
Professor Vijay Varadharajan
Global Innovation Chair in Cybersecurity
Faculty of Engineering and Built Environment
- Email:vijay.varadharajan@newcastle.edu.au
- Phone:(02) 4921 8687
Cybersecurity and defending the digital frontier
A renowned cybersecurity authority, Professor Vijay Varadharajan works with government, industry and research peers to thwart pervasive digital threats lurking within our online systems.
Technology has become hardwired into our modern lives. From tracking our health and finances, running our cars and allowing us to travel and communicate. Technology can even manage our household appliances while we’re at work. But how trustworthy is technology?
In an age when technology is everywhere, and knows all our private information, the concept of cybersecurity is now paramount to individuals, businesses and societies. A globally respected cybersecurity authority, Professor Vijay Varadharajan is working to protect new technology and its users from hidden digital threats.
“Technology is pervasive. Anything we do nowadays in our daily lives involves some form of technology. My work operates in the context of protection, security and trust. It’s about understanding the safety and security challenges posed by our digital world.
“For example, is the technology doing what it is supposed to do? How can we trust technology and the decisions made by technology? How can we develop technologies that are secure, that we can trust to keep our information private?
“My work helps to secure technologies, and the various applications in the different business sectors that use these technologies. It also informs regulations and policies associated with these technologies.”
Safeguarding our online systems
In our business and personal lives, almost everyone is connected to one or more digital systems. These systems talk to each other, sometimes without human intervention, sharing private information and data. Alarmingly, they can also be susceptible to a multitude of threats that can compromise our privacy.
“From the moment someone is born, they are entered into the healthcare system, then the education system, social systems, travel systems, leisure systems. In such an environment, one bug or error in one system has the potential to affect another system.
“These flaws could happen inadvertently or deliberately. My work is mainly concerned with deliberate, malicious acts where bugs are introduced with the intention of attacking and cheating others.”
In partnership with industry and government, Vijay is helping to develop robust technologies and strategies that can identify and eliminate cybersecurity threats before they cause harm. Given the multitude of technologies and their interconnected nature, Vijay admits that detecting potential digital threats, counteracting them and attributing them to the attackers all pose some difficult challenges.
“When it comes to protection, how can we design techniques to detect these malicious errors? How to counteract them? We want to be able to trust that our systems are doing what they are supposed to be doing. But the only way to really trust our technology is to ensure that these bugs and flaws do not exist in our system—or our system of systems.”
Plugging into global networks
Vijay’s contributions to cybersecurity strategies and trustworthy computing have been recognised by industry, universities and government worldwide. He has held appointments on advisory boards in government and across prominent international companies. This includes appointments with Microsoft and Hewlett-Packard, as well as the Australian Government’s Peak Security Advisory Body, the Prime Ministerial Cyber Security Task Force, the Office of the Chief Scientist of Australia and more…
“The strategies and policies we have developed, especially the government policies, have affected millions of people. For example, I led a government taskforce to create internet-filtering techniques that could block obscene and violent sites in Australia. This is an ongoing issue for many countries.”
Vijay has also directly contributed to the development of new cybersecurity technologies that have generated hundreds of millions of dollars for business. Under his leadership with the Worldwide Security Research for HP Labs in Bristol, UK, six security technologies were transferred into successful and high-value HP products.
“I have generated new ideas in a range of technologies, covering the spectrum of operating systems, distributed systems, wired, wireless and mobile networks, mobile devices and various applications in finance, healthcare and telecom sectors.”
Then as Microsoft Chair Professor (which was the first one of this kind in the world), Vijay has contributed to design of new technologies as well as achieved transfer of security technology and influenced Microsoft US strategies and policies related to cyber security.
Since taking up the roles of Global Innovation Chair in Cyber Security and Director of Advanced Cyber Security Engineering Research Centre at the University of Newcastle, Vijay’s work has placed our University at the forefront of cybersecurity discussions, research, education and industry engagement. In 2017, the researcher’s outstanding contributions in the field of science, engineering and technology related to cybersecurity were recognised when he received the Mahatma Gandhi Pravasi Samman award—a prestigious global achievement.
Educating people in cybersecurity
An important component of cybersecurity is education. Adamant that “transferring knowledge can transform lives”, Vijay has supervised close to 40 PhD students in the area of cybersecurity in the UK and Australia. He has also developed cybersecurity postgraduate programs at three Australian universities, and held multiple visiting positions at universities in the UK, Singapore, China and India.
Outside of a university setting, Vijay also regularly contributes his expertise to the education of communities. For more than seven years, he has helped deliver technology education programs for secondary school students. Vijay has also participated in several volunteering initiatives focused on promoting cybersecurity awareness and measures to the older generation.
“We have been teaching people about basic cybersecurity measures, such as how to protect their personal information when conducting online financial transactions. It’s vital that we continue to educate citizens about cybersecurity and how to be careful when using technologies. We don’t want people falling prey to frauds, which happens on a regular basis.”
The message is clear: while technology can make our lives more convenient, connected and efficient, it also comes with serious security threats. As technology advances globally, cybersecurity must remain top of mind for citizens and businesses alike.
“As our lives become filled with many different technologies and new ones continue to be developed, the bottom line is that it is critical that we are able to trust these technologies, and each other, when using online services in our daily lives.”
Cybersecurity and defending the digital frontier
A renowned cybersecurity authority, Professor Vijay Varadharajan works with government, industry and research peers to thwart pervasive digital threats lurking within our online systems.
Career Summary
Biography
Prof Vijay Varadharajan has held the Global Innovation Chair in Cyber Security at the University of Newcastle since March 2017. He is also the Director of Advanced Cyber Security Engineering Research Centre (ACSRC) at Newcastle. Previously he was Microsoft Chair Professor in Innovation in Computing at Macquarie University (2001-2017). At Macquarie, he conceived the concept of an interdisciplinary institute in Cyber Security and was the founder of the Optus MQ Cyber Security Hub. Prior to this he was Dean of School of Computing and IT at University of Western Sydney (1996-2000).
From 1988 to 1995 Vijay headed Worldwide Security Research for HP Labs in Bristol, UK. Under his leadership at HP Labs, some 6 different security technologies were transferred into successful HP products, generating billions of dollars. He also headed the Technical Security Strategy Initiative at HP under the Senior Vice President, USA. From 1987-88, Vijay was Research Manager at British Telecom Research Labs. U.K. During 1985-1986, first he was Research Fellow and then Lecturer in Computer Science at Plymouth and Reading Universities. He attained his Ph.D in Computer and Communication Security from Plymouth and Exeter Universities in 1984, sponsored by BT Research Labs. He attained his Electronic Engineering degree from Sussex University, UK in 1981. He was awarded the 1981 Prize of the Institution of Electrical Engineers, IEE, for outstanding performance at Sussex University as well as the Committee of Vice Chancellors and Principals Award UK.
Vijay has had several visiting positions at different institutions over the years including Isaac Newton Institute of Mathematical Sciences at Cambridge University, Senior Research Scientist at Microsoft Research Cambridge, Senior Research Scientist at the Institute of Mathematical Sciences at National University of Singapore, Invited Professor at French National Research Labs (INRIA), Invited Professor at the Indian Inst. of Technology, Research Scientist at Fujitsu Research Labs, Fellow at British Telecom Research Labs., UK, Visiting Professor at eScience Institute, Edinburgh University, Adjunct at Oxford Martin School, Oxford University, UK and Visiting Professor at the Chinese Academy of Sciences. Vijay has also been a Senior Visiting Fellow with the Australian Academy of Science and the Indian Institute of Science. Recently Vijay has been appointed as Mercator Fellow by the German Research Foundation with the Technical University of Darmstadt.
Vijay was on the Board of International Advisors of TCPA, USA, originally formed by HP, Microsoft, Intel, Sun and Compaq. Now TCPA is known as TCG and TCPA security specification is currently being in products endorsed by numerous companies. Vijay is a founding member of the Trustworthy Computing Academic Advisory Board (Microsoft, USA) (announced by Bill Gates in July 2002) (2002-2014), is a member of the SAP International Security Advisory Board (SAP Corporation, Germany/Germany) (2010-2014) and is a member of SAP Next Business and Technology Board (USA) (2011-2013). He is also a member of the Australian Government's Peak Security Advisory Body, ITSEAG, for the Ministry of Broadband, Communications and Digital Economy, Australia (2008-2013). He has been the Technical Board Director of Computer Science at Australian Computer Society (1999-2006), and a member of the Board of Studies NSW Australian Government 2005-2012.
Vijay was a member of the Australian Research Council (ARC) ARC College of Experts in Engineering, Mathematics and Informatics in 2011 for 3 years. Vijay is a member of the Australian Academy of Science National Committee on Information and Communication Systems (2014 -- ). In April 2014, Vijay has been appointed to the ICT Advisory Panel in the NSW Government (2014-2015). In May 2015, he has been appointed to the Cyber Security Task Force (CSTF) in India, which has been created upon the recommendation of the Prime Minister of India (2015 -- ). He was a member of Strategic Research Priorities Committee (Cyber Security), Office of the Chief Scientist of Australia (2015). Previously he has acted as an Expert in Security for the European Union and for the UK Dept. of Trade and Industry. He has also acted as consultant and architect for several projects in computing, financial and telecom organizations in the UK, US and in Australia. Vijay has been awarded the prestigious Mahatma Gandhi Pravasi Samman Award India, in 2017, for his outstanding contributions in the field of Science, Engineering and Technology related to Cyber Security.
Vijay has published more than 450 papers in International Journals and Conferences, has co-authored and edited 10 books on Information Technology, Security, Networks and Distributed Systems and have held 3 patents. His research work over the years has contributed to the development of several successful secure commercial systems in the areas of Secure Distributed Applications, Secure Network Systems, Security Tools, Secure Mobile Systems as well as Cryptographic and Smart Card based Systems and secure financial, telecom and medical solutions.
For Vijay's technical research work in a range of these areas in security for more than 30 years, please see his Personal Technical Distinctions webpage.
His research work has been supported by industry such as Microsoft, Hewlett-Packard, British Telecom and Fujitsu, as well as government agencies such Australian Research Council (ARC) (19 ARC Grants over the last 23 years), UK Research Council (4 SERC/EPSRC Grants), Australian Defense (6 DSD/DST Grants), Dept of Prime Minister and Cabinet Australia (3 NSST Grants), European Union (7 Grants -- COST, EUREKA, ESPRIT, RACE, INFOSEC EU and 7th Framework) as well as several grants with SMEs.
He has supervised successfully over 39 PhD and 10 Masters Research students in the UK and Australia. He was awarded Macquarie University's Supervisor of the Year in 2003.
Vijay has delivered over 48 Keynote Speeches at Academic International Conferences and over 230 invited speeches in various academic and industrial symposiums and workshops. He has been a program committee member or chaired over 200 international conferences. He is an Editorial Board member of several journals including the prestigious ACM Transactions on Information System Security (TISSEC) (USA), IEEE Transactions on Dependable and Secure Systems (TDSC), IEEE Transactions in Information Forensics and Security (TIFS), IEEE Transactions in Cloud Computing (TCC) (USA), International Journal of Information Security, Springer (Germany), Computer and Communication Security Reviews (UK) as well as IEEE Security and Privacy.
His current areas of research interest include Cloud Computing Security, Internet of Things Security, Big Data and Distributed Applications Security, Malware and Security Attacks, Software Security, Trustworthy Computing, Software Defined Networks Security, Wireless and Mobile Networks Security, Cyber Security and Machine Learning, Security Architectures, Security Policies and Models, Security Protocols and Applications of Cryptography.
Vijay is a Fellow of the British Computer Society (FBCS), a Fellow of the IEE, UK (FIEE), a Fellow of the Institute of Mathematics and Applications, UK (FIMA), a Fellow of the Australian Institute of Engineers (FIEAust), a Fellow of the Australian Computer Society (FACS) and a Fellow of the Institution of Electronic and Telecommunication Engineers (FIETE).
Qualifications
- Doctor of Philosophy, Plymouth Polytechnic
- Bachelor of Science (Honours), University of Sussex - UK
Keywords
- Big data
- Block chain
- Blockchain
- Cloud
- Cloud security
- Cyber
- Cyber security
- Healthcare
- IoT
- Malware
- Mobile security
- PhD supervision
- SDN
- Security
- Software defined network
- Trusted computing
- cyber security PhD
- internet of things
- security attacks
- smart infrastructure
Fields of Research
Code | Description | Percentage |
---|---|---|
080402 | Data Encryption | 33 |
080303 | Computer System Security | 34 |
080399 | Computer Software not elsewhere classified | 33 |
Professional Experience
UON Appointment
Title | Organisation / Department |
---|---|
Professor | University of Newcastle College of Engineering, Science and Environment Australia |
Academic appointment
Dates | Title | Organisation / Department |
---|---|---|
1/1/2001 - 1/3/2017 | Microsoft Chair Professor | Macquarie University Innovation in Computing Australia |
1/1/1996 - 31/12/2000 | Dean/Head of School of Computing and IT | University of Western Sydney Australia |
Membership
Dates | Title | Organisation / Department |
---|---|---|
1/1/2010 - 31/12/2014 | Member | SAP Corporation SAP International Security Advisory Board Germany |
1/1/2002 - 31/12/2014 | Founding member | Microsoft Corporation Trustworthy Computing Academic Advisory Board United States |
1/1/2008 - 31/12/2013 | Member | Ministry of Broadband, Communications and Digital Economy Australian Government's Peak Security Advisory Body, ITSEAG Australia |
1/1/2011 - 31/12/2013 | Member | SAP Corporation SAP Next Business and Technology Board Germany |
1/1/2014 - | Member | Australian Academy of Science National Committee on Information and Communication Systems |
1/1/2014 - 31/12/2015 | Member | NSW Government ICT Advisory Panel Australia |
1/5/2015 - | Member | Cyber Security Task Force (CSTF) India |
1/1/2015 - 31/12/2015 | Member | Office of the Chief Scientist Strategic Research Priorities Committee (Cyber Security) Australia |
1/1/2005 - 31/12/2012 | Member | NSW Board of Studies Australia |
1/1/2011 - 31/12/2013 | Member | ARC (Australian Research Council) Australia |
Professional appointment
Dates | Title | Organisation / Department |
---|---|---|
1/3/2017 - | Director | Advanced Cyber Security Engineering Research Centre (ACSRC) Australia |
Awards
Distinction
Year | Award |
---|---|
2010 |
Fellow of the British Computer Society (FBCS) British Computer Society |
2010 |
Fellow of the IEE UK Institute of Electrical Engineers, UK |
2010 |
Fellow of the Institute of Mathematics and Applications, UK Institute of Mathematics and its Applications |
2010 |
Fellow of the Australian Institute of Engineers Institution of Engineers Australia (IEAust) |
2010 |
Fellow of the Australian Computer Society Australian Computer Society (ACS) |
Member
Year | Award |
---|---|
2014 |
Australian Academy of Science Australian Academy of Science |
Publications
For publications that are currently unpublished or in-press, details are shown in italics.
Book (8 outputs)
Year | Citation | Altmetrics | Link | ||
---|---|---|---|---|---|
2013 | Wang G, Varadharajan V, Martinez G, Message from the CSS 2013 general chairs (2013) | ||||
2013 | Zia T, Zomaya A, Varadharajan V, Mao M, Preface (2013) | ||||
2013 | Varadharajan V, Yu JX, Message from the general chairs (2013) | ||||
2010 | Rannenberg K, Varadharajan V, Weber C, Preface (2010) | ||||
2004 | Wang H, Pieprzyk J, Varadharajan V, Preface (2004) | ||||
2001 |
Varadharajan V, Preface (2001)
|
||||
1999 |
Varadharajan V, Preface (1999)
|
||||
Show 5 more books |
Chapter (8 outputs)
Year | Citation | Altmetrics | Link | |||||
---|---|---|---|---|---|---|---|---|
2015 |
Damavandinejadmonfared S, Varadharajan V, 'Effective finger vein-based authentication: Kernel principal component analysis', Emerging Trends in Image Processing, Computer Vision and Pattern Recognition 447-455 (2015) [B1] © 2015 Elsevier Inc. All rights reserved. Kernel functions have been very useful in data classification for the purpose of identification and verification so far. Applying such ma... [more] © 2015 Elsevier Inc. All rights reserved. Kernel functions have been very useful in data classification for the purpose of identification and verification so far. Applying such mappings first and using some methods on the mapped data such as principal component analysis (PCA) has been proven novel in many different areas. A lot of improvements have been proposed on PCA, such as kernel PCA, and kernel entropy component analysis, which are known as very novel and reliable methods in face recognition and data classification. In this paper, we implemented four different kernel mapping functions on finger database to determine the most appropriate one in terms of analyzing finger vein data using one-dimensional PCA. Extensive experiments have been conducted for this purpose using polynomial, Gaussian, exponential, and Laplacian PCA in four different examinations to determine the most significant one.
|
|||||||
2015 |
Damavandinejadmonfared S, Varadharajan V, 'Biometric analysis for finger vein data: Two-dimensional kernel principal component analysis', Emerging Trends in Image Processing, Computer Vision and Pattern Recognition 393-405 (2015) [B1] © 2015 Elsevier Inc. All rights reserved. In this paper, a whole identification system is introduced for finger vein recognition. The proposed algorithm first maps the input data ... [more] © 2015 Elsevier Inc. All rights reserved. In this paper, a whole identification system is introduced for finger vein recognition. The proposed algorithm first maps the input data into kernel space, then; two-dimensional principal component analysis (2DPCA) is applied to extract the most valuable features from the mapped data. Finally, Euclidian distance classifies the features and the final decision is made. Because of the natural shape of human fingers, the image matrixes are not square, which makes them possible to use kernel mappings in two different ways-along row or column directions. Although some research has been done on the row and column direction through 2DPCA, our argument is how to map the input data in different directions and get a square matrix out of it to be analyzed by 2DPCA. In this research, we have explored this area in details and obtained the most significant way of mapping finger vein data which results in consuming the least time and achieving the highest accuracy for finger vein identification system. The authenticity of the results and the relationship between the finger vein data and our contribution are also discussed and explained. Furthermore, extensive experiments were conducted to prove the merit of the proposed system.
|
|||||||
2015 |
Damavandinejadmonfared S, Varadharajan V, 'Biometric analysis for finger vein data: Two-dimensional kernel principal component analysis', Emerging Trends in Image Processing, Computer Vision and Pattern Recognition 393-405 (2015) [B1] © 2015 Elsevier Inc. All rights reserved. In this paper, a whole identification system is introduced for finger vein recognition. The proposed algorithm first maps the input data ... [more] © 2015 Elsevier Inc. All rights reserved. In this paper, a whole identification system is introduced for finger vein recognition. The proposed algorithm first maps the input data into kernel space, then; two-dimensional principal component analysis (2DPCA) is applied to extract the most valuable features from the mapped data. Finally, Euclidian distance classifies the features and the final decision is made. Because of the natural shape of human fingers, the image matrixes are not square, which makes them possible to use kernel mappings in two different ways-along row or column directions. Although some research has been done on the row and column direction through 2DPCA, our argument is how to map the input data in different directions and get a square matrix out of it to be analyzed by 2DPCA. In this research, we have explored this area in details and obtained the most significant way of mapping finger vein data which results in consuming the least time and achieving the highest accuracy for finger vein identification system. The authenticity of the results and the relationship between the finger vein data and our contribution are also discussed and explained. Furthermore, extensive experiments were conducted to prove the merit of the proposed system.
|
|||||||
2014 |
Zhou L, Varadharajan V, Hitchens M, 'Cryptographic role-based access control for secure cloud data storage systems', Security, Privacy and Trust in Cloud Systems 313-344 (2014) [B1] © 2014 Springer-Verlag Berlin Heidelberg. All rights are reserved. With the rapid increase in the amount of digital information that needs to be stored, cloud storage has attracte... [more] © 2014 Springer-Verlag Berlin Heidelberg. All rights are reserved. With the rapid increase in the amount of digital information that needs to be stored, cloud storage has attracted much attention in recent times because of its ability to deliver resources for storage to users on demand in a cost effective manner. The cloud can provide a scalable high-performance storage architecture, and can help to significantly reduce the cost of maintenance of individual services.
|
|||||||
2010 |
Balakrishnan V, Varadharajan V, Lucs P, Tupakula U, 'SMRTI: Secure Mobile Ad Hoc Network Routing with Trust Intrigue', Mobile Intelligence 412-436 (2010)
|
|||||||
2010 |
Balakrishnan V, Varadharajan V, Tupakula U, 'Security in mobile AD HOC networks', Selected Topics in Communication Networks and Distributed Systems 671-708 (2010) © 2010 by World Scientific Publishing Co. Pte. Ltd. All Rights Reserved. Security is paramount in mobile ad hoc networks (MANETs) since a MANET is neither conducive to centralized... [more] © 2010 by World Scientific Publishing Co. Pte. Ltd. All Rights Reserved. Security is paramount in mobile ad hoc networks (MANETs) since a MANET is neither conducive to centralized authorities nor suitable for inheriting the solutions that have been proposed for wired networks. Given that end-to-end communication between applications relies on the self-organized characteristics of MANETs, most if not all the proposed security solutions concentrate on securing communication through multi-hop trustworthy nodes. In this chapter, we present state-of-the-art security in MANETs and the survey comprises MANET-based secure routing, key management, and trust management systems. However, we confine ourselves to a few well-regarded proposals due to the exhaustive list of proposals available in each of the above-mentioned categories. First, we discuss the features inherent in MANETs and their impact on the design of security mechanisms, in addition to the threats and attacks that are common in MANETs. Second, we describe a few well-known solutions in the area of secure routing and key management to demonstrate their role as a prevention system. We then discuss the limitations of those systems such as their inability to react to dynamically changing attack patterns and their assumption that nodes will cooperate for routing and network management. Finally, we address the recent advancements in security systems, where a defense-in-depth approach is adopted to incorporate trust management systems as the second layer of defense to prevention systems. Trust management systems complement prevention systems by measuring the trustworthiness of nodes and promptly react to dynamically changing attack patterns. We then detail the limitations of trust management systems and discuss possible research directions to address those limitations.
|
|||||||
2008 |
Tupakula UK, Varadharajan V, 'Distributed denial of service attacks in networks', Handbook of Research on Information Security and Assurance 85-97 (2008) In this chapter we discuss Distributed Denial of Service (DDoS) attacks in networks such as the Internet, which have become significantly prevalent over the recent years. We expla... [more] In this chapter we discuss Distributed Denial of Service (DDoS) attacks in networks such as the Internet, which have become significantly prevalent over the recent years. We explain how DDoS attacks are performed and consider the ideal solution characteristics for defending against the DDoS attacks in the Internet. Then we present different research directions and thoroughly analyse some of the important techniques that have been recently proposed. Our analysis confirms that none of the proposed techniques can efficiently and completely counteract the DDoS attacks. Furthermore, as networks become more complex, they become even more vulnerable to DoS attacks when some of the proposed techniques are deployed in the Internet. The gap between the tools that can generate DDoS attacks and the tools that can detect or prevent DDoS attacks continues to increase. Finally, we briefly outline some best practices that the users are urged to follow to minimise the DoS attacks in the Internet. © 2009, IGI Global.
|
|||||||
2007 |
Zhao W, Varadharajan V, Bryan G, 'A unified taxonomy framework of trust', Trust in E-Services: Technologies, Practices and Challenges 29-50 (2007) In this chapter, we provide a formal definition of trust relationship with a strict mathematical structure that can reflect many of the commonly used notions of trust. Based on th... [more] In this chapter, we provide a formal definition of trust relationship with a strict mathematical structure that can reflect many of the commonly used notions of trust. Based on this formal definition, we propose a unified taxonomy framework of trust. Under the taxonomy framework, we discuss classification of trust. In particular, we address the base level authentication trust at the lower layer and a hierarchy of trust relationships at a higher level. We provide a set of definitions, propositions, and operations based on the relations of trust relationships. Then we define and discuss properties of trust direction and trust symmetry. We define the trust scope label in order to describe the scope and diversity of trust relationship. All the definitions about the properties of trust become elements of the unified taxonomy framework of trust. Some example scenarios are provided to illustrate the concepts in the taxonomy framework. The taxonomy framework of trust will provide accurate terms and useful tools for enabling the analysis, design, and implementation of trust. The taxonomy framework of trust is first part of research for the overall methodology of trust relationships and trust management in distributed systems. © 2007, Idea Group Inc.
|
|||||||
Show 5 more chapters |
Journal article (129 outputs)
Year | Citation | Altmetrics | Link | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
2020 |
Amin BMR, Taghizadeh S, Rahman MS, Hossain MJ, Varadharajan V, Chen Z, 'Cyber attacks in smart grid - Dynamic impacts, analyses and recommendations', IET Cyber-Physical Systems: Theory and Applications, 5 321-329 (2020) © 2020 Institution of Engineering and Technology. All rights reserved. Cyber attacks can cause cascading failures and blackouts in smart grids. Therefore, it is highly necessary t... [more] © 2020 Institution of Engineering and Technology. All rights reserved. Cyber attacks can cause cascading failures and blackouts in smart grids. Therefore, it is highly necessary to identify the types, impacts and solutions of cyber attacks to ensure the secure operation of power systems. As a well-known practice, steady-state analysis is commonly used to identify cyber attacks and provide effective solutions. However, it cannot fully cover non-linear behaviours and cascaded blackouts of the system caused by dynamic perturbations, as well as provide a postdisturbance operating point. This study presents a novel approach based on dynamic analysis that excludes the limitations of the steady-state analysis and can be used in the events of various cyber attacks. Four types of common attacks are reviewed, and their dynamic impacts are shown on the IEEE benchmark model of the Western System Coordinating Council system implemented in MATLAB Simulink. Then, recommendations are provided to enhance the security of the future smart power grids from the possible cyber attacks.
