |
| 3787 | <a href="http://tesi.cab.unipd.it/49627/1/turi_leo_tesi.pdf">http://tesi.cab.unipd.it/49627/1/turi_leo_tesi.pdf</a> |
| 3788 | <br><br><b>Abstract: </b>This thesis is a contribution to the federation of asynchronous SmartSantander service layer within the European Fed4FIRE context. The thesis was developed in a Smart City background, and its main aims were both to gain knowledge of how Smart Cities, Testbeds and Federations of Testbeds are structured by working on a real deployed system, i.e. SmartSantander framework and Fed4FIRE federation, and to contribute with some of the components required for the integration. The technical development carried out as part of this thesis mainly deals with three aspects of the testbed: resource discovery, asynchronous subscription management and measurement data delivery. As a result, a series of software components have been deployed on SmartSantander hardware and it will be running as part of the complete framework on the next testbed iteration. Together, they provide a new way of accessing to the sensor information SmartSantander can provide. During the development phase, we experimented with real hardware and software and worked with o -the-shelf technologies for testbed and federations. The complete work was developed at the University of Cantabria in collaboration with the TLMAT laboratory, which currently presides over SmartSantander. |
| 3789 | </li> |
| 3790 | <br> |
| 3791 | |
| 3792 | |
| 3793 | |
| 3794 | <li> |
| 5086 | <b>Castillo, Eduardo J. and Mountrouidou, Xenia and Li, Xiangyang</b> |
| 5087 | , "Time Lord: Covert Timing Channel Implementation and Realistic Experimentation." |
| 5088 | Proceedings of the 2017 ACM SIGCSE Technical Symposium on Computer Science Education, Seattle, Washington, USA, ACM, New York, NY, USA, |
| 5089 | 2017. |
| 5090 | doi:10.1145/3017680.3022463. |
| 5091 | </li> |
| 5092 | <br> |
| 5093 | |
| 5094 | |
| 5095 | |
| 5096 | <li> |
5139 | | <li> |
5140 | | <b>Chin, Tommy and Mountrouidou, Xenia and Li, Xiangyang and Xiong, Kaiqi</b> |
5141 | | , "An SDN-supported collaborative approach for DDoS flooding detection and containment." |
5142 | | Military Communications Conference, MILCOM 2015 - 2015 IEEE, IEEE, |
5143 | | 2015. |
5144 | | doi:10.1109/milcom.2015.7357519. |
5145 | | </li> |
5146 | | <br> |
5147 | | |
5148 | | |
| 5222 | |
| 5223 | |
| 5224 | <li> |
| 5225 | <b>Chin, Tommy and Xiong, Kaiqi</b> |
| 5226 | , "MPBSD: A Moving Target Defense Approach for Base Station Security in Wireless Sensor Networks." |
| 5227 | Wireless Algorithms, Systems, and Applications, Springer International Publishing, |
| 5228 | 2016. |
| 5229 | doi:10.1007/978-3-319-42836-9_43. |
| 5230 | </li> |
| 5231 | <br> |
| 6446 | , "Software-Defined Network Exchanges (SDXs): Architecture, services, capabilities, and foundation technologies." |
| 6447 | Teletraffic Congress (ITC), 2014 26th International, IEEE, |
| 6448 | 2014. |
| 6449 | doi:10.1109/itc.2014.6932970. |
| 6450 | </li> |
| 6451 | <br> |
| 6452 | |
| 6453 | <li> |
| 6454 | <b>Mambretti, Joe and Chen, Jim and Yeh, Fei</b> |
6367 | | </li> |
6368 | | <br> |
6369 | | |
6370 | | <li> |
6371 | | <b>Mambretti, Joe and Chen, Jim and Yeh, Fei</b> |
6372 | | , "Software-Defined Network Exchanges (SDXs): Architecture, services, capabilities, and foundation technologies." |
6373 | | Teletraffic Congress (ITC), 2014 26th International, IEEE, |
6374 | | 2014. |
6375 | | doi:10.1109/itc.2014.6932970. |
6695 | | </li> |
6696 | | <br> |
6697 | | |
6698 | | <li> |
6699 | | <b>Ozcelik, Ilker and Brooks, Richard R.</b> |
6700 | | , "Operational System Testing for Designed in Security." |
6701 | | Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop, Oak Ridge, Tennessee, ACM, New York, NY, USA, |
6702 | | 2013. |
6703 | | doi:10.1145/2459976.2460038. |
| 6801 | <li> |
| 6802 | <b>Ozcelik, Ilker and Brooks, Richard R.</b> |
| 6803 | , "Operational System Testing for Designed in Security." |
| 6804 | Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop, Oak Ridge, Tennessee, ACM, New York, NY, USA, |
| 6805 | 2013. |
| 6806 | doi:10.1145/2459976.2460038. |
| 6807 | </li> |
| 6808 | <br> |
| 6809 | |