Final Year IEEE Project 2013-2014 - Dependable and Secure Computing Project Title and Abstract

Elysium Technologies Private Limited
Singapore | Madurai | Chennai | Trichy | Coimbatore | Cochin | Ramnad |
Pondicherry | Trivandrum | Salem | Erode | Tirunelveli
http://www.elysiumtechnologies.com, info@elysiumtechnologies.com
13 Years of Experience
Automated Services
24/7 Help Desk Support
Experience & Expertise Developers
Advanced Technologies & Tools
Legitimate Member of all Journals
Having 1,50,000 Successive records in
all Languages
More than 12 Branches in Tamilnadu,
Kerala & Karnataka.
Ticketing & Appointment Systems.
Individual Care for every Student.
Around 250 Developers & 20
Researchers

227-230 Church Road, Anna Nagar, Madurai – 625020.
0452-4390702, 4392702, + 91-9944793398.
info@elysiumtechnologies.com, elysiumtechnologies@gmail.com
S.P.Towers, No.81 Valluvar Kottam High Road, Nungambakkam,
Chennai - 600034. 044-42072702, +91-9600354638,
chennai@elysiumtechnologies.com
15, III Floor, SI Towers, Melapudur main Road, Trichy – 620001.
0431-4002234, + 91-9790464324.
trichy@elysiumtechnologies.com
577/4, DB Road, RS Puram, Opp to KFC, Coimbatore – 641002
0422- 4377758, +91-9677751577.
coimbatore@elysiumtechnologies.com

Plot No: 4, C Colony, P&T Extension, Perumal puram, Tirunelveli-
627007. 0462-2532104, +919677733255,
tirunelveli@elysiumtechnologies.com
1st Floor, A.R.IT Park, Rasi Color Scan Building, Ramanathapuram
- 623501. 04567-223225,
+919677704922.ramnad@elysiumtechnologies.com
74, 2nd floor, K.V.K Complex,Upstairs Krishna Sweets, Mettur
Road, Opp. Bus stand, Erode-638 011. 0424-4030055, +91-
9677748477 erode@elysiumtechnologies.com
No: 88, First Floor, S.V.Patel Salai, Pondicherry – 605 001. 0413–
4200640 +91-9677704822
pondy@elysiumtechnologies.com
TNHB A-Block, D.no.10, Opp: Hotel Ganesh Near Busstand. Salem
– 636007, 0427-4042220, +91-9894444716.
salem@elysiumtechnologies.com

ETPL
DSC-001
SORT: A Self-Organizing Trust Model for Peer-to-Peer Systems
Abstract: Open nature of peer-to-peer systems exposes them to malicious activity. Building trust
relationships among peers can mitigate attacks of malicious peers. This paper presents distributed
algorithms that enable a peer to reason about trustworthiness of other peers based on past interactions and
recommendations. Peers create their own trust network in their proximity by using local information
available and do not try to learn global trust information. Two contexts of trust, service, and
recommendation contexts, are defined to measure trustworthiness in providing services and giving
recommendations. Interactions and recommendations are evaluated based on importance, recentness, and
peer satisfaction parameters. Additionally, recommender's trustworthiness and confidence about a
recommendation are considered while evaluating recommendations. Simulation experiments on a file
sharing application show that the proposed model can mitigate attacks on 16 different malicious behavior
models. In the experiments, good peers were able to form trust relationships in their proximity and isolate
malicious peers.
ETPL
DSC-002
To lie or to comply: Defending against Flood Attacks in Disruption Tolerant Networks
Disruption Tolerant Networks (DTNs) utilize the mobility of nodes and the opportunistic contacts among
nodes for data communications. Due to the limitation in network resources such as contact opportunity
and buffer space, DTNs are vulnerable to flood attacks in which attackers send as many packets or packet
replicas as possible to the network, in order to deplete or overuse the limited network resources. In this
paper, we employ rate limiting to defend against flood attacks in DTNs, such that each node has a limit
over the number of packets that it can generate in each time interval and a limit over the number of
replicas that it can generate for each packet. We propose a distributed scheme to detect if a node has
violated its rate limits. To address the challenge that it is difficult to count all the packets or replicas sent
by a node due to lack of communication infrastructure, our detection adopts claim-carry-and-check: each
node itself counts the number of packets or replicas that it has sent and claims the count to other nodes;
the receiving nodes carry the claims when they move, and cross-check if their carried claims are
inconsistent when they contact. The claim structure uses the pigeonhole principle to guarantee that an
attacker will make inconsistent claims which may lead to detection. We provide rigorous analysis on the
probability of detection, and evaluate the effectiveness and efficiency of our scheme with extensive trace-
driven simulations.
ETPL
DSC-003
Discovery and Resolution of Anomalies in Web Access Control Policies
Emerging computing technologies such as Web services, service-oriented architecture, and cloud
computing has enabled us to perform business services more efficiently and effectively. However, we still
suffer from unintended security leakages by unauthorized actions in business services while providing
more convenient services to Internet users through such a cutting-edge technological growth.
Furthermore, designing and managing Web access control policies are often error-prone due to the
lack of effective analysis mechanisms and tools. In this paper, we represent an
innovative policyanomaly analysis approach for Web access control policies, focusing on XACML
(eXtensible AccessControl Markup Language) policy. We introduce a policy-based segmentation
technique to accurately identify policy anomalies and derive effective anomaly resolutions, along with an
intuitive visualization representation of analysis results. We also discuss a proof-of-concept
implementation of our method called XAnalyzer and demonstrate how our approach can efficiently
discover and resolve policyanomalies.

