CS 6910: Advanced Computer and Information
Security (ACIS) — Fall 2006
Slides and Announcements
Department of
Computer Science
© 2006 by
Leszek T. Lilien
Class Web Pages
Lecture slides and announcements (this page): slides+announcements.html
Slides
and Announcements
Section
1: Trust and Security
Part 1a:
Introduction to Trust in Computing (PPT)
Part
1b: TrustBus ’06 Panel Discussion: Is Security Without Trust Feasible? (PPT)
Required
reading:
T.
Grandison and M. Sloman, “A Survey of Trust in Internet Applications,” IEEE Communications Surveys (The Electronic Magazine of Original
Peer-Reviewed Survey Articles, http://www.comsoc.org/pubs/surveys),
Fourth Quarter 2000. Available at: http://www.comsoc.org/livepubs/surveys/public/2000/dec/pdf/grandison.pdf
A. Jøsang, R. Ismail and C. Boyd, “A Survey of Trust and Reputation Systems for Online Service Provision,” Decision Support Systems, 2006, to
appear. Available at: sky.fit.qut.edu.au/~josang/papers/JIB2006-DSS.pdf
(nicer version) or at: http://www.doc.ic.ac.uk/~mss/Papers/Trust_Survey.pdf
Recommended
reading:
J. Viega, T. Kohno, and Bruce Potter, “Trust (and Mistrust) in
Secure Applications,” Communications of
the ACM, Vol. 44 (2), February 2001. Available at:
T.W.A.
Grandison, Chapters 1 and 2 from: “Trust Management for Internet Applications,” Ph.D. Dissertation, Department
of Computing, Imperial College of Science, Technology and Medicine, University of London, London, U.K.,
July 2003. Available at: http://www.doc.ic.ac.uk/~mss/Papers/Grandison-phd.pdf
Homework 1 and Homework for All Lectures
Study
lecture notes
Presented by the instructor or fellow students
Questions about a lecture? Ask the
presenter
Ask right away or during the next lecture
Study
required papers
Reading recommended and optional papers (in this order of preference) is
up to you
Quizzes
will test your understanding of the material.
Section
2: Opportunistic Networks and Their
Security and Privacy Problems:
Part 2a:
Opportunistic Networks: Specialized Ad Hoc Networks for Emergency Response
Applications (PPT)
Part 2b: Opportunistic
Networks: The Concept and Research Challenges in Privacy and Security (PPT)
Required
reading:
L. Lilien,
Z.H. Kamal, V. Bhuse and A. Gupta, "Opportunistic Networks:
The Concept and Research Challenges in Privacy and Security," Proc.
International Workshop on Research Challenges in Security and Privacy for
Mobile and Wireless Networks (WSPWN 2006), Miami, Florida, March
15-16, 2006. Available at: http://www.cs.wmich.edu/wsn/Lilien+Kamal+Bhuse+Gupta---Opppnets-Challenges_in_Priv_Sec.pdf
Recommended
reading:
L. Lilien,
Z. H. Kamal and A. Gupta, "Opportunistic Networks: Research
Challenges in Specializing the P2P Paradigm," Proc. 3rd International
Workshop on P2P Data Management, Security and Trust (PDMST'06),
Homework 2:
Identify 2-3
security or privacy issues for oppnets that are most interesting to you
Most probably, they will be the topic of your research project
People with similar interests will be grouped into project teams
You might form groups yourselves if you and others select the same
2-3 issues
No problem with redundancies among groups
Even 2 or more groups can work on the same research problem –
pursuing different approaches and producing separate reports
Due: On the
first Tuesday (9/19) following the
class period when Section 2 was finished (9/14) - you have 5 days to complete
it. [The “Due” text CORRECTED (from Monday to Tuesday) and UPDATED]
Please note that Part 1b (TrustBus ’06
Panel Discussion: Is Security Without Trust Feasible?) has
been added to Section 1 above (as presented on 9/14/06).
Section
3: Introduction to Privacy:
Part 3a:
Introduction to Privacy in Computing (incl. Technical and Legal Privacy
Controls) (PPT)
Part 3b:
Privacy-Enhancing Technologies (PETs), courtesy of Prof. Simone Fischer-Hübner,
Required
reading:
D. Chaum, "Achieving Electronic Privacy", Scientific American, August 1992, pp.76-81. Available at: http://www.chaum.com/articles/Achieving_Electronic_Privacy.htm
Recommended
reading:
A. Pfitzmann and M. Hansen, “Anonymity, Unlinkability, Unobservability, Pseudonymity, and Identity Management – A Consolidated Proposal for Terminology,” (Version v0.28 May 29, 2006). Available at: http://dud.inf.tu-dresden.de/literatur/Anon_Terminology_v0.28.pdf (other versions at: http://dud.inf.tu-dresden.de/Anon_Terminology.shtml)
S. Fischer-Hübner,
"IT-Security and Privacy - Design and Use of Privacy-Enhancing Security
Mechanisms", Springer Scientific Publishers, Lecture Notes of
Computer Science, LNCS 1958, May 2001, ISBN 3-540-42142-4 (chapter
4). No online copy found.
