The U.S. Army Combat Developments Experimentation Center (USACDEC) Directorate of Information Management (DIM), Fort Ord, is currently involved with several network implementations, all at various stages of development, and wants adequate network security at an affordable price. During early stages of development they found almost no existing local area network (LAN) security guidance. This thesis does not look for a set or perfect LAN guidance solution, but develops a background for security...
Topics: Command, Computer network security, Local area network security, Army computer network security...
The work funded by the grant is structured in three parts: We analyzed the vulnerability of the current generation anonymity tools to traffic analysis attacks. We specifically concentrate on SSH security and The Onion Router (Tor) anonymity tools. Our analysis used deterministic hidden Markov models (HMMs). We used traffic timing data to analyze one of the most sophisticated and popular types of cybercrime tools -- botnet. We presented two botnet detection methods: centralized botnet traffic...
Topics: DTIC Archive, CLEMSON UNIV SC, *COMMUNICATIONS PROTOCOLS, COMPUTER NETWORK SECURITY
The DNSSEC Deployment Initiative was a 10-year effort to promote adoption of the DNS Security Extensions (DNSSEC), a method of cryptography securing domain name system (DNS) lookups. This report describes the latter five years of the initiative's work, which involved coordinating the activities of many private and public sector organizations to solve protocol, technical and deployment challenges related to DNSSEC. The initiative's work contributed to several major successes, including the...
Topics: DTIC Archive, SHINKURO INC BETHESDA MD, *INTERNET, COMPUTER NETWORK SECURITY, CRYPTOGRAPHY
Due to the rapid emergence of Information Technology, cloud computing provides assorted advantages to service providers, developers, organizations, and customers with respect to scalability, flexibility, cost-effectiveness, and availability. However, it also introduces new challenges and concerns, especially in terms of security and privacy. One of the major security obstacles to widespread adoption of cloud computing is the lack of near-real-time auditability. In particular, near-real-time...
Topics: DTIC Archive, SYRACUSE UNIV NY, *CLOUD COMPUTING, AUDITING, COMPUTER NETWORK SECURITY
Service oriented architectures (SOA) present security challenges not present in the single-hop client-server architectures due to the involvement in multiple parties (transparent to the client) in a service request. Considering the additional security threats on SOAs, the interactions of independent trust domains require the establishment of trust across all involved partners as a prerequisite to ensure secure interactions. This project provides a solution for integration of scalable security...
Topics: DTIC Archive, PURDUE UNIV LAFAYETTE IN, *COMPUTER NETWORK SECURITY, INTEGRATION, THREATS
In this paper, we describe a Guilt-by-Association approach to determining botnet footprint starting from a subset of known domains belonging to a specific botnet, and demonstrate our approach using recent botnets. Our empirical results leverage the botnet database that we have collected over a period of 12 months with our real-time fast flux network detection algorithm [1]. Botnets exploit a network of compromised machines (zombies) for illegal activities such as Distributed Denial of Service...
Topics: DTIC Archive, MILCORD LLC WALTHAM MA, *COMPUTER NETWORK SECURITY, NETWORK ANALYSIS(MANAGEMENT)
While IPv6 is finally experiencing non-trivial deployment, IPv4 and IPv6 are expected to co-exist for the foreseeable future, implying dual-stacked devices, and protocol inter-dependence. We develop and deploy a system for characterizing the association between IPv4 and IPv6 addresses ( siblings ) within network server infrastructure, with specific focus on Internet DNS and web servers. We develop two novel techniques for finding DNS resolver sibling groups, one passive and one active. For 674k...
Topics: DTIC Archive, NAVAL POSTGRADUATE SCHOOL MONTEREY CA, *INTERNET, COMPUTER NETWORK SECURITY,...
Auditing system logs is an important means of ensuring systems' security in situations where run-time security mechanisms are not sufficient to completely prevent potentially malicious activities. A fundamental requirement for reliable auditing is the integrity of the log entries. This paper presents an infrastructure for secure logging that is capable of detecting the tampering of logs by powerful adversaries residing on the device where logs are generated. We rely on novel features of trusted...
Topics: DTIC Archive, CARNEGIE-MELLON UNIV PITTSBURGH PA CYLAB, *COMPUTER NETWORK SECURITY, PROTOTYPES
In the cyber world, there has been shift in mindset from trying to prevent attacks from occurring and succeeding to developing tools and techniques that can make systems resilient in the face of incidents. Unfortunately, progress in this area has been hampered by the fact that we lack concrete methods that allow us to evaluate when, and by how much, modifications to a system contribute to making it more resilient. Part of the problem is that the term resilience itself lacks a clear definition...