ETPL
DSC-004
Location-Aware and Safer Cards: Enhancing RFID Security and Privacy via Location
Sensing
Abstract: In this paper, we report on a new approach for enhancing security and privacy in certain RFID
applications whereby location or location-related information (such as speed) can serve as a legitimate
access context. Examples of these applications include access cards, toll cards, credit cards, and other
payment tokens. We show that location awareness can be used by both tags and back-end servers for
defending against unauthorized reading and relay attacks on RFID systems. On the tag side, we design a
location-aware selective unlocking mechanism using which tags can selectively respond to reader
interrogations rather than doing so promiscuously. On the server side, we design a location-aware secure
transaction verification scheme that allows a bank server to decide whether to approve or deny a payment
transaction and detect a specific type of relay attack involving malicious readers. The premise of our work
is a current technological advancement that can enable RFID tags with low-cost location (GPS) sensing
capabilities. Unlike prior research on this subject, our defenses do not rely on auxiliary devices or require
any explicit user involvement.
ETPL
DSC-005
Malware Clearance for Secure Commitment of OS-Level Virtual Machines
Abstract: A virtual machine(VM) can be simply created upon use and disposed upon the completion of
the tasks or the detection of error. The disadvantage of this approach is that if there is no malicious
activity, the user has to redo all of the work in her actual workspace since there is no easy way to commit
(i.e., merge) only the benign updates within the VM back to the host environment. In this work, we
develop a VM commitment system called Secom to automatically eliminate malicious state changes when
merging the contents of an OS-level VM to the host. Secom consists of three steps: grouping state
changes into clusters, distinguishing between benign and malicious clusters, and committing benign
clusters. Secom has three novel features. First, instead of relying on a huge volume of log data, it
leverages OS-level information flow and malware behavior information to recognize malicious changes.
As a result, the approach imposes a smaller performance overhead. Second, different from existing
intrusion detection and recovery systems that detect compromised OS objects one by one, Secom
classifies objects into clusters and then identifies malicious objects on a cluster by cluster basis. Third, to
reduce the false-positive rate when identifying malicious clusters, it simultaneously considers two
malware behaviors that are of different types and the origin of the processes that exhibit these behaviors,
rather than considers a single behavior alone as done by existing malware detection methods. We have
successfully implemented Secom on the feather-weight virtual machine system, a Windows-based OS-
level virtualization system. Experiments show that the prototype can effectively eliminate malicious state
changes while committing a VM with small performance degradation. Moreover, compared with the
commercial antimalware tools, the Secom prototype has a smaller number of false negatives and thus can
more thoroughly clean up malware side effects. In addition, the number of false positiv- s of the Secom
prototype is also lower than that achieved by the online behavior-based approach of the commercial tools.
ETPL
DSC-006
Securing Class Initialization in Java-like Languages
Abstract: Language-based information-flow security is concerned with specifying and enforcing security
policies for information flow via language constructs. Although much progress has been made on
understanding information flow in object-oriented programs, little attention has been given to the impact
of class initialization on information flow. This paper turns the spotlight on security implications of class
initialization. We reveal the subtleties of information propagation when classes are initialized, and
demonstrate how these flows can be exploited to leak information through error recovery. Our main
contribution is a type-and-effect system which tracks these information flows. The type system is