|
||||||||||
2020 |
Yousefi-Azar M, Hamey L, Varadharajan V, Chen S, 'Byte2vec: Malware Representation and Feature Selection for Android', Computer Journal, 63 1125-1138 (2020) [C1] © 2019 The British Computer Society. All rights reserved. Malware detection based on static features and without code disassembling is a challenging path of research. Obfuscation ... [more] © 2019 The British Computer Society. All rights reserved. Malware detection based on static features and without code disassembling is a challenging path of research. Obfuscation makes the static analysis of malware even more challenging. This paper extends static malware detection beyond byte level n-grams and detecting important strings. We propose a model (Byte2vec) with the capabilities of both binary file feature representation and feature selection for malware detection. Byte2vec embeds the semantic similarity of byte level codes into a feature vector (byte vector) and also into a context vector. The learned feature vectors of Byte2vec, using skip-gram with negative-sampling topology, are combined with byte-level term-frequency (tf) for malware detection. We also show that the distance between a feature vector and its corresponding context vector provides a useful measure to rank features. The top ranked features are successfully used for malware detection. We show that this feature selection algorithm is an unsupervised version of mutual information (MI). We test the proposed scheme on four freely available Android malware datasets including one obfuscated malware dataset. The model is trained only on clean APKs. The results show that the model outperforms MI in a low-dimensional feature space and is competitive with MI and other state-of-the-art models in higher dimensions. In particular, our tests show very promising results on a wide range of obfuscated malware with a false negative rate of only 0.3% and a false positive rate of 2.0%. The detection results on obfuscated malware show the advantage of the unsupervised feature selection algorithm compared with the MI-based method.
|
||||||||||
2020 |
Pal S, Rabehaja T, Hitchens M, Varadharajan V, Hill A, 'On the Design of a Flexible Delegation Model for the Internet of Things Using Blockchain', IEEE Transactions on Industrial Informatics, 16 3521-3530 (2020) [C1]
|
||||||||||
2020 |
Pal S, Rabehaja T, Hill A, Hitchens M, Varadharajan V, 'On the Integration of Blockchain to the Internet of Things for Enabling Access Right Delegation', IEEE Internet of Things Journal, 7 2630-2639 (2020) [C1]
|
||||||||||
2020 |
Shaukat K, Luo S, Varadharajan V, Hameed IA, Xu M, 'A Survey on Machine Learning Techniques for Cyber Security in the Last Decade', IEEE Access, 8 222310-222354 (2020)
|
||||||||||
2020 |
Karmakar KK, Varadharajan V, Nepal S, Tupakula U, 'SDN Enabled Secure IoT Architecture', IEEE Internet of Things Journal, (2020) IEEE The Internet of Things (IoT) is increasingly being used in applications ranging from precision agriculture to critical national infrastructure by deploying a large number of ... [more] IEEE The Internet of Things (IoT) is increasingly being used in applications ranging from precision agriculture to critical national infrastructure by deploying a large number of resource-constrained devices in hostile environments. These devices are being exploited to launch attacks in cyber systems. As a result, security has become a significant concern in the design of IoT based applications. In this paper, we present a security architecture for IoT networks by leveraging the underlying features supported by Software Defined Networks (SDN). Our security architecture not only restricts network access to authenticated IoT devices, but also enforces fine granular policies to secure the flows in the IoT network infrastructure. The authentication is achieved using a lightweight protocol to authenticate IoT devices. Authorization is achieved using a dynamic policy driven approach. Such an integrated security approach involving authentication of IoT devices and enables authorized flows to protect IoT networks from malicious IoT devices and attacks. We have implemented and validated our architecture using ONOS SDN Controller and Raspbian Virtual Machines, and demonstrated how the proposed security mechanisms can counteract malware packet injection, DDoS attacks using Mirai, spoofing/masquerading and Man-in-The-Middle attacks. An analysis of the security and performance of the proposed security mechanisms and their applications is presented in the paper.
|
||||||||||
2020 |
Shaukat K, Luo S, Varadharajan V, Hameed IA, Chen S, Liu D, Li J, 'Performance comparison and current challenges of using machine learning techniques in cybersecurity', Energies, 13 (2020) [C1]
|
||||||||||
2020 |
Mishra P, Varadharajan V, Pilli E, Tupakula U, 'VMGuard: A VMI-based Security Architecture for Intrusion Detection in Cloud Environment', IEEE Transactions on Cloud Computing, 8 957-971 (2020) [C1]
|
||||||||||
2020 |
Sood K, Karmakar KK, Yu S, Varadharajan V, Pokhrel SR, Xiang Y, 'Alleviating Heterogeneity in SDN-IoT Networks to Maintain QoS and Enhance Security', IEEE Internet of Things Journal, 7 5964-5975 (2020) [C1]
|
||||||||||
2019 |
Varadharajan V, Tupakula U, 'Counteracting Attacks from Malicious End Hosts in Software Defined Networks', IEEE Transactions on Network and Service Management, 17 160-174 (2019) [C1]
|
||||||||||
2019 |
Varadharajan V, Karmakar K, Tupakula U, Hitchens M, 'A Policy based Security Architecture for Software Defined Networks', IEEE Transactions on Information Forensics and Security, 14 897-911 (2019) [C1]
|
||||||||||
2019 |
Sood K, Karmakar KK, Varadharajan V, Tupakula U, Yu S, 'Analysis of Policy-Based Security Management System in Software-Defined Networks', IEEE COMMUNICATIONS LETTERS, 23 612-615 (2019) [C1]
|
||||||||||
2019 |
Pal S, Hitchens M, Varadharajan V, Rabehaja T, 'Policy-based access control for constrained healthcare resources in the context of the Internet of Things', Journal of Network and Computer Applications, 139 57-74 (2019) [C1]
|
||||||||||
2019 |
Karmakar KK, Varadharajan V, Tupakula U, 'Mitigating attacks in software defined networks', Cluster Computing, 22 1143-1157 (2019) [C1]
|
||||||||||
2018 |
Yousefi-Azar M, Hamey L, Varadharajan V, Chen S, 'Malytics: A Malware Detection Scheme', IEEE Access, 6 49418-49431 (2018) [C1]
|
||||||||||
2018 |
Varadharajan V, Tupakula U, Karmakar K, 'Secure Monitoring of Patients with Wandering Behaviour in Hospital Environments', IEEE Access, 6 11523-11533 (2018) [C1]
|
||||||||||
2018 |
Mishra P, Varadharajan V, Tupakula U, Pilli ES, 'A Detailed Investigation and Analysis of using Machine Learning Techniques for Intrusion Detection', IEEE Communications Surveys and Tutorials, 21 686-728 (2018) [C1]
|
||||||||||
2016 |
Zhou L, Varadharajan V, Gopinath K, 'A Secure Role-Based Cloud Storage System For Encrypted Patient-Centric Health Records', COMPUTER JOURNAL, 59 1593-1611 (2016) [C1]
|
||||||||||
2016 |
Min B, Varadharajan V, 'Rethinking Software Component Security: Software Component Level Integrity and Cross Verification', COMPUTER JOURNAL, 59 1735-1748 (2016) [C1]
|
||||||||||
2016 |
Min B, Varadharajan V, 'A novel malware for subversion of self-protection in anti-virus', SOFTWARE-PRACTICE & EXPERIENCE, 46 361-379 (2016) [C1]
|
||||||||||
2016 |
Yi X, Paulet R, Bertino E, Varadharajan V, 'Practical Approximate k Nearest Neighbor Queries with Location and Query Privacy', IEEE TRANSACTIONS ON KNOWLEDGE AND DATA ENGINEERING, 28 1546-1559 (2016)
|
||||||||||
2015 |
Tupakula U, Varadharajan V, 'Trust Enhanced Security for Tenant Transactions in the Cloud Environment', COMPUTER JOURNAL, 58 2388-2403 (2015) [C1]
|
||||||||||
2015 |
Damavandinejadmonfared S, Varadharajan V, 'A new extension to kernel entropy component analysis for image-based authentication systems', Journal of WSCG, 23 1-8 (2015) [C1] © 2015, Vaclav Skala Union Agency. All rights reserved. We introduce Feature Dependent Kernel Entropy Component Analysis (FDKECA) as a new extension to Kernel Entropy Component An... [more] © 2015, Vaclav Skala Union Agency. All rights reserved. We introduce Feature Dependent Kernel Entropy Component Analysis (FDKECA) as a new extension to Kernel Entropy Component Analysis (KECA) for data transformation and dimensionality reduction in Image-based recognition systems such as face and finger vein recognition. FD- KECA reveals structure related to a new mapping space, where the most optimized feature vectors are obtained and used for feature extraction and dimensionality reduction. Indeed, the proposed method uses a new space, which is feature wisely dependent and related to the input data space, to obtain significant PCA axes. We show that FDKECA produces strikingly different transformed data sets compared to KECA and PCA. Furthermore a new spectral clustering algorithm utilizing FDKECA is developed which has positive results compared to the previously used ones. More precisely, FDKECA clustering algorithm has both more time efficiency and higher accuracy rate than previously used methods. Finally, we compared our method with three well-known data transformation methods, namely Principal Component Analysis (PCA), Kernel Principal Component Analysis (KPCA), and Kernel Entropy Component Analysis (KECA) confirming that it outperforms all these direct competitors and as a result, it is revealed that FDKECA can be considered a useful alternative for PCA-based recognition algorithms. |
||||||||||
2015 |
Varadharajan V, Tupakula U, 'Securing wireless mobile nodes from distributed denial-of-service attacks', CONCURRENCY AND COMPUTATION-PRACTICE & EXPERIENCE, 27 3794-3815 (2015) [C1]
|
||||||||||
2015 |
Haghighi MS, Xiang Y, Varadharajan V, Quinn B, 'A Stochastic Time-Domain Model for Burst Data Aggregation in IEEE 802.15.4 Wireless Sensor Networks', IEEE TRANSACTIONS ON COMPUTERS, 64 627-639 (2015) [C1]
|
||||||||||
2015 |
Yu J, Ren K, Wang C, Varadharajan V, 'Enabling Cloud Storage Auditing With Key-Exposure Resistance', IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, 10 1167-1179 (2015) [C1]
|
||||||||||
2015 |
Zhou L, Varadharajan V, Hitchens M, 'Trust Enhanced Cryptographic Role-Based Access Control for Secure Cloud Data Storage', IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, 10 2381-2395 (2015) [C1]
|
||||||||||
2015 |
Zhou L, Varadharajan V, Hitchens M, 'Generic constructions for role-based encryption', INTERNATIONAL JOURNAL OF INFORMATION SECURITY, 14 417-430 (2015) [C1]
|
||||||||||
2015 |
Li N, Mu Y, Susilo W, Varadharajan V, 'Shared RFID ownership transfer protocols', COMPUTER STANDARDS & INTERFACES, 42 95-104 (2015) [C1]
|
||||||||||
2015 |
Li N, Mu Y, Susilo W, Guo F, Varadharajan V, 'Vulnerabilities of an ECC-based RFID authentication scheme', SECURITY AND COMMUNICATION NETWORKS, 8 3262-3270 (2015) [C1]
|
||||||||||
2014 |
Min B, Varadharajan V, Tupakula U, Hitchens M, 'Antivirus security: naked during updates', SOFTWARE-PRACTICE & EXPERIENCE, 44 1201-1222 (2014) [C1]
|
||||||||||
2014 |
Varadharajan V, Tupakula U, 'Counteracting security attacks in virtual machines in the cloud using property based attestation', JOURNAL OF NETWORK AND COMPUTER APPLICATIONS, 40 31-45 (2014) [C1]
|
||||||||||
2014 |
Varadharajan V, Tupakula U, 'Security as a Service Model for Cloud Environment', IEEE TRANSACTIONS ON NETWORK AND SERVICE MANAGEMENT, 11 60-75 (2014) [C1]
|
||||||||||
2014 |
Guo F, Mu Y, Susilo W, Varadharajan V, 'Server-Aided Signature Verification for Lightweight Devices', COMPUTER JOURNAL, 57 481-493 (2014) [C1]
|
||||||||||
2014 |
Nagarajan A, Varadharajan V, Tarr N, 'Trust enhanced distributed authorisation for web services', JOURNAL OF COMPUTER AND SYSTEM SCIENCES, 80 916-934 (2014) [C1]
|
||||||||||
2014 |
Zhou L, Varadharajan V, Hitchens M, 'Secure administration of cryptographic role-based access control for large-scale cloud storage systems', JOURNAL OF COMPUTER AND SYSTEM SCIENCES, 80 1518-1533 (2014) [C1]
|
||||||||||
2014 |
Ruan C, Varadharajan V, 'Dynamic delegation framework for role based access control in distributed data management systems', DISTRIBUTED AND PARALLEL DATABASES, 32 245-269 (2014) [C1]
|
||||||||||
2014 |
Schulz S, Varadharajan V, Sadeghi A-R, 'The Silence of the LANs: Efficient Leakage Resilience for IPsec VPNs', IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, 9 221-232 (2014) [C1]
|
||||||||||
2014 |
Guo F, Mu Y, Susilo W, Wong DS, Varadharajan V, 'CP-ABE With Constant-Size Keys for Lightweight Devices', IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, 9 763-771 (2014) [C1]
|
||||||||||
2014 |
Zhou L, Varadharajan V, Hitchens M, 'A Trust Management Framework for Secure Cloud Data Storage Using Cryptographic Role-Based Access Control', E-BUSINESS AND TELECOMMUNICATIONS, ICETE 2013, 456 226-251 (2014) [C1]
|
||||||||||
2014 |
Huang CT, Huang L, Qin Z, Yuan H, Zhou L, Varadharajan V, Kuo CCJ, 'Survey on securing data storage in the cloud', APSIPA Transactions on Signal and Information Processing, 3 (2014) [C1] Cloud Computing has become a well-known primitive nowadays; many researchers and companies are embracing this fascinating technology with feverish haste. In the meantime, security... [more] Cloud Computing has become a well-known primitive nowadays; many researchers and companies are embracing this fascinating technology with feverish haste. In the meantime, security and privacy challenges are brought forward while the number of cloud storage user increases expeditiously. In this work, we conduct an in-depth survey on recent research activities of cloud storage security in association with cloud computing. After an overview of the cloud storage system and its security problem, we focus on the key security requirement triad, i.e., data integrity, data confidentiality, and availability. For each of the three security objectives, we discuss the new unique challenges faced by the cloud storage services, summarize key issues discussed in the current literature, examine, and compare the existing and emerging approaches proposed to meet those new challenges, and point out possible extensions and futuristic research opportunities. The goal of our paper is to provide a state-of-the-art knowledge to new researchers who would like to join this exciting new field. © The Authors, 2014.
|
||||||||||
2013 |
Li N, Mu Y, Susilo W, Guo F, Varadharajan V, 'On RFID authentication protocols with wide-strong privacy', Cryptology and Information Security Series, 11 3-16 (2013) [C1] Radio frequency identification (RFID) tag privacy is an important issue to RFID security. To date, there have been several attempts to achieve the wide-strong privacy by using zer... [more] Radio frequency identification (RFID) tag privacy is an important issue to RFID security. To date, there have been several attempts to achieve the wide-strong privacy by using zero-knowledge protocols. In this paper, we launch an attack on the recent zero-knowledge based identification protocol for RFID, which was claimed to capture wide-strong privacy, and show that this protocol is flawed. Subsequently, we propose two zero-knowledge based tag authentication protocols and prove that they offer wide-strong privacy. © 2013 The authors and IOS Press. All rights reserved.
|
||||||||||
2013 |
Zhou L, Varadharajan V, Hitchens M, 'Achieving Secure Role-Based Access Control on Encrypted Data in Cloud Storage', IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, 8 1947-1960 (2013) [C1]
|
||||||||||
2013 |
Cheng S, Varadharajan V, Mu Y, Susilo W, 'A secure elliptic curve based RFID ownership transfer scheme with controlled delegation', Cryptology and Information Security Series, 11 31-43 (2013) [C1] In practical applications, the owner of an RFID-tagged item canchange. In this paper, we propose a new RFID ownership transfer protocol using elliptic-curve cryptography. The pape... [more] In practical applications, the owner of an RFID-tagged item canchange. In this paper, we propose a new RFID ownership transfer protocol using elliptic-curve cryptography. The paper first considers security and privacy requirements in the ownership transfer process. Then the paper provides a detailed description of our ownership transfer scheme outlining various protocol phases. Key features of the proposed scheme are that it allows controlled delegation and authorisation recovery, and the ownership transfer is achieved without a trusted third party. We describe a security analysis of the proposed scheme and demonstrate that it meets the desired security and privacy requirements. We also illustrate the performance results and show that our scheme is feasible for lightweight RFID tags. © 2013 The authors and IOS Press. All rights reserved.
|
||||||||||
2012 |
Tupakula UK, Varadharajan V, 'Dynamic State-Based Security Architecture for Detecting Security Attacks in Virtual Machines', COMPUTER JOURNAL, 55 397-409 (2012) [C1]
|
||||||||||
2012 |
Rannenberg K, Varadharajan V, Weber C, 'Editorial Computers and Security Special Issue IFIP/SEC 2010 "Security & Privacy - Silver Linings in the Cloud"', COMPUTERS & SECURITY, 31 805-805 (2012)
|
||||||||||
2011 |
Zhou L, Varadharajan V, Hitchens M, 'Enforcing Role-Based Access Control for Secure Data Storage in the Cloud', COMPUTER JOURNAL, 54 1675-1687 (2011) [C1]
|
||||||||||
2011 |
Nagarajan A, Varadharajan V, 'Dynamic trust enhanced security model for trusted platform based services', FUTURE GENERATION COMPUTER SYSTEMS-THE INTERNATIONAL JOURNAL OF ESCIENCE, 27 564-573 (2011) [C1]
|
||||||||||
2011 |
Haghighi MS, Mohamedpour K, Varadharajan V, Quinn BG, 'Stochastic Modeling of Hello Flooding in Slotted CSMA/CA Wireless Sensor Networks', IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, 6 1185-1199 (2011) [C1]
|
||||||||||
2010 |
Ruan C, Varadharajan V, 'A graph theoretic approach to authorization delegation and conflict resolution in decentralised systems', DISTRIBUTED AND PARALLEL DATABASES, 27 1-29 (2010)
|
||||||||||
2010 |
Zhang J, Varadharajan V, 'Wireless sensor network key management survey and taxonomy', JOURNAL OF NETWORK AND COMPUTER APPLICATIONS, 33 63-75 (2010)
|
||||||||||
2010 |
Lin C, Varadharajan V, 'MobileTrust: a trust enhanced security architecture for mobile agent systems', INTERNATIONAL JOURNAL OF INFORMATION SECURITY, 9 153-178 (2010)
|
||||||||||
2010 |
Varadharajan V, 'Internet Filtering - Issues and Challenges', IEEE SECURITY & PRIVACY, 8 62-65 (2010)
|
||||||||||
2009 |
Varadharajan V, 'A Note on Trust-Enhanced Security', IEEE SECURITY & PRIVACY, 7 57-59 (2009)
|
||||||||||
2009 |
Wang Y, Lin KJ, Wong DS, Varadharajan V, 'Trust management towards service-oriented applications', Service Oriented Computing and Applications, 3 129-146 (2009) In service-oriented computing (SOC) environments, service clients interact with service providers for services or transactions. From the point view of service clients, the trust s... [more] In service-oriented computing (SOC) environments, service clients interact with service providers for services or transactions. From the point view of service clients, the trust status of a service provider is a critical issue to consider, particularly when the service provider is unknown to them. Typically, the trust evaluation is based on the feedback on the service quality provided by service clients. In this paper, we first present a trust management framework that is event-driven and rule-based. In this framework, trust computation is based on formulae. But rules are defined to determine which formula to use and what arguments to use, according to the event occurred during the transaction or service. In addition, we propose some trust evaluation metrics and a formula for trust computation. The formula is designed to be adaptable to different application domains by setting suitable arguments. Particularly, the proposed model addresses the incremental characteristics of trust establishment process. Furthermore, we propose a fuzzy logic based approach for determining reputation ranks that particularly differentiates new service providers and old (long-existing) ones. This is further incentive to new service providers and penalize poor quality services from service providers. Finally, a set of empirical studies has been conducted to study the properties of the proposed approaches, and the method to control the trust changes in both trust increment and decrement cases. The proposed framework is adaptable for different domains and complex trust evaluation systems. © 2008 Springer-Verlag London Limited.
|
||||||||||
2009 |
Thomas JP, Li X, Jin H, Baiardi F, Varadharajan V, 'Call for papers for special issue on security in computer and Cyber-physical systems and networks', Security and Communication Networks, 2 455-456 (2009)
|
||||||||||
2008 |
Wang Y, Wong DS, Lin K-J, Varadharajan V, 'Evaluating transaction trust and risk levels in peer-to-peer e-commerce environments', INFORMATION SYSTEMS AND E-BUSINESS MANAGEMENT, 6 25-48 (2008)
|
||||||||||
2008 |
Tupakula UK, Varadharajan V, 'A hybrid model against TCP SYN and reflection DDoS attacks', COMPUTER SYSTEMS SCIENCE AND ENGINEERING, 23 153-166 (2008)
|
||||||||||
2007 | Bao F, Boyd C, Gollmann D, Kim K, Kurosawa K, Mambo M, et al., 'Preface', International Journal of Wireless and Mobile Computing, 2 1-3 (2007) | ||||||||||
2007 |
Indrakanti S, Varadharajan V, Agarwal R, 'On the design, implementation and application of an authorisation architecture for web services', International Journal of Information and Computer Security, 1 64-108 (2007) This paper proposes an authorisation architecture for web services. It describes the architectural framework, the administration and runtime aspects of our architecture and its co... [more] This paper proposes an authorisation architecture for web services. It describes the architectural framework, the administration and runtime aspects of our architecture and its components for secure authorisation of web services as well as the support for the management of authorisation information. The paper then describes the implementation aspects of the architecture. The architecture has been implemented and integrated within the .NET framework. The authorisation architecture for web services is demonstrated using a case study in the healthcare domain. The proposed architecture has several benefits. First and foremost, the architecture supports multiple access control models and mechanisms; it supports legacy applications exposed as web services as well as new web service-based applications built to leverage the benefits offered by the Service-Oriented Architecture; it is decentralised and distributed and provides flexible management and administration of web services and related authorisation information. The proposed architecture can be integrated into existing middleware platforms to provide enhanced security to web services deployed on those platforms. © 2007 Inderscience Enterprises Ltd.
|
||||||||||
2007 |
Foster D, Varadharajan V, 'Trust-enhanced secure mobile agent-based system design', International Journal of Agent-Oriented Software Engineering, 1 205-224 (2007) This paper presents a Security and Trust Enhanced Mobile Agent (SATEMA) architecture. It investigates some of the design decisions encountered during the development of the archit... [more] This paper presents a Security and Trust Enhanced Mobile Agent (SATEMA) architecture. It investigates some of the design decisions encountered during the development of the architecture and its implementation. In particular, we consider design issues such as security and trust policy management, support for multiple applications as well as with single- and multiple-hop scenarios using the proposed architecture. We discuss the design choices and describe the solutions that have been adopted in the architecture. We have implemented two applications, namely, a travel application and an auction application using this proposed SATEMA architecture. © 2007 Inderscience Enterprises Ltd.
|
||||||||||
2007 |
Tupakula UK, Varadharajan V, Gajam AK, Vuppala SK, Rao PNS, 'DDoS: Design, implementation and analysis of automated model', International Journal of Wireless and Mobile Computing, 2 72-85 (2007) Earlier, we have proposed an automated model to minimise DDoS attacks in single ISP domain and extended the model to multiple ISP domains. Our approach has several advanced featur... [more] Earlier, we have proposed an automated model to minimise DDoS attacks in single ISP domain and extended the model to multiple ISP domains. Our approach has several advanced features to minimise DDoS attacks in the internet. The focus of this paper is twofold: firstly, to present a detailed description of the design and implementation of the proposed model and second to discuss and analyse the extensive set of results obtained from the implementation and simulations. We describe the prototype implementation of our automated model using NetProwler network intrusion detection system and HP OpenView Network Node Manager. We will also discuss the performance analysis of our model on a large scale using NS2 tool. Both prototype and simulation test results confirm that our approach offers a promising solution against DDoS problem in the internet and the model can be implemented in real time with minor modifications to the existing tools. Copyright © 2007 Inderscience Enterprises Ltd.
|
||||||||||
2006 |
Zhao W, Varadharajan V, Bryan G, 'General methodology for analysis and modeling of trust relationships in distributed computing', Journal of Computers, 1 42-53 (2006) In this paper, we discuss a general methodology for analysis and modeling of trust relationships in distributed computing. We discuss the classification of trust relationships, ca... [more] In this paper, we discuss a general methodology for analysis and modeling of trust relationships in distributed computing. We discuss the classification of trust relationships, categorize trust relationships into two layers and provide a hierarchy of trust relationships based on a formal definition of trust relationship. We provide guidelines for the analysis and modeling of trust relationships. We review operations on trust relationships and relative types of trust relationships in our previous work. We provide a set of definitions for the properties of direction and symmetry of trust relationships. In order to analyze and model the scope and diversity of trust relationship, we define trust scope label. We provide some example scenarios to illustrate the proposed definitions about properties of trust relationship. All the definitions about the properties of trust relationships are elements of the taxonomy framework of trust relationships. We discuss the lifecycle of trust relationships that includes the analysis and modeling of trust relationships, trust relationships at runtime, and change management of trust relationships. We propose a trust management architecture at high level to place the analysis and modeling of trust relationships under the background of trust management. © 2006 ACADEMY PUBLISHER.