Section 4: (presented on Tu, 10/31/06 [1/2 of the
class period] and Th, 11/2/06)
P2D2:
A Mechanism for Privacy-Preserving Data Dissemination (PPT)
Recommended
reading:
L.
Lilien and B. Bhargava, ”A
scheme for privacy-preserving data dissemination,” IEEE Transactions on Systems, Man and
Cybernetics, Part A: Systems and Humans, Vol. 36 (3), May 2006, pp.
503-506. [All normal copyright restrictions apply.]
Section 5: (presented on Th, 11/2/06)
Trust
in P2P Systems (PPT)
Recommended
reading:
Ahmet
B. Can and Bharat Bhargava, “SORT:
A Self-ORganizing Trust Model for Peer-to-peer Systems,” Technical Report
(Draft), Department of Computer Sciences, Purdue University, West Lafayette,
Indiana, November 3, 2006. [Courtesy of
Mr. Can and Prof. Bhargava – All normal copyright restrictions apply.]
Introductions to Term
Projects (15-min. Presentations)
IMPORTANT NOTE:
Presenters
are requested to verify correctness of their slides.
Tu, 9/26/06
Project 7: The Semantic Web [for Agent Trust in
Oppnets] (PDF)
Terry Goodman and Yvette Yoder
Th, 9/28/06
Project 2A: Privacy & Security
Issues in Software Defined Radio [(implementation)] (PDF)
Dheeraj Subbarayappa
Aralumallige and
Project 3: Software agents’ role for privacy and
security in oppnets (PDF)
Nitin
Bhargava, Harish Reddy
Project 5A: Malevolent host masquerading as [legitimate]
oppnet member (PDF)
Vrishal K Dinar,
Akshitha Guduru and Kavita P Tipnis
Project 14A: Classic and Identity-Based Authentication in
Oppnets (PDF)
Paul Miller
Tu, 10/3/06
Project 2B: Privacy & Security Issues in Software
Defined Radio (PDF)
Prashanth
Srinivasaiah, Amit Theetha Arakeswara and Swaroop Markondiah Jayaprakash
Project
5B: Will have to repeat the presentation. They presented a wrong topic
(Malevolent Host Masquerading as Oppnet Member), instead of the correct topic:
Malevolent Helper Masquerading as Helper or Oppnet Member (the incorrect
presentation is not required for the quiz).
Project 6: Intrusion
Detection and Honeypots In Oppnets (PDF)
Sandeep
Mapakshi and Rajasekhar Dondati
Project
10: Helper Privacy and Oppnet Privacy
(PDF)
Venkat Kalvala, Arun Rudra and
Richard Rekala
*** Quiz Announcement ***
Quiz on 10/5 will cover all (correct) project introductions
presented on 9/26, 9/28 and 10/3.
Th, 10/5/06
Project
14B: Authentication of Helper Candidates in Oppnet Environments (PDF)
Durga Koka, Sowmya
Chittineni and Subhashini Pulimamidi
Project
14C: Authentication of oppnet nodes in oppnet environments (PDF)
Anil Kumar Yedugani and Venkata Vamsi
Tu, 10/10/06
Project 5B
(correction): Malevolent Helper Masquerading as Helper or Oppnet Member (PDF)
Harbir
Singh and Nardeep Jawanda
30-min Presentations of
Selected Papers by Individual Students
IMPORTANT NOTES:
If the links
for papers do not work, ask the appropriate presenter for help.
Presenters
are requested to verify correctness of their slides and “their” links to papers
(in particular, they are requested to ensure that provided links lead to the
paper versions used by them for the presentation).
