Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
- Discipline
- Publication Year
Articles 1 - 15 of 15
Full-Text Articles in Physical Sciences and Mathematics
Pinpoint: Efficient And Effective Resource Isolation For Mobile Security And Privacy, Paul Ratazzi, Ashok Bommisetti, Nian Ji, Wenliang Du
Pinpoint: Efficient And Effective Resource Isolation For Mobile Security And Privacy, Paul Ratazzi, Ashok Bommisetti, Nian Ji, Wenliang Du
Electrical Engineering and Computer Science - All Scholarship
Virtualization is frequently used to isolate untrusted processes and control their access to sensitive resources. However, isolation usually carries a price in terms of less resource sharing and reduced inter-process communication. In an open architecture such as Android, this price and its impact on performance, usability, and transparency must be carefully considered. Although previous efforts in developing general-purpose isolation solutions have shown that some of these negative sideeffects can be mitigated, doing so involves overcoming significant design challenges by incorporating numerous additional platform complexities not directly related to improved security. Thus, the general purpose solutions become inefficient and burdensome if …
Identifying And Analyzing Pointer Misuses For Sophisticated Memory-Corruption Exploit Diagnosis, Mingwei Zhang, Aravind Prakash, Xiaolei Li, Zhenkai Liang, Heng Yin
Identifying And Analyzing Pointer Misuses For Sophisticated Memory-Corruption Exploit Diagnosis, Mingwei Zhang, Aravind Prakash, Xiaolei Li, Zhenkai Liang, Heng Yin
Electrical Engineering and Computer Science - Technical Reports
Software exploits are one of the major threats to internet security. To quickly respond to these attacks, it is critical to automatically diagnose such exploits and find out how they circumvent existing defense mechanisms.
Mitigating Dos Attacks Against Broadcast Authentication In Wireless Sensor Networks, Peng Ning, An Liu, Wenliang Du
Mitigating Dos Attacks Against Broadcast Authentication In Wireless Sensor Networks, Peng Ning, An Liu, Wenliang Du
Electrical Engineering and Computer Science - All Scholarship
Broadcast authentication is a critical security service in wireless sensor networks. There are two general approaches for broadcast authentication in wireless sensor networks: digital signatures and µTESLA-based techniques. However, both signature-based and µTESLA-based broadcast authentication are vulnerable to Denial of Services (DoS) attacks: An attacker can inject bogus broadcast packets to force sensor nodes to perform expensive signature verifications (in case of signature-based broadcast authentication) or packet forwarding (in case of µTESLA-based broadcast authentication), thus exhausting their limited battery power. This paper presents an efficient mechanism called message specific puzzle to mitigate such DoS attacks. In addition to signature-based or …
Privacy-Maxent: Integrating Background Knowledge In Privacy Quantification, Wenliang Du, Zhouxuan Teng, Zutao Zhu
Privacy-Maxent: Integrating Background Knowledge In Privacy Quantification, Wenliang Du, Zhouxuan Teng, Zutao Zhu
Electrical Engineering and Computer Science - All Scholarship
Privacy-Preserving Data Publishing (PPDP) deals with the publication of microdata while preserving people’s private information in the data. To measure how much private information can be preserved, privacy metrics is needed. An essential element for privacy metrics is the measure of how much adversaries can know about an individual’s sensitive attributes (SA) if they know the individual’s quasi-identifiers (QI), i.e., we need to measure P(SA | QI). Such a measure is hard to derive when adversaries’ background knowledge has to be considered. We propose a systematic approach, Privacy-MaxEnt, to integrate background knowledge in privacy quantification. Our approach is based on …
A Key Predistribution Scheme For Sensor Networks Using Deployment Knowledge, Wenliang Du, Jing Deng, Yunghsiang S. Han, Pramod K. Varshney
A Key Predistribution Scheme For Sensor Networks Using Deployment Knowledge, Wenliang Du, Jing Deng, Yunghsiang S. Han, Pramod K. Varshney
Electrical Engineering and Computer Science - All Scholarship
To achieve security in wireless sensor networks, it is important to be able to encrypt messages sent among sensor nodes. Keys for encryption purposes must be agreed upon by communicating nodes. Due to resource constraints, achieving such key agreement in wireless sensor networks is non-trivial. Many key agreement schemes used in general networks, such as Diffie-Hellman and public-key based schemes, are not suitable for wireless sensor networks. Pre-distribution of secret keys for all pairs of nodes is not viable due to the large amount of memory used when the network size is large. Recently, a random key pre-distribution scheme and …