parameterized by an arbitrary lattice of security levels. Flows through the class hierarchy and
dependencies in field initializers are tracked by typing class initializers wherever they could be executed.
The contexts in which each class can be initialized are tracked to prevent insecure flows of out-of-scope
contextual information through class initialization statuses and error recovery. We show that the type
system enforces termination-insensitive noninterference.
ETPL
DSC-007
The Foundational Work of Harrison-Ruzzo-Ullman Revisited
Abstract: The work by Harrison, Ruzzo, and Ullman (the HRU paper) on safety in the context of the
access matrix model is widely considered to be foundational work in access control. In this paper, we
address two errors we have discovered in the HRU paper. To our knowledge, these errors have not been
previously reported in the literature. The first error regards a proof that shows that safety analysis for
mono-operational HRU systems is in NP. The error stems from a faulty assumption that such systems are
monotonic for the purpose of safety analysis. We present a corrected proof in this paper. The second error
regards a mapping from one version of the safety problem to another that is presented in the HRU paper.
We demonstrate that the mapping is not a reduction, and present a reduction that enables us to infer that
the second version of safety introduced in the HRU paper is also undecidable for the HRU scheme. These
errors lead us to ask whether the notion of safety as defined in the HRU paper is meaningful. We
introduce other notions of safety that we argue have more intuitive appeal, and present the corresponding
safety analysis results for the HRU scheme.
ETPL
DSC-008
Unprivileged Black-Box Detection of User-Space Keyloggers
Abstract: Software keyloggers are a fast growing class of invasive software often used to harvest
confidential information. One of the main reasons for this rapid growth is the possibility for unprivileged
programs running in user space to eavesdrop and record all the keystrokes typed by the users of a system.
The ability to run in unprivileged mode facilitates their implementation and distribution, but, at the same
time, allows one to understand and model their behavior in detail. Leveraging this characteristic, we
propose a new detection technique that simulates carefully crafted keystroke sequences in input and
observes the behavior of the keylogger in output to unambiguously identify it among all the running
processes. We have prototyped our technique as an unprivileged application, hence matching the same
ease of deployment of a keylogger executing in unprivileged mode. We have successfully evaluated the
underlying technique against the most common free keyloggers. This confirms the viability of our
approach in practical scenarios. We have also devised potential evasion techniques that may be adopted to
circumvent our approach and proposed a heuristic to strengthen the effectiveness of our solution against
more elaborated attacks. Extensive experimental results confirm that our technique is robust to both false
positives and false negatives in realistic settings.
ETPL
DSC-009
Non-Cooperative Location Privacy
Abstract: In mobile networks, authentication is a required primitive for most security protocols.
Unfortunately, an adversary can monitor pseudonyms used for authentication to track the location of
mobile nodes. A frequently proposed solution to protect location privacy suggests that mobile nodes
collectively change their pseudonyms in regions called mix zones. This approach is costly. Self-interested
mobile nodes might, thus, decide not to cooperate and jeopardize the achievable location privacy. In this
paper, we analyze non-cooperative behavior of mobile nodes by using a game-theoretic model, where
each player aims at maximizing its location privacy at a minimum cost. We obtain Nash equilibria in
static n-player complete information games. As in practice mobile nodes do not know their opponents'
payoffs, we then consider static incomplete information games. We establish that symmetric Bayesian-

Nash equilibria exist with simple threshold strategies. By means of numerical results, we predict behavior
of selfish mobile nodes. We then investigate dynamic games where players decide to change their
pseudonym one after the other and show how this affects strategies at equilibrium. Finally, we design
protocols-PseudoGame protocols-based on the results of our analysis and simulate their performance in
vehicular network scenarios.
ETPL
DSC-010
On Inference-Proof View Processing of XML Documents
Abstract: This work aims at treating the inference problem in XML documents that are assumed to
represent potentially incomplete information. The inference problem consists in providing a control
mechanism for enforcing inference-usability confinement of XML documents. More formally, an
inference-proof view of an XML document is required to be both indistinguishable from the actual XML
document to the clients under their inference capabilities, and to neither contain nor imply any
confidential information. We present an algorithm for generating an inference-proof view by weakening
the actual XML document, i.e., eliminating confidential information and other information that could be
used to infer confidential information. In order to avoid inferences based on the schema of the XML
documents, the DTD of the actual XML document is modified according to the weakening operations as
well, such that the modified DTD conforms with the generated inference-proof view.
ETPL
DSC-011
Predicting Architectural Vulnerability on Multithreaded Processors under Resource
Contention and Sharing
Abstract: Architectural vulnerability factor (AVF) characterizes a processor's vulnerability to soft errors.
Interthread resource contention and sharing on a multithreaded processor (e.g., SMT, CMP) shows
nonuniform impact on a program's AVF when it is co-scheduled with different programs. However,
measuring the AVF is extremely expensive in terms of hardware and computation. This paper proposes a
scalable two-level predictive mechanism capable of predicting a program's AVF on a SMT/CMP
architecture from easily measured metrics. Essentially, the first-level model correlates the AVF in a
contention-free environment with important performance metrics and the processor configuration, while
the second-level model captures the interthread resource contention and sharing via processor structures'
occupancies. By utilizing the proposed scheme, we can accurately estimate any unseen program's soft
error vulnerability under resource contention and sharing with any other program(s), on an arbitrarily
configured multithreaded processor. In practice, the proposed model can be used to find soft error
resilient thread-to-core scheduling for multithreaded processors.
ETPL
DSC-012
A System for Timely and Controlled Information Sharing in Emergency Situations,
Abstract: During natural disasters or emergency situations, an essential requirement for an effective
emergency management is the information sharing. In this paper, we present an access control model to
enforce controlled information sharing in emergency situations. An in-depth analysis of the model is
discussed throughout the paper, and administration policies are introduced to enhance the model
flexibility during emergencies. Moreover, a prototype implementation and experiments results are
provided showing the efficiency and scalability of the system.
ETPL
DSC-013
DNS for Massive-Scale Command and Control
Abstract: Attackers, in particular botnet controllers, use stealthy messaging systems to set up large-scale
command and control. To systematically understand the potential capability of attackers, we investigate
the feasibility of using domain name service (DNS) as a stealthy botnet command-and-control channel.
We describe and quantitatively analyze several techniques that can be used to effectively hide malicious
DNS activities at the network level. Our experimental evaluation makes use of a two-month-long 4.6-GB