Topics: DTIC Archive, MITRE CORP MCLEAN VA, *RESILIENCE, COMPUTER NETWORK SECURITY, METRICS, RISK
Each web service and each infrastructure service has a need for symmetric and asymmetric encryption, as well as signature processing and other cryptographic processes. This profile does not include electrical requirements for Multi-Level Systems (MLS). A number of specialized cryptographic functions have been developed for hardware and network operations. Their use is appropriate for network level operations. For purposes of this paper, the discussion is limited to NSA Type 3 for IP enabled...
Topics: DTIC Archive, INSTITUTE FOR DEFENSE ANALYSES ALEXANDRIA VA, *CRYPTOGRAPHY, COMPUTER NETWORK...
In todays increasingly interconnected world, the information security community must be prepared to address emerging vulnerabilities that may arise from new technology domains. Understanding trends and emerging technologies can help information security professionals, leaders of organizations, and others interested in information security to anticipate and prepare for such vulnerabilities. This report, originally prepared in 2015 for the Department of Homeland Security United States Computer...
Topics: DTIC Archive, King,Christopher, CARNEGIE-MELLON UNIV PITTSBURGH PA PITTSBURGH United States,...
Network routing algorithms responsible for selecting paths to destinations have a profound impact on network reliability experienced by the network users. Unfortunately, performance of state-of-the-art routing algorithms often falls short of users' expectations. (i) The flexibility with which operators of independently administered networks can choose their routing policies allows them to make selections that are conflicting and may lead to route oscillations. Oscillating routes have a negative...
Topics: DTIC Archive, PRINCETON UNIV NJ, *INTERNET, *ROUTING, COMPUTER NETWORK SECURITY, POLICIES,...
Malicious insider activities on military networks can pose a threat to military operations. Early identification of malicious insiders assists in preventing significant damage and reduces the overall insider threat to military networks. Security Information and Event Management (SIEM) tools can be used to identify potential malicious insider activities. SIEM tools provide the ability to normalize and correlate log data from multiple sources on networks. Personnel background investigations and...
Topics: DTIC Archive, NAVAL POSTGRADUATE SCHOOL MONTEREY CA, *COMPUTER NETWORK SECURITY, DETECTION,...
We argue that end-to-end authentication and privacy in loosely-coupled distributed systems are not only achievable by mechanisms at the host-to-host (i.e., subtransport) level under generally satisfiable conditions, but that this solution can be more advantageous than those based on security mechanisms at higher levels of the protocol hierarchy in terms of both functionality and performance. We introduce a model of communication security and a subtransport-level protocol called ADP (the...
Topics: DTIC Archive, CALIFORNIA UNIV BERKELEY COMPUTER SCIENCE DIV, *COMMUNICATIONS PROTOCOLS, *COMPUTER...
Topics: DTIC Archive, PENNSYLVANIA UNIV PHILADELPHIA DEPT OF COMPUTER AND INFORMATION SCIENCE, *COMPUTER...
The classic response to attack in computer networks has been to disconnect the effected system from the network, preserve the information on the system, and begin a forensic investigation. It can be argued that this type of response is not appropriate in many situations. Breaking contact often leaves the defender not knowing who the attacker is, what the current mission of the attacker was, what the capability of the attacker is, where else the attacker has been successful in infiltrating...
Topics: DTIC Archive, ROYAL MILITARY COLL OF CANADA KINGSTON (ONTARIO), *COMPUTER NETWORK SECURITY,...
As newer software construction paradigms like service-oriented architecture (SOA) are adopted into systems of critical importance, it becomes imperative that technology and design artifacts exist that can be utilized to raise the resiliency and protection of such systems to a level where they can withstand sustained attacks from well-motivated adversaries. In this paper we describe a sampling of innovative services and mechanisms that are designed for the protection of systems that are based on...
Topics: DTIC Archive, RAYTHEON BBN TECHNOLOGIES CAMBRIDGE MA, *COMPUTER NETWORK SECURITY, SOFTWARE...
6
6.0
web
eye 6
favorite 0
comment 0
CIS223 Computer Network Security, Ethics, Netiquette, and Privacy dumped with WikiTeam tools.