An Efficient Scheme For Authenticating Public Keys In Sensor Networks, Wenliang Du, Ronghua Wang, Peng Ning
An Efficient Scheme For Authenticating Public Keys In Sensor Networks, Wenliang Du, Ronghua Wang, Peng Ning
Electrical Engineering and Computer Science - All Scholarship
With the advance of technology, Public Key Cryptography (PKC) will sooner or later be widely used in wireless sensor networks. Recently, it has been shown that the performance of some public key algorithms, such as Elliptic Curve Cryptography (ECC), is already close to being practical on sensor nodes. However, the energy consumption of PKC is still expensive, especially compared to symmetric-key algorithms. To maximize the lifetime of batteries, we should minimize the use of PKC whenever possible in sensor networks. This paper investigates how to replace one of the important PKC operations–the public key authentication–with symmetric key operations that are …
Searching For High-Value Rare Events With Uncheatable Grid Computing, Wenliang Du, Michael T. Goodrich
Searching For High-Value Rare Events With Uncheatable Grid Computing, Wenliang Du, Michael T. Goodrich
Electrical Engineering and Computer Science - All Scholarship
High-value rare-event searching is arguably the most natural application of grid computing, where computational tasks are distributed to a large collection of clients (which comprise the computation grid) in such a way that clients are rewarded for performing tasks assigned to them. Although natural, rare-event searching presents significant challenges for a computation supervisor, who partitions and distributes the search space out to clients while contending with “lazy” clients, who don’t do all their tasks, and “hoarding ” clients, who don’t report rare events back to the supervisor. We provide schemes, based on a technique we call chaff injection, for efficiently …
Searching For High-Value Rare Events With Uncheatable Grid Computing, Wenliang Du, Michael T. Goodrich
Searching For High-Value Rare Events With Uncheatable Grid Computing, Wenliang Du, Michael T. Goodrich
Electrical Engineering and Computer Science - All Scholarship
High-value rare-event searching is arguably the most natural application of grid computing, where computational tasks are distributed to a large collection of clients (which comprise the computation grid) in such a way that clients are rewarded for performing tasks assigned to them. Although natural, rare-event searching presents significant challenges for a computation supervisor, who partitions and distributes the search space out to clients while contending with “lazy” clients, who don’t do all their tasks, and “hoarding ” clients, who don’t report rare events back to the supervisor. We provide schemes, based on a technique we call chaff injection, for efficiently …
Privacy-Preserving Multivariate Statistical Analysis: Linear Regression And Classification, Wenliang Du, Yunghsiang S. Han, Shigang Chen
Privacy-Preserving Multivariate Statistical Analysis: Linear Regression And Classification, Wenliang Du, Yunghsiang S. Han, Shigang Chen
Electrical Engineering and Computer Science - All Scholarship
Analysis technique that has found applications in various areas. In this paper, we study some multivariate statistical analysis methods in Secure 2-party Computation (S2C) framework illustrated by the following scenario: two parties, each having a secret data set, want to conduct the statistical analysis on their joint data, but neither party is willing to disclose its private data to the other party or any third party. The current statistical analysis techniques cannot be used directly to support this kind of computation because they require all parties to send the necessary data to a central place. In this paper, We define …
A Practical Approach To Solve Secure Multi-Party Computation Problems, Wenliang Du, Zhijun Zhan
A Practical Approach To Solve Secure Multi-Party Computation Problems, Wenliang Du, Zhijun Zhan
Electrical Engineering and Computer Science - All Scholarship