|
||||||||||
2006 | Zhao W, Varadharajan V, 'Fair Online Gambling Scheme and TTP-free Mental Poker Protocols', JOURNAL OF INFORMATION ASSURANCE AND SECURITY, 1 95-106 (2006) | ||||||||||
2005 |
Indrakanti S, Varadharajan V, Hitchens M, 'Authorization service for Web Services and its application in a health care domain', International Journal of Web Services Research, 2 94-119 (2005) In this paper, we discuss the design issues for an authorization framework for Web Services. In particular, we describe the features required for an authorization policy language ... [more] In this paper, we discuss the design issues for an authorization framework for Web Services. In particular, we describe the features required for an authorization policy language for Web Services. We briefly introduce the authorization service provided by Microsoft .NET MyServices and describe our extended authorization model that proposes extensions to the .NET MyServices authorization service to support a range of authorization policies required in commercial systems. We discuss the application of the extended authorization model to a health care system built using Web Services. We use the XML Access Control Language (XACL) in our implementation to demonstrate our extended authorization model. This also enables us to evaluate the range of authorization policies that XACL supports. Copyright © 2005, Idea Group Inc.
|
||||||||||
2005 |
Wang Y, Varadharajan V, 'Secure route structures for parallel mobile agents based systems using fast binary dispatch', MOBILE INFORMATION SYSTEMS, 1 185-205 (2005)
|
||||||||||
2005 |
Bai Y, Zhang Y, Varadharajan V, 'On the sequence of authorization policy transformations', International Journal of Information Security, 4 120-131 (2005) In [2, 3], we proposed a model-based approach to specify the transformation of authorizations based on the principle of minimal change [1] and its application in database systems.... [more] In [2, 3], we proposed a model-based approach to specify the transformation of authorizations based on the principle of minimal change [1] and its application in database systems. Nevertheless, there were some limitations in this approach. Firstly, we could not represent a sequence of transformations. Secondly, default authorizations could not be expressed. In this paper, we propose two high-level formal languages, Ls and Lsd, to specify a sequence of authorization transformations and default authorizations. Our work starts with Ls, a simple, but expressive, language to specify certain sequence of authorization transformations. Furthermore, Lsd has more powerful expressiveness than Ls in the sense that constraints, causal and inherited authorizations, and general default authorizations can be specified. © Springer-Verlag 2005.
|
||||||||||
2005 |
Zhang J, Varadharajan V, Mu Y, 'Secure distribution and access of XML documents', International Journal of High Performance Computing and Networking, 3 356-365 (2005) XML has been widely used for representation and storage of documents and their exchange over the internet. Security mechanisms for the protection of XML document sources and their... [more] XML has been widely used for representation and storage of documents and their exchange over the internet. Security mechanisms for the protection of XML document sources and their distribution are essential. In this paper, we present a novel scheme for securing XML documents and their distribution over the internet. The proposed scheme has some distinct features. It requires only one private key for each user. Therefore, when a user leaves or joins the system, keys of all the other existing users in the system remain unchanged. This makes the proposed scheme more attractive, and hence particularly suitable for the dynamic distribution of documents over the internet. © 2005 Inderscience Enterprises Ltd.
|
||||||||||
2004 |
Varadharajan V, Shankaran R, Hitchens M, 'Security for cluster based ad hoc networks', COMPUTER COMMUNICATIONS, 27 488-501 (2004)
|
||||||||||
2004 |
Varadharajan V, 'Trustworthy computing: (Extended abstract)', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 3306 13-16 (2004)
|
||||||||||
2004 |
Zhao W, Varadharajan V, Bryan G, 'Fair trading protocol with offline anonymous credit card payment', Information Systems Security, 13 41-47 (2004) This paper proposes a fair trading protocol. The fair trading protocol provides an overall solution for a trading process with offline anonymous credit card payments. With the exp... [more] This paper proposes a fair trading protocol. The fair trading protocol provides an overall solution for a trading process with offline anonymous credit card payments. With the exploding growth of electronic commerce on the Internet, the issue of fairness1,2 is becoming increasingly more important. Fair exchange protocols have already been broadly used for applications such as electronic transactions,3,4 electronic mails,5,6and contract signing.7 Fairness is one of the critical issues in online transactions and related electronic payment systems. Many electronic payment systems have been proposed for providing different levels of security to financial transactions, such as iKP,8SET,9 NetBill,10 and NetCheque.11 In a normal electronic commerce transaction, there is always a payer and a payee to exchange money for goods or services. At least one financial institution, normally a bank, should be present in the payment system. The financial institution plays the role of issuer for the payer and the role of acquirer for the payee. An electronic payment system must enable an honest payer to convince the payee of a legitimate payment and prevent a dishonest payer from using other unsuitable behavior. At the same time, some additional security requirements may be addressed based on the nature of trading processes and trust assumptions of the system. Payer, payee, and the financial institution have different interests and the trust between two parties should be as little as possible. In electronic commerce, the payment happens over an open network, such as the Internet, and the issue of fairness must be carefully addressed. There is no fairness for involved parties in the existing popular payment protocols. One target of this article is to address the fairness issue in the credit card payment process. In the existing credit card protocols, the financial institution that provides the credit card service plays the role of online authority and is actively involved in a payment. To avoid the involvement of financial institutions in normal transactions and to reduce running costs, some credit card-based schemes with offline financial authority have been proposed.12 Another target of this article is to avoid the online financial institution for credit card service in normal transactions. © 2004 Taylor & Francis.
|
||||||||||
2004 |
Tupakula UK, Varadharajan V, 'Tracing DDoS floods: An automated approach', Journal of Network and Systems Management, 12 111-135 (2004) We propose a Controller-Agent model that would greatly minimize distributed denial-of-servicfe (DDoS) attacks on the Internet. We introduce a new packet marking technique and agen... [more] We propose a Controller-Agent model that would greatly minimize distributed denial-of-servicfe (DDoS) attacks on the Internet. We introduce a new packet marking technique and agent design that enables us to identify the approximate source of attack (nearest router) with a single packet even in the case of attacks with spoofed source addresses. Our model is invoked only during attack times, and is able to process the victims traffic separately without disturbing other traffic, it is also able to establish different attack signatures for different attacking sources and can prevent the attack traffic at the nearest router to the attacking system. It is simple in its implementation, it has fast response for any changes in attack traffic pattern, and can be incrementally deployed. Hence we believe that the model proposed in this paper seems to be a promising approach to prevent distributed denial-of-service attacks.
|
||||||||||
2003 |
Bai Y, Varadharajan V, 'On transformation of authorization policies', DATA & KNOWLEDGE ENGINEERING, 45 333-357 (2003)
|
||||||||||
2003 |
Wang H, Zhang YC, Cao JL, Varadharajan V, 'Achieving secure and flexible M-services through tickets', IEEE TRANSACTIONS ON SYSTEMS MAN AND CYBERNETICS PART A-SYSTEMS AND HUMANS, 33 697-708 (2003)
|
||||||||||
2003 |
Mu Y, Zhang JQ, Varadharajan V, Lin YX, 'Robust non-interactive oblivious transfer', IEEE COMMUNICATIONS LETTERS, 7 153-155 (2003)
|
||||||||||
2003 |
Varadharajan V, Foster D, 'A security architecture for mobile agent based applications', WORLD WIDE WEB-INTERNET AND WEB INFORMATION SYSTEMS, 6 93-122 (2003)
|
||||||||||
2002 |
Bai Y, Varadharajan V, 'Object oriented database with authorization policies', FUNDAMENTA INFORMATICAE, 53 229-250 (2002)
|
||||||||||
2002 |
Ruan C, Varadharajan V, 'Resolving conflicts in authorization delegations', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2384 271-285 (2002) In this paper, we first discuss some drawbacks of the existing conflict authorization resolution methods when access rights are delegated, and then propose a flexible authorizatio... [more] In this paper, we first discuss some drawbacks of the existing conflict authorization resolution methods when access rights are delegated, and then propose a flexible authorization model to deal with the conflict resolution problem with delegation. In our model, conflicts are classified into comparable and incomparable ones. With comparable conflicts, the conflicts come from the grantors that have grant connectivity relationship with each other, and the predecessor¿s authorizations will always take precedence over the successor¿s. In this way, the access rights can be delegated but the delegation can still be controlled. With incomparable conflicts, the conflicts come from the grantors that do not have grant connectivity relationship with each other. Multiple resolution policies are provided so that users can select the specific one that best suits their requirements. In addition, the overridden authorizations are still preserved in the system and they can be reactivated when other related authorizations are revoked or the policy for resolving conflicts is changed. We give a formal description of our model and describe in detail the algorithms to implement the model. Our model is represented using labelled digraphs, which provides a formal basis for proving the semantic correctness of our model. © 2002 Springer-Verlag Berlin Heidelberg.
|
||||||||||
2002 |
Mu Y, Varadharajan V, 'Group cryptography: Signature and encryption', Informatica (Ljubljana), 26 249-254 (2002) Traditional group signature schemes reflect only one side of the spectrum of public cryptography, i.e., signing, where the group public key is used for a sole purpose: verificatio... [more] Traditional group signature schemes reflect only one side of the spectrum of public cryptography, i.e., signing, where the group public key is used for a sole purpose: verification of group signatures. This paper describes a new group cryptographic system that presents a promise for both signing and encryption. That is, besides verifications, a sole group public key can be also used for encryption and the associated decryption can be implemented by any member in the designated group. The proposed system meets all key features for an ideal group cryptography.
|
||||||||||
2002 |
Chen G, Varadharajan V, Ray P, Zuluaga P, 'Management for eBusiness in the New Millennium: A Report on APNOMS 2001', Journal of Network and Systems Management, 10 255-259 (2002) The fifth Asia-Pacific Network Operations and Management Symposium, APNOMS 2001, held in Australia provided an important platform to advance all aspects of telecommunications mana... [more] The fifth Asia-Pacific Network Operations and Management Symposium, APNOMS 2001, held in Australia provided an important platform to advance all aspects of telecommunications management. The theme for this symposium was 'Management for eBusiness in the New Millenium' which included customer information and relationship management as crucial elements. The symposium provided forum for specific regional experiences in managing eBusiness such as exceptional growth of mobile communications. The tutorial on 'Information Security Technology for eBusiness' described different security solutions, strategies, models, functionalities, applications and research trends for security in electronic commerce.
|
||||||||||
2001 |
Saunders G, Hitchens M, Varadharajan V, 'Role-Based Access Control and the Access Control Matrix', Operating Systems Review (ACM), 35 6-20 (2001) The Access Matrix is a useful model for understanding the behaviour and properties of access control systems. While the matrix is rarely implemented, access control in real system... [more] The Access Matrix is a useful model for understanding the behaviour and properties of access control systems. While the matrix is rarely implemented, access control in real systems is usually based on access control mechanisms, such as access control lists or capabilities, that have clear relationships with the matrix model. In recent times a great deal of interest has been shown in Role Based Access Control (RBAC) models. However, the relationship between RBAC models and the Access Matrix is not clear. In this paper we present a model of RBAC based on the Access Matrix which makes the relationships between the two explicit. In the process of constructing this model, some fundamental similarities between certain capability models and RBAC are revealed.
|
||||||||||
2000 |
Varadharajan V, Shankaran R, Hitchens M, 'An approach for secure multicasting in mobile IP networks', Journal of the Indian Institute of Science, 80 113-127 (2000) There is a considerable interest in the area of mobility with the advent of powerful portable computing devices such as laptops and other information appliances. These enable a us... [more] There is a considerable interest in the area of mobility with the advent of powerful portable computing devices such as laptops and other information appliances. These enable a user to access a service from anywhere at any time. Such nomadic computing poses several challenges in multicasting and security. We first consider a framework that has been proposed by Acharya et al. [Acharya, A., Bakre, A. and Badrinath, B. R. IP multicast extension for mobile internet working, Rutger DCS Technical Report, LCSR-TR_243.] for multicasting in mobile IP networks. In this paper, we extend this framework to support a secure multicasting service. We describe secure schemes for a mobile host to initiate, join and leave a multicast group. We also discuss the secure movement of mobile hosts in intra and inter campus environments. |
||||||||||
2000 |
Wu CK, Varadharajan V, 'Public key cryptosystems based on Boolean permutations and their applications', International Journal of Computer Mathematics, 74 167-184 (2000) In this paper we propose the use of Boolean permutations to design public key cryptosystems. The security of the cryptosystems is based on the difficulty of inverting Boolean perm... [more] In this paper we propose the use of Boolean permutations to design public key cryptosystems. The security of the cryptosystems is based on the difficulty of inverting Boolean permutations. Using two Boolean permutations for which the inverses are easy to find, one can construct a composite Boolean permutation which is hard to invert. The paper proposes three such Boolean permutation based public key systems. The paper also consider applications of a Boolean permutation based public key system to digital signatures and shared signatures.
|
||||||||||
2000 |
Hitchens M, Varadharajan V, 'Design and specification of role based access control policies', IEE Proceedings: Software, 147 117-129 (2000) The authors describe a language based approach to the specification of authorisation policies that can be used to support the range of access control policies in commercial object... [more] The authors describe a language based approach to the specification of authorisation policies that can be used to support the range of access control policies in commercial object systems. They discuss the issues involved in the design of a language for role based access control systems. The notion of roles is used as a primitive construct within the language. The basic constructs of the language are discussed and the language is used to specify several access control policies such as role based access control; static and dynamic separation of duty delegation and joint action based access policies. The language is flexible and is able to capture meta-level operations, and it is often these features which are significant when it comes to the applicability of an access control system to practical real situations. © IEE, 2000.
|
||||||||||
1999 |
Wu CK, Varadharajan V, 'Boolean permutation-based key escrow', Computers and Electrical Engineering, 25 291-304 (1999) There has been an increasing interest in the design and use of key escrow schemes in recent times. This paper proposes a new key escrow protocol based on Boolean permutations and ... [more] There has been an increasing interest in the design and use of key escrow schemes in recent times. This paper proposes a new key escrow protocol based on Boolean permutations and analyses its properties. It shows that the verification of the shares of key escrow agencies is easy and secure. In addition this protocol provides forward security as well as the capability to fully disclose the escrowed private keys in the case of guilty users. The paper also proposes methods for constructing practical trapdoor Boolean permutations with a low storage complexity. Apart from the proposal of the key escrow protocol itself, this paper describes some of the key properties of Boolean permutations which make them suitable for their use in the design of cryptosystems.
|
||||||||||
1999 |
Varadharajan V, Shankaran R, Hitchens M, 'On the design of secure ATM networks', COMPUTER COMMUNICATIONS, 22 1512-1525 (1999)
|
||||||||||
1999 |
Varadharajan V, Nguyen KQ, Mu Y, 'On the design of efficient RSA-based off-line electronic cash schemes', Theoretical Computer Science, 226 173-184 (1999) Electronic cash is arguably one of the most important applications of modern cryptology. There have been two types of electronic cash schemes namely on-line and off-line. In gener... [more] Electronic cash is arguably one of the most important applications of modern cryptology. There have been two types of electronic cash schemes namely on-line and off-line. In general off-line schemes are more efficient than on-line ones. The two fundamental issues with any off-line electronic cash scheme have been the detection of double spending and provision of anonymity. These issues make the design of secure off-line electronic cash schemes not an easy task. Cut-and-choose technology was one of the first techniques that was introduced to address the issue of double spending in an off-line scheme. However, this technique is not very efficient. Subsequently, other techniques had been proposed to achieve both double spending and client anonymity without using the cut and choose method. These include the works of Brands based on the discrete logarithm and that of Ferguson based on RSA and polynomial secret sharing scheme. In this paper, we propose an improved version of off-line electronic cash scheme based on the Ferguson's protocol. This scheme improves the efficiency by making some of the parameters used in the protocol to be reusable and removes the risk of framing by the bank by hiding the client's identity. © 1999 Elsevier Science B.V. All rights reserved.
|
||||||||||
1998 |
Varadharajan V, Kumar N, Mu Y, 'Approach to designing security model for mobile agent based systems', Conference Record / IEEE Global Telecommunications Conference, 3 1600-1606 (1998) This paper considers the design of a security model for mobile agent based computing systems. The security model proposes the notion of a security enhanced agent that captures a v... [more] This paper considers the design of a security model for mobile agent based computing systems. The security model proposes the notion of a security enhanced agent that captures a variety of security information needed in the provision of security services. It defines the privileges of the agent required to perform the actions, the rights that other principals can have over the agent as well as delegation of privileges. The security model identifies security management and policy base components in agent enabled hosts which interpret the privileges and rights of agents and enforce the security controls.
|
||||||||||
Show 126 more journal articles |
Conference (306 outputs)
Year | Citation | Altmetrics | Link | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
2020 |
Tupakula U, Varadharajan V, Karmakar K, 'Access Control Based Dynamic Path Establishment for Securing Flows from the User Devices with Different Security Clearance', Advanced Information Networking and Applications. Proceedings of the 33rd International Conference on Advanced Information Networking and Applications (AINA-2019), Matsue, Japan (2020) [E1]
|
||||||||||
2020 |
Karmakar KK, Varadharajan V, Tupakula U, Nepal S, Thapa C, 'Towards a security enhanced virtualised network infrastructure for internet of medical things (IoMT)', Proceedings of the 2020 IEEE Conference on Network Softwarization: Bridging the Gap Between AI and Network Softwarization, NetSoft 2020, Virtual (2020) [E1]
|
||||||||||
2020 |
Tupakula U, Varadharajan V, Karmakar KK, 'Attack detection on the software defined networking switches', Proceedings of the 2020 IEEE Conference on Network Softwarization: Bridging the Gap Between AI and Network Softwarization, NetSoft 2020, Virtual (2020) [E1]
|
||||||||||
2020 |
Sultan NH, Varadharajan V, Camtepe S, Nepal S, 'An accountable access control scheme for hierarchical content in named data networks with revocation', Computer Security ESORICS 2020 25th European Symposium on Research in Computer Security, Guildford, UK (2020) [E1]
|
||||||||||
2020 |
Karmakar KK, Varadharajan V, Tupakula U, Hitchens M, 'Towards a Dynamic Policy Enhanced Integrated Security Architecture for SDN Infrastructure', Proceedings of IEEE/IFIP Network Operations and Management Symposium 2020: Management in the Age of Softwarization and Artificial Intelligence, NOMS 2020, Budapest, Hungary (2020) [E1]
|
||||||||||
2019 |
Karmakar KK, Varadharajan V, Nepal S, Tupakula U, 'SDN enabled secure IoT architecture', 2019 IFIP/IEEE Symposium on Integrated Network and Service Management, IM 2019, Washington, DC (2019) [E1]
|
||||||||||
2019 |
Li N, Varadharajan V, Nepal S, 'Context-aware trust management system for IoT applications with multiple domains', Proceedings - 2019 39th IEEE International Conference on Distributed Computing Systems, Richardson, Texas (2019) [E1]
|
||||||||||
2019 |
Pal S, Hitchens M, Varadharajan V, 'Towards the design of a trust management framework for the internet of things', Proceedings of the International Conference on Sensing Technology, ICST, Sydney, Australia (2019) [E1]
|
||||||||||
2018 |
Yousefi-Azar M, Hamey L, Varadharajan V, Chen S, 'Learning latent byte-level feature representation for malware detection', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Siem Reap, Cambodia (2018) [E1]
|
||||||||||
2018 |
Pal S, Hitchens M, Varadharajan V, Rabehaja T, 'Policy-Based Access Control for Constrained Healthcare Resources', 19th IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks, WoWMoM 2018, Chania, Greece (2018) [E1]
|
||||||||||
2018 |
Pal S, Hitchens M, Varadharajan V, 'Modeling Identity for the Internet of Things: Survey, Classification and Trends', 2018 12TH INTERNATIONAL CONFERENCE ON SENSING TECHNOLOGY (ICST), Univ Limerick, Limerick, IRELAND (2018) [E1]
|
||||||||||
2018 |
Sood K, Karmakar K, Varadharajan V, Tupakula U, Yu S, 'Towards QoS and Security in Software-Driven Heterogeneous Autonomous Networks', 2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings, Abu Dhabi, UAE (2018) [E1]
|
||||||||||
2017 |
Hitchens M, Varadharajan V, 'Elements of a language for role-based access control', IFIP Advances in Information and Communication Technology (2017) © IFIP International Federation for Information Processing 2000. A language for specifying role-based access control (RBAC) policies is presented. The language is designed to supp... [more] © IFIP International Federation for Information Processing 2000. A language for specifying role-based access control (RBAC) policies is presented. The language is designed to support the range of access control policies of commercial object systems. The basic structures ofRBAC, such as role, users and permission, are present in the language as basic constructs. The language is flexible and is able to capture meta-level operations. The language also provides a mechanism for tracking actions and basing access control decisions on past events.
|
||||||||||
2017 | Pal S, Hitchens M, Varadharajan V, 'On the Design of Security Mechanisms for the Internet of Things', 2017 ELEVENTH INTERNATIONAL CONFERENCE ON SENSING TECHNOLOGY (ICST), Sydney, AUSTRALIA (2017) | ||||||||||
2017 |
Pal S, Hitchens M, Varadharajan V, 'Towards a Secure Access Control Architecture for the Internet of Things', Proceedings: 2017 IEEE 42nd Conference on Local Computer Networks, Singapore (2017) [E1]
|
||||||||||
2017 |
Tupakula U, Varadharajan V, Karmakar K, 'SDN-based dynamic policy specification and enforcement for provisioning SECaaS in cloud', Web Information Systems Engineering WISE 2017: 18th International Conference: Proceedings, Puschino, Russia (2017) [E1]
|
||||||||||
2017 |
Pal S, Hitchens M, Varadharajan V, 'On the design of security mechanisms for the Internet of Things', Proceedings of the Eleventh International Conference on Sensing Technology, ICST 2017, Sydney, NSW (2017) [E1]
|
||||||||||
2017 |
Pal S, Hitchens M, Varadharajan V, Rabehaja T, 'On design of a fine-grained access control architecture for securing iot-enabled smart healthcare systems', ACM International Conference Proceeding Series (2017) © 2017 Association for Computing Machinery. The Internet of Things (IoT) is facilitating the development of novel and cost-effective applications that promise to deliver efficient... [more] © 2017 Association for Computing Machinery. The Internet of Things (IoT) is facilitating the development of novel and cost-effective applications that promise to deliver efficient and improved medical facilities to patients and health organisations. This includes the use of smart ¿things¿ as medical sensors attached to patients to deliver real-time data. However, the security of patient data is an ever-present concern in the healthcare arena. In the wider deployment of IoT-enabled smart healthcare systems one particular issue is the need to protect smart ¿things¿ from unauthorised access. Commonly used access control approaches e.g. Attribute Based Access Control (ABAC), Role Based Access Control (RBAC) and capability based access control do not, in isolation, provide a complete solution for securing access to IoT-enabled smart healthcare devices. They may, for example, require an overly-centralised solution or an unmanageably large policy base. To address these issues we propose a novel access control architecture which improves policy management by reducing the required number of authentication policies in a large-scale healthcare system while providing fine-grained access control. We devise a hybrid access control model employing attributes, roles and capabilities. We apply attributes for role-membership assignment and in permission evaluation. Membership of roles grants capabilities. The capabilities which are issued may be parameterised based on further attributes of the user and are then used to access specific services provided by IoT ¿things¿. We also provide a formal specification of the model and a description of its implementation and demonstrate its application through different use-case scenarios. Evaluation results of core functionality of our architecture are provided.
|
||||||||||
2016 |
Min B, Varadharajan V, 'Cascading attacks against smart grid using control command disaggregation and services', Proceedings of the ACM Symposium on Applied Computing (2016) [E1] © 2016 ACM. In this paper, we propose new types of cascading attacks against smart grid that use control command disaggregation and core smart grid services. Although there have b... [more] © 2016 ACM. In this paper, we propose new types of cascading attacks against smart grid that use control command disaggregation and core smart grid services. Although there have been tremendous research efforts in injection attacks against the smart grid, to our knowledge most studies focus on false meter data injection, and false command and false feedback injection attacks have been scarcely investigated. In addition, control command disaggregation has not been addressed from a security point of view, in spite of the fact that it is becoming one of core concepts in the smart grid and hence analysing its security implications is crucial to the smart grid security. Our cascading attacks use false control command, false feedback or false meter data injection, and cascade the effects of such injections throughout the smart grid subsystems and components. Our analysis and evaluation results show that the proposed attacks can cause serious service disruptions in the smart grid. The evaluation has been performed on a widely used smart grid simulation platform.
|
||||||||||
2016 |
Karmakar KK, Varadharajan V, Tupakula U, Hitchens M, 'Policy based security architecture for software defined networks', Proceedings of the ACM Symposium on Applied Computing (2016) [E1] © 2016 ACM. Software Defined Network(SDN) is a promising technological advancement in the networking world. It is still evolving and security is a major concern for SDN. In this p... [more] © 2016 ACM. Software Defined Network(SDN) is a promising technological advancement in the networking world. It is still evolving and security is a major concern for SDN. In this paper we proposed policy based security architecture for securing the SDN domains. Our architecture enables the administrator to enforce different types of policies such as based on the devices, users, location and path for securing the communication in SDN domain. Our architecture is developed as an application that can be run on any of the SDN Controllers. We have implemented our architecture using the POX Controller and Raspberry Pi 2 switches. We will present different case scenarios to demonstrate fine granular security policy enforcement with our architecture.