Topics: wiki, wikiteam, wikispaces, CIS223 Computer Network Security, Ethics, Netiquette, and Privacy,...
Over the five years of the project Formally Generating Adaptive Security Protocols, new formal tools based on original theoretical results of the research team allowed them to formally specify requirements for distributed protocols in a formal logic of system events. The project developed a constructive protocol description language and tools to automatically synthesize executable code from such descriptions and prove that the synthesized code satisfied formal requirements. These new automated...
Topics: DTIC Archive, CORNELL UNIV ITHACA NY, *COMPUTER NETWORK SECURITY, ATTACK, DISTRIBUTED COMPUTING,...
Cloud computing has become increasingly popular because it offers users the illusion of having infinite computing resources, of which they can use as much as they need without having to worry about how those resources are provided. It also provides greater scalability, availability, and reliability than users could achieve with their own resources. Unfortunately, adopting cloud computing has required users to cede control of their data to cloud providers, and a malicious provider could...
Topics: DTIC Archive, PRINCETON UNIV NJ, *CLOUD COMPUTING, COMPUTER NETWORK SECURITY, CRYPTOGRAPHY,...
In current practice military communication infrastructures are deployed as stand-alone networked information systems. Network-Enabled Capabilities (NEC) and combined military operations lead to new requirements which current communication architectures cannot deliver. This paper informs IT architects, information architects and security specialists about the separation of network and information security, the consequences of this shift and our view on future communication infrastructures in...
Topics: DTIC Archive, TNO INFORMATION AND COMMUNICATION TECHNOLOGY DELFT (NETHERLANDS), *COMPUTER NETWORK...
The research project was conducted from June 2014 to June 2015 by the malicious software (malware) research team in Keio University. The out come of the research includes development of a new method for identification of malware, a new method to monitor behavior of malware binary program and platform to analyze malware using both static analysis approach and dynamic analysis approach. The goal of the project was to develop automated system to analyze malware with minimum human interaction. The...
Topics: DTIC Archive, KEIO UNIV FUJISAWA (JAPAN), *COMPUTER NETWORK SECURITY, *MONITORING, ALGORITHMS,...
Fragments of first-order temporal logic are useful for representing many practical privacy and security policies. Past work has proposed two strategies for checking event trace (audit log) compliance with policies: online monitoring and offline audit. Although online monitoring is space- and time efficient, existing techniques insist that satisfying instances of all subformulas of the policy be amenable to caching, which limits expressiveness when some subformulas have infinite support. In...
Topics: DTIC Archive, CARNEGIE-MELLON UNIV PITTSBURGH PA CYLAB, *COMPUTER NETWORK SECURITY, INFORMATION...
The lessons learned in cyberspace operations continue to shape cybersecurity education. When a computer is connected to any network, it is immediately vulnerable to both direct and automated attacks. The number of threats in cyberspace are beyond those experienced in the physical world. After analyzing the history and shape of evolving cyberthreats, several key concepts emerge. In keeping with the theme of Lessons Learned from Research and Operations, the authors discuss their lessons learned...
Topics: DTIC Archive, ANRC LLC SAN ANTONIO TX, *COMPUTER NETWORK SECURITY, AWARENESS, LESSONS LEARNED,...
Topics: DTIC Archive, CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST, *COMPUTER NETWORK...
It has been an continuous phenomenon that more and more information is transmitted and accessible via computer data networks. Therefore data networks become a critical spot with lots of risks and threats related to it. One example can be a temporary dysfunction of network caused by an intended attack (such as DDoS attack). Attacks may lead to server failures which can mean simple inability to provide required services but also they can paralyse systems on national level (what recently happened...
Topics: DTIC Archive, MASARYK UNIV BRNO (CZECHOSLOVAKIA), *COMPUTER NETWORK SECURITY, INTRUSION...
Cryptographic protocols are today used within large-scale distributed systems executed in complex network environments. This novel usage brings forth new types of concurrent attacks where an adversary performs a coordinated attack on multiple instances of protocols. Our proposed research focuses on overcoming the challenges associated with preventing concurrent attacks and proceeds in two parallel threads. The first thread of research focuses on minimizing trusted set-up assumptions required...
Topics: DTIC Archive, CORNELL UNIV ITHACA NY DEPT OF COMPUTER SCIENCE, *COMPUTER NETWORK SECURITY,...