campus network data set and 1 million domain names obtained from alexa.com. We conclude that the
DNS-based stealthy command-and-control channel (in particular, the codeword mode) can be very
powerful for attackers, showing the need for further research by defenders in this direction. The statistical
analysis of DNS payload as a countermeasure has practical limitations inhibiting its large-scale
deployment.
ETPL
DSC-014
On the Privacy Risks of Virtual Keyboards: Automatic Reconstruction of Typed Input
from Compromising Reflections,
Abstract: We investigate the implications of the ubiquity of personal mobile devices and reveal new
techniques for compromising the privacy of users typing on virtual keyboards. Specifically, we show that
so-called compromising reflections (in, for example, a victim's sunglasses) of a device's screen are
sufficient to enable automated reconstruction, from video, of text typed on a virtual keyboard. Through
the use of advanced computer vision and machine learning techniques, we are able to operate under
extremely realistic threat models, in real-world operating conditions, which are far beyond the range of
more traditional OCR-based attacks. In particular, our system does not require expensive and bulky
telescopic lenses: rather, we make use of off-the-shelf, handheld video cameras. In addition, we make no
limiting assumptions about the motion of the phone or of the camera, nor the typing style of the user, and
are able to reconstruct accurate transcripts of recorded input, even when using footage captured in
challenging environments (e.g., on a moving bus). To further underscore the extent of this threat, our
system is able to achieve accurate results even at very large distances-up to 61 m for direct surveillance,
and 12 m for sunglass reflections. We believe these results highlight the importance of adjusting privacy
expectations in response to emerging technologies.
ETPL
DSC-015
WarningBird: A Near Real-Time Detection System for Suspicious URLs in Twitter
Stream
Abstract: Twitter is prone to malicious tweets containing URLs for spar, phishing, and malware
distribution. Conventional Twitter spar detection schemes utilize account features such as the ratio of
tweets containing URLs and the account creation date, or relation features in the Twitter graph. These
detection schemes are ineffective against feature fabrications or consume much time and resources.
Conventional suspicious URL detection schemes utilize several features including lexical features of
URLs, URL redirection, HTIUIL content, and dynamic behavior. However, evading techniques such as
time-based evasion and crawler evasion exist. in this paper, we propose WARNINGBIRD, a suspicious
URL detection system for Twitter. Our system investigates correlations of URL redirect chains extracted
from several tweets. Because attackers have limited resources and usually reuse them, their URL redirect
chains frequently share the same URLs. We develop methods to discover correlated URL redirect chains
using the frequently shared URLs and to determine their suspiciousness. We collect numerous tweets
from the Twitter public timeline and build a statistical classifier using them. Evaluation results show that
our classifier accurately and efficiently detects suspicious URLs. We also present WARNINGBIRD as a
near real-time system for classifying suspicious URLs in the Twitter stream.
ETPL
DSC-016
NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Network
Systems
Abstract: Cloud security is one of most important issues that has attracted a lot of research and
development effort in past few years. Particularly, attackers can explore vulnerabilities of a cloud system
and compromise virtual machines to deploy further large-scale Distributed Denial-of-Service (DDoS).
DDoS attacks usually involve early stage actions such as multistep exploitation, low-frequency
vulnerability scanning, and compromising identified vulnerable virtual machines as zombies, and finally
DDoS attacks through the compromised zombies. Within the cloud system, especially the Infrastructure-
as-a-Service (IaaS) clouds, the detection of zombie exploration attacks is extremely difficult. This is