Secure Multi-party Computation (SMC) problems deal with the following situation: Two (or many) parties want to jointly perform a computation. Each party needs to contribute its private input to this computation, but no party should disclose its private inputs to the other parties, or to any third party. With the proliferation of the Internet, SMC problems becomes more and more important. So far no practical solution has emerged, largely because SMC studies have been focusing on zero information disclosure, an ideal security model that is expensive to achieve. Aiming at developing practical solutions to SMC problems, we propose a new …
Privacy-Preserving Cooperative Statistical Analysis, Wenliang Du, Mikhail J. Atallah
Privacy-Preserving Cooperative Statistical Analysis, Wenliang Du, Mikhail J. Atallah
Electrical Engineering and Computer Science - All Scholarship
The growth of the Internet opens up tremendous opportunities for cooperative computation, where the answer depends on the private inputs of separate entities. Sometimes these computations may occur between mutually untrusted entities. The problem is trivial if the context allows the conduct of these computations by a trusted entity that would know the inputs from all the participants; however if the context disallows this then the techniques of secure multi-party computation become very relevant and can provide useful solutions. Statistic analysis is a widely used computation in real life, but the known methods usually require one to know the whole …
A Pairwise Key Pre-Distribution Scheme For Wireless Sensor Networks, Wenliang Kevin Du, Jing Deng, Yunghsiang S. Han, Pramod K. Varshney
A Pairwise Key Pre-Distribution Scheme For Wireless Sensor Networks, Wenliang Kevin Du, Jing Deng, Yunghsiang S. Han, Pramod K. Varshney
Electrical Engineering and Computer Science - All Scholarship
This paper, we provide a framework in which to study the security of key pre-distribution schemes, propose a new key pre-distribution scheme which substantially improves the resilience of the network compared to previous schemes, and give an in-depth analysis of our scheme in terms of network resilience and associated overhead. Our scheme exhibits a nice threshold property: when the number of compromised nodes is less than the threshold, the probability that communications between any additional nodes are compromised is close to zero. This desirable property lowers the initial payoff of smaller-scale network breaches to an adversary, and makes it necessary …
Java’S Insecure Parallelism, Per Brinch Hansen
Java’S Insecure Parallelism, Per Brinch Hansen
College of Engineering and Computer Science - Former Departments, Centers, Institutes and Projects
The author examines the synchronization features of Java and finds that they are insecure variants of his earliest ideas in parallel programming published in 1972-73. The claim that Java supports monitors is shown to be false. The author concludes that Java ignores the last twenty-five years of research in parallel programming languages.
Formal Analysis Of A Secure Communication Channel: Secure Core-Email Protocol, Dan Zhou, Shiu-Kai Chin
Formal Analysis Of A Secure Communication Channel: Secure Core-Email Protocol, Dan Zhou, Shiu-Kai Chin
Electrical Engineering and Computer Science - All Scholarship
To construct a highly-assured implementation of secure communication channels we must have clear definitions of the security services, the channels, and under what assumptions these channels provide the desired services. We formally define secure channel services and develop a detailed example. The example is a core protocol common to a family of secure email systems. We identify the necessary properties of cryptographic algorithms to ensure that the email protocol is secure, and we verify that the email protocol provides secure services under these assumptions. We carry out the definitions and verifications in higher-order logic using the HOL theorem-prover. All our …
Resource Access Control For An Internet User Agent, Nataraj Nagaratnam, Steven B. Byrne
Resource Access Control For An Internet User Agent, Nataraj Nagaratnam, Steven B. Byrne
Electrical Engineering and Computer Science - All Scholarship
The rapid increase in the Internet's connectivity has lead to proportional increase in the development of Web-based applications. Usage of downloadable content has proved effective in a number of emerging applications including electronic commerce, software components on-demand, and collaborative systems. In all these cases, Internet user agents (like browsers, tuners) are widely used by the clients to utilize and execute such downloadable content. With this new technology of using downloadable content comes the problem of the downloaded content obtaining unauthorized access to the client's resources. In effect, granting a hostile remote principal the requested access to client's resources may lead …