|
||||||||||
2016 |
Varadharajan V, 'Trust enhanced secure role-based access control on encrypted data in cloud (Abstract of keynote talk)', IFIP Advances in Information and Communication Technology (2016) © IFIP International Federation for Information Processing 2016. In this talk I will begin with a brief look at current trends in the technology scenery and some of the key securi... [more] © IFIP International Federation for Information Processing 2016. In this talk I will begin with a brief look at current trends in the technology scenery and some of the key security challenges that are impacting on business and society. In particular, on the one hand there have been tremendous developments in cyber technologies such as cloud, Big Data and Internet of Technologies. Then we will consider security and trust issues in cloud services and cloud data. In this talk, we will focus on policy based access to encrypted data in the cloud. We will present a new technique, Role based Encryption (RBE), which integrates cryptographic techniques with role based access control. The RBE scheme allows policies defined by data owners to be enforced on the encrypted data stored in public clouds. The cloud provider will not be able to see the data content if the provider is not given the appropriate role by the data owner. We will present a practical secure RBE based hybrid cloud storage architecture, which allows an organisation to store data securely in a public cloud, while maintaining the sensitive information related to the organisation¿s structure in a private cloud. Then we will consider trust issues in RBE based secure cloud data systems. We will discuss two types of trust models that assist (i) the data owners/users to evaluate the trust on the roles/role managers in the system as well as (ii) the role managers to evaluate the trust on the data owners/users for when deciding on role memberships. These models will take into account the impact of role hierarchy and inheritance on the trustworthiness of the roles and users. We will also consider practical application of the trust models and illustrate how the trust evaluations can help to reduce the risks and enhance the quality of decision making by data owners and role managers of the cloud storage services. |
||||||||||
2016 |
Karmakar KK, Varadharajan V, Tupakula U, 'On the Design and Implementation of a Security Architecture for End to End Services in Software Defined Networks', 2016 IEEE 41ST CONFERENCE ON LOCAL COMPUTER NETWORKS (LCN), Dubai, U ARAB EMIRATES (2016) [E1]
|
||||||||||
2016 |
Tupakula U, Varadharajan V, 'Securing Big Data Environments from Attacks', 2016 IEEE 2ND INTERNATIONAL CONFERENCE ON BIG DATA SECURITY ON CLOUD (BIGDATASECURITY), IEEE INTERNATIONAL CONFERENCE ON HIGH PERFORMANCE AND SMART COMPUTING (HPSC), AND IEEE INTERNATIONAL CONFERENCE ON INTELLIGENT DATA AND SECURITY (IDS), New York, NY (2016) [E1]
|
||||||||||
2016 |
Mishra P, Pilli ES, Varadharajan V, Tupakula U, 'Efficient Approaches for Intrusion Detection in Cloud Environment', 2016 IEEE INTERNATIONAL CONFERENCE ON COMPUTING, COMMUNICATION AND AUTOMATION (ICCCA), Noida, INDIA (2016) [E1]
|
||||||||||
2016 |
Mishra P, Pilli ES, Varadharajan V, Tupakula U, 'NvCloudIDS: A Security Architecture to Detect Intrusions at Network and Virtualization Layer in Cloud Environment', 2016 INTERNATIONAL CONFERENCE ON ADVANCES IN COMPUTING, COMMUNICATIONS AND INFORMATICS (ICACCI), Jaipur, INDIA (2016) [E1]
|
||||||||||
2016 |
Mishra P, Pilli ES, Varadharajan V, Tupakula U, 'Securing Virtual Machines from Anomalies using Program-Behavior Analysis in Cloud Environment', PROCEEDINGS OF 2016 IEEE 18TH INTERNATIONAL CONFERENCE ON HIGH PERFORMANCE COMPUTING AND COMMUNICATIONS; IEEE 14TH INTERNATIONAL CONFERENCE ON SMART CITY; IEEE 2ND INTERNATIONAL CONFERENCE ON DATA SCIENCE AND SYSTEMS (HPCC/SMARTCITY/DSS), Sydney, AUSTRALIA (2016) [E1]
|
||||||||||
2016 |
Karmakar KK, Varadharajan V, Tupakula U, 'On the Design and Implementation of a Security Architecture for Software Defined Networks', PROCEEDINGS OF 2016 IEEE 18TH INTERNATIONAL CONFERENCE ON HIGH PERFORMANCE COMPUTING AND COMMUNICATIONS; IEEE 14TH INTERNATIONAL CONFERENCE ON SMART CITY; IEEE 2ND INTERNATIONAL CONFERENCE ON DATA SCIENCE AND SYSTEMS (HPCC/SMARTCITY/DSS), Sydney, AUSTRALIA (2016)
|
||||||||||
2016 |
Jayarathna D, Varadharajan V, Tupakula U, 'Integrated security for services hosted in virtual environments', Proceedings - 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 10th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Symposium on Parallel and Distributed Processing with Applications, IEEE TrustCom/BigDataSE/ISPA 2016 (2016) [E1] © 2016 IEEE. In this paper, we introduce an integrated security architecture that combines TPM based trust management with hypervisor level access control and intrusion detection ... [more] © 2016 IEEE. In this paper, we introduce an integrated security architecture that combines TPM based trust management with hypervisor level access control and intrusion detection system to provide a holistic approach for securing services hosted in virtualised environments. We describe the implementation of the security architecture in detail and demonstrate the functionality of the proposed architecture for different attack scenarios. Our architecture is able to perform dynamic attack detection and update the security policies to protect the services from the identified threats. The proposed integrated security architecture can be easily adopted to be used in cloud and distributed virtualised environments.
|
||||||||||
2015 |
Fan X, Varadharajan V, Hitchens M, 'Provenance Based Classification Access Policy System Based on Encrypted Search for Cloud Data Storage', INFORMATION SECURITY, ISC 2015, Trondheim, NORWAY (2015) [E1]
|
||||||||||
2015 |
Min B, Varadharajan V, 'A Simple and Novel Technique for Counteracting Exploit Kits', INTERNATIONAL CONFERENCE ON SECURITY AND PRIVACY IN COMMUNICATION NETWORKS, SECURECOMM 2014, PT I, Beijing, PEOPLES R CHINA (2015) [E1]
|
||||||||||
2015 |
Min B, Varadharajan V, 'Design and Analysis of a Sophisticated Malware Attack Against Smart Grid', INFORMATION SECURITY (ISC 2013), Dallas, TX (2015) [E1]
|
||||||||||
2015 |
Wijesinghe U, Tupakula U, Varadharajan V, 'An enhanced model for network flow based botnet detection', Conferences in Research and Practice in Information Technology Series (2015) [E1] © 2015, Australian Computer Society, Inc. The botnet is a group of hijacked computers, which are employed under command and control mechanism administered by a botmaster. Botnet e... [more] © 2015, Australian Computer Society, Inc. The botnet is a group of hijacked computers, which are employed under command and control mechanism administered by a botmaster. Botnet evolved from IRC based centralized botnet to employing common protocols such as HTTP with decentralized architectures and then peer-to-peer designs. As Botnets have become more sophisticated, the need for advanced techniques and research against botnets has grown. In this paper, we propose techniques to detect botnets by analysing network traffic flows. We developed templates for capturing traffic flows with more relevant attributes for botnet detection. Also we make use of the IPFIX standard for the specification of the templates. Hence our techniques can be used to detect different bot families with lesser overheads and are vendor neutral.
|
||||||||||
2015 |
Damavandinejadmonfared S, Varadharajan V, 'A new extension of kernel principal component analysis for finger vein authentication', Conferences in Research and Practice in Information Technology Series (2015) © 2015, Australian Computer Society, Inc. In this paper, we introduce a new method of data transformation for finger vein recognition system. Our proposed method uses kernel mappi... [more] © 2015, Australian Computer Society, Inc. In this paper, we introduce a new method of data transformation for finger vein recognition system. Our proposed method uses kernel mapping functions to map the data before performing Principal Component Analysis. Kernel Principal Component Analysis (KPCA) is a well-known extension of PCA which is suitable for finding nonlinear patterns as it maps the data nonlinearly. In this work we develop an extension of KPCA which is both faster and more appropriate than KPCA for finger vein recognition system. The proposed method is called Feature Dependent Kernel Principal Component Analysis (FDKPCA). In FDKPCA the data is mapped differently from KPCA resulting in lower-dimension feature space where more important and valuable features are selected and extracted. Furthermore, extensive experiments reveal the significance of the proposed method for finger vein recognition systems. |
||||||||||
2015 |
Jayarathna D, Tupakula U, Varadharajan V, 'Hypervisor-based security architecture to protect web applications', Conferences in Research and Practice in Information Technology Series (2015) [E1] Web based applications are very common nowadays where almost every software can be accessible through a web browser in one form or the other. This paper proposes techniques to det... [more] Web based applications are very common nowadays where almost every software can be accessible through a web browser in one form or the other. This paper proposes techniques to detect diffierent threats related to web applications by using a hypervisorbased security architecture. The proposed architecture leverages the hypervisor's visibility of the virtual machines' runtime state and traffic ows for securing the web application. The unique feature of the proposed architecture is that it is capable of doing fine granular detection of web application attacks, i.e. to the specific web page level, and protecting the application against zero-day attacks. © 2015, Australian Computer Society, Inc.
|
||||||||||
2015 |
Min B, Varadharajan V, 'Design and Evaluation of Feature Distributed Malware Attacks against the Internet of Things (IoT)', 2015 20TH INTERNATIONAL CONFERENCE ON ENGINEERING OF COMPLEX COMPUTER SYSTEMS (ICECCS), Gold Coast, AUSTRALIA (2015) [E1]
|
||||||||||
2015 |
Wijesinghe U, Tupakula U, Varadharajan V, 'Botnet Detection using Software Defined Networking', 2015 22ND INTERNATIONAL CONFERENCE ON TELECOMMUNICATIONS (ICT), Sydney, AUSTRALIA (2015) [E1]
|
||||||||||
2015 |
Min B, Varadharajan V, 'Secure Dynamic Software Loading and Execution using Cross Component Verification', 2015 45TH ANNUAL IEEE/IFIP INTERNATIONAL CONFERENCE ON DEPENDABLE SYSTEMS AND NETWORKS, Univ Estadual Campinas, Rio de Janeiro, BRAZIL (2015) [E1]
|
||||||||||
2015 |
Jin F, Varadharajan V, Tupakula U, 'Improved Detection of Primary User Emulation Attacks in Cognitive Radio Networks', 25TH INTERNATIONAL TELECOMMUNICATION NETWORKS AND APPLICATIONS CONFERENCE (ITNAC 2015), Sydney, AUSTRALIA (2015) [E1]
|
||||||||||
2015 |
Min B, Varadharajan V, 'Design, Implementation and Evaluation of a Novel Anti-Virus Parasitic Malware', 30TH ANNUAL ACM SYMPOSIUM ON APPLIED COMPUTING, VOLS I AND II, Salamanca, SPAIN (2015) [E1]
|
||||||||||
2015 |
Li N, Mu Y, Susilo W, Varadharajan V, 'Anonymous yoking-group proofs', ASIACCS 2015 - Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security (2015) [E1] Copyright © 2015 ACM. Yoking-proofs show an interesting application in Radio Frequency Identification (RFID) that a verifier can check whether two tags are simultaneously scanned ... [more] Copyright © 2015 ACM. Yoking-proofs show an interesting application in Radio Frequency Identification (RFID) that a verifier can check whether two tags are simultaneously scanned by a reader. We consider a scenario that multi-group of tags can be proved to be scanned simultaneously. Grouping-proof, which is an extension of yoking-proofs, allows multiple tags to be proved together, while existing protocols cannot support multiple groups. In this paper, we introduce a novel concept called "yoking-group proofs". Additionally, we propose an anonymous yoking-proof protocol and an anonymous yoking-group proof protocol and prove their security in Universal Composability framework.
|
||||||||||
2014 |
Damavandinejadmonfared S, Varadharajan V, 'Finger vein recognition in row and column directions using two dimensional kernel principal component analysis', Proceedings of the 2014 International Conference on Image Processing, Computer Vision, and Pattern Recognition, IPCV 2014 (2014) © 2014 CSREA Press. In this paper, a whole identification system is introduced for finger vein recognition. The proposed algorithm first maps the input data into kernel space, the... [more] © 2014 CSREA Press. In this paper, a whole identification system is introduced for finger vein recognition. The proposed algorithm first maps the input data into kernel space, then; Two Dimensional Principal Component Analysis is applied to extract the most valuable features from the mapped data. Finally, Euclidian distance classifies the features and the final decision is made. Because of the natural shape of human fingers, the image matrixes are not square, which makes it possible to use kernel mappings in two different ways-along row or column directions. Although, some research has been done on the row and column direction through 2DPCA, our argument is how to map the input data in different directions and get a square matrix out of it to be analyzed by Two Dimensional Principal Component Analysis. In this research, we have explored this area in details and obtained the most significant way of mapping finger vein data which results in consuming the least time and achieving the highest accuracy for finger vein identification system. The authenticity of the results and the relationship between the finger vein data and our contribution are also discussed and explained. Furthermore, extensive experiments were conducted to prove the merit of the proposed system.
|
||||||||||
2014 |
Damavandinejadmonfared S, Varadharajan V, 'Effective kernel mapping for one-dimensional principal component analysis in finger vein recognition', Proceedings of the 2014 International Conference on Image Processing, Computer Vision, and Pattern Recognition, IPCV 2014 (2014) © 2014 CSREA Press. Kernel functions have been very useful in data classification for the purpose of identification and verification so far. Applying such mappings first and using... [more] © 2014 CSREA Press. Kernel functions have been very useful in data classification for the purpose of identification and verification so far. Applying such mappings first and using some methods on the mapped data such as Principal Component Analysis has been proven novel in many different areas. A lot of improvements have been proposed on PCA such as Kernel Principal Component Analysis, and Kernel Entropy Component Analysis which are known as very novel and reliable methods in face recognition and data classification. In this paper, we implemented four different Kernel mapping functions on finger database to determine the most appropriate one in terms of analyzing finger vein data using 1D-PCA. Extensive experiments have been conducted for this purpose using Polynomial, Gaussian, Exponential and Laplacian Principal Component Analysis (PCA) in 4 different examinations to determine the most significant one. |
||||||||||
2014 |
Min B, Varadharajan V, 'Feature-Distributed Malware Attack: Risk and Defence', COMPUTER SECURITY - ESORICS 2014, PT II, Wroclaw Univ Technol, Wroclaw, POLAND (2014) [E1]
|
||||||||||
2014 |
Min G, Varadharajan V, Ko RKL, Xiang Y, Marmol FG, Ruj S, et al., 'TSP 2013: Message from workshop chairs', Proceedings - 2013 IEEE International Conference on High Performance Computing and Communications, HPCC 2013 and 2013 IEEE International Conference on Embedded and Ubiquitous Computing, EUC 2013 (2014)
|
||||||||||
2014 |
Tupakula U, Varadharajan V, 'Secure monitoring for dementia patients', Proceedings of the ACM Symposium on Applied Computing (2014) [E1] There are several challenges for monitoring the patients with specific requirements such as people with dementia. For example, vascular dementia which is caused generally after st... [more] There are several challenges for monitoring the patients with specific requirements such as people with dementia. For example, vascular dementia which is caused generally after stroke could result in serious conditions and change of behaviour such as wandering, loss of vision and speech. Although the nursing staff make sincere effort for taking care and monitoring of the patients, it is rare that a nursing staff is allocated to each patient. Hence even a minor lack of attention can lead to havoc situation if any of the patient is found to be missing. This results in high stress for the nursing staff and the hospital management. The aim of this work is to develop techniques for secure monitoring of dementia patients in hospital environments. Our model tracks the patients in real time and can generate alarms if the location of the patients is found to be suspicious. Furthermore, our model makes use of the existing infrastructures to minimize the cost of deployment. Copyright 2014 ACM.
|
||||||||||
2014 |
Jayarathna D, Tupakula U, Varadharajan V, 'Hypervisor-based security architecture for validating DNS services (Poster)', Conferences in Research and Practice in Information Technology Series (2014) [E3] Domain Name System (DNS) is one of the critical services in the current Internet infrastructure. However DNS is vulnerable to a range of attacks. One of the fundamental weaknesses... [more] Domain Name System (DNS) is one of the critical services in the current Internet infrastructure. However DNS is vulnerable to a range of attacks. One of the fundamental weaknesses with the existing DNS protocols is that the request and response messages are transmitted on the network as plain text. This paper addresses important threats related to Doman Name System (DNS) using a hypervisor based security architecture. The proposed architecture leverages the hypervisor visibility of the virtual machines' traffic flows to monitor and utilise Virtual Machine Introspection (VMI) techniques to inspect and restore data. It also uses inbuilt snapshot/restore capabilities of the hypervisor to completely restore virtual machines if required. Objective of the proposed architecture is not to actively prevent attacks, but provide a means of identifying different attacks by passively monitoring DNS related conversations coming in and out of virtualised system hosting the DNS. Our model can alert the external monitoring agent(s) or security administrator and actively restore the system if the attack has already compromised the DNS. © 2014, Australian Computer Society, Inc.
|
||||||||||
2014 |
Yi X, Paulet R, Bertino E, Varadharajan V, 'Practical k Nearest Neighbor Queries with Location Privacy', 2014 IEEE 30TH INTERNATIONAL CONFERENCE ON DATA ENGINEERING (ICDE), Chicago, IL (2014) [E1]
|
||||||||||
2014 |
Tupakula U, Varadharajan V, 'Trust Enhanced Cloud Security for Healthcare Services', 2014 IEEE 13TH INTERNATIONAL CONFERENCE ON TRUST, SECURITY AND PRIVACY IN COMPUTING AND COMMUNICATIONS (TRUSTCOM), Beijing, PEOPLES R CHINA (2014) [E1]
|
||||||||||
2014 |
Min B, Varadharajan V, 'Design and Analysis of a New Feature-Distributed Malware', 2014 IEEE 13TH INTERNATIONAL CONFERENCE ON TRUST, SECURITY AND PRIVACY IN COMPUTING AND COMMUNICATIONS (TRUSTCOM), Beijing, PEOPLES R CHINA (2014) [E1]
|
||||||||||
2014 |
Tupakula U, Varadharajan V, 'Techniques for Detecting Attacks on Critical Infrastructure', 2014 INTERNATIONAL CONFERENCE ON COMPUTING, NETWORKING AND COMMUNICATIONS (ICNC), Honolulu, HI (2014) [E1]
|
||||||||||
2014 |
Min B, Varadharajan V, 'Design and Analysis of Security Attacks against Critical Smart Grid Infrastructures', 2014 19TH INTERNATIONAL CONFERENCE ON ENGINEERING OF COMPLEX COMPUTER SYSTEMS (ICECCS 2014), Tianjin, PEOPLES R CHINA (2014) [E1]
|
||||||||||
2014 |
Koeberl P, Schulz S, Sadeghi AR, Varadharajan V, 'TrustLite: A security architecture for tiny embedded devices', Proceedings of the 9th European Conference on Computer Systems, EuroSys 2014 (2014) [E1] Embedded systems are increasingly pervasive, interdependent and in many cases critical to our every day life and safety. Tiny devices that cannot afford sophisticated hardware sec... [more] Embedded systems are increasingly pervasive, interdependent and in many cases critical to our every day life and safety. Tiny devices that cannot afford sophisticated hardware security mechanisms are embedded in complex control infrastructures, medical support systems and entertainment products [51]. As such devices are increasingly subject to attacks, new hardware protection mechanisms are needed to provide the required resilience and dependency at low cost. In this work, we present the TrustLite security architecture for flexible, hardware-enforced isolation of software modules. We describe mechanisms for secure exception handling and communication between protected modules, enabling seamless interoperability with untrusted operating systems and tasks. TrustLite scales from providing a simple protected firmware runtime to advanced functionality such as attestation and trusted execution of userspace tasks. Our FPGA prototype shows that these capabilities are achievable even on low-cost embedded systems. Copyright © 2007 by the Association for Computing Machinery, Inc.
|
||||||||||
2014 |
Hou X, Kumar ATK, Thomas JP, Varadharajan V, 'Dynamic workload balancing for hadoop MapReduce', Proceedings - 4th IEEE International Conference on Big Data and Cloud Computing, BDCloud 2014 with the 7th IEEE International Conference on Social Computing and Networking, SocialCom 2014 and the 4th International Conference on Sustainable Computing and Communications, SustainCom 2014 (2014) © 2014 IEEE. Hadoop has two components which are HDFS and MapReduce. HDFS is a distributed file system for storing data for users of Hadoop and MapReduce is the framework that exe... [more] © 2014 IEEE. Hadoop has two components which are HDFS and MapReduce. HDFS is a distributed file system for storing data for users of Hadoop and MapReduce is the framework that executes jobs from users. Hadoop stores user data based on space utilization of data nodes on the cluster rather than the processing capability of the data nodes. Furthermore Hadoop runs in a heterogeneous environment as all data nodes may not be homogeneous. For these reasons, workload imbalances will occur when Hadoop runs resulting in poor performance. In this paper, we propose a dynamic algorithm to balance the workload between different racks on a Hadoop cluster based on information obtained from analyzing the log files of Hadoop. Moving tasks from the busiest rack to another rack improves the performance of Hadoop MapReduce by reducing the running time of jobs. Our simulations indicate that using our algorithm, we can decrease by more than 50% the remaining time of the tasks belonged to a job running on the busiest rack.
|
||||||||||
2014 |
Li N, Mu Y, Susilo W, Guo F, Varadharajan V, 'Privacy-Preserving Authorized RFID Authentication Protocols', RADIO FREQUENCY IDENTIFICATION: SECURITY AND PRIVACY ISSUES, RFIDSEC 2014, St Annes Coll, Oxford, ENGLAND (2014) [E1]
|
||||||||||
2013 |
Li N, Mu Y, Susilo W, Varadharajan V, 'Secure RFID ownership transfer protocols', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2013) [E1] An RFID tag could change hands many times during its lifetime. In a retail chain, the ownership of the tag is instituted by the supplier who initially owns the tag. In the view of... [more] An RFID tag could change hands many times during its lifetime. In a retail chain, the ownership of the tag is instituted by the supplier who initially owns the tag. In the view of a buyer, the validity of the current tag ownership and the originality of supplier are most important. In typical RFID ownership transfer protocols, the knowledge of the tag's authentication key proves the ownership. However, it is insufficient against an active attacker, since tags are usually lack of tamper-proof protections. Ownership transfer relies on a successful verification of tag's supplier and current ownership. In this paper, we formally define the security model of ownership transfer protocols and propose a secure ownership transfer protocol. In our scheme, current owner provides a new owner with the evidence of transfer and a proof of tag origin. Key management becomes easy in our system, since the one asymmetric verification key of the owner can be used to verify multiple tags that belong to the owner. © 2013 Springer-Verlag.
|
||||||||||
2013 |
Varadharajan V, Tupakula U, 'Integrated Security Architecture for Virtual Machines', SECURITY AND PRIVACY IN COMMUNICATION NETWORKS, SECURECOMM 2013, Sydney, AUSTRALIA (2013) [E1]
|
||||||||||
2013 |
Habib SM, Varadharajan V, Mühlhäuser M, 'A framework for evaluating trust of service providers in cloud marketplaces', Proceedings of the ACM Symposium on Applied Computing (2013) [E1] The Cloud Security Alliance (CSA) provides a framework for cloud platform providers that manages standardized self assessments regarding security controls. The framework as it sta... [more] The Cloud Security Alliance (CSA) provides a framework for cloud platform providers that manages standardized self assessments regarding security controls. The framework as it stands does not allow consumers to specify and check their own requirements, nor does it contain any means for verifying the capabilities claimed by the providers. From a customer perspective, both these aspects are essential for evaluating the trustworthiness of cloud providers and for making an informed decision. We propose a novel concept for verifying the capabilities captured in the CSA's framework, plus a decision model that checks consumer requirements against the verification results. Our capability verification combines hard trust based on rigid validation with soft trust based on evidence about past behaviour. Elaborate formal methods are applied in both fields and combined into a single concept. Copyright 2013 ACM.
|
||||||||||
2013 |
Guo F, Mu Y, Susilo W, Varadharajan V, 'Membership encryption and its applications', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2013) [E1] We propose a new encryption primitive called Membership Encryption. Let P(G) be a privacy-preserving token on a group attribute/identity G, such that given P(G) it is hard to know... [more] We propose a new encryption primitive called Membership Encryption. Let P(G) be a privacy-preserving token on a group attribute/identity G, such that given P(G) it is hard to know the attributes in G. In this membership encryption, if an encryption takes as input an attribute A and the token P(G), the decryption requires holding the membership A ¿ G, i.e., A belongs to this group attribute. Membership encryption is applicable in constructing membership proof A ¿ P(G) with privacy preserving on group attribute and the membership. Membership encryption can be also utilized to construct an efficient two-round K-out-of-N oblivious transfer protocol. In this paper, we construct a provably secure membership encryption where the group token P(G) is constant-size with maximum number accountability on attributes. Using our scheme, the proposed oblivious transfer protocol exhibits the nice feature of O(1) communication cost for any K from receiver to sender, and O(N) communication cost from sender to receiver. © 2013 Springer-Verlag.