because cloud users may install vulnerable applications on their virtual machines. To prevent vulnerable
virtual machines from being compromised in the cloud, we propose a multiphase distributed vulnerability
detection, measurement, and countermeasure selection mechanism called NICE, which is built on attack
graph-based analytical models and reconfigurable virtual network-based countermeasures. The proposed
framework leverages OpenFlow network programming APIs to build a monitor and control plane over
distributed programmable virtual switches to significantly improve attack detection and mitigate attack
consequences. The system and security evaluations demonstrate the efficiency and effectiveness of the
proposed solution.
ETPL
DSC-017
Security and Privacy-Enhancing Multicloud Architectures
Abstract: Security challenges are still among the biggest obstacles when considering the adoption of cloud
services. This triggered a lot of research activities, resulting in a quantity of proposals targeting the
various cloud security threats. Alongside with these security issues, the cloud paradigm comes with a new
set of unique features, which open the path toward novel security approaches, techniques, and
architectures. This paper provides a survey on the achievable security merits by making use of multiple
distinct clouds simultaneously. Various distinct architectures are introduced and discussed according to
their security and privacy capabilities and prospects.
ETPL
DSC-018
Entrusting Private Computation and Data to Untrusted Networks
Abstract: We present sTile, a technique for distributing trust-needing computation onto insecure
networks, while providing probabilistic guarantees that malicious agents that compromise parts of the
network cannot learn private data. With sTile, we explore the fundamental cost of achieving privacy
through data distribution and bound how much less efficient a privacy-preserving system is than a
nonprivate one. This paper focuses specifically on NP-complete problems and demonstrates how sTile-
based systems can solve important real-world problems, such as protein folding, image recognition, and
resource allocation. We present the algorithms involved in sTile and formally prove that sTile-based
systems preserve privacy. We develop a reference sTile-based implementation and empirically evaluate it
on several physical networks of varying sizes, including the globally distributed PlanetLab testbed. Our
analysis demonstrates sTile's scalability and ability to handle varying network delay, as well as verifies
that problems requiring privacy-preservation can be solved using sTile orders of magnitude faster than
using today's state-of-the-art alternatives.
ETPL
DSC-019
Toward Secure Multikeyword Top-k Retrieval over Encrypted Cloud Data
Abstract: Cloud computing has emerging as a promising pattern for data outsourcing and high-quality
data services. However, concerns of sensitive information on cloud potentially causes privacy problems.
Data encryption protects data security to some extent, but at the cost of compromised efficiency.
Searchable symmetric encryption (SSE) allows retrieval of encrypted data over cloud. In this paper, we
focus on addressing data privacy issues using SSE. For the first time, we formulate the privacy issue from
the aspect of similarity relevance and scheme robustness. We observe that server-side ranking based on
order-preserving encryption (OPE) inevitably leaks data privacy. To eliminate the leakage, we propose a
two-round searchable encryption (TRSE) scheme that supports top-$(k)$ multikeyword retrieval. In
TRSE, we employ a vector space model and homomorphic encryption. The vector space model helps to
provide sufficient search accuracy, and the homomorphic encryption enables users to involve in the
ranking while the majority of computing work is done on the server side by operations only on ciphertext.
As a result, information leakage can be eliminated and data security is ensured. Thorough security and
performance analysis show that the proposed scheme guarantees high security and practical efficiency.