Tu, 10/10/06 - Y. Yoder
Lalana Kagal, Massimo
Paolucci, Naveen Srinivasan, Grit Denker, Tim Finin and Katia Sycara,
“Authorization and Privacy for Semantic Web Services,” AAAI 2004 Spring Symposium on Semantic Web Services,
Presentation
slides (PDF) Questions:
see below
Tu, 10/10/06 - T. Goodman
Stijn Heymans, Davy
Van Nieuwenborgh, and Dirk Vermeir, “Preferential
Reasoning on a Web of Trust,” 4th
International Semantic Web Conference (ISWC 2005),
http://tinfpc2.vub.ac.be/papers/iswc2005.pdf
Presentation
slides (PDF) Questions:
see below
Th, 10/12/06 – P. Miller
Katrin Hoeper and
Guang Gong, “Bootstrapping Security in Mobile Ad Hoc Networks Using
Identity-Based Schemes with Key Revocation,” Technical
Report CACR 2006-04, Centre for
Applied Cryptographic Research (CACR), University of Waterloo, Waterloo,
Ontario, Canada, 2006.
http://www.cacr.math.uwaterloo.ca/techreports/2006/cacr2006-04.pdf
Presentation
slides (PDF) Questions:
see below
Th, 10/12/06 – A. Guduru
Yih-Chun Hu, Adrian Perrig and David B. Johnson, “Packet
Leashes: A Defense against Wormhole Attacks in Wireless Ad Hoc Networks,” Twenty-Second Annual Joint Conf. of the IEEE Computer and Communications
Societies (INFOCOM 2003), March 30 - April 3,
2003.
Presentation
slides (PDF) Questions:
see below
Tu, 10/17/06 – K. Tipnis
Anthony J. Nicholson,
Mark D. Corner, and Brian D. Noble, “Mobile Device Security Using Transient
Authentication,” IEEE Transactions on
http://www.computer.org/portal/cms_docs_transactions/transactions/tmc/featured_article/h1489.pdf
Presentation
slides (PDF) Questions:
see below
Tu, 10/17/06 – V.K. Dinar:
Mike Jochen, Lisa M. Marvel
and Lori L. Pollock, “A Framework for
Tamper Detection Marking of
http://128.4.133.74:8080/dspace/bitstream/123456789/18/1/jochenISSRE03.pdf
Presentation
slides (PDF) Questions:
see below
Th, 10/19/06 – D. Koka
Łukasz Kawulok,
Krzysztof Zieliński and Michał Jaeschke,
“Trusted Group Membership Service for JXTA,”, 4th International Conference on Computational Science (ICCS 2004),
http://www.cs.agh.edu.pl/papers/TR-04-5.pdf
Presentation
slides (PDF) Questions:
see below
Th, 10/19/06 – N. Bhargava
Ting Yu,
Marianne Winslett and Kent E. Seamons, “Supporting Structured
Credentials and Sensitive Policies through Interoperable Strategies for
Automated Trust Negotiation,” ACM Transactions on Information and System Security
(TISSEC), Vol. 6 (1), February 2003.
Presentation
slides (PDF) Questions:
see below
Th, 10/24/06 – XYZ (anonymized per student’s request)
Nikita Borisov, "Active
Certificates: A Framework for Delegation, " M.S. Dissertation,
Presentation
slides (PDF) Questions:
see below
Tu, 10/24/06 – V. Kalvala
Marco Casassa Mont, Keith Harrison and Martin Sadler, “The HP Time Vault Service: Innovating the Way Confidential Information is
Disclosed, at the Right Time,” Technical Report HPL-2002-243,
Trusted E-Services Laboratory, HP Laboratories, Hewlett-Packard, Bristol, UK,
September 4, 2002. http://citeseer.ist.psu.edu/cache/papers/cs/26626/http:zSzzSzwww.hpl.hp.comzSztechreportszSz2002zSzHPL-2002-243.pdf/casassamont02hp.pdf
Presentation
slides (PDF) Questions:
see below
Th, 10/26/06 – H. Ravi
Hoi
Chang and Mikhail J. Atallah, “Protecting Software Code by Guards,” CERIAS Tech
Report 2001-49, Center for Education and Research in Information Assurance and
Security (CERIAS), Purdue University, West Lafayette, Indiana, 2001.
