Physical Sciences and Mathematics Commons^™

Secure Context-Sensitive Authorization, Kazuhiro Minami, David Kotz

Computer Science Technical Reports

There is a recent trend toward rule-based authorization systems to achieve flexible security policies. Also, new sensing technologies in pervasive computing make it possible to define context-sensitive rules, such as ``allow database access only to staff who are currently located in the main office.'' However, these rules, or the facts that are needed to verify authority, often involve sensitive context information. This paper presents a secure context-sensitive authorization system that protects confidential information in facts or rules. Furthermore, our system allows multiple hosts in a distributed environment to perform the evaluation of an authorization query in a collaborative way; we …

Discrete-Time Fractional Differentiation From Integer Derivatives, Hany Farid

Computer Science Technical Reports

Discrete-time fractional derivative filters (1-D and 2-D) are shown to be well approximated from a small set of integer derivatives. A fractional derivative of arbitrary order (and, in 2-D, of arbitrary orientation) can therefore be efficiently computed from a linear combination of integer derivatives of the underlying signal or image.

Secure Hardware Enhanced Myproxy: A Ph.D. Thesis Proposal, John Marchesini, David Kotz

Computer Science Technical Reports

In 1976, Whitfield Diffie and Martin Hellman demonstrated how "New Directions In Cryptography" could enable secure information exchange between parties that do not share secrets. In order for public key cryptography to work in modern distributed environments, we need an infrastructure for finding and trusting other parties' public keys (i.e., a PKI). A number of useful applications become possible with PKI. While the applications differ in how they use keys (e.g., S/MIME uses the key for message encryption and signing, while client-side SSL uses the key for authentication), all applications share one assumption: users have keypairs. In previous work, we …

A Survey Of Wpa And 802.11i Rsn Authentication Protocols, Kwang-Hyun Baek, Sean W. Smith, David Kotz

Computer Science Technical Reports

In the new standards for WLAN security, many choices exist for the authentication process. In this paper, we list eight desired properties of WLAN authentication protocols, survey eight recent authentication protocols, and analyze the protocols according to the desired properties.

Problems With The Dartmouth Wireless Snmp Data Collection, Tristan Henderson, David Kotz

Computer Science Technical Reports

The original Dartmouth wireless network study used SNMP to query the college's Cisco 802.11b access points. The perl scripts that performed the SNMP queries suffered from some problems, in that they queried inappropriate SNMP values, or misunderstood the meaning of other values. This data was also used in a subsequent analysis. The same scripts were used to collect data for a subsequent study of another wireless network. This document outlines these problems and indicates which of the data collected by the original scripts may be invalid.

Composing A Well-Typed Region, Chris Hawblitzel, Heng Huang, Lea Wittie

Computer Science Technical Reports

Efficient low-level systems need more control over memory than safe high-level languages usually provide. In particular, safe languages usually prohibit explicit deallocation, in order to prevent dangling pointers. Regions provide one safe deallocation mechanism; indeed, many region calculi have appeared recently, each with its own set of operations and often complex rules. This paper encodes regions from lower-level typed primitives (linear memory, coercions, and delayed types), so that programmers can design their own region operations and rules.

Mercer Kernels For Object Recognition With Local Features, Siwei Lyu

Computer Science Technical Reports

In this paper, we propose a new class of kernels for object recognition based on local image feature representations. Formal proofs are given to show that these kernels satisfy the Mercer condition and reflect similarities between sets of local features. In addition, multiple types of local features and semilocal constraints are incorporated to reduce mismatches between local features, thus further improve the classification performance. Experimental results of SVM classifiers coupled with the proposed kernels are reported on ecognition tasks with the standard COIL-100 database and compared with existing methods. The proposed kernels achieved satisfactory performance and were robust to changes …

Efficient Wait-Free Implementation Of Multiword Ll/Sc Variables, Prasad Jayanti, Srdjan Petrovic