|
||||||||||
2013 |
Min B, Varadharajan V, 'A New Technique for Counteracting Web Browser Exploits', 2014 23RD AUSTRALASIAN SOFTWARE ENGINEERING CONFERENCE (ASWEC), Sydney, AUSTRALIA (2013) [E1]
|
||||||||||
2013 |
Tupakula U, Varadharajan V, 'Security Techniques for Counteracting Attacks in Mobile Healthcare Services', 4TH INTERNATIONAL CONFERENCE ON EMERGING UBIQUITOUS SYSTEMS AND PERVASIVE NETWORKS (EUSPN-2013) AND THE 3RD INTERNATIONAL CONFERENCE ON CURRENT AND FUTURE TRENDS OF INFORMATION AND COMMUNICATION TECHNOLOGIES IN HEALTHCARE (ICTH), Niagara Falls, CANADA (2013) [E1]
|
||||||||||
2013 |
Tupakula U, Varadharajan V, 'Securing Mobile Devices from DoS Attacks', 2013 IEEE 16TH INTERNATIONAL CONFERENCE ON COMPUTATIONAL SCIENCE AND ENGINEERING (CSE 2013), Sydney, AUSTRALIA (2013) [E1]
|
||||||||||
2013 |
Habib SM, Varadharajan V, Muehlhaeuser M, 'A Trust-aware Framework for Evaluating Security Controls of Service Providers in Cloud Marketplaces', 2013 12TH IEEE INTERNATIONAL CONFERENCE ON TRUST, SECURITY AND PRIVACY IN COMPUTING AND COMMUNICATIONS (TRUSTCOM 2013), Melbourne, AUSTRALIA (2013) [E1]
|
||||||||||
2013 |
Krishna A, Varadharajan V, Tarr N, 'On the Design of a Trust Enhanced Distributed Authorisation Architecture for Service Oriented Architectures', 2013 12TH IEEE INTERNATIONAL CONFERENCE ON TRUST, SECURITY AND PRIVACY IN COMPUTING AND COMMUNICATIONS (TRUSTCOM 2013), Melbourne, AUSTRALIA (2013) [E1]
|
||||||||||
2013 |
Tupakula U, Varadharajan V, 'Trust Enhanced Security Architecture for Detecting Insider Threats', 2013 12TH IEEE INTERNATIONAL CONFERENCE ON TRUST, SECURITY AND PRIVACY IN COMPUTING AND COMMUNICATIONS (TRUSTCOM 2013), Melbourne, AUSTRALIA (2013) [E1]
|
||||||||||
2013 |
Zhou L, Varadharajan V, Hitchens M, 'Integrating Trust with Cryptographic Role-based Access Control for Secure Cloud Data Storage', 2013 12TH IEEE INTERNATIONAL CONFERENCE ON TRUST, SECURITY AND PRIVACY IN COMPUTING AND COMMUNICATIONS (TRUSTCOM 2013), Melbourne, AUSTRALIA (2013) [E1]
|
||||||||||
2013 |
Varadharajan V, Tupakula U, 'On the Security of Tenant Transactions in the Cloud', 2013 IEEE FIFTH INTERNATIONAL CONFERENCE ON CLOUD COMPUTING TECHNOLOGY AND SCIENCE (CLOUDCOM), VOL 1, Bristol, ENGLAND (2013) [E1]
|
||||||||||
2013 | Zhou L, Varadharajan V, Hitchens M, 'Trust-based Secure Cloud Data Storage with Cryptographic Role-based Access Control', PROCEEDINGS OF THE 10TH INTERNATIONAL CONFERENCE ON SECURITY AND CRYPTOGRAPHY (SECRYPT 2013), Reykjavik, ICELAND (2013) [E1] | ||||||||||
2012 |
Zhao H, Hu J, Qin J, Varadharajan V, Wan H, 'Hashed random key pre-distribution scheme for large heterogeneous sensor networks', Proc. of the 11th IEEE Int. Conference on Trust, Security and Privacy in Computing and Communications, TrustCom-2012 - 11th IEEE Int. Conference on Ubiquitous Computing and Communications, IUCC-2012 (2012) [E1] Many wireless sensor networks (WSNs) consist of a large number of distributed sensor nodes that are batteries powered, vulnerable to tampering, and equipped with limited computati... [more] Many wireless sensor networks (WSNs) consist of a large number of distributed sensor nodes that are batteries powered, vulnerable to tampering, and equipped with limited computational capabilities and memory. These characteristics render WSNs facing many security threats, which require cryptographic security mechanisms for secure communication, key revocation and management of security issues arising from the addition of new nodes. In this paper, we propose a key management scheme to meet the security requirements of wireless sensor networks. The scheme relies on the theory of random graph to build a fully secure connectivity for distributed sensor nodes. It uses heterogeneous structure to limit ranges of attacks, and utilizes hash chains to realize authentication of pool keys and broadcast messages of auxiliary nodes. The security and network connectivity characteristics supported by the key management scheme are discussed and simulation experiments are presented. © 2012 IEEE.
|
||||||||||
2012 |
Varadharajan V, Tupakula U, 'TREASURE: Trust enhanced security for cloud environments', Proc. of the 11th IEEE Int. Conference on Trust, Security and Privacy in Computing and Communications, TrustCom-2012 - 11th IEEE Int. Conference on Ubiquitous Computing and Communications, IUCC-2012 (2012) [E1] Today, cloud computing is one of the popular technologies. In addition to this, most of the hardware that is being shipped today is equipped with the TPM which can be used for rea... [more] Today, cloud computing is one of the popular technologies. In addition to this, most of the hardware that is being shipped today is equipped with the TPM which can be used for realization of trusted platforms. Recently several TPM attestation techniques such as binary attestation and property based attestation techniques have been proposed but there are some fundamental issues that need to be addressed for using these techniques in practice. In this paper we consider an architecture where different services are hosted on the cloud infrastructure by multiple cloud customers (tenants). Then we consider an attacker model that is specific to the cloud and some of the challenges with the current TPM based attestation techniques. We will also propose a novel trust enhanced security model for cloud which overcomes the challenges with the current TPM based attestation techniques and efficiently deals with the attacks in the cloud. In our model, the cloud service provider is used as the Certification Authority (CA) for the tenant virtual machines. The CA only certifies the basic security properties which are the assurance on the traffic originating from the tenant virtual machine and validation of the tenant virtual machine transactions. The components of the CA monitor the interactions of the tenant virtual machine for the certified properties. Since the tenant virtual machines are running on the cloud service provider infrastructure, it is aware of the dynamic changes to the tenant virtual machine. The CA can terminate the ongoing transactions and/or dynamically isolate the tenant virtual machine if there is a variation in the behaviour of the tenant virtual machine from the certified properties. Hence our model can be used to address the challenges with the current TPM based attestation techniques and efficiently deal with the attacks in the cloud. We will present implementation of our model on Xen and how it deals with the attacks in different attack case scenarios. We will also show that our model is beneficial for the cloud service providers, tenants and tenant customers. © 2012 IEEE.
|
||||||||||
2012 |
Zhou L, Varadharajan V, Hitchens M, 'Trusted administration of large-scale cryptographic role-based access control systems', Proc. of the 11th IEEE Int. Conference on Trust, Security and Privacy in Computing and Communications, TrustCom-2012 - 11th IEEE Int. Conference on Ubiquitous Computing and Communications, IUCC-2012 (2012) [E1] There has been an increasing trend towards outsourcing data to the cloud to cope with the massive increase in the amount of data. Hence trusted enforcement of access control polic... [more] There has been an increasing trend towards outsourcing data to the cloud to cope with the massive increase in the amount of data. Hence trusted enforcement of access control policies on outsourced data in the cloud has become a significant issue. In this paper we address trusted administration and enforcement of role-based access control policies on data stored in the cloud. Role-based access control (RBAC) simplifies the management of access control policies by creating two mappings; roles to permissions and users to roles. Recently crypto-based RBAC (C-RBAC) schemes have been developed which combine cryptographic techniques and access control to secured data in an outsourced environment. In such schemes, data is encrypted before outsourcing it and the ciphertext data is stored in the untrusted cloud. This ciphertext can only be decrypted by those users who satisfy the role-based access control policies. However such schemes assume the existence of a trusted administrator managing all the users and roles in the system. Such an assumption is not realistic in large-scale systems as it is impractical for a single administrator to manage the entire system. Though administrative models for RBAC systems have been proposed decentralize the administration tasks associated with the roles, these administrative models cannot be used in the C-RBAC schemes, as the administrative policies cannot be enforced in an untrusted distributed cloud environment. In this paper, we propose a trusted administrative model AdC-RBAC to manage and enforce role-based access policies for C-RBAC schemes in large-scale cloud systems. The AdC-RBAC model uses cryptographic techniques to ensure that the administrative tasks such as user, permission and role management are performed only by authorized administrative roles. Our proposed model uses role-based encryption techniques to ensure that only administrators who have the permissions to manage a role can add/revoke users to/from the role and owners can verify that a role is created by qualified administrators before giving out their data. We show how the proposed model can be used in an untrusted cloud while guaranteeing its security using cryptographic and trusted access control enforcement techniques. © 2012 IEEE.
|
||||||||||
2012 |
Liu C, Ranjan R, Chen J, Yu PS, Thuraisingham B, Varadharajan V, 'Message from the PriSecCSN2012 workshop chairs', Proceedings - 2nd International Conference on Cloud and Green Computing and 2nd International Conference on Social Computing and Its Applications, CGC/SCA 2012 (2012) The First International Symposium on Privacy and Security in Cloud and Social Networks (PriSecCSN2012) is co-located with the Second International Conference on Cloud and Green Co... [more] The First International Symposium on Privacy and Security in Cloud and Social Networks (PriSecCSN2012) is co-located with the Second International Conference on Cloud and Green Computing (CGC2012) held on November 1-3, 2012, Xiangtan, Hunan, China. Social network analysis and cloud computing are two of the most exciting new trends in the recent developments of information technology. As the new generation computing paradigm, cloud enables computing resources to be provided as IT services in a pay-as-you-go fashion with high efficiency and effectiveness. With the popularity of social software as well as the fast development of cloud and other high-performance computing infrastructures, the outcome of social network analysis is becoming more and more attractive. However, information privacy and security issues are major challenges in both these areas. This symposium aims at providing a forum for researchers, practitioners and developers from different background areas such as distributed computing, social computing, information security and privacy protection areas to exchange the latest experience, research ideas and synergic research and development on fundamental issues and applications about security and privacy issues in cloud environments and social networks. The symposium solicits high quality research results in all related areas. PriSecCSN2012 contains 3 papers. Each of them was peer reviewed by at least three program committee members. The symposium covers a broad range of topics in the field of Privacy and Security in Cloud and Social Networks such as Security and privacy in Big Data management, Application of modern cryptography in cloud and social networks, Emerging threats in cloud-based services, Multi-tenancy related security/privacy issues, Vulnerabilities in cloud infrastructure, Security modelling and threats in cloud computing, Security/privacy in hybrid cloud, User authentication in cloud services, Information hiding, Trust and policy management in cloud, Remote data integrity protection, Securing distributed data storage in the cloud, Security and privacy in mobile cloud, Malware propagation in social networks, Information leakage via social networks, Trust and reputation in social networks, Security configuration based on social contexts groups, Online social footprints, Multi-faceted privacy preservation. © 2012 IEEE.
|
||||||||||
2012 |
Schulz S, Sadeghi AR, Zhdanova M, Mustafa HA, Xu W, Varadharajan V, 'Tetherway: A framework for tethering camouflage', WiSec'12 - Proceedings of the 5th ACM Conference on Security and Privacy in Wireless and Mobile Networks (2012) [E1] The rapidly increasing data usage and overload in mobile broadband networks has driven mobile network providers to actively detect and bill customers who tether tablets and laptop... [more] The rapidly increasing data usage and overload in mobile broadband networks has driven mobile network providers to actively detect and bill customers who tether tablets and laptops to their mobile phone for mobile Internet access. However, users may not be willing to pay additional fees only because they use their bandwidth differently, and may consider tethering detection as violation of their privacy. Furthermore, accurate tethering detection is becoming harder for providers as many modern smartphones are under full control of the user, running customized, complex software and applications similar to desktop systems. In this work, we analyze the network characteristics available to network providers to detect tethering customers. We present and categorize possible detection mechanisms and derive cost factors based on how well the approach scales with large customer bases. For those characteristics that appear most reasonable and practical to deploy by large providers, we present elimination or obfuscation mechanisms and substantiate our design with a prototype Android App.
|
||||||||||
2012 |
Guo F, Mu Y, Susilo W, Varadharajan V, 'A pre-computable signature scheme with efficient verification for RFID', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2012) [E1] Passive RFID tags have limited rewritable memory for data storage and limited computation power, which pose difficulties to implement security protection on RFID tags. It has been... [more] Passive RFID tags have limited rewritable memory for data storage and limited computation power, which pose difficulties to implement security protection on RFID tags. It has been shown that strong security and privacy protections for RFID require utilizing public-key cryptography. Unfortunately, the implementation of public key cryptography is infeasible in low-cost passive tags. With this issue in mind, in this work, we propose a pre-computable signature scheme with a very efficient signature verification algorithm for RFID applications. Our signature scheme is provably secure under the DDH assumption and a variant of q-SDH assumption. With pre-computations, no exponentiation is required in our signature verification. Our research shows that it is feasible for low-cost RFID tags to verify signatures with the basic modular multiplication only (if they have a small amount of writable memory). © 2012 Springer-Verlag.
|
||||||||||
2012 |
Zhang J, Shankaran R, Orgun MA, Sattar A, Varadharajan V, 'A dynamic authentication scheme for hierarchical wireless sensor networks', Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST (2012) [E1] Sensor networks offer economically viable solutions for a wide variety of monitoring applications. In surveillance of critical infrastructure such as airports by sensor networks, ... [more] Sensor networks offer economically viable solutions for a wide variety of monitoring applications. In surveillance of critical infrastructure such as airports by sensor networks, security becomes a major concern. To resist against malicious attacks, secure communication between severely resource-constrained sensor nodes is necessary while maintaining scalability and flexibility to topology changes. A robust security solution for such networks must facilitate authentication of sensor nodes and the establishment of secret keys among nodes In this paper, we propose a decentralized authentication and key management framework for hierarchical ad hoc sensor networks. This scheme is light weight and energy aware and reduces the communication overhead. © 2012 Springer-Verlag Berlin Heidelberg.
|
||||||||||
2012 |
Varadharajan V, 'Security and trust in the web', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2012) Security and trust issues have been catapulted to the forefront with the dramatic developments in technologies such as web applications, cloud computing, mobile devices and social... [more] Security and trust issues have been catapulted to the forefront with the dramatic developments in technologies such as web applications, cloud computing, mobile devices and social networking. Though trust has always been a foundational stone of security, the greater dependency of society and economy on information technology have increased the need to consider trust issues more explicitly and systematically. This talk will address some of the key challenges in security and trust in the distributed information infrastructures. The talk will start with a brief look at some of the recent developments in the threat scenery. Then I will consider the notion of trust in the security world and see how trust issues arise in current ubiquitous computing systems context. Then we will consider a hybrid approach which combines the "hard" attestation based trust with the "soft" social and reputation based trust. Such a hybrid approach can help to improve the detection of malicious entities which in turn can enhance the quality of secure decision making. I will conclude the talk by demonstrating such a trust enhanced security approach using some examples from systems that we have been developing during recent years. © 2012 Springer-Verlag Berlin Heidelberg.
|
||||||||||
2012 |
Sadeghi AR, Schulz S, Varadharajan V, 'The silence of the LANs: Efficient leakage resilience for IPsec VPNs', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2012) Virtual Private Networks (VPNs) are increasingly used to build logically isolated networks. However, existing VPN designs and deployments neglect the problem of traffic analysis a... [more] Virtual Private Networks (VPNs) are increasingly used to build logically isolated networks. However, existing VPN designs and deployments neglect the problem of traffic analysis and covert channels. Hence, there are many ways to infer information from VPN traffic without decrypting it. Many proposals were made to mitigate network covert channels, but previous works remained largely theoretical or resulted in prohibitively high padding overhead and performance penalties. In this work, we (1) analyse the impact of covert channels in IPsec, (2) present several improved and novel approaches for covert channel mitigation in IPsec, (3) propose and implement a system for dynamic performance trade-offs, and (4) implement our design in the Linux IPsec stack and evaluate its performance for different types of traffic and mitigation policies. At only 24% overhead, our prototype enforces tight information-theoretic bounds on all information leakage. © 2012 Springer-Verlag.
|
||||||||||
2012 |
Tupakula U, Varadharajan V, Dutta D, 'Intrusion Detection Techniques for Virtual Domains', 2012 19TH INTERNATIONAL CONFERENCE ON HIGH PERFORMANCE COMPUTING (HIPC), Pune, INDIA (2012) [E1]
|
||||||||||
2012 |
Tupakula U, Varadharajan V, 'Distributed Service Control Technique for Detecting Security Attacks', 2012 IEEE NETWORK OPERATIONS AND MANAGEMENT SYMPOSIUM (NOMS), Maui, HI (2012) [E1]
|
||||||||||
2011 |
Ulucenk C, Varadharajan V, Balakrishnan V, Tupakula U, 'Techniques for Analysing PDF Malware', 2011 18TH ASIA-PACIFIC SOFTWARE ENGINEERING CONFERENCE (APSEC 2011), Univ Sci, Ho Chi Minh, VIETNAM (2011) [E1]
|
||||||||||
2011 |
Tupakula U, Varadharajan V, Bichhawat A, 'Security Architecture for Virtual Machines', ALGORITHMS AND ARCHITECTURES FOR PARALLEL PROCESSING, PT I, Melbourne, AUSTRALIA (2011) [E1]
|
||||||||||
2011 |
Tupakula U, Varadharajan V, Vuppala SK, 'Security techniques for beyond 3G wireless mobile networks', Proceedings - 2011 IFIP 9th International Conference on Embedded and Ubiquitous Computing, EUC 2011 (2011) [E1] Significant developments in the recent times have led to an increasing use of mobile devices such as smart phones in accessing Internet services and applications over wireless net... [more] Significant developments in the recent times have led to an increasing use of mobile devices such as smart phones in accessing Internet services and applications over wireless networks. In this paper, we propose a security architecture for counteracting denial of service attacks in Beyond 3G (B3G) network architecture with mobile nodes. We describe the system architecture and discuss the different cases of attack scenarios involving the mobility of the attacking and victim nodes. Our proposed solution takes into account practical issues such as limited resources of the mobile nodes. It has distinct advantages such as monitoring of the traffic to the victim node and the attack traffic being dropped before reaching the victim; the ability to traceback the attacking node and prevent the attack at the home agent or foreign agent that is closer to the attacking node; and the ability to deal with dynamic changes in attack traffic patterns. We also present an analysis of our proposed architecture as well as simulation results. © 2011 IEEE.
|
||||||||||
2011 |
Tupakula U, Varadharajan V, 'TVDSEC: Trusted virtual domain security', Proceedings - 2011 4th IEEE International Conference on Utility and Cloud Computing, UCC 2011 (2011) [E1] Virtualisation is one of the important technologies for the realisation of cloud computing. A Virtual Machine Monitor (VMM) is an additional software layer which has complete cont... [more] Virtualisation is one of the important technologies for the realisation of cloud computing. A Virtual Machine Monitor (VMM) is an additional software layer which has complete control on the physical resources and enables to run multiple operating systems on a scalable computer. Recently some of the techniques have been proposed to develop Trusted Virtual domains. A trusted virtual domain (TVD) enables grouping of related virtual machines running on separate physical machine into a single network domain with a unified security policy. In this paper we analyze the security issues related to TVD and propose security techniques to deal with the attacks in TVD. © 2011 IEEE.
|
||||||||||
2011 |
Tupakula U, Varadharajan V, Akku N, 'Intrusion detection techniques for infrastructure as a service cloud', Proceedings - IEEE 9th International Conference on Dependable, Autonomic and Secure Computing, DASC 2011 (2011) [E1] Today, cloud computing is one of the increasingly popular technology where the customer can use the resources of the cloud services providers to perform their tasks and only pay f... [more] Today, cloud computing is one of the increasingly popular technology where the customer can use the resources of the cloud services providers to perform their tasks and only pay for the resources they use. The customer virtual machines in the cloud are vulnerable to different types of attacks. In this paper we propose techniques for securing customer virtual machines from different types of attacks in the Infrastructure as a Service cloud and describe how this can be achieved in practice. Our model enables to differentiate attack traffic originating from each virtual machine even if multiple virtual machines on a VMM are sharing a single IP address. © 2011 IEEE.
|
||||||||||
2011 |
Seberry J, Varadharajan V, Chen J, Wang H, Yang LT, Ma J, 'DASC 2011: Message from the chairs', Proceedings - IEEE 9th International Conference on Dependable, Autonomic and Secure Computing, DASC 2011 (2011)
|
||||||||||
2011 |
Tupakula U, Varadharajan V, 'On the design of virtual machine intrusion detection system', Proceedings of the 12th IFIP/IEEE International Symposium on Integrated Network Management, IM 2011 (2011) [E1] In this paper we propose comprehensive security architecture called VICTOR to deal with different types of attacks on virtual machines. Our model takes into account the specific c... [more] In this paper we propose comprehensive security architecture called VICTOR to deal with different types of attacks on virtual machines. Our model takes into account the specific characteristics of operating system and applications running in each virtual machine (VM) at a fine granular level to deal with the attacks. Our architecture has several components such as entity validation, intrusion detection engine and dynamic analyzer. The entity validation component is used in the detection of attack traffic with spoofed source address, secure logging, and capturing information of the operating system and applications running in the virtual machines. The intrusion detection engine component is used for detection of known attacks and suspicious behaviour by monitoring the incoming and outgoing traffic of virtual machines. The dynamic analyzer is used for detection and validation of suspicious processes, detection of zero day attacks and fine granular isolation of malicious process or application that is generating the attack traffic. © 2011 IEEE.
|
||||||||||
2011 |
Tupakula U, Varadharajan V, Vuppala SK, 'Counteracting DDoS attacks in WLAN', ACM International Conference Proceeding Series (2011) [E1] The security protocols for WLAN such as WEP have fundamental weakness which can be exploited by the attacker to obtain unauthorized access to the wireless networks and generate at... [more] The security protocols for WLAN such as WEP have fundamental weakness which can be exploited by the attacker to obtain unauthorized access to the wireless networks and generate attacks. In this paper, we propose a security architecture for counteracting denial of service attacks in wireless based network architecture with mobile nodes. We describe the system model and discuss the different cases of attack scenarios involving the mobility of the attacking and victim nodes. We describe how mobile IP protocol in conjunction with our model can be used to deal efficiently with the attacks on mobile nodes. © 2011 ACM.
|
||||||||||
2011 |
Ruan C, Varadharajan V, 'Reasoning about dynamic delegation in role based access control systems', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2011) [E1] This paper proposes a logic based framework that supports dynamic delegation for role based access control systems in a decentralised environment. It allows delegation of administ... [more] This paper proposes a logic based framework that supports dynamic delegation for role based access control systems in a decentralised environment. It allows delegation of administrative privileges for both roles and access rights between roles. We have introduced the notion of trust in delegation and have shown how extended logic programs can be used to express and reason about roles and their delegations with trust degrees, roles' privileges and their propagations, delegation depth as well as conflict resolution. Furthermore, our framework is able to enforce various role constraints such as separation of duties, role composition and cardinality constraints. The proposed framework is flexible and provides a sound basis for specifying and evaluating sophisticated role based access control policies in decentralised environments. © 2011 Springer-Verlag.
|
||||||||||
2011 |
Ries S, Habib SM, Muehlhaeuser M, Varadharajan V, 'CertainLogic: A Logic for Modeling Trust and Uncertainty', TRUST AND TRUSTWORTHY COMPUTING, TRUST 2011, Carnegie Mellon Univ, Pittsburgh, PA (2011) [E1]
|
||||||||||
2011 |
Haghighi MS, Mohamed-pour K, Varadharajan V, 'Analysis of Packet Loss for Batch Traffic Arrivals in IEEE 802.15.4-based Networks', 2011 IEEE 36TH CONFERENCE ON LOCAL COMPUTER NETWORKS (LCN), Bonn, GERMANY (2011) [E1]
|
||||||||||
2011 |
Krishna A, Varadharajan V, 'A Hybrid Trust Model for Authorisation Using Trusted Platforms', TRUSTCOM 2011: 2011 INTERNATIONAL JOINT CONFERENCE OF IEEE TRUSTCOM-11/IEEE ICESS-11/FCST-11, Changsha, PEOPLES R CHINA (2011) [E1]
|
||||||||||
2011 |
Tupakula U, Varadharajan V, 'TVLAN: Trusted and Virtualised Local Area Networks', TRUSTCOM 2011: 2011 INTERNATIONAL JOINT CONFERENCE OF IEEE TRUSTCOM-11/IEEE ICESS-11/FCST-11, Changsha, PEOPLES R CHINA (2011) [E1]
|
||||||||||
2011 |
Tupakula U, Varadharajan V, 'Security Techniques for Zero Day Attacks', 2011 7TH INTERNATIONAL WIRELESS COMMUNICATIONS AND MOBILE COMPUTING CONFERENCE (IWCMC), Istanbul, TURKEY (2011)
|
||||||||||
2011 | Indrakanti S, Varadharajan V, 'Coordination based Distributed Authorization for Business Processes in Service Oriented Architectures', PROCEEDINGS OF THE SIXTH INTERNATIONAL CONFERENCE ON INTERNET AND WEB APPLICATIONS AND SERVICES (ICIW 2011), St Maarten, NETHERLANDS (2011) [E1] | ||||||||||
2011 |
Ries S, Habib SM, Mühlhäuser M, Varadharajan V, 'CertainLogic: A logic for modeling trust and uncertainty', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2011) © Springer-Verlag Berlin Heidelberg 2011. The evaluation of the trustworthiness of complex systems is a challenge in current IT research. We contribute to this field by providing ... [more] © Springer-Verlag Berlin Heidelberg 2011. The evaluation of the trustworthiness of complex systems is a challenge in current IT research. We contribute to this field by providing a novel model for the evaluation of propositional logic terms under uncertainty that is compliant with the standard probabilistic approach and subjective logic. Furthermore, we present a use case to demonstrate how this approach can be applied to the evaluation of the trustworthiness of a system based on the knowledge about its components and subsystems.
|
||||||||||
2010 | Rannenberg K, Varadharajan V, Weber C, 'Security and Privacy - Silver linings in the Cloud: 25th IFIP TC 11 International Information Security Conference, SEC 2010 Held as Part of WCC 2010 Brisbane, Australia, September 20-23, 2010 Proceedings', IFIP Advances in Information and Communication Technology (2010) | ||||||||||
2010 |
Nagarajan A, Varadharajan V, 'Modelling Dynamic Trust with Property Based Attestation in Trusted Platforms', DATA AND APPLICATIONS SECURITY AND PRIVACY XXIV, PROCEEDINGS, Rome, ITALY (2010)
|
||||||||||
2010 |
Wang H, Sun L, Varadharajan V, 'Purpose-Based Access Control Policies and Conflicting Analysis', SECURITY AND PRIVACY - SILVER LININGS IN THE CLOUD, Australian Comp Soc (ACS), Brisbane, AUSTRALIA (2010)
|
||||||||||
2010 |
Sayad Haghighi M, Mohamedpour K, Varadharajan V, Mohammadi-Nodooshan A, 'Overhearing gain analysis in low-traffic CDMA wireless sensor networks', SUTC 2010 - 2010 IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing, UMC 2010 - 2010 IEEE International Workshop on Ubiquitous and Mobile Computing (2010) There have been trends in using spread spectrum channel accessing techniques in wireless sensor networks to mitigate the effect of potential collisions in concurrent transmissions... [more] There have been trends in using spread spectrum channel accessing techniques in wireless sensor networks to mitigate the effect of potential collisions in concurrent transmissions and to increase the throughput as well as countering jamming-like noises. Overhearing of the data has been previously analyzed in cellular CDMA networks as this technique was first introduced for mobile communications with multiple transmitting users sending their data to a single base station which controls their transmission power. But sensor (and ad hoc) networks are usually devoid of any coordinating devices and the transmission is usually done toward different local destinations using distributed power controlling methods. This paper provides a systematic analysis of overhearing performance in low-traffic sensor networks especially when the sensing point is located somewhere at the middle of the network which is not necessarily near the sink. The distributed code assignment which is a key issue in infrastructureless CDMA networks has been taken into account in the development of a theoretical model. The result of this analysis shows that the higher the number of used codes, the higher is the gain of overhearing. Thus using this parameter, the network designer has statistical control over the amount of potential overheard data. We have also developed simulations of the proposed model and the results support the predictions of the theoretical model. © 2010 IEEE.