Also
in: Security and Privacy in Digital
Rights Management: ACM CCS-8 Workshop (DRM 2001),
https://www.cerias.purdue.edu/tools_and_resources/bibtex_archive/archive/2001-49.pdf
Presentation
slides (PDF) Questions:
see below
Th, 10/26/06 – N. Jawanda
Maxim
Raya and Jean-Pierre Hubaux, “The Security of Vehicular Ad Hoc Networks,” 3rd ACM Workshop on
Security of Ad Hoc and Sensor Networks (SASN’05),
http://lcawww.epfl.ch/Publications/raya/RayaH05C.pdf
Presentation
slides (PDF) Questions:
see below
Tu, 10/31/06 – H. Singh
Marty
Humphrey and Mary R. Thompson, “Security
Implications of Typical Grid Computing Usage Scenarios,” 10th International
Symposium on High Performance Distributed Computing (HPDC-10),
Presentation
slides (PDF) Questions:
see below
The
following presentation information added on 12/3/06
Tu, 10/31/06 – Instructor’s presentation instead of the second
student’s presentation (see Section 4—P2D2: A Mechanism for Privacy-Preserving Data
Dissemination at the top)
Th, 11/2/06 – Instructor’s presentation instead of students’
presentations presentation (see Section 5—Trust in
P2P Systems at the top)
Tu, 11/7/06 – R. Rekala
Ting Yu, Chapter 8: “Privacy Preservation in Trust Negotiation,”
from: “Automated Trust Establishment in Open Systems,” Ph.D. Thesis,
http://www4.ncsu.edu:8030/~tyu/pubs/thesis.pdf
Presentation
slides (PDF) Questions:
see below
Tu, 11/7/06 – A. Yedugani
Dirk Balfanz, D. K.
Smetters, Paul Stewart and H. Chi Wong, “Talking To Strangers: Authentication in Ad-Hoc Wireless Networks,” Proc. Network and Distributed System Security Symp.,
http://www.isoc.org/isoc/conferences/ndss/02/proceedings/papers/balfan.pdf
Presentation slides (PDF) Questions:
see below
Th, 11/9/06 – R. Dondati
Michael Vrable, Justin
Ma, Jay Chen, David Moore, Erik Vandekieft, Alex C. Snoeren, Geoffrey M.
Voelker, and Stefan Savage, “Scalability,
Fidelity, and Containmen in the
Potemkin Virtual Honeyfarm,” Proc. ACM Symp. on Operating System
Principles (SOSP’05),
Brighton,
http://www.cs.ucsd.edu/~savage/papers/Sosp05.pdf
Presentation slides (PDF) Questions: see below
Th, 11/9/06 – V. Naraharisetti
Hassnaa
Moustafa, Gilles Bourdon, and Yvon Gourhant, “Authentication, authorization and accounting
(AAA) in hybrid ad hoc hotspot's environments,” Proc. of the Fourth ACM Intl. Workshop on Wireless Mobile Applications
and Services on WLAN Hotspots (WMASH
’06), in conjunction with ACM Mobicom,
Los Angeles, CA, September 2006, pp.37 - 46.
http://delivery.acm.org/10.1145/1170000/1161030/p37-moustafa.pdf?key1=1161030&key2=6039950611&coll=Portal&dl=GUIDE&CFID=3041431&CFTOKEN=62680324
Presentation slides (PDF) Questions: see below
Tu, 11/14/06 – A. Rudra
Radu
Handorean and Gruia-Catalin Roman, "Secure Service Provision in Ad Hoc
Networks," Proc. the First
International Conference on Service Oriented Computing (ICSOC 2003)
Presentation
slides (PDF) Questions:
see below
Tu, 11/14/06 – Only one student presentation (above).
Th, 11/16/06 – P. Srinivasaiah
Boleslaw
K. Szymanski and Yongqiang Zhang, “Recursive Data Mining for Masquerade
Detection and Author Identification,” Proc. 5th IEEE System, Man and
Cybernetics Information Assurance Workshop, West Point, NY, June 2004, pp.
424-431.
http://www.cs.rpi.edu/~szymansk/papers/ia04.pdf#search=%22szymanski%20%22Recursive%20Data%20Mining%20for%22%22
Presentation
slides (PDF) Questions:
see below
Th, 11/16/06 – S. Pulimamidi
“TCG
Specification Architecture Overview, Revision
1.2,” Trusted Computing Group, April
2004.
https://www.trustedcomputinggroup.org/groups/TCG_1_0_Architecture_Overview.pdf
Presentation
slides (PDF) Questions:
see below
Tu, 11/21/06 – D. Aralumallige
http://www.comsoc.org/ci1/Public/2002/Jul/index.html
(click on the PDF symbol at the top)
Presentation
slides (PDF) Questions:
see below
Tu, 11/21/06 – S. Chittineni
David
Molnar and David Wagner, “Privacy and
Security in Library RFID. Issues,
Practices, and Architectures,” Proc.
11th ACM Conference on Computer and Communications Security (CCS'04),
http://www.cs.berkeley.edu/~dmolnar/library.pdf
Presentation
slides (PDF) Questions:
see below
Th, 11/23/06 – Thanksgiving break.