Computer Science Technical Reports

Since the design of lock-free data structures often poses a formidable intellectual challenge, researchers are constantly in search of abstractions and primitives that simplify this design. The multiword LL/SC object is such a primitive: many existing algorithms are based on this primitive, including the nonblocking and wait-free universal constructions of Anderson and Moir (1995), the closed objects construction of Chandra et al.(1998) and the snapshot algorithms of Jayanti (2002, 2004). In this paper, we consider the problem of implementing a W-word LL/SC object shared by N processes. The previous best algorithm, due to Anderson and Moir (1995), is time optimal …

Automatic Image Orientation Determination With Natural Image Statistics, Siwei Lyu

Computer Science Technical Reports

In this paper, we propose a new method for automatically determining image orientations. This method is based on a set of natural image statistics collected from a multi-scale multi-orientation image decomposition (e.g., wavelets). From these statistics, a two-stage hierarchal classification with multiple binary SVM classifiers is employed to de- termine image orientation. The proposed method is evaluated and compared to existing methods with experiments performed on 18040 natural images, where it showed promising performance.

Creating And Detecting Doctored And Virtual Images: Implications To The Child Pornography Prevention Act, Hany Farid

Computer Science Technical Reports

The 1996 Child Pornography Prevention Act (CPPA) extended the existing federal criminal laws against child pornography to include certain types of "virtual porn". In 2002, the United States Supreme Court found that portions of the CPPA, being overly broad and restrictive, violated First Amendment rights. The Court ruled that images containing an actual minor or portions of a minor are not protected, while computer generated images depicting a fictitious "computer generated" minor are constitutionally protected. In this report I outline various forms of digital tampering, placing them in the context of this recent ruling. I also review computational techniques for …

Exposing Digital Forgeries By Detecting Duplicated Image Regions, Alin C. Popescu, Hany Farid

Computer Science Technical Reports

We describe an efficient technique that automatically detects duplicated regions in a digital image. This technique works by first applying a principal component analysis to small fixed-size image blocks to yield a reduced dimension representation. This representation is robust to minor variations in the image due to additive noise or lossy compression. Duplicated regions are then detected by lexicographically sorting all of the image blocks. We show the efficacy of this technique on credible forgeries, and quantify its robustness and sensitivity to additive noise and lossy JPEG compression.

Outdoor Experimental Comparison Of Four Ad Hoc Routing Algorithms, Robert S. Gray, David Kotz, Calvin Newport, Nikita Dubrovsky, Aaron Fiske, Jason Liu, Christopher Masone, Susan Mcgrath, Yougu Yuan

Computer Science Technical Reports

Most comparisons of wireless ad hoc routing algorithms involve simulated or indoor trial runs, or outdoor runs with only a small number of nodes, potentially leading to an incorrect picture of algorithm performance. In this paper, we report on the results of an outdoor trial run of four different routing algorithms, APRL, AODV, GPSR, and STARA, running on top of thirty-three 802.11-enabled laptops moving randomly through an athletic field. The laptops generated random traffic according to the traffic patterns observed in a prototype application, and ran each routing algorithm for a fifteen-minute period over the course of the hour-long trial …

Experimental Evaluation Of Wireless Simulation Assumptions, David Kotz, Calvin Newport, Robert S. Gray, Jason Liu, Yougu Yuan, Chip Elliott

Computer Science Technical Reports

All analytical and simulation research on ad~hoc wireless networks must necessarily model radio propagation using simplifying assumptions. Although it is tempting to assume that all radios have circular range, have perfect coverage in that range, and travel on a two-dimensional plane, most researchers are increasingly aware of the need to represent more realistic features, including hills, obstacles, link asymmetries, and unpredictable fading. Although many have noted the complexity of real radio propagation, and some have quantified the effect of overly simple assumptions on the simulation of ad~hoc network protocols, we provide a comprehensive review of six assumptions that are still …