|
||||||||||
2010 |
Zhang J, Shankaran R, Orgun MA, Varadharajan V, Sattar A, 'A dynamic trust establishment and management framework for wireless sensor networks', Proceedings - IEEE/IFIP International Conference on Embedded and Ubiquitous Computing, EUC 2010 (2010) In this paper, we present a trust establishment and management framework for hierarchical wireless sensor networks. The wireless sensor network architecture we consider consists o... [more] In this paper, we present a trust establishment and management framework for hierarchical wireless sensor networks. The wireless sensor network architecture we consider consists of a collection of sensor nodes, cluster heads and a base station arranged hierarchically. The framework encompasses schemes for establishing and managing trust between these different entities. We demonstrate that the proposed framework helps to minimize the memory, computation and communication overheads involved in trust management in wireless sensor networks. Our framework takes into account direct and indirect (group) trust in trust evaluation as well as the energy associated with sensor nodes in service selection. It also considers the dynamic aspect of trust by introducing a trust varying function which could be adjusted to give greater weight to the most recently obtained trust values in the trust calculation. The architecture also has the ability to deal with the inter-cluster movement of sensor nodes using a combination of certificate based trust and behaviour based trust. © 2010 IEEE.
|
||||||||||
2010 |
Nagarajan A, Varadharajan V, Hitchens M, 'Analysis of property based attestation in trusted platforms', Proceedings - IEEE/IFIP International Conference on Embedded and Ubiquitous Computing, EUC 2010 (2010) Binary attestation in trusted computing platforms provide the ability to reason about the state of a system using hash measurements. Property based attestation on the other hand e... [more] Binary attestation in trusted computing platforms provide the ability to reason about the state of a system using hash measurements. Property based attestation on the other hand enables more meaningful attestation by abstracting low level binary values to high level security properties or functions of systems. In this paper, we try to understand the kind of security properties that trusted platforms can attest. We propose that security properties can have different levels of granularity and provide a pyramid model that classifies properties at four different levels. We leverage the Common Criteria framework for security requirements to provide examples of such properties. The model is then implemented in the context of authorisation for Web services. © 2010 IEEE.
|
||||||||||
2010 | Babenko LK, Chefranov AG, Varadharajan V, 'SIN'10 - Proceedings of the 3rd International Conference of Security of Information and Networks: Program chairs' welcome message', SIN'10 - Proceedings of the 3rd International Conference of Security of Information and Networks (2010) | ||||||||||
2010 |
Zhang J, Shankaran R, Orgun MA, Varadharajan V, Sattar A, 'A Trust Management Architecture for Hierarchical Wireless Sensor Networks', IEEE LOCAL COMPUTER NETWORK CONFERENCE, Denver, CO (2010)
|
||||||||||
2010 |
Tupakula UK, Varadharajan V, 'Detecting security attacks in trusted virtual domains', Proceedings - IEEE/IFIP International Conference on Embedded and Ubiquitous Computing, EUC 2010 (2010) A trusted virtual domain (TVD) enables grouping of related virtual machines running on separate physical machine into a single network domain with a unified security policy. Since... [more] A trusted virtual domain (TVD) enables grouping of related virtual machines running on separate physical machine into a single network domain with a unified security policy. Since the virtual machines can be running different operating systems and applications, the attacker can generate attacks in the TVD by exploiting a single vulnerability in any of the operating systems or applications. Our aim in this paper is to consider the design choices and develop an intrusion detection architecture that would enable efficient detection and prevention of different types of attacks in such a TVD based distributed environments. The proposed architecture can capture the knowledge of the operating systems and applications at fine granular level and isolate the malicious entities that are generating the attack traffic. Our model takes into account the security policies that are specific to the virtual machine as well as security policies of the trusted virtual domains to deal with the attacks efficiently. © 2010 IEEE.
|
||||||||||
2009 |
Ruan C, Varadharajan V, 'Reasoning on weighted delegatable authorizations', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2009) This paper studies logic based methods for representing and evaluating complex access control policies needed by modern database applications. In our framework, authorization and ... [more] This paper studies logic based methods for representing and evaluating complex access control policies needed by modern database applications. In our framework, authorization and delegation rules are specified in a Weighted Delegatable Authorization Program (WDAP) which is an extended logic program. We show how extended logic programs can be used to specify complex security policies which support weighted administrative privilege delegation, weighted positive and negative authorizations, and weighted authorization propagations. We also propose a conflict resolution method that enables flexible delegation control by considering priorities of authorization grantors and weights of authorizations. A number of rules are provided to achieve delegation depth control, conflict resolution, and authorization and delegation propagations. © 2009 Springer Berlin Heidelberg.
|
||||||||||
2009 |
Ruan C, Varadharajan V, 'Trust enhanced authorization for mobile agents', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2009) Trust has been recognized as an important aspect for mobile agent security. In this paper, we develop a logic based trust model which enables the capturing of a comprehensive set ... [more] Trust has been recognized as an important aspect for mobile agent security. In this paper, we develop a logic based trust model which enables the capturing of a comprehensive set of trust relationships to enhance the security of conventional access control mechanisms in a mobile based applications. We first discuss the notion of trust and its relevance to mobile agent security. Next we define a logic program based language to facilitate the modelling process. To enforce the security related trustworthy behaviours, we then define a set of general rules to capture the semantics. Finally, the language is applied in a mobile agent context to demonstrate how the trust can be explicitly modelled and reasoned about to support better security decisions for the mobile agent based systems. © 2009 Springer Berlin Heidelberg.
|
||||||||||
2009 |
Lu J, Li R, Varadharajan V, Lu Z, Ma X, 'Secure interoperation in multidomain environments employing UCON policies', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2009) Ensuring secure interoperation in multidomain environments based on role based access control (RBAC) has drawn considerable research works in the past. However, RBAC primarily con... [more] Ensuring secure interoperation in multidomain environments based on role based access control (RBAC) has drawn considerable research works in the past. However, RBAC primarily consider static authorization decisions based on subjects' permissions on target objects, and there is no further enforcement during the access. Recently proposed usage control (UCON) can address these requirements of access policy representation for temporal and time-consuming problems. In this paper, we propose a framework to facilitate the establishment of secure interoperability in multidomain environments employing Usage Control (UCON) policies. In particular, we propose an attribute mapping technique to establish secure context in multidomain environments. A key challenge in the establishment of secure interoperability is to guarantee security of individual domains in presence of interoperation. We study how conflicts arise and show that it is efficient to resolve the security violations of cyclic inheritance and separation of duty. © 2009 Springer Berlin Heidelberg.
|
||||||||||
2009 |
Gan Z, Ding Q, Varadharajan V, 'Reputation-Based Trust Network Modelling and Simplification in Multiagent-Based E-Commerce Systems', PROCEEDINGS OF THE 2009 FIFTH INTERNATIONAL CONFERENCE ON NEXT GENERATION WEB SERVICES PRACTICES, NWESP 2009, Charles Univ, Fac Math & Phys, Prague, CZECH REPUBLIC (2009)
|
||||||||||
2009 | Shankaran R, Varadharajan V, Orgun MA, Hitchens M, 'Context-Aware Trust Management for Peer-to-Peer Mobile Ad-Hoc Networks', 2009 IEEE 33RD INTERNATIONAL COMPUTER SOFTWARE AND APPLICATIONS CONFERENCE, VOLS 1 AND 2, Seattle, WA (2009) | ||||||||||
2009 |
Nagarajan A, Varadharajan V, Hitchens M, Gallery E, 'Property Based Attestation and Trusted Computing: Analysis and Challenges', NSS: 2009 3RD INTERNATIONAL CONFERENCE ON NETWORK AND SYSTEM SECURITY, Surfers Paradise, AUSTRALIA (2009)
|
||||||||||
2009 |
Gallery E, Nagarajan A, Varadharajan V, 'A Property-Dependent Agent Transfer Protocol', TRUSTED COMPUTING, PROCEEDINGS, St Hughs Coll, Oxford, ENGLAND (2009)
|
||||||||||
2009 |
Nagarajan A, Varadharajan V, Hitchens M, 'ALOPA: Authorization Logic for Property Attestation in Trusted Platforms', AUTONOMIC AND TRUSTED COMPUTING, PROCEEDINGS, Brisbane, AUSTRALIA (2009)
|
||||||||||
2009 |
Li L, Wang Y, Varadharajan V, 'Fuzzy Regression Based Trust Prediction in Service-Oriented Applications', AUTONOMIC AND TRUSTED COMPUTING, PROCEEDINGS, Brisbane, AUSTRALIA (2009)
|
||||||||||
2009 |
Lu J, Li R, Varadharajan V, Lu Z, Ma X, 'Secure Interoperation in Multidomain Environments Employing UCON Policies', INFORMATION SECURITY, PROCEEDINGS, Pisa, ITALY (2009)
|
||||||||||
2009 |
Shankaran R, Varadharajan V, Orgun MA, Hitchens M, 'Context-aware trust management for peer-to-peer mobile Ad-Hoc networks', Proceedings - International Computer Software and Applications Conference (2009) Mobile Ad hoc Networks (MANETs) are self-organizing and adaptive, and securing such networks is non-trivial. Most security schemes suggested for MANETs tend to build upon some fun... [more] Mobile Ad hoc Networks (MANETs) are self-organizing and adaptive, and securing such networks is non-trivial. Most security schemes suggested for MANETs tend to build upon some fundamental assumptions regarding the trustworthiness of the participating hosts and the underlying networking systems without presenting any definite scheme for trust establishment. If MANET is to achieve the same level of acceptance as traditional wired and wireless network, then a formal specification of trust and a framework for trust management must become an intrinsic part of its infrastructure. The goal of this paper is to highlight issues relating to trust in MANETs and describe a context-aware, reputation-based approach for establishing trust that assesses the trustworthiness of the participating nodes in a dynamic and uncertain MANET environment. © 2009 IEEE.
|
||||||||||
2009 |
Li X, Wang G, Varadharajan V, Yang P, Baiardi F, Yu Z, 'Message from the UbiSafe-09 chairs', 8th IEEE International Symposium on Dependable, Autonomic and Secure Computing, DASC 2009 (2009)
|
||||||||||
2009 |
Gan Z, He J, Ding Q, Varadharajan V, 'Trust relationship modelling in E-commerce-based social network', CIS 2009 - 2009 International Conference on Computational Intelligence and Security (2009) In multi-agent-based e-commerce environments, like a social network, it is critical for buying agents to build trust with the selling agents in the virtual E-marketplaces so as to... [more] In multi-agent-based e-commerce environments, like a social network, it is critical for buying agents to build trust with the selling agents in the virtual E-marketplaces so as to mitigate the possible harm inflicted by any dishonest sellers. However, traditional approaches for establishing trust in the physical world can no longer be used. This paper introduces a graphical representation approach to uncover the existing social trust network in the virtual E-marketplaces. Firstly, it presents some notations of the graphical description approach. Secondly it discusses how to reconstruct the trust network in terms of the trust commonsense in people's daily life. © 2009 IEEE.
|
||||||||||
2009 |
Safavi-Naini R, Varadharajan V, 'Proceedings of the 4th International Symposium on ACM Symposium on Information, Computer and Communications Security, ASIACCS'09: Message from the program chairs', Proceedings of the 4th International Symposium on ACM Symposium on Information, Computer and Communications Security, ASIACCS'09 (2009)
|
||||||||||
2009 |
Varadharajan V, 'Evolution and challenges in trust and security in information system infrastructures', SIN'09 - Proceedings of the 2nd International Conference on Security of Information and Networks (2009) In these uncertain economic times, two key ingredients which are in short supply are trust and confidence. The concept of trust has been around for many decades (if not for centur... [more] In these uncertain economic times, two key ingredients which are in short supply are trust and confidence. The concept of trust has been around for many decades (if not for centuries) in different disciplines such as business, psychology, philosophy as well as in security technology. The current financial climate gives a particularly prescient example. As financial journalist Walter Bagehot wrote some 135 years ago, "after a great calamity, everybody is suspicious of everybody" and "credit, the disposition of one man to trust another, is singularly varying." The problem, as Bagehot observed it, was trust, or rather the lack of it, and it's as true today as it was in his time. Financial mechanisms aren't the only entities that must deal with trust-today's social networking communities such as Facebook, Wikipedia, and other online communities have to constantly reconcile trust issues, from searching and locating credible information, to conveying and protecting personal information. Furthermore with ever increasing reliance on digital economy, most business and government activities today depend on networked information systems for their operations. In this talk, we'll take a short journey through the concept and evolution of trust in the secure computing technology world, and examine some of the challenges involved in trusted computing today.
|
||||||||||
2009 |
Tupakula UK, Varadharajan V, Vuppala SK, 'SBAC: Service Based Access Control', 2009 14TH IEEE INTERNATIONAL CONFERENCE ON ENGINEERING OF COMPLEX COMPUTER SYSTEMS (ICECCS), Potsdam, GERMANY (2009)
|
||||||||||
2009 |
Tupakula UK, Varadharajan V, Pandalaneni SR, 'DoSTRACK: A system for defending against DoS attacks', Proceedings of the ACM Symposium on Applied Computing (2009) Denial of service (DoS) attacks are one of the complex problems in the current Internet. In this paper, we propose a system, DoSTRACK, that can efficiently deal with the TCP SYN a... [more] Denial of service (DoS) attacks are one of the complex problems in the current Internet. In this paper, we propose a system, DoSTRACK, that can efficiently deal with the TCP SYN and reflection Distributed Denial of Service (DDoS) attacks. We also describe a prototype implementation of our model with HP OpenView Network Node Manager (NNM) and discuss how our model can be beneficial to the DDoS victim and the ISP. Copyright 2009 ACM.
|
||||||||||
2008 |
Shankaran R, Varadharajan V, Orgun MA, Hitchens M, 'Critical Issues in Trust Management for Mobile Ad-Hoc Networks', PROCEEDINGS OF THE 2009 IEEE INTERNATIONAL CONFERENCE ON INFORMATION REUSE AND INTEGRATION, Las Vegas, NE (2008)
|
||||||||||
2008 |
Zhao W, Varadharajan V, 'A Novel Approach of Web Search Based on Community Wisdom', 2008 3RD INTERNATIONAL CONFERENCE ON INTERNET AND WEB APPLICATIONS AND SERVICES (ICIW 2008), Athens, GREECE (2008)
|
||||||||||
2008 |
Nagarajan A, Varadharajan V, Hitchens M, Arora S, 'On the applicability of trusted computing in distributed authorization using Web services', DATA AND APPLICATIONS SECURITY XXII, London, ENGLAND (2008)
|
||||||||||
2008 |
Zhao W, Varadharajan V, 'Trust management for web services', Proceedings of the IEEE International Conference on Web Services, ICWS 2008 (2008) In this paper, we propose a comprehensive trust management approach for web services that covers the analysis/modelling of trust relationships and the development of trust managem... [more] In this paper, we propose a comprehensive trust management approach for web services that covers the analysis/modelling of trust relationships and the development of trust management layer in a consistent manner. The specific characteristics of trust relationships in web services are discussed. We introduce a separated trust management layer for web services that can hold computing components for trust management tasks. A trust management architecture for web services is proposed for building up the trust management layer. The proposed trust management architecture for web services deals with trust requirements, trust evaluation, and trust consumption in web services under a unified umbrella and it provides a solid foundation upon which may evolve the trust management layer for web services. © 2008 Crown Copyright.
|
||||||||||
2008 |
Balakrishnan V, Varadharajan V, Tupakula U, 'Subjective logic based trust model for mobile ad hoc networks', Proceedings of the 4th International Conference on Security and Privacy in Communication Networks, SecureComm'08 (2008) In last five years, several trust models have been proposed to enhance the security of Mobile Ad hoc Networks (MANET). Nevertheless, these trust models fail to express the notion ... [more] In last five years, several trust models have been proposed to enhance the security of Mobile Ad hoc Networks (MANET). Nevertheless, these trust models fail to express the notion of ignorance during the establishment of trust relationships between mobile nodes. Furthermore, they lack a well-defined approach to defend against the issues resulting from recommendations. In this paper, we propose a novel subjective logic based trust model that enables mobile nodes to explicitly represent and manage ignorance as uncertainty during the establishment of trust relationships with other nodes. Our model defines additional operators to subjective logic in order to address the ignorance introduced between mobile nodes (which have already established trust relationships) as a result of mobility-induced separation. Second, we demonstrate on how mobile nodes formulate their opinions for other nodes based on the evidence collected from the benign and malicious behaviors of those nodes. We then describe on how mobile nodes establish trust relationships with other nodes using the opinions held for those nodes. Depending on the policies defined, these relationships are then used by our model to enhance the security of mobile communications. Third, we propose a novel approach to communicate recommendations by which no explicit packets or additional headers are disseminated as recommendations. This allows our model to defend against recommendation related issues such as free-riding, honest-elicitation, and recommender's bias. Finally, we demonstrate the performance of our model through NS2 simulations. Copyright © 2008 ACM.
|
||||||||||
2008 |
Zhang J, Varadharajan V, 'A New Security Scheme for Wireless Sensor Networks', GLOBECOM 2008 - 2008 IEEE GLOBAL TELECOMMUNICATIONS CONFERENCE, New Orleans, LA (2008)
|
||||||||||
2007 |
Balakrishnan V, Varadharajan V, Tupakula U, Moe MEG, 'Mitigating flooding attacks in mobile ad-hoc networks supporting anonymous communications', The 2nd International Conference on Wireless Broadband and Ultra Wideband Communications, AusWireless 2007 (2007) Recently several techniques that provide different degree of anonymity have been proposed for wired and wireless communication. Although, the recently proposed techniques are succ... [more] Recently several techniques that provide different degree of anonymity have been proposed for wired and wireless communication. Although, the recently proposed techniques are successful in achieving high degree of anonymity, there are some disadvantages associated with the proposed techniques. In this paper we analyze the flooding and packet drop attacks in mobile ad hoc networks that support anonymous communication. Then we propose a novel technique to deal with the flooding attacks. Our approach can efficiently identify and isolate the malicious node that floods the network. In addition, our technique provides a mechanism to identify the benign behavior of an expelled node and rejoins the expelled node back into the network. Furthermore, our approach does not require any additional packets to communicate the behavior of the flooding node and hence does not incur any additional overhead. Finally we validate the performance analysis of our technique through NS2 simulations. © 2007 IEEE.
|
||||||||||
2007 |
Zhang J, Wang Y, Varadharajan V, 'A new security scheme for integration of mobile agents and Web services', Second International Conference on Internet and Web Applications and Services, ICIW'07 (2007) Web services specification provides an open standard for the distributed service oriented architecture. It is widely used in Internet and pervasive networks supporting wireless mo... [more] Web services specification provides an open standard for the distributed service oriented architecture. It is widely used in Internet and pervasive networks supporting wireless mobile devices. A mobile agent is a composition of computer software and data which is able to migrate from one host to another autonomously and continue its execution on the destination host. Mobile agent technology can reduce the bandwidth requirement and tolerate the network faults - able to operate without an active connection between clients and server. Hence, the applications of the combination of mobile agents and web service have been widely investigated in recent years. However, the security issue is still of a major concern. In this paper, we propose a novel agent-based web service security scheme. This scheme provides a new authentication protocol without using the username/password pair, which is infeasible for mobile agent, and gives an alternative method to current security mechanism without using Certification Authorities (CA) based public key infrastructure. With this scheme, we can simplify the key management and reduce the computation particularly for group-oriented web services. © 2007 IEEE.
|
||||||||||
2007 |
Balakrishnan V, Varadharajan V, Tupakula U, Lucs P, 'Trust integrated cooperation architecture for mobile ad-hoc networks', Proceedings of 4th IEEE Internatilonal Symposium on Wireless Communication Systems 2007, ISWCS (2007) In recent years, several secure routing protocols have been proposed to secure communications among nodes in mobile ad hoc networks. However, they are not tailored to defend again... [more] In recent years, several secure routing protocols have been proposed to secure communications among nodes in mobile ad hoc networks. However, they are not tailored to defend against Denial of Service (DoS) attacks such as flooding and packet drop attacks. This has led to the development of models that target cooperation among nodes. These models either fail to protect against flooding attacks or only defend against greedy nodes that drop packets to save battery resources. The main shortcoming of cooperation models is that they fail to evaluate the trustworthiness for other nodes. In this paper, we propose a Trust Integrated Cooperation Architecture which consists of an obligation-based cooperation model known as fellowship to defend against both flooding and packet drop attacks. In our architecture, fellowship enhances its security decisions through a trust model known as Secure MANET Routing with Trust Intrigue (SMRTI). In comparison with related models, SMRTI deploys a novel approach to communicate recommendations such that the deployed approach is free from well-known issues such as honest elicitation, free riding, bias of a recommender, and additional overhead. © 2007 IEEE.
|
||||||||||
2007 |
Balakrishnan V, Varadharajan V, Tupakula U, Lucs P, 'TEAM: Trust enhanced security architecture for mobile ad-hoc networks', ICON 2007 - Proceedings of the 2007 15th IEEE International Conference on Networks (2007) Security is paramount in Mobile Ad-hoc Networks (MANET) as they are not conducive to centralized trusted authorities. Several solutions have been proposed for MANET in the areas o... [more] Security is paramount in Mobile Ad-hoc Networks (MANET) as they are not conducive to centralized trusted authorities. Several solutions have been proposed for MANET in the areas of key management, secure routing, nodal cooperation, and trust management. Nevertheless, MANET lacks a unified architecture to take advantage of the deployed security models. In this paper, we propose Trust Enhanced security Architecture for MANET (TEAM), in which a trust model is overlaid on the following security models - key management mechanism, secure routing protocol, and cooperation model. We briefly present the operation of our architecture and then we detail the system operation of our novel trust and cooperation model, which we call as Secure MANET Routing with Trust Intrigue (SMRTI) and fellowship respectively. SMRTI captures the evidence of trustworthiness for other nodes from the security models, and in return assists them to make better security decisions. Unlike related trust models, SMRTI captures recommendations in such a way that it eliminates both freeriding and honest-elicitation problems. In comparison with related cooperation models, fellowship model defends against both flooding and packet drop attacks. It can efficiently identify and isolate both malicious and selfish nodes that fail to share the communication channel or forward packets for other nodes. Furthermore, our models do not rely on any centralized authority or tamper-proof hardware. Simulation results confirm that our models enhance the performance of TEAM. © 2007 IEEE.
|
||||||||||
2007 |
Lin C, Varadharajan V, 'A hybrid trust model for enhancing security in distributed systems', ARES 2007: SECOND INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY AND SECURITY, PROCEEDINGS, Vienna, AUSTRIA (2007)
|
||||||||||
2007 |
Zhang J, Wang Y, Varadharajan V, 'Mobile agent and web service integration security architecture', IEEE INTERNATIONAL CONFERENCE ON SERVICE-ORIENTED COMPUTING AND APPLICATIONS, PROCEEDINGS, Newport Beach, CA (2007)
|
||||||||||
2007 |
Wang Y, Varadharajan V, 'Role-based recommendation and trust evaluation', 9TH IEEE INTERNATIONAL CONFERENCE ON E-COMMERCE TECHNOLOGY/4TH IEEE INTERNATIONAL CONFERENCE ON ENTERPRISE COMPUTING, E-COMMERCE AND E-SERVICES, Tokyo, JAPAN (2007)
|
||||||||||
2007 |
Wang Y, Lin K-J, Wong DS, Varadharajan V, 'The design of a rule-based and event-driven trust management framework', ICEBE 2007: IEEE INTERNATIONAL CONFERENCE ON E-BUSINESS ENGINEERING, PROCEEDINGS, Hong Kong, PEOPLES R CHINA (2007)
|
||||||||||
2007 |
Gan Z, Tang J, Wu P, Varadharajan V, 'A novel security risk evaluation for information systems', 2007 JAPAN-CHINA JOINT WORKSHOP ON FRONTIER OF COMPUTER SCIENCE AND TECHNOLOGY, PROCEEDINGS, Wuhan, PEOPLES R CHINA (2007)
|
||||||||||
2007 |
Nagarajan A, Varadharajan V, Hitchens M, 'Trust management and negotiation for attestation in trusted platforms using web services', EIGHTH INTERNATIONAL CONFERENCE ON PARALLEL AND DISTRIBUTED COMPUTING, APPLICATIONS AND TECHNOLOGIES, PROCEEDINGS, Adelaide, AUSTRALIA (2007)
|
||||||||||
2007 | Balakrishnan V, Varadharajan V, Tupakula U, Lucs P, 'Trust Integrated Cooperation Architecture for mobile ad-hoc networks', 2007 FOURTH INTERNATIONAL SYMPOSIUM ON WIRELESS COMMUNICATION SYSTEMS, VOLS 1 AND 2, Trondheim, NORWAY (2007) | ||||||||||
2007 | Balakrishnan V, Varadharajan V, Tupakula U, Lucs P, 'TEAM: Trust Enhanced Security Architecture for Mobile Ad-hoc Networks', 2007 15TH IEEE INTERNATIONAL CONFERENCE ON NETWORKS, Adelaide, AUSTRALIA (2007) | ||||||||||
2007 |
Nagarajan A, Varadharajan V, Hitchens M, 'Trust Management for Trusted Computing Platforms in Web Services', STC'07: PROCEEDINGS OF THE 2007 ACM WORKSHOP ON SCALABLE TRUSTED COMPUTING, Alexandria, VA (2007)
|
||||||||||
2007 |
Balakrishnan V, Varadharajan V, Lucs P, Tupakula UK, 'Trust enhanced secure mobile ad-hoc network routing', 21ST INTERNATIONAL CONFERENCE ON ADVANCED NETWORKING AND APPLICATIONS WORKSHOPS/SYMPOSIA, VOL 2, PROCEEDINGS, Niagara Falls, CANADA (2007)
|
||||||||||
2007 |
Balakrishnan V, Varadharajan V, Tupakula UK, Lucs P, 'Trust and recommendations in mobile ad hoc networks', 3rd International Conference on Networking and Services,ICNS 2007 (2007) Recently several trust and reputation models have been proposed to enhance the security of mobile ad hoc networks. In these models, recommendations are circulated by forwarding ex... [more] Recently several trust and reputation models have been proposed to enhance the security of mobile ad hoc networks. In these models, recommendations are circulated by forwarding explicit messages or introducing extra message headers. Apart from incurring additional overhead, the recommendations are prone to issues such as recommender's bias, honest-elicitation, and free-riding. In this paper, we propose a trust model to enhance the security of mobile ad hoc networks and to address the issues related to recommendations. The model uses only trusted routes for communication, and isolates malicious nodes depending on the evidence collected from direct interactions and recommendations. It deploys a novel approach for communicating recommendations such that they are free from recommender's bias, honest-elicitation, and free-riding. Simulation results confirm the effectiveness of our model. © 2007 IEEE.