ETPL
DSC-020
Formal Analysis of Secure Neighbor Discovery in Wireless Networks
Abstract: We develop a formal framework for the analysis of security protocols in wireless networks. The
framework captures characteristics necessary to reason about neighbor discovery protocols, such as the
neighbor relation, device location, and message propagation time. We use this framework to establish
general results about the possibility of neighbor discovery. In particular, we show that time-based
protocols cannot in general provide secure neighbor discovery. Given this insight, we also use the
framework to prove the security of four concrete neighbor discovery protocols, including two novel time-
and-location based protocols. We mechanize the model and some proofs in the theorem prover Isabelle.
ETPL
DSC-021
Authorization Control for a Semantic Data Repository Through an Inference Policy
Engine
Abstract: Semantic models help in achieving semantic interoperability among sources of data and
applications. The necessity to efficiently manage these types of objects has increased the number of
specialized repositories, usually referred to as semantic databases. Due to the various sensitivities of data,
suitable access control mechanisms pertaining to the semantic repository should be put in place in order to
ensure that only authorized users can obtain access to the information in its entirety. In fact, deciding
what can be made available to the user without revealing confidential information is made even more
difficult because the user may be able to apply logic and reasoning to infer confidential information from
the knowledge being provided. In this paper, we design an authorization security model enforced on a
semantic model's entities and also propagate on their individuals in the OWL database through an
inference policy engine. We provide TBox access control for the construction of a TBox family and
propagate this based on the construction of concept taxonomies. We also provide ABox Label-Based
Access Control for facts in the domain knowledge and report experiments in order to evaluate the effects
of access control on reasoning and modularization.
ETPL
DSC-022
A Cloud-Oriented Content Delivery Network Paradigm: Modeling and Assessment
Abstract: Cloud-oriented Content Delivery Networks (CCDNs) constitute a promising alternative to
traditional CDNs. Exploiting the advantages and principles of the cloud, such as the pay as you go
business model and geographical dispersion of resources, CCDN can provide a viable and cost effective
solution for realizing content delivery networks and services. In this paper a hierarchical framework is
proposed and evaluated towards an efficient and scalable solution of content distribution over a multi-
provider networked cloud environment, where inter and intra cloud communication resources are
simultaneously considered along with traditional cloud computing resources. To efficiently deal with the
CCDN deployment problem in this emerging and challenging computing paradigm, the problem is
decomposed to graph partitioning and replica placement problems while appropriate cost models are
introduced/adapted. Novel approaches on the replica placement problem within the cloud are proposed
while the limitations of the physical substrate are taken into consideration. The performance of the
proposed hierarchical CCDN framework is assessed via modeling and simulation, while appropriate
metrics are defined/adopted associated with and reflecting the interests of the different identified involved
key players.
ETPL
DSC-023
On the Performance of Byzantine Fault-Tolerant MapReduce
Abstract: MapReduce is often used for critical data processing, e.g., in the context of scientific or
financial simulation. However, there is evidence in the literature that there are arbitrary (or Byzantine)
faults that may corrupt the results of MapReduce without being detected. We present a Byzantine fault-
tolerant MapReduce framework that can run in two modes: non-speculative and speculative. We

thoroughly evaluate experimentally the performance of these two versions of the framework, showing that
they use around twice more resources than Hadoop MapReduce, instead of the three times more of
alternative solutions. We believe this cost is acceptable for many critical applications.
ETPL
DSC-024
SafeStack: Automatically Patching Stack-based Buffer Overflow Vulnerabilities
Abstract: Buffer overflow attacks still pose a significant threat to the security and availability of today's
computer systems. Although there are a number of solutions proposed to provide adequate protection
against buffer overflow attacks, most of existing solutions terminate the vulnerable program when the
buffer overflow occurs, effectively rendering the program unavailable. The impact on availability is a
serious problem on service-oriented platforms. This paper presents SafeStack, a system that can
automatically diagnose and patch stack-based buffer overflow vulnerabilities. The key technique of our
solution is to virtualize memory accesses and move the vulnerable buffer into protected memory regions,
which provides a fundamental and effective protection against recurrence of the same attack without
stopping normal system execution. We developed a prototype on a Linux system, and conducted
extensive experiments to evaluate the effectiveness and performance of the system using a range of
applications. Our experimental results showed that SafeStack can quickly generate runtime patches to
successfully handle the attack's recurrence. Furthermore, SafeStack only incurs acceptable overhead for
the patched applications.
ETPL
DSC-025
Secure Two-Party Differentially Private Data Release for Vertically-Partitioned Data
Abstract: Privacy-preserving data publishing addresses the problem of disclosing sensitive data when
mining for useful information. Among the existing privacy models, &#949;-differential privacy
provides one of the strongest privacy guarantees. In this paper, we address the problem of private data
publishing, where different attributes for the same set of individuals are held by two parties. In particular,
we present an algorithm for differentially private data release for vertically-partitioned data between two
parties in the semi-honest adversary model. To achieve this, we first present a two-party protocol for the
exponential mechanism. This protocol can be used as a subprotocol by any other algorithm that requires
the exponential mechanism in a distributed setting. Furthermore, we propose a two-party algorithm that
releases differentially-private data in a secure way according to the definition of secure multiparty
computation. Experimental results on real-life data suggest that the proposed algorithm can effectively
preserve information for a data mining task.
ETPL
DSC-026
Comment on "Remote Physical Device Fingerprinting
Abstract: In this paper we revisited a method to identify computers by their clocks skew computed from
TCP timestamps. We introduced our own tool to compute clock skew of computers in a network. We
validated that the original method is suitable for the computer identification but we also discovered that
Linux hosts running NTP had became immune to the identification.
ETPL
DSC-027
CipherXRay: Exposing Cryptographic Operations and Transient Secrets from
Monitored Binary Execution
Abstract: To enable more effective malware analysis, forensics and reverse engineering, we have
developed CipherXRay - a novel binary analysis framework that can automatically identify and recover
the cryptographic operations and transient secrets from the execution of potentially obfuscated binary
executables. Based on the avalanche effect of cryptographic functions, CipherXRay is able to accurately
pinpoint the boundary of cryptographic operation and recover truly transient cryptographic secrets that
only exist in memory for one instant in between multiple nested cryptographic operations. CipherXRay
can further identify certain operation modes (e.g., ECB, CBC, CFB) of the identified block cipher and tell