Technological Implications For Privacy, David Kotz

Computer Science Technical Reports

The World-Wide Web is increasingly used for commerce and access to personal information stored in databases. Although the Web is ``just another medium'' for information exchange, the fact that all the information is stored in computers, and all of the activity happens in computers and computer networks, makes it easier (cheaper) than every to track users' activities. By recording and analyzing user's activities in the Web, activities that may seem to be quite private to many users, it is more likely than ever before that a person's privacy may be threatened. In this paper I examine some of the technology …

A Holesome File System, Darren Erik Vengroff, David Kotz

Computer Science Technical Reports

We present a novel approach to fully dynamic management of physical disk blocks in Unix file systems. By adding a single system call, zero, to an existing file system, we permit applications to create holes, that is, regions of files to which no physical disk blocks are allocated, far more flexibly than previously possible. zero can create holes in the middle of existing files. Using zero, it is possible to efficiently implement applications including a variety of databases and I/O-efficient computation systems on top of the Unix file system. zero can also be used to implement an efficient file-system-based paging …

The Kerf Toolkit For Intrusion Analysis, Javed Aslam, Sergey Bratus, David Kotz, Ron Peterson, Daniela Rus, Brett Tofel

Computer Science Technical Reports

We consider the problem of intrusion analysis and present the Kerf Toolkit, whose purpose is to provide an efficient and flexible infrastructure for the analysis of attacks. The Kerf Toolkit includes a mechanism for securely recording host and network logging information for a network of workstations, a domain-specific language for querying this stored data, and an interface for viewing the results of such a query, providing feedback on these results, and generating new queries in an iterative fashion. We describe the architecture of Kerf, present examples to demonstrate the power of our query language, and discuss the performance of our …

The Changing Usage Of A Mature Campus-Wide Wireless Network, Tristan Henderson, David Kotz, Ilya Abyzov

Computer Science Technical Reports

Wireless Local Area Networks (WLANs) are now common on academic and corporate campuses. As ``Wi-Fi'' technology becomes ubiquitous, it is increasingly important to understand trends in the usage of these networks. This paper analyzes an extensive network trace from a mature 802.11 WLAN, including more than 550 access points and 7000 users over seventeen weeks. We employ several measurement techniques, including syslogs, telephone records, SNMP polling and tcpdump packet sniffing. This is the largest WLAN study to date, and the first to look at a large, mature WLAN and consider geographic mobility. We compare this trace to a trace taken …

Identification Of Novel Small Molecule Inhibitors Of Core-Binding Factor Dimerization By Computational Screening Against Nmr Molecular Ensemble, Ryan H. Lilien, Mohini Sridharan, Bruce R. Donald

Computer Science Technical Reports

The long development process of novel pharmaceutical compounds begins with the identification of a lead inhibitor compound. Computational screening to identify those ligands, or small molecules, most likely to inhibit a target protein may benefit the pharmaceutical development process by reducing the time required to identify a lead compound. Typically, computational ligand screening utilizes high-resolution structural models of both the protein and ligand to fit or `dock' each member of a ligand database into the binding site of the protein. Ligands are then ranked by the number and quality of interactions formed in the predicted protein-ligand complex. It is currently …

A Meeting Detector And Its Applications, Jue Wang, Guanling Chen, David Kotz

Computer Science Technical Reports

In this paper we present a context-sensing component that recognizes meetings in a typical office environment. Our prototype detects the meeting start and end by combining outputs from pressure and motion sensors installed on the chairs. We developed a telephone controller application that transfers incoming calls to voice-mail when the user is in a meeting. Our experiments show that it is feasible to detect high-level context changes with ``good enough'' accuracy, using low-cost, off-the-shelf hardware, and simple algorithms without complex training. We also note the need for better metrics to measure context detection performance, other than just accuracy. We propose …