Tu, 11/28/06 – A. Arakeswara
Thomas
S. Messerges, Johnas Cukier, Tom A.M. Kevenaar, Larry Puhl, René Struik, Ed
Callaway, “A Security Design for a
General Purpose, Self-Organizing, Multihop Ad Hoc Wireless Network," Proc. 1st ACM Workshop on Security of Ad Hoc and
Sensor Network (SASN 2003),
http://www.csl.mtu.edu/cs6461/www/Reading/Messerges03.pdf
Presentation slides (PDF) Questions: see below
Tu, 11/28/06 – S. Mapakshi
Yih-Chun Hu, Adrian Perrig, David B. Johnson, “Rushing Attacks and Defense in Wireless Ad
Hoc Network Routing Protocols,” ACM
Workshop on Wireless Security (WiSe 2003),
in conjunction with ACM MobiCom 2003, San Diego, CA, September 2003,
pp.30-41.
http://citeseer.ist.psu.edu/cache/papers/cs/30980/http:zSzzSzmonarch.cs.rice.eduzSzmonarch-paperszSzwise03.pdf/hu03rushing.pdf
(earlier, pre-publication version)
Presentation
slides (PDF,
PPT-with
animation) Questions:
see below
Tu, 11/30/06 – R. Yellepedy
Alessandro
Brawerman and John A. Copeland, “Towards
a Fraud-Prevention Framework for Software Defined Radio
Presentation
slides (PDF) Questions:
see below
Tu, 11/30/06 – S. Jayaprakash
Anand
Patwardhan, Filip Perich, Anupam Joshi, Tim Finin and Yelena Yesha, “Querying
in Packs: Trustworthy Data Management in Ad Hoc Networks,” International J. of Wireless Information Networks, Vol. 13 (4),
October 2006, pp.263-274.
http://ebiquity.umbc.edu/_file_directory_/papers/269.pdf (draft version of the manuscript)
Presentation
slides (PDF) Questions:
see below
Questions for the above student presentations are here.
(Updated on 12/3/06: added
information for presentations made on 11/7/06 and later.)
Please note that Section 4 (P2D2:
A Mechanism for Privacy-Preserving Data Dissemination) and Section 5 (Trust in P2P Systems), presented on
10/31 and 11/2, have been added above Introductions to Term
Projects (15-min. Presentations).
Final exam
will be on Tuesday, Dec 12, 7:15 - 9:15 p.m.
Not the regular course time! cf. Final exam calendar at: http://www.wmich.edu/registrar/finalexam.html
Final Report Guidelines and Template:
Preparation of Project Reports for CS 6910–Advanced Computer and Information Security, Fall 2006
PLANNED:
Final Term Project Presentations (10-min. Presentations)
IMPORTANT NOTE:
Presenters
are requested to verify correctness of their slides as posted here.
Six presentations on Tu, 12/5/06: TBA
Project
2A: Privacy & Security Issues in Software Defined Radio [implementation]
(PDF)
Dheeraj
Subbarayappa Aralumallige and
Project 2B: Privacy & Security Issues in Software Defined
Radio [survey] (PDF)
Prashanth Srinivasaiah, Amit Theetha Arakeswara and Swaroop
Markondiah Jayaprakash
Project
3: Software Agents’ Role for Privacy
and Security in Oppnets (PDF)
Nitin Bhargava, Harish Reddy
Project
5A: Malevolent Host Masquerading as [a
Legitimate] Oppnet Member (PDF)
Vrishal
K Dinar, Akshitha Guduru and Kavita P. Tipnis
Project 5B: Malevolent Helper Masquerading as Helper or Oppnet
Member (PDF)
Harbir Singh and Nardeep Jawanda
Project 6: Intrusion
Detection and Honeypots In Oppnets (PDF)
Sandeep Mapakshi and Rajasekhar Dondati
Five presentations on Th, 12/7/06: TBA
Project
7: The Semantic Web [for Agent Trust in Oppnets]
(PDF)
Terry
Goodman and Yvette Yoder
Project 10: Helper Privacy and Oppnet Privacy (PDF)
Venkat
Kalvala, Arun Rudra and Richard Rekala
Project 14A: Classic and
Identity-Based Authentication in Oppnets (PDF)
Paul
Miller
Project 14B: Authentication
of Helper Candidates in Oppnet Environments (PDF)
Durga
Koka, Sowmya Chittineni and Subhashini Pulimamidi
Project
14C: Authentication of Oppnet Nodes in Oppnet Environments (PDF)
Anil Kumar Yedugani and
Venkata Vamsi