|
||||||||||
2006 |
Wang Y, Varadharajan V, 'DynamicTrust: The trust development in peer-to-peer environments', IEEE INTERNATIONAL CONFERENCE ON SENSOR NETWORKS, UBIQUITOUS, AND TRUSTWORTHY COMPUTING, VOL 1, PROCEEDINGS, Tai Chung, TAIWAN (2006)
|
||||||||||
2006 |
Lin C, Varadharajan V, 'Trust based risk management for distributed system security - A new approach', FIRST INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY AND SECURITY, PROCEEDINGS, Vienna Univ Technol, Vienna, AUSTRIA (2006)
|
||||||||||
2006 | Zhang J, Varadharajan V, Mu Y, 'ID-based secure PIM-SM schemes', PROCEEDINGS OF THE SIXTH IASTED INTERNATIONAL MULTI-CONFERENCE ON WIRELESS AND OPTICAL COMMUNICATIONS, Banff, CANADA (2006) | ||||||||||
2006 |
Zhang J, Varadharajan V, Mu Y, 'A scalable multi-service group key management scheme', Proceedings of the Advanced International Conference on Telecommunications and International Conference on Internet and Web Applications and Services, AICT/ICIW'06 (2006) Scalable multi-service oriented group key management addresses issues relating to situations where dynamic group users have different privileges for accessing different sets of se... [more] Scalable multi-service oriented group key management addresses issues relating to situations where dynamic group users have different privileges for accessing different sets of services. In this paper, we propose a new flexible group key management scheme based on an ID-based distribution encryption algorithm. This scheme has several advantages over existing multi-service oriented schemes. We show that the proposed scheme has some unique scalability properties, less storage, less communication overhead and inherent traitor tracing and stateless properties than previously known schemes. We believe the proposed scheme can be used to provide a secure information distribution method for many multi-service group-oriented applications. © 2006 IEEE.
|
||||||||||
2006 |
Ruan C, Varadharajan V, 'Implementing authorization delegations using graph', DATABASE AND EXPERT SYSTEMS APPLICATIONS, PROCEEDINGS, Cracow, POLAND (2006)
|
||||||||||
2006 |
Ruan C, Varadharajan V, 'Integration of graph based authorization policies', FOUNDATIONS OF INTELLIGENT SYSTEMS, PROCEEDINGS, Bari, ITALY (2006)
|
||||||||||
2006 | Gan Z, Varadharajan V, 'Design and implementation of a practical secure distributed healthcare application', SECRYPT 2006: PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON SECURITY AND CRYPTOGRAPHY, Setubal Coll Business Adm, Setubal, PORTUGAL (2006) | ||||||||||
2006 | Gan Z, Wei D, Varadharajan V, 'Improving software security through an integrated approach', SECRYPT 2006: PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON SECURITY AND CRYPTOGRAPHY, Setubal Coll Business Adm, Setubal, PORTUGAL (2006) | ||||||||||
2006 |
Zhao W, Varadharajan V, Bryan G, 'A unified framework for trust management', 2006 SECURECOMM AND WORKSHOPS, Baltimore, MD (2006)
|
||||||||||
2006 |
Lin C, Varadharajan V, 'Trust enhanced security - A new philosophy for secure collaboration of mobile agents', 2006 INTERNATIONAL CONFERENCE ON COLLABORATIVE COMPUTING: NETWORKING, APPLICATIONS AND WORKSHARING, Athens, GA (2006)
|
||||||||||
2006 | Shankaran R, Varadharajan V, Hitchens M, 'Securing the ad hoc Dynamic Source Routing Protocol', 2006 IEEE INTERNATIONAL CONFERENCE ON WIRELESS COMMUNICATIONS, NETWORKING AND MOBILE COMPUTING, VOLS 1-4, Wuhan, PEOPLES R CHINA (2006) | ||||||||||
2006 |
Lin C, Varadharajan V, 'Trust enhanced security - A new philosophy for secure collaboration of mobile agents', 2006 International Conference on Collaborative Computing: Networking, Applications and Worksharing, CollaborateCom (2006) The mobile agent computing model violates some of the fundamental assumptions of conventional security techniques. Consequently, this has rendered many of the existing conventiona... [more] The mobile agent computing model violates some of the fundamental assumptions of conventional security techniques. Consequently, this has rendered many of the existing conventional security countermeasures less effective for mobile agents. In this paper, we propose a new philosophy of trust enhanced security, which advocates a paradigm shift for mobile agent security solutions: from security-centric to trust-centric with the aim of providing improved security and performance of mobile agents. We first examine the problem of uncertainty in behavior induced by the security assumption violations by mobile agents; we then propose a trust enhanced security approach and argue for the need for a paradigm shift to trust-centric solutions. Next we identify a list of general design requirements for the trust-centric solutions and outline the new architectural design which supports the new trust enhanced security philosophy in practice. Finally we discuss the emergent properties of the new architecture and introduce the experimental results for validating the properties. ©2006 IEEE.
|
||||||||||
2006 |
Tupakula UK, Varadharajan V, 'Analysis of Traceback Techniques', Conferences in Research and Practice in Information Technology Series (2006) Today's Internet is extremely vulnerable to Distributed Denial of service (DDoS) attacks. There is tremendous pressure on the sites performing online business and ISP's ... [more] Today's Internet is extremely vulnerable to Distributed Denial of service (DDoS) attacks. There is tremendous pressure on the sites performing online business and ISP's to protect their networks from DDoS attacks. Recently, several novel traceback techniques have been proposed to trace the approximate spoofed source of attack. Each proposed traceback technique has some unique advantages and disadvantages over the others. In this paper we will consider some of the novel traceback techniques and focus our discussion i) to raise some of the real time issues that can be addressed in the further research and ii) from the attackers perspective on how to generate DDoS attacks and remain untraced even if any of the traceback technique is deployed in the Internet. We will also demonstrate how attacks can be further amplified if ICMP traceback technique is deployed in the Internet and discuss techniques to minimise the additional attack traffic. We believe that the networks tend to become complex and more vulnerable to DDoS attacks if some of the proposed traceback techniques are deployed in the Internet. © 2006, Australian Computer Society, Inc.
|
||||||||||
2006 |
Balakrishnan V, Varadharajan V, Tupakula UK, 'Fellowship: Defense against Flooding and Packet Drop Attacks in MANET', 2006 IEEE/IFIP NETWORK OPERATIONS AND MANAGEMENT SYMPOSIUM, VOLS 1 AND 2, Vancouver, CANADA (2006)
|
||||||||||
2005 |
Balakrishnan V, Varadharajan V, 'Designing secure wireless mobile ad hoc networks', AINA 2005: 19TH INTERNATIONAL CONFERENCE ON ADVANCED INFORMATION NETWORKING AND APPLICATIONS, VOL 2, Taipei, TAIWAN (2005)
|
||||||||||
2005 |
Wang Y, Varadharajan V, 'Two-phase peer evaluation in P2P e-commerce environments', 2005 IEEE INTERNATIONAL CONFERENCE ON E-TECHNOLOGY, E-COMMERCE AND E-SERVICE, PROCEEDINGS, Hong Kong Baptist Univ, Hong Kong, PEOPLES R CHINA (2005)
|
||||||||||
2005 |
Lin C, Varadharajan V, Wang Y, Pruthi V, 'Trust enhanced security for mobile agents', CEC 2005: Seventh IEEE International Conference on E-Commerce Technology, Proceedings, Munich, GERMANY (2005)
|
||||||||||
2005 |
Gan ZB, Wei DW, Varadharajan V, 'Evaluating the performance and scalability of Web Application Systems', THIRD INTERNATIONAL CONFERENCE ON INFORMATION TECHNOLOGY AND APPLICATIONS, VOL 1, PROCEEDINGS, Sydney, AUSTRALIA (2005)
|
||||||||||
2005 |
Foster D, Varadharajan V, 'Security and trust enhanced mobile agent based system design', Third International Conference on Information Technology and Applications, Vol 1, Proceedings, Sydney, AUSTRALIA (2005)
|
||||||||||
2005 |
Balakrishnan V, Varadharajan V, 'Short paper: Fellowship in mobile ad hoc networks', FIRST INTERNATIONAL CONFERENCE ON SECURITY AND PRIVACY FOR EMERGING AREAS IN COMMUNICATIONS NETWORKS, PROCEEDINGS, Athens, GREECE (2005)
|
||||||||||
2005 |
Wang Y, Varadharajan V, 'Trust(2) : Developing trust in peer-to-peer environments', 2005 IEEE INTERNATIONAL CONFERENCE ON SERVICES COMPUTING, VOL 1, PROCEEDINGS, Orlando, FL (2005)
|
||||||||||
2005 |
Wang Y, Varadharajan V, 'A mobile autonomous agent-based secure payment protocol supporting multiple payments', 2005 IEEE/WIC/ACM INTERNATIONAL CONFERENCE ON INTELLIGENT AGENT TECHNOLOGY, PROCEEDINGS, Compiegne Univ Technol, Compiegne, FRANCE (2005)
|
||||||||||
2005 |
Tran H, Watters P, Hitchens M, Varadharajan V, 'Trust and authorization in the Grid: A recommendation model', International Conference on Pervasive Services 2005, Proceedings, Santorini, GREECE (2005)
|
||||||||||
2005 |
Zhao W, Varadharajan V, 'Efficient TTP-free mental poker protocols', International Conference on Information Technology: Coding and Computing, ITCC (2005) Zhao et al proposed an efficient mental poker protocol which did not require using a Trusted Third Party(TTP). The protocol is efficient and suitable for any number of players but... [more] Zhao et al proposed an efficient mental poker protocol which did not require using a Trusted Third Party(TTP). The protocol is efficient and suitable for any number of players but it introduces a security flaw. In this paper, we propose two mental poker protocols based on Zhao's previous work. The security flaw has been removed and the additional computing cost is small. © 2005 IEEE.
|
||||||||||
2005 |
Gan ZB, Wei DW, Zhang JL, Varadharajan V, 'Business-process-oriented software requirements automatic generator', Proceedings - 3rd International Conference on Information Technology and Applications, ICITA 2005 (2005) Requirements analysis is not only the most important stage of information systems development but also a complex and time-consuming process. Tools play an important role in suppor... [more] Requirements analysis is not only the most important stage of information systems development but also a complex and time-consuming process. Tools play an important role in supporting and automating software requirements analysis. They become indispensable in dealing with large and complex systems. This paper first introduces a business-processes-oriented requirements analysis model. And a business-process-oriented Software Requirements Automatic Generator (SRAG) is herein presented, alongside the design of a prototype. © 2005 IEEE.
|
||||||||||
2005 |
Gan ZB, Lin C, Vijay V, 'A middleware-based script language', 4th Annual International Conference on Mobile Business, ICMB 2005 (2005) © 2005 IEEE. Middleware has greatly promoted the 3-tie mode of application systems. But as application software requirements become more complex and more frequently changing, the ... [more] © 2005 IEEE. Middleware has greatly promoted the 3-tie mode of application systems. But as application software requirements become more complex and more frequently changing, the development cycle of middleware is demanded shorter and shorter. Within a middleware, once a component is amended, the middleware must be compiled and integrated into an application in a reliable, controlled manner. However, can the middleware directly be integrated and operated into an application without being recompiled after it is amended? To address this issue, this paper proposes a middleware-based script language (M-script) that can be used directly to update the middleware in order to adapt the new business requirements. An application example of the M-script is presented, and the result demonstrates that it simplifies the middleware redevelopment process, as well as enables rapid implementation of new business requirements.
|
||||||||||
2005 |
Ejiri M, Lewis L, Milham D, Nakjima I, Varadharajan V, Birch F, 'Service-level agreement - How to reach the practical agreement, not the announcement', 2005 9th IFIP/IEEE International Symposium on Integrated Network Management, IM 2005 (2005) SLA is becoming crucial in competitive ICT environment as one of key differentiations and in future demand where customer participated/centric operations are essential. SLA should... [more] SLA is becoming crucial in competitive ICT environment as one of key differentiations and in future demand where customer participated/centric operations are essential. SLA should be reached through the negotiation between customers and service providers. However current discussion of SLA is too much focused on QoS related features, most of them are not familiar with end users and also customers are forced to accept/select SLAs which are defined /announced by service providers. In the panel, the following issues will be discussed: (1) What is "Services"? Operations services are becoming more important. (2) "Level" should be defined by qualitative/quantitative way? (3) SLA features should be customer perceptible/visible features and QoS should be translated by customer language. (4) Mechanism to reach "Agreement" by customers/service providers negotiation. (5) SLA negotiation process in service providers business processes.
|
||||||||||
2005 |
Indrakanti S, Varadharajan V, Hitchens M, 'Principles for the design of authorization framework for the Service Oriented Architecture', Proceedings of the 1st International Conference on Internet Technologies and Applications, ITA 05 (2005) While there are several efforts underway to provide security for the Service Oriented Architecture (SOA), there is no specification or standard defined to provide authorization se... [more] While there are several efforts underway to provide security for the Service Oriented Architecture (SOA), there is no specification or standard defined to provide authorization services for the SOA. The SOA comprises of Web services and business process workflows built using Web services. Based on our analysis of existing authorization frameworks and policy specification models for the SOA, we envisage an authorization framework for the SOA to provide extensions to both the security layers of Web services and business processes separately. Also the Web services Description and Messaging layers must be extended to support authorization services designed for the SOA. In this paper, we lay out the core design principles for authorization services in each of these layers to achieve a comprehensive design of an authorization framework for the SOA.
|
||||||||||
2005 |
Indrakanti S, Varadharajan V, Hitchens M, 'Analysis of existing authorization models and requirements for design of authorization framework for the Service Oriented Architecture', ISWS '05: Proceedings of the 2005 International Symposium on Web Services and Applications, Las Vegas, NV (2005)
|
||||||||||
2005 | Ruani C, Varadharajan V, 'Data protection in distributed database systems', FOUNDATIONS OF INTELLIGENT SYSTEMS, PROCEEDINGS, Saratoga Springs, NY (2005) | ||||||||||
2005 |
Indrakanti S, Varadharajan V, 'An authorization architecture for Web services', DATA AND APPLICATIONS SECURITY XIX, PROCEEDINGS, Storrs, CT (2005)
|
||||||||||
2005 |
Lin C, Varadharajan V, Wang Y, 'Maximizing utility of mobile agent based E-commerce applications with trust enhanced security', TRUST, PRIVACY, AND SECURITY IN DIGITAL BUSINESS, Copenhagen, DENMARK (2005)
|
||||||||||
2005 |
Varadharajan V, 'Authorization and trust enhanced security for distributed applications', INFORMATION SYSTEMS SECURITY, PROCEEDINGS, Jadavpur Univ, Calcutta, INDIA (2005)
|
||||||||||
2005 |
Zhao WL, Varadharajan V, Bryan G, 'Analysis and modelling of trust in distributed information systems', INFORMATION SYSTEMS SECURITY, PROCEEDINGS, Jadavpur Univ, Calcutta, INDIA (2005)
|
||||||||||
2005 |
Zhao W, Varadharajan V, Bryan G, 'Type and scope of trust relationships in collaborative interactions in distributed environments', ICEIS 2005 - Proceedings of the 7th International Conference on Enterprise Information Systems (2005) In this paper, we consider the modelling of trust relationships in distributed systems based on a formal mathematical structure. We discuss different forms of trust. In particular... [more] In this paper, we consider the modelling of trust relationships in distributed systems based on a formal mathematical structure. We discuss different forms of trust. In particular, we address the base level authentication trust at the lower layer with a hierarchy of trust relationships at a higher level. Then we define and discuss trust direction and symmetric characteristics of trust for collaborative interactions in distributed environments. We define the trust scope label in order to describe the scope and diversity of trust relationship under our taxonomy framework. We illustrate the proposed definitions and properties of the trust relationships using example scenarios. The discussed trust types and properties will form part of an overall trust taxonomy framework and they can be used in the overall methodology of life cycle of trust relationships in distributed information systems that is currently in the process of development.
|
||||||||||
2005 |
Indrakanti S, Varadharajan V, Hitchens M, 'Architectural framework for web services authorization', Proceedings of the Joint Workshop on Web Services and Model-Driven Enterprise Information Services, WSMDEIS 2005, in Conjunction with ICEIS 2005 (2005) This paper proposes an authorization architecture for Web services. It describes the architectural framework, the administration and runtime aspects of our architecture and its co... [more] This paper proposes an authorization architecture for Web services. It describes the architectural framework, the administration and runtime aspects of our architecture and its components for secure authorization of Web services as well as the support for the management of authorization information. The paper also describes authorization algorithms required to authorize a Web service client. The architecture is currently being implemented within the .NET framework.
|
||||||||||
2005 |
Ching L, Varadharajan V, Yan W, Pruthi V, 'Security and trust management in mobile agents: A new perspective', IET Conference Publications (2005) This paper presents a new perspective for mobile agent security - trust enhanced security and develops MobileTrust - a novel trust management architecture to support the trust enh... [more] This paper presents a new perspective for mobile agent security - trust enhanced security and develops MobileTrust - a novel trust management architecture to support the trust enhanced security solutions for mobile agents. Based on this new perspective we go beyond traditional security mechanism based architectural design by incorporating a trust model into the underlying security architecture. Such an approach enables explicit management of security related trust relationships and it integrates trust into security decision making process to achieve trust enhanced security, which is impossible with the traditional security models. The proposed architecture provides several desirable emergent properties: increased level of security for mobile agent and host, improved flexibility, and scalability of the underlying security system, which are only made possible by this new trust management based approach.
|
||||||||||
2005 |
Indrakanti S, Varadharajan V, 'An authorization architecture for Web services', Lecture Notes in Computer Science (2005) This paper considers the authorization service requirements for the service oriented architecture and proposes an authorization architecture for Web services. It describes the arc... [more] This paper considers the authorization service requirements for the service oriented architecture and proposes an authorization architecture for Web services. It describes the architectural framework, the administration and runtime aspects of our architecture and its components for secure authorization of Web services as well as the support for the management of authorization information. The proposed architecture has several benefits. It is able to support legacy applications exposed as Web services as well as new Web service based applications built to leverage the benefits offered by the service oriented architecture; it can support multiple access control models and mechanisms and is decentralized and distributed and provides flexible management and administration of Web services and related authorization information. The proposed architecture can be integrated into existing middleware platforms to provide enhanced security to exposed Web services. The architecture is currently being implemented within the .NET framework. © IFIP International Federation for Information Processing 2005.
|
||||||||||
2005 |
Tran H, Hitchens M, Varadharajan V, Watters P, 'A trust based access control framework for P2P file-sharing systems', Proceedings of the Annual Hawaii International Conference on System Sciences (2005) Peer-to-peer (P2P) file sharing systems have become popular as a new paradigm for information exchange. However, the decentralized and anonymous characteristics of P2P environment... [more] Peer-to-peer (P2P) file sharing systems have become popular as a new paradigm for information exchange. However, the decentralized and anonymous characteristics of P2P environments make the task of controlling access to sharing information more difficult, which cannot be done by traditional access control methods. In this paper, we identify access control requirements in such environments and propose a trust based access control framework for P2P file-sharing systems. The framework integrates aspects of trust and recommendation models, fairness based participation schemes and access control schemes, and applies them to P2P file-sharing systems. We believe that the proposed scheme is realistic and argue that our approach preserves P2P decentralized structure and peers' autonomy property whist enabling collaboration between peers.
|
||||||||||
2004 |
Zhang JQ, Varadharajan V, Mu Y, 'Securing XML document sources and their distribution', 18TH INTERNATIONAL CONFERENCE ON ADVANCED INFORMATION NETWORKING AND APPLICATIONS, VOL 1 (LONG PAPERS), PROCEEDINGS, Fukuoka, JAPAN (2004)
|
||||||||||
2004 |
Indrakanti S, Varadharajan V, Hitchens M, 'Authorization service for web services and its implementation', IEEE INTERNATIONAL CONFERENCE ON WEB SERVICES, PROCEEDINGS, San Diego, CA (2004)
|
||||||||||
2004 |
Lin C, Varadharajan V, Wang Y, Pruthi V, 'Enhancing grid security with trust management', 2004 IEEE INTERNATIONAL CONFERENCE ON SERVICES COMPUTING, PROCEEDINGS, Shanghai, PEOPLES R CHINA (2004)
|
||||||||||
2004 |
Lin C, Varadharajan V, Wang Y, Pruthi V, 'Enhancing grid security with trust management', Proceedings - 2004 IEEE International Conference on Services Computing, SCC 2004 (2004) Recently, trust has been recognized as an important factor for Grid computing security. In this paper, we develop a trust management architecture for trust enhanced Grid security ... [more] Recently, trust has been recognized as an important factor for Grid computing security. In this paper, we develop a trust management architecture for trust enhanced Grid security incorporating a novel trust model which is capable of capturing various types of trust relationships that exist in a Grid system and providing mechanisms for trust evaluation, recommendations and update for trust decisions. The outcomes of the trust decisions can then be employed by the Grid security system to formulate trust enhanced security solutions. We design several algorithms to demonstrate how one can derive the trust enhanced security solutions for both user and resource provider protection with the proposed trust management architecture. Leveraging on trust knowledge and forming it as part of the security decisions, the proposed architecture possesses several desirable emerging properties that enable it to provide an improved level of security for Grid computing systems.
|
||||||||||
2004 |
Indrakanti S, Varadharajan V, Hitchens M, Kumar A, 'Secure authorisation for web services', DATA AND APPLICATIONS SECURITY XVII: STATUS AND PROSPECTS, Estes Pk, CO (2004)
|
||||||||||
2004 | Hitchens M, Shankaran R, Varadharajan V, 'Securing the ad-hoc on-demand distance vector protocol', PARALLEL AND DISTRIBUTED COMPUTING SYSTEMS, San Francisco, CA (2004) | ||||||||||
2004 |
Ruan C, Varadharajan V, 'A weighted graph approach to authorization delegation and conflict resolution', INFORMATION SECURITY AND PRIVACY, PROCEEDINGS, Sydney, AUSTRALIA (2004)
|
||||||||||
2004 |
Wang Y, Varadharajan V, 'Interaction trust evaluation in decentralized environments', E-COMMERCE AND WEB TECHNOLOGIES, Zaragoza, SPAIN (2004)
|
||||||||||
2004 |
Zhao WL, Varadharajan V, Bryan G, 'Modelling trust relationship in distributed environments', TRUST AND PRIVACY IN DIGITAL BUSINESS, PROCEEDINGS, Zaragoza, SPAIN (2004)
|
||||||||||
2004 |
Lin C, Varadharajan V, Wang Y, Mu Y, 'On the design of a new trust model for mobile agent security', TRUST AND PRIVACY IN DIGITAL BUSINESS, PROCEEDINGS, Zaragoza, SPAIN (2004)
|
||||||||||
2004 |
Wang Y, Varadharajan V, 'A time-based peer trust evaluation in P2P e-commerce environments', WEB INFORMATION SYSTEMS - WISE 2004, PROCEEDINGS, Brisbane, AUSTRALIA (2004)
|
||||||||||
2004 | Zhang JQ, Varadharajan V, Mu Y, 'A secure PIM-SM multicast routing protocol', DISTRIBUTED COMPUTING - IWDC 2004, PROCEEDINGS, Indian Statist Inst, Calcutta, INDIA (2004) | ||||||||||
2004 |
Wang Y, Varadharajan V, 'Interaction trust evaluation in decentralized environments', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2004) © Springer-Verlag Berlin Heidelberg 2004. In decentralized environments, such as P2P, as lack of central management, the trust issue is prominently important for interactions betw... [more] © Springer-Verlag Berlin Heidelberg 2004. In decentralized environments, such as P2P, as lack of central management, the trust issue is prominently important for interactions between unfamiliar peers. This paper first presents a probabilistic approach for evaluating the interaction trust of unfamiliar peers according to their interaction history. In addition, after an interaction, peers can evaluate each other and modify the trust status. Based on it, this paper presents an approach for trust value modification after interactions.