Dependency Management In Distributed Settings, Guanling Chen, David Kotz

Computer Science Technical Reports

Ubiquitous-computing environments are heterogeneous and volatile in nature. Systems that support ubicomp applications must be self-managed, to reduce human intervention. In this paper, we present a general service that helps distributed software components to manage their dependencies. Our service proactively monitors the liveness of components and recovers them according to supplied policies. Our service also tracks the state of components, on behalf of their dependents, and may automatically select components for the dependent to use based on evaluations of customized functions. We believe that our approach is flexible and abstracts away many of the complexities encountered in ubicomp environments. In …

Keyjacking: The Surprising Insecurity Of Client-Side Ssl, John Marchesini, S W. Smith, Meiyuan Zhao

Computer Science Technical Reports

In theory, PKI can provide a flexible and strong way to authenticate users in distributed information systems. In practice, much is being invested in realizing this vision via client-side SSL and various client keystores. However, whether this works depends on whether what the machines do with the private keys matches what the humans think they do: whether a server operator can conclude from an SSL request authenticated with a user's private key that the user was aware of and approved that request. Exploring this vision, we demonstrate via a series of experiments that this assumption does not hold with standard …

A Case Study Of Four Location Traces, Guanling Chen, David Kotz

Computer Science Technical Reports

Location is one of the most important context information that an ubiquitous-computing application may leverage. Thus understanding the location systems and how location-aware applications interact with them is critical for design and deployment of both the location systems and location-aware applications. In this paper, we analyze a set of traces collected from two small-scale one-building location system and two large-scale campus-wide location systems. Our goal is to study characteristics of these location systems ant how these factors should be taken into account by a potentially large number of location-aware applications with different needs. We make empirical measurements of several important …

Application-Controlled Loss-Tolerant Data Dissemination, Guanling Chen, David Kotz

Computer Science Technical Reports

Reactive or proactive mobile applications require continuous monitoring of their physical and computational environment to make appropriate decisions in time. These applications need to monitor data streams produced by sensors and react to changes. When mobile sensors and applications are connected by low-bandwidth wireless networks, sensor data rates may overwhelm the capacity of network links or of the applications. In traditional networks and distributed systems, flow-control and congestion-control policies either drop data or force the sender to pause. When the data sender is sensing the physical environment, however, a pause is equivalent to dropping data. Arbitrary data drops are not …

Greenpass: Flexible And Scalable Authorization For Wireless Networks, Sean Smith, Nicholas C. Goffee, Sung Hoon Kim, Punch Taylor, Meiyuan Zhao, John Marchesini

Computer Science Technical Reports

Wireless networks break the implicit assumptions that supported authorization in wired networks (that is: if one could connect, then one must be authorized). However, ensuring that only authorized users can access a campus-wide wireless network creates many challenges: we must permit authorized guests to access the same network resources that internal users do; we must accommodate the de-centralized way that authority flows in real universities; we also must work within standards, and accommodate the laptops and systems that users already have, without requiring additional software or plug-ins.

This paper describes our ongoing project to address this problem, using SPKI/SDSI delegation …

Tr-2004001: Tableaux For The Logic Of Proofs, Bryan Renne

Computer Science Technical Reports

No abstract provided.

Tr-2004002: Oopn: An Object-Oriented Petri Nets And Its Integrated Development Environment, Jinzhong Niu, Jing Zou, Aihua Ren

Computer Science Technical Reports

No abstract provided.

Tr-2004004: Implementing And Automating Basic Number Theory In Metaprl Proof Assistant, Yegor Bryukhov, Alexei Kopylov, Vladimir Krupski, Aleksey Nogin

Computer Science Technical Reports

No abstract provided.

Tr-2004010: Optimal Reversible Quantum Circuit For Multiplication, Anh Quoc Nguyen

Computer Science Technical Reports

No abstract provided.

Tr-2004009: A Reduction Of The Matrix Eigenproblem To Polynomial Rootfinding Via Similarity Transforms Into Arrow-Head Matrices, Victor Y. Pan

Computer Science Technical Reports

No abstract provided.

Tr-2004011: Logic Of Knowledge With Justifications From The Provability Perspective, Sergei Artemov, Elena Nogina

Computer Science Technical Reports

No abstract provided.