whether the identified block cipher operation is encryption or decryption in certain cases. We have
empirically validated CipherXRay with OpenSSL, popular password safe KeePassX, the ciphers used by
malware Stuxnet, Kraken and Agobot, and a number of third party softwares with built-in compression
and checksum. CipherXRay is able to identify various cryptographic operations and recover
cryptographic secrets that exist in memory for only a few microseconds. Our results demonstrate that
current software implementations of cryptographic algorithms hardly achieve any secrecy if their
execution can be monitored.
ETPL
DSC-028
Secure Encounter-Based Mobile Social Networks: Requirements, Designs, and
Tradeoffs
Abstract: Encounter-based social networks link users who share a location at the same time, as opposed to
traditional social network paradigms of linking users who have an offline friendship. This approach
presents fundamentally different challenges from those tackled by previous designs. In this paper, we
explore functional and security requirements for these new systems, such as availability, security, and
privacy, and present several design options for building secure encounter-based social networks. We
examine one recently proposed encounter-based social network design and compare it to a set of idealized
security and functionality requirements. We show that it is vulnerable to several attacks, including
impersonation, collusion, and privacy breaching, even though it was designed specifically for security.
Mindful of the possible pitfalls, we construct a flexible framework for secure encounter-based social
networks, which can be used to construct networks that offer different security, privacy, and availability
guarantees. We describe two example constructions derived from this framework, and consider each in
terms of the ideal requirements. Some of our new designs fulfill more requirements in terms of system
security, reliability, and privacy than previous work. We also evaluate real-world performance of one of
our designs by implementing a proof-of-concept iPhone application called MeetUp. Experiments
highlight the potential of our system.
ETPL
DSC-029
Orchestrating an Ensemble of MapReduce Jobs for Minimizing Their Makespan
Abstract: A key challenge in MapReduce environments is to increase the utilization of MapReduce
clusters to minimize their cost. For a set of production jobs that are executed periodically on new data, we
can perform an off-line analysis for evaluating performance benefits of different optimization techniques.
In this work, we consider a subset of production workloads that consists of MapReduce jobs with no
dependencies. We observe that the order in which these jobs are executed can have a significant impact
on their overall completion time and the cluster resource utilization. We evaluate the performance
benefits of the constructed schedule through an extensive set of simulations over a variety of realistic
workloads. The results are workload and cluster-size dependent, but it is typical to achieve up to 10%-
25% of makespan improvements by simply processing the jobs in the right order. However, in some
cases, the simplified abstraction assumed by Johnson's algorithm may lead to a suboptimal job schedule.
We design a novel heuristic, called BalancedPools, that significantly improves Johnson's schedule results
(up to 15%-38%), exactly in the situations when it produces suboptimal makespan. Overall, we observe
up to 50% in the makespan improvements with the new BalancedPools algorithm.
ETPL
DSC-030
BtrPlace: A Flexible Consolidation Manager for Highly Available Applications
Abstract: The massive amount of resources found in datacenters makes it possible to provide high
availability to multi-tier applications. Virtualizing these applications makes it possible to consolidate
them on servers, reducing runtime costs. Nevertheless, replicated VMs have to be carefully placed within
the datacenter to provide high availability and good performance. This requires resolving potentially
conflicting application and datacenter requirements, while scaling up to the size of modern datacenters.