|
||||||||||
2004 |
Chaddoud G, Varadharajan V, 'Efficient secure group management for SSM', IEEE International Conference on Communications (2004) We propose in this paper a new approach to channel key management in the architecture S -SSM, we designed to secure SSM communication. S -SSM defines two mechanisms for access con... [more] We propose in this paper a new approach to channel key management in the architecture S -SSM, we designed to secure SSM communication. S -SSM defines two mechanisms for access control and content protection. The first one is carried out through subscriber authentication and access permission. The second is realized through the management of a unique key, called the channel key, k ch, shared among the sender and subscribers. The management k ch is based on a novel distributed encryption scheme that enables an entity to efficiently add and remove a subscriber without affecting other subscribers.
|
||||||||||
2004 |
Tupakula UK, Varadharajan V, Gajam AK, 'Counteracting TCP SYN DDoS attacks using automated model', GLOBECOM '04: IEEE GLOBAL TELECOMMUNICATIONS CONFERENCE, VOLS 1-6, Dallas, TX (2004)
|
||||||||||
2003 |
Shankaran R, Varadharajan V, Hitchens M, 'A secure mulficast support framework for mobile IP', WCNC 2003: IEEE WIRELESS COMMUNICATIONS AND NETWORKING CONFERENCE RECORD, VOLS 1-3, NEW ORLEANS, LA (2003)
|
||||||||||
2003 |
Zhang JQ, Varadharajan V, Mu Y, 'A novel dynamic key management scheme for secure multicasting', ICON 2003: 11TH IEEE INTERNATIONAL CONFERENCE ON NETWORKS, Sydney, AUSTRALIA (2003)
|
||||||||||
2003 |
Ruan C, Varadharajan V, Zhang Y, 'Delegatable authorization program and its application', Proceedings of the International Conference on Security and Management (2003) Data protection is a significant issue in any secure information system. In this paper, we develop a decentralized authorization delegation model in which users can be delegated, ... [more] Data protection is a significant issue in any secure information system. In this paper, we develop a decentralized authorization delegation model in which users can be delegated, granted or forbidden some access rights. This security model is formulated as an extended logic program which allows both negation as failure and classical negation. The stable model semantics is used to decide the users' access rights on data items. Under the proposed framework, conflicting problem is addressed and a promising resolution method is presented based on the underlying delegation relations and hierarchical structures of subjects, objects and access rights. The authorization inheritance are also supported in our model. Finally, as an application, we show how this framework can support different electronic consent models within the context of health care.
|
||||||||||
2003 |
Saunders G, Hitchens M, Varadharajan V, 'Role-based access control and the access control matrix', INFORMATION AND COMMUNICATIONS SECURITY, PROCEEDINGS, HUEHAOTE CITY, PEOPLES R CHINA (2003)
|
||||||||||
2003 |
Ruan C, Varadharajan V, Zhang Y, 'A logic model for temporal authorization delegation with negation', INFORMATION SECURITY, PROCEEDINGS, BRISTOL, ENGLAND (2003)
|
||||||||||
2003 |
Lin C, Varadharajan V, 'Modelling and evaluating trust relationships in mobile agents based systems', APPLIED CRYPTOGRAPHY AND NETWORK SECURITY, PROCEEDINGS, KUNMING, PEOPLES R CHINA (2003)
|
||||||||||
2003 |
Ruan C, Varadharajan V, 'An authorization model for e-consent requirement in a health care application', APPLIED CRYPTOGRAPHY AND NETWORK SECURITY, PROCEEDINGS, KUNMING, PEOPLES R CHINA (2003)
|
||||||||||
2003 |
Ruan C, Varadharajan V, 'Supporting e-consent on health data by logic', FOUNDATIONS OF INTELLIGENT SYSTEMS, MAEBASHI CITY, JAPAN (2003)
|
||||||||||
2003 |
Ruan C, Varadharajan V, 'Decentralized temporal authorization administration', DATABASE AND EXPERT SYSTEMS APPLICATIONS, PROCEEDINGS, TECH UNIV PRAGUE, PRAGUE, CZECH REPUBLIC (2003)
|
||||||||||
2003 |
Islam M, Thomas J, Varadharajan V, 'Reducing the Scope of Denial of Service Attacks in QoS Routing', Conference Record / IEEE Global Telecommunications Conference (2003) Existing routing algorithms treat Quality of Service (QoS) parameters and secure routing as completely separate entities requiring separate algorithms. In this paper we propose se... [more] Existing routing algorithms treat Quality of Service (QoS) parameters and secure routing as completely separate entities requiring separate algorithms. In this paper we propose secure QoS Distance Vector and secure Bellman-Ford-Moore routing algorithms that meet QoS requirements and satisfy security concerns. Security is achieved by placing filters in the network. The routing algorithms generate routes through these filters to meet the specified QoS requirements. Simulation results indicate that secure QoS Distance Vector algorithm performs the better of the two algorithms. Moreover, the density of filters and the placement strategy of filters affect the length of the route generated. |
||||||||||
2003 |
Tupakula UK, Varadharajan V, 'Counteracting DDoS attacks in multiple ISP domains using routing arbiter architecture', ICON 2003: 11TH IEEE INTERNATIONAL CONFERENCE ON NETWORKS, Sydney, AUSTRALIA (2003)
|
||||||||||
2003 |
Tupakula UK, Varadharajan V, 'A controller agent model to counteract DoS attacks in multiple domains', INTEGRATED NETWORK MANAGEMENT VIII, COLORADO SPRINGS, CO (2003)
|
||||||||||
2003 |
Tupakula UK, Varadharajan V, 'A controller agent model to counteract DoS attacks in multiple domains', IFIP Advances in Information and Communication Technology (2003) In this paper we discuss techniques to prevent Distributed Denial of Service (DDoS) attacks within the ISP domain and extend the scheme to prevent the attack in multiple ISP domai... [more] In this paper we discuss techniques to prevent Distributed Denial of Service (DDoS) attacks within the ISP domain and extend the scheme to prevent the attack in multiple ISP domains. With a new packet marking technique and agent design, our model is able to identify the approximate source of attack with a single packet and has many features to minimise DDoS attacks. © 2003 by Springer Science+Business Media Dordrecht.
|
||||||||||
2002 |
Mu Y, Varadharajan V, 'An efficient Internet credit card scheme from the weil pairing', THIRD INTERNATIONAL SYMPOSIUM ON ELECTRONIC COMMERCE, PROCEEDINGS, RES TRIANGLE PK, NC (2002)
|
||||||||||
2002 | Zhang JQ, Varadharajan V, Mu Y, 'A secure object sharing scheme for Java Card', INFORMATION AND COMMUNICATIONS SECURITY, PROCEEDINGS, SINGAPORE, SINGAPORE (2002) | ||||||||||
2002 | Hitchens M, Varadharajan V, Saunders G, 'Policy administration domains', INFORMATION SECURITY AND PRIVACY, MELBOURNE, AUSTRALIA (2002) | ||||||||||
2002 |
Mu Y, Zhang JQ, Varadharajan V, 'm out of n Oblivious Transfer', INFORMATION SECURITY AND PRIVACY, MELBOURNE, AUSTRALIA (2002)
|
||||||||||
2002 |
Ruan C, Varadharajan V, Zhang Y, 'Logic-based reasoning on delegatable authorizations', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2002) In this paper, we propose a logic program based formulation that supports delegatable authorizations, where negation as failure, classical negation and rules inheritance are allow... [more] In this paper, we propose a logic program based formulation that supports delegatable authorizations, where negation as failure, classical negation and rules inheritance are allowable. A conflict resolution policy has been developed in our approach that can be used to support the controlled delegation and exception. In our framework, authorization rules are specified in a Delegatable Authorization Program (DAP) which is an extended logic program associated with different types of partial orderings on the domain, and these orderings specify various inheritance relationships among subjects, objects and access rights in the domain. The semantics of a DAP is defined based on the well-known stable model and the conflict resolution is achieved in the process of model generation for the underlying DAP. Our framework provides users a feasible way to express complex security policies. © Springer-Verlag Berlin Heidelberg 2002.
|
||||||||||
2001 |
Wietrzyk VI, Takizawa M, Orgun MA, Varadharajan V, 'A secure transaction environment for workflows in distributed systems', PROCEEDINGS OF THE EIGHTH INTERNATIONAL CONFERENCE ON PARALLEL AND DISTRIBUTED SYSTEMS, KYONGJU CITY, SOUTH KOREA (2001)
|
||||||||||
2001 |
Shankaran R, Varadharajan V, Hitchens M, 'Secure distributed location management scheme for mobile hosts', LCN 2001: 26TH ANNUAL IEEE CONFERENCE ON LOCAL COMPUTER NETWORKS, PROCEEDINGS, TAMPA, FL (2001)
|
||||||||||
2001 |
Zhang Y, Varadharajan V, 'A logic for modeling the dynamics of beliefs in cryptographic protocols', Proceedings - 24th Australasian Computer Science Conference, ACSC 2001 (2001) © 2001 IEEE. We present a logic of modeling the dynamics of beliefs in cryptographic protocols. Differently from previous proposals, our logic is situation based, in which a proto... [more] © 2001 IEEE. We present a logic of modeling the dynamics of beliefs in cryptographic protocols. Differently from previous proposals, our logic is situation based, in which a protocol is viewed as a finite sequence of actions performed by various principals at different situations, and each action is a primitive term in the language. Therefore, it becomes possible to model the dynamic change of each principal's beliefs at each step of the protocol within the logic system. Our logic has a precise semantics and is sound with respect to the underlying automatic system.
|
||||||||||
2001 |
Mu Y, Nguyen KQ, Varadharajan V, 'A fair electronic cash scheme', ELECTRONIC COMMERCE TECHNOLOGIES, PROCEEDINGS, HONG KONG, PEOPLES R CHINA (2001)
|
||||||||||
2001 | Varadharajan V, 'Secure networked computing', INFORMATION ASSURANCE IN COMPUTER NETWORKS: METHODS, MODELS AND ARCHITECTURES FOR NETWORK SECURITY, PROCEEDINGS, ST PETERSBURG, RUSSIA (2001) | ||||||||||
2001 |
Wietrzyk VI, Takizawa M, Varadharajan V, 'A strategy for MLS workflow', INFORMATION SECURITY AND PRIVACY, PROCEEDINGS, SYDNEY, AUSTRALIA (2001)
|
||||||||||
2001 |
Hitchens M, Varadharajan V, 'Tower: A language for role based access control', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2001) © Springer-Verlag Berlin Heidelberg 2001. A language for specifying role-based access control (RBAC) policies is presented. The language is designed to support the range of access... [more] © Springer-Verlag Berlin Heidelberg 2001. A language for specifying role-based access control (RBAC) policies is presented. The language is designed to support the range of access control policies of commercial object systems. The basic structures of RBAC, such as role, users and permission, are present in the language as basic constructs. Examples are given in the language of access control situations, such as static and dynamic separation of duty, delegation and joint action based access policies. The language is flexible and is able to capture meta-level operations. The language also provides a mechanism for tracking actions and basing access control decisions on past events.
|
||||||||||
2001 |
Mu Y, Varadharajan V, 'An internet anonymous auction scheme', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2001) © Springer-Verlag Berlin Heidelberg 2001. This paper proposes a new Internet bidding system that offers anonymity of bidders and fairness to both bidders and the auction server. O... [more] © Springer-Verlag Berlin Heidelberg 2001. This paper proposes a new Internet bidding system that offers anonymity of bidders and fairness to both bidders and the auction server. Our scheme satisfies all the basic security requirements for a sealed-bid auction system, without requiring multiple servers.
|
||||||||||
2001 |
Wu CK, Varadharajan V, 'Fair exchange of digital signatures with offline trusted third party', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2001) © Springer-Verlag Berlin Heidelberg 2001. In this paper we show how fair exchange of digital signatures can be made possible without a separate verifiable encryption. This means t... [more] © Springer-Verlag Berlin Heidelberg 2001. In this paper we show how fair exchange of digital signatures can be made possible without a separate verifiable encryption. This means that the fair exchange protocol can be established based on an existing signature algorithm without modification, except that the users need to get a ticket from an off-line trusted third party to enable the fair exchange. The trusted third party is needed to make a judgment only when there is a dispute. Explicit protocols based on different digital signature algorithms are proposed.
|
||||||||||
2001 |
Hitchens M, Varadharajan V, 'RBAC for XML document stores', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2001) © Springer-Verlag Berlin Heidelberg 2001. Web based services and applications have increased the availability and accessibility of information. XML (eXtensible Markup Language) ha... [more] © Springer-Verlag Berlin Heidelberg 2001. Web based services and applications have increased the availability and accessibility of information. XML (eXtensible Markup Language) has recently emerged as an important standard in the area of information representation. XML documents can represent information at different levels of sensitivity. Access control for XML document stores must recognise the fine-grained nature of the document structure. In this paper we present an approach to access control for XML document stores. This framework is based on RBAC and includes a syntax for specifying access control policies for the store.
|
||||||||||
2001 |
Molli P, Skaf-Molli H, Godart C, Ray P, Shankaran R, Varadharajan V, 'Integrating network services for virtual teams', ICEIS 2001 - Proceedings of the 3rd International Conference on Enterprise Information Systems (2001) Virtual team provider is an emerging business on the Internet. It allows people to work together distributed across space, time and organization. Tools like BSCW or SourceForge al... [more] Virtual team provider is an emerging business on the Internet. It allows people to work together distributed across space, time and organization. Tools like BSCW or SourceForge allow an organization to host virtual teams. Although, these tools deliver functionalities, they lack required features (e.g. security, dependability and quality of service) to make them commercially acceptable. In this paper, we describe underlying effort needed at the network services level to make virtual team software commercially viable.
|
||||||||||
2001 |
Mu Y, Varadharajan V, 'Robust and secure broadcasting', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2001) © Springer-Verlag Berlin Heidelberg 2001. This paper describes a secure Pay TV protocol based on a public-key distributed encryption scheme that enables the Pay TV broadcaster to ... [more] © Springer-Verlag Berlin Heidelberg 2001. This paper describes a secure Pay TV protocol based on a public-key distributed encryption scheme that enables the Pay TV broadcaster to robustly add or remove any subscriber without changing private decryption keys of other subscribers. In other words, the updating process is transparent to the subscribers. This feature exhibits a distinct advantage over a symmetric key based system where all subscribers share a single key and therefore it is impossible to dynamically remove a subscriber from the system.
|
||||||||||
2001 |
Shankaran R, Varadharajan V, Hitchens M, 'A distributed location management scheme for mobile hosts', Proceedings of the Internatoinal Conference on Parallel and Distributed Systems - ICPADS (2001) With the increasing growth in mobile computing devices and wireless networks, users are able to access information from anywhere and at anytime. In such situations, the issues of ... [more] With the increasing growth in mobile computing devices and wireless networks, users are able to access information from anywhere and at anytime. In such situations, the issues of location management for mobile hosts are becoming increasingly significant. Different location management schemes such as Columbia University's mobile IP scheme and IETF mobile IP have been proposed. In this paper, we propose a new distributed location management scheme and discuss the advantages of the proposed scheme over the others. The paper then considers the issues of multicasting in the proposed architecture.
|
||||||||||
2000 |
Varadharajan V, 'Security enhanced mobile agents', Proceedings of the ACM Conference on Computer and Communications Security (2000) This paper describes a security model for mobile agent based systems. The model defines the notion of a security-enhanced agent and outlines security management components in agen... [more] This paper describes a security model for mobile agent based systems. The model defines the notion of a security-enhanced agent and outlines security management components in agent platform bases and considers secure migration of agents from one base to another. The security enhanced agent carries a passport that contains its security credentials and some related security code. Then we describe how authentication, integrity and confidentiality, and access control are achieved using the agent's passport and the security infrastructure in the agent bases. We also consider the types of access control policies that can be specified using the security enhanced agents and the policy base in the agent platforms. We discuss the application of the security model in roaming mobile agents and consider a simple scenario involving security auditing in networks.
|
||||||||||
2000 | Bai Y, Varadharajan V, 'A logical formalization for specifying authorizations in object-oriented databases', RESEARCH ADVANCES IN DATABASE AND INFORMATION SYSTEMS SECURITY, SEATTLE, WA (2000) | ||||||||||
2000 | Hitchens M, Varadharajan V, 'Elements of a language for role-based access control', INFORMATION SECURITY FOR GLOBAL INFORMATION INFRASTRUCTURES, BEIJING, PEOPLES R CHINA (2000) | ||||||||||
2000 |
Mu Y, Varadharajan V, 'Towards a protection model for supporting multiple access control policies', Proceedings - 11th Australasian Database Conference, ADC 2000 (2000) © 2000 IEEE. The Schematic Protection Model (SPM) allows us to specify the protection structure of an object-oriented database and provides an algorithm to reason about the transm... [more] © 2000 IEEE. The Schematic Protection Model (SPM) allows us to specify the protection structure of an object-oriented database and provides an algorithm to reason about the transmission of privileges. In this paper, we extend the SPM model to support multiple access policies, by introducing the concept of groups and the negation of authorisation.
|
||||||||||
2000 |
Zhao W, Varadharajan V, Mu Y, 'Fair on-line gambling', Proceedings - Annual Computer Security Applications Conference, ACSAC (2000) © 2000 IEEE. This paper proposes a fair electronic gambling scheme for the Internet. The proposed scheme provides a unique link between payment and gambling outcome so that the wi... [more] © 2000 IEEE. This paper proposes a fair electronic gambling scheme for the Internet. The proposed scheme provides a unique link between payment and gambling outcome so that the winner can be ensured to get the payment. Since an optimal fair exchange method is used in gambling message exchange the proposed system guarantees that no one can successfully cheat during a gambling process. Our system requires an off-line Trusted Third Party (TTP). If a cheating occurs, the TTP can resolve the problem and make the gambling process fair.
|
||||||||||
2000 |
Mu Y, Varadharajan V, 'Distributed signcryption', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2000) © Springer-Verlag Berlin Heidelberg 2000. This paper proposes a distributed encryption scheme, where any party can ¿signcrypt¿ a message and distribute it to a designated group an... [more] © Springer-Verlag Berlin Heidelberg 2000. This paper proposes a distributed encryption scheme, where any party can ¿signcrypt¿ a message and distribute it to a designated group and any member in the receiving group can ¿de-signcrypt¿ the message. We also propose a group signcryption, where, given a designated group, any member in the group can signcrypt a message on the group¿s behalf. A group signcrypted message can be distributed to another group. The proposed schemes have potential applicability in electronic commerce.
|
||||||||||
2000 |
Mu Y, Varadharajan V, 'Fail-stop confirmer signatures', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2000) © Springer-Verlag Berlin Heidelberg 2000. A designated confirmer signature allows the signer to prove to the signature's recipient that the designated confirmer can confirm t... [more] © Springer-Verlag Berlin Heidelberg 2000. A designated confirmer signature allows the signer to prove to the signature's recipient that the designated confirmer can confirm the signature without the signer. In this paper we propose a fail-stop confirmer signature scheme based on the concept of fail-stop knowledge proofs and signature knowledge proofs on discrete logarithms. We also develop a blinded version of the confirmer scheme. The new confirmer signatures have enhanced security against forgery from powerful adversaries.
|
||||||||||
2000 |
Wietrzyk VIS, Orgun MA, Varadharajan V, 'On the analysis of on-line database reorganization', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2000) © Springer-Verlag Berlin Heidelberg 2000. We consider the problem of on-line database reorganization. The types of reorganization that we discuss are restoration of clustering, pu... [more] © Springer-Verlag Berlin Heidelberg 2000. We consider the problem of on-line database reorganization. The types of reorganization that we discuss are restoration of clustering, purging of old data, creation of a backup copy, compaction, and construction of indexes. The contributions of this paper are both of theoretical and of experimental nature.
|
||||||||||
1999 |
Wu CK, Varadharajan V, 'Modified Chinese remainder theorem and its application to proxy signatures', Proceedings of the International Conference on Parallel Processing (1999) © 1999 IEEE. Chinese Remainder Theorem has been used for hundreds of years and has been applied to many domains such as integers and polynomials. An assumption made is that the co... [more] © 1999 IEEE. Chinese Remainder Theorem has been used for hundreds of years and has been applied to many domains such as integers and polynomials. An assumption made is that the component moduli are pairwise co-prime. In this paper, first we remove this assumption; then we give an algorithm to find whether a given system of congruent equations has a solution, and if so, how to find the solution in an efficient manner. Further we apply the modified Chinese Remainder Theorem to design proxy signatures.
|
||||||||||
1999 |
Saunders G, Hitchens M, Varadharajan V, 'An analysis of access control models', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (1999) © Springer-Verlag Berlin Heidelberg 1999. Access control in real systems is implemented using one or more abstractions based on the access control matrix (ACM). The most common ab... [more] © Springer-Verlag Berlin Heidelberg 1999. Access control in real systems is implemented using one or more abstractions based on the access control matrix (ACM). The most common abstractions are access control lists (ACLs) and capabilities. In this paper, we consider an extended Harrison-Ruzzo-Ullman (HRU) model to make some formal observations about capability systems versus access control list based systems. This analysis makes the characteristics of these types of access control mechanisms more explicit and is intended to provide a better understanding of their use. A combined model providing the flexibility of capabilities with the simplicity of the ACL and its relation to other models proposed earlier (e.g.[10,6]) are discussed.
|
||||||||||
1999 |
Nguyen KQ, Mu Y, Varadharajan V, 'Divertible zero-knowledge proof of polynomial relations and blind group signature', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (1999) © Springer-Verlag Berlin Heidelberg 1999. A divertible protocol is a protocol between three parties in which one party is able to divert another party¿s proof of some facts to pro... [more] © Springer-Verlag Berlin Heidelberg 1999. A divertible protocol is a protocol between three parties in which one party is able to divert another party¿s proof of some facts to prove some other facts to the other party. This paper presents a divertible protocol to prove multi-variant polynomial relations. Its direct application to blind group signature is also shown.
|
||||||||||
1999 |
Bai Y, Varadharajan V, 'Authorization in object oriented databases', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (1999) © Springer-Verlag Berlin Heidelberg 1999. Formal specification on authorization in object oriented databases is becoming increasingly significant. However most of the work in this... [more] © Springer-Verlag Berlin Heidelberg 1999. Formal specification on authorization in object oriented databases is becoming increasingly significant. However most of the work in this field suffers a lack of formal logic semantics to characterize different types of inheritance properties of authorization policies among complex data objects. In this paper, we propose a logic formalization specify object oriented databases together with authorization policies. Our formalization has a high level language structure to specify object oriented databases and allows various types of authorizations to be associated with.
|
||||||||||
1999 |
Wang H, Varadharajan V, Zhang Y, 'A secure communication scheme for multiagent systems', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (1999) © Springer-Verlag Berlin Heidelberg 1999. In this paper we present a secure communication scheme for multiagent systems. First, we briefly introduce an architecture for multiagent... [more] © Springer-Verlag Berlin Heidelberg 1999. In this paper we present a secure communication scheme for multiagent systems. First, we briefly introduce an architecture for multiagent systems, and discuss security problems with such systems. We then present the communication scheme in detail, including the mathematical principle and the cryptographic protocol. To further demonstrate how our communication scheme works, we present an example with which we show how a piece of plaintext message is encrypted and decrypted between two agents within a multiagent system in accordance with our communication scheme. In evaluation we show that, compared with other encryption systems such as RSA, our scheme is more simple and suitable for implementation on computers used in multiagent systems. Importantly, it remains as secure as other systems as long as the plaintext is not too short. In conclusion, we discuss issues about the management of secret keys and the suitability of the communication scheme.
|
||||||||||
1999 |
Bai Y, Varadharajan V, 'On formal languages for sequences of authorization transformations', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (1999) © Springer-Verlag Berlin Heidelberg 1999. In a multi-user, information-sharing computer systems, authorization policy is needed to ensure that the information flows in the desired... [more] © Springer-Verlag Berlin Heidelberg 1999. In a multi-user, information-sharing computer systems, authorization policy is needed to ensure that the information flows in the desired way and to prevent illegal access to the system resource. Usually such policy has a temporal property. That is, it needs to be updated to capture the changing requirements of applications, systems and users. These updates are implemented via transformation of authorization policies. In this paper, we propose two high-level formal languages L and L d to specify the transformation of authorizations in secure computer systems. L is a simple language that can be used to specify a sequence of authorization transformations. Though it has a simple syntax and semantics, we show that L is expressive enough to specify some well-known examples of authorization transformations. Language L d is an augmentation ofL which includes default propositions within the domain description of authorization policies. However, the semantics of L d is not just a simple extension of the semantics of L. We show that L d is more expressive than L in that constraints, causal and inherited authorizations, and general default authorizations can be specified.
|
||||||||||
1999 |
Van Le T, Nguyen KQ, Varadharajan V, 'how to prove that a committed number is prime', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (1999) © Springer-Verlag Berlin Heidelberg 1999. The problem of proving a number is of a given arithmetic format with some prime elements, is raised in RSA undeniable signature, group si... [more] © Springer-Verlag Berlin Heidelberg 1999. The problem of proving a number is of a given arithmetic format with some prime elements, is raised in RSA undeniable signature, group signature and many other cryptographic protocols. So far, there have been several studies in literature on this topic. However, except the scheme of Camenisch and Michels, other works are only limited to some special forms of arithmetic format with prime elements. In Camenisch and Michels's scheme, the main building block is a protocol to prove a committed number to be prime based on algebraic primality testing algorithms. In this paper, we propose a new protocol to prove a committed number to be prime. Our protocol is O(t) times more efficient than Camenisch and Michels's protocol, where t is the security parameter. This results in O(t) time improvement for the overall scheme.
|
||||||||||
1999 |
Hitchens M, Varadharajan V, 'Issues in the design of a language for role based access control', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (1999) © Springer-Verlag Berlin Heidelberg 1999. In this paper, we describe a language based approach to the specification of authorisation policies that can be used to support the range... [more] © Springer-Verlag Berlin Heidelberg 1999. In this paper, we describe a language based approach to the specification of authorisation policies that can be used to support the range of access control policies in commercial object systems. We discuss the issues involved in the design of a language for role based access control systems. The notion of roles is used as a primitive construct within the language