As computation spreads from computers to networks of computers, and migrates into cyberspace it ceases to be globally programmable, but it remains programmable indirectly and partially: network computations cannot be controlled, but they can be steered by imposing local constraints on network nodes. The tasks of programming global behaviors through local constraints belong to the area of security. The program particles that assure that a system of local interactions leads towards some desired...
Topics: DTIC Archive, NAVAL RESEARCH LAB WASHINGTON DC, *CRYPTOGRAPHY, COMPUTER LOGIC, COMPUTER NETWORK...
Topics: DTIC Archive, MITRE CORP BEDFORD MA, *CLOUD COMPUTING, *COMPUTER NETWORK SECURITY, GUIDANCE, RISK...
The goal of this project was to develop and demonstrate capabilities for modeling and exploiting the coevolution of offensive and defensive cyber behavior. We are calling such capabilities Cyber Adversary Dynamics. Using recent advances in behavioral game theory and a systematic treatment of open source data, this project created a scientific foundation for modeling cyber activity within adversarial situations. Initial research in this field has produced proof-of-concept approaches for and...
Topics: DTIC Archive, DARTMOUTH COLL HANOVER NH THAYER SCHOOL OF ENGINEERING, *COMPUTER NETWORK SECURITY,...
Wireless sensor networks provide a low-signature communications system that can be used for a wide variety of military applications. These networks are vulnerable to intrusion, however, and must balance security with performance and longevity. The neighbor discovery process is vital for nodes to maintain network connectivity but introduces security vulnerabilities; therefore, a lightweight security protocol is necessary to prevent unauthorized nodes from accessing network data and resources. In...
Topics: DTIC Archive, Chew,Kelvin T, WIRELESS SENSOR NETWORKS, cryptography, SIMULATION, Marine Corps,...
Adversaries that conduct cyber crime continue to enjoy a significant head start on analysts who are tasked with discovering important information which can deter and ultimately defeat their attacks. A major reason for this problem is the slow process of the current analysis methodology. In this paper we present a new method of incident analysis which is artefact driven and not process driven. In our method, key aspects of the incident are revealed dynamically through the tracking of the...
Topics: DTIC Archive, NAVAL RESEARCH LAB WASHINGTON DC, *COMPUTER NETWORK SECURITY, COMPUTER VIRUSES,...
At FloCon 2005, conference participants gathered to discuss flow and network security analysis and ways to improve these technologies. These proceedings are comprised of a collection of papers and briefing charts without a table of contents. Content titles include: ** NVisionIP: An Animated State Analysis Tool for Visualizing NetFlows by Ratna Bearavolu, Kiran Lakkaraju and William Yurcik; ** NERD: Network Emergency Responder & Detector (briefing charts) by W. Biemolt; ** IP Flow...
Topics: DTIC Archive, CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST, *COMPUTER NETWORK...
Topics: DTIC Archive, CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST, *COMPUTER NETWORK...
We examine the cost for an attacker to pay users to execute arbitrary code-potentially malware. We asked users at home to download and run an executable we wrote without being told what it did and without any way of knowing it was harmless. Each week, we increased the payment amount. Our goal was to examine whether users would ignore common security advice-not to run untrusted executables-if there was a direct incentive, and how much this incentive would need to be. We observed that for...
Topics: DTIC Archive, CARNEGIE-MELLON UNIV PITTSBURGH PA CYLAB, *INTERNET, *BEHAVIOR, COMPUTER NETWORK...
Authentication is the process of determining whether someone or something is, in fact, who or what they are declared to be. The authentication process uses credentials (claims) containing authentication information within one of many possible authentication protocols to establish the identities of the parties that wish to collaborate. Claims are representations that are provided by a trusted entity and can be verified and validated. Of the many authentication protocols, including...
Topics: DTIC Archive, INSTITUTE FOR DEFENSE ANALYSES ALEXANDRIA VA, *COMPUTER NETWORK SECURITY,...
Topics: DTIC Archive, PENNSYLVANIA UNIV PHILADELPHIA DEPT OF COMPUTER AND INFORMATION SCIENCE,...
This document provides a definition of the term open security, along with some background, clarifications, and discussion. Open security is the application of open source software (OSS) approaches to help solve cyber security problems. OSS approaches collaboratively develop and maintain intellectual works (including software and documentation) by enabling users to use them for any purpose, as well as study, create, change, and redistribute them (in whole or in part). Cyber security problems are...
Topics: DTIC Archive, INSTITUTE FOR DEFENSE ANALYSES ALEXANDRIA VA, *INFORMATION ASSURANCE, COMPUTER...
Topics: DTIC Archive, PENNSYLVANIA UNIV PHILADELPHIA DEPT OF COMPUTER AND INFORMATION SCIENCE, *COMPUTER...
Topics: DTIC Archive, PENNSYLVANIA UNIV PHILADELPHIA DEPT OF COMPUTER AND INFORMATION SCIENCE, *COMPUTER...
Topics: DTIC Archive, CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST, *COMPUTER NETWORK...
Topics: DTIC Archive, CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST, *COMPUTER NETWORK...
Botnets are considered to be among the biggest current threats to global IT infrastructure. Botnets are rapidly evolving and forecasting their survivability and propagation strategies is important for development of countermeasure techniques. Existing malware propagation models mainly concentrate on malware epidemic consequences modeling, i.e. forecasting the number of infected computers, simulating malware behavior or economic propagation aspects and are based only on current malware...
Topics: DTIC Archive, VILNIUS GEDIMINAS TECHNICAL UNIV (LITHUANIA), *COMPUTER VIRUSES, *FORECASTING,...
The recent increase in cyber attacks against United States critical assets has greatly expanded the need for effective cyber defenses. Human cyber analysts are an essential element in these efforts. Information overload and a concomitant lack of comprehensive cyber situation awareness are common problems that hamper the effectiveness of analysis. Systems that can carry out human-in-the-loop simulation of the cyber analysis task will lead to new capabilities in assessing the effectiveness of...
Topics: DTIC Archive, SANDIA RESEARCH CORPORATION MESA AZ, *COMPUTER NETWORK SECURITY, ANALYSTS, COMPUTER...
This study investigates the suitability of the cloud computing approach for addressing the DoD enterprise and operational computing needs. Over the past few years, DoD has transitioned some of its computing needs to cloud computing data centers. The main factors driving this transition include enhanced mission capabilities, potential reduction in data center costs, and potential improvement in cyber security. This study has investigated these factors in detail and has analyzed the...
Topics: DTIC Archive, DEFENSE SCIENCE BOARD WASHINGTON DC, *CLOUD COMPUTING, COMPUTER NETWORK SECURITY,...
Topics: DTIC Archive, CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST, *COMPUTER NETWORK...
Project Description: Create an approach to graph the topological structure of a domain name based malware distribution network (MDN) by leveraging search engine data that facilitates the identification and attribution of persistent sub-networks and highly trafficked individual domains
Topics: DTIC Archive, CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST, *COMPUTER NETWORK...
This paper presents a preliminary design for a moving-target defense \201MTD\202 for computer networks to combat an attacker?s asymmetric advantage. The MTD system reasons over a set of abstract models that capture the network?s configuration and its operational and security goals to select adaptations that maintain the operational integrity of the network. The paper examines both a simple \201purely random\202 MTD system as well as an intelligent MTD system that uses attack indicators to...
Topics: DTIC Archive, KANSAS STATE UNIV MANHATTAN, *COMPUTER NETWORK SECURITY, *MOVING TARGETS, ATTACK,...
Recent advances in the construction and analysis of attack graphs have provided new tools to network defenders. Even so, improving the security of networks remains an incredibly complex task. With increasing numbers of vulnerabilities, maturing attacker tools, and organizations becoming ever more reliant on computer network infrastructure, automation and recommendation tools are essential. Much course of action recommendation research to date has worked with the assumption that perfect network...
Topics: DTIC Archive, DEFENCE RESEARCH AND DEVELOPMENT CANADA OTTAWA (ONTARIO), *COMPUTER NETWORK SECURITY,...
When our cyber defenses' ability to prevent, avoid, and detect an attack are outmaneuvered and our information systems face impending loss of critical services, a fight-through capability must remain; otherwise restoration of those services may come too late for us to emerge undefeated. The task of protecting the protector drives us to create a fight-through capability that is hardened and heavily defended in cyberspace; however, these attributes alone are a Maginot Line that begs the question...
Topics: DTIC Archive, AIR FORCE RESEARCH LAB ROME NY INFORMATION DIRECTORATE, *COMPUTER NETWORK SECURITY,...