We present Btrplace, a flexible consolidation manager that is customized through configuration scripts
written by the application and datacenter administrators. BtrPlace relies on constraint programming and
an extensible library of placement constraints. The present library of 14 constraints subsumes and extends
the capabilities of existing commercial consolidation managers. Scalability is achieved by splitting the
datacenter into partitions and computing placements in parallel. Overall, Btrplace repairs a non-viable
placement after a major load increase or a maintenance operation for a 5,000 server datacenter hosting
30,000 VMs and involving thousands of constraints in 3 minutes. Using partitions of 2,500 servers,
placement computing is reduced to under 30 seconds.
ETPL
DSC-031
A Hierarchical Approach for the Resource Management of Very Large Cloud
Platforms
Abstract: Worldwide interest in the delivery of computing and storage capacity as a service continues to
grow at a rapid pace. The complexities of such cloud computing centers require advanced resource
management solutions that are capable of dynamically adapting the cloud platform while providing
continuous service and performance guarantees. The goal of this paper is to devise resource allocation
policies for virtualized cloud environments that satisfy performance and availability guarantees and
minimize energy costs in very large cloud service centers. We present a scalable distributed hierarchical
framework based on a mixed-integer non-linear optimization for resource management acting at multiple
time-scales. Extensive experiments across a wide variety of configurations demonstrate the efficiency and
effectiveness of our approach.
ETPL
DSC-032
Robustness Analysis of Embedded Control Systems with respect to Signal
Perturbations: Finding Minimal Counterexamples using Fault Injection
Abstract: Fault-Tolerance of embedded control systems is of great importance, given their wide usage in
various domains such as aeronautics, automotive, medical, etc. Signal perturbations such as small
amounts of noise, shift, and spikes, can sometimes severely hamper the performance of the system, apart
from complete failure of components and links. Finding minimal counterexamples (perturbations on the
system leading to violation of fault-tolerance requirements) can be of great assistance to control system
designers in understanding and adjusting the fault-tolerance behaviour of the system. Fault injection is an
effective method for dependability analysis of such systems. In this paper, we introduce the concept of
dominating sets of perturbations, and define a minimal set of counterexamples called the basis. We
propose effective methods using a simulation-based fault injection technique on Simulink models for
finding the basis set at an early stage of design, given the fault specification and fault-tolerance
requirements. Experimental results on two different control system examples from the Simulink
automotive library demonstrate the efficacy of the proposed framework.
ETPL
DSC-033
k-Zero Day Safety: A Network Security Metric for Measuring the Risk of Unknown
Vulnerabilities
Abstract: By enabling a direct comparison of different security solutions with respect to their relative
effectiveness, a network security metric may provide quantifiable evidences to assist security practitioners
in securing computer networks. However, research on security metrics has been hindered by difficulties in
handling zero day attacks exploiting unknown vulnerabilities. In fact, the security risk of unknown
vulnerabilities has been considered as something unmeasurable due to the less predictable nature of
software flaws. This causes a major difficulty to security metrics, because a more secure configuration
would be of little value if it were equally susceptible to zero day attacks. In this paper, we propose a novel
security metric, emph{$k$-zero day safety}, to address this issue. Instead of attempting to rank unknown
vulnerabilities, our metric counts how many such vulnerabilities would be required for compromising
network assets; a larger count implies more security since the likelihood of having more unknown

vulnerabilities available, applicable, and exploitable all at the same time will be significantly lower. We
formally define the metric, analyze the complexity of computing the metric, devise heuristic algorithms
for intractable cases, and finally demonstrate through case studies that applying the metric to existing
network security practices may generate actionable knowledge.
ETPL
DSC-034
Discovery and Resolution of Anomalies in Web Access Control Policies
Abstract: Emerging computing technologies such as Web services, service-oriented architecture, and
cloud computing has enabled us to perform business services more efficiently and effectively. However,
we still suffer from unintended security leakages by unauthorized actions in business services while
providing more convenient services to Internet users through such a cutting-edge technological growth.
Furthermore, designing and managing Web access control policies are often error-prone due to the lack of
effective analysis mechanisms and tools. In this paper, we represent an innovative policy anomaly
analysis approach for Web access control policies, focusing on XACML (eXtensible Access Control
Markup Language) policy. We introduce a policy-based segmentation technique to accurately identify
policy anomalies and derive effective anomaly resolutions, along with an intuitive visualization
representation of analysis results. We also discuss a proof-of-concept implementation of our method
called XAnalyzer and demonstrate how our approach can efficiently discover and resolve policy
anomalies.
ETPL
DSC-035
A Large-Scale Study of the Time Required to Compromise a Computer System
Abstract: A frequent assumption in the domain of cyber security is that cyber intrusions follow the
properties of a Poisson process, i.e., that the number of intrusions are well modeled by a Poisson
distribution and that the time between intrusions is exponentially distributed. This paper studies this
property by analyzing all cyber intrusions that have been detected across more than 260,000 computer
systems over a period of almost three years. The results show that the assumption of a Poisson process
model might be unoptimal -- the log-normal distribution is a significantly better fit in terms of modeling
both the number of detected intrusions and the time between intrusions, and the Pareto distribution is a
significantly better fit in terms of modeling the time to first intrusion. The paper also analyzes whether
time to compromise increase for each successful intrusion of a computer system. The results regarding
this property suggest that time to compromise decrease along the number of intrusions of a system.

Final Year IEEE Project 2013-2014 - Dependable and Secure Computing Project Title and Abstract

Recommended

Recommended

More Related Content

Recently uploaded

Recently uploaded (20)

Featured

Featured (20)

Final Year IEEE Project 2013-2014 - Dependable and Secure Computing Project Title and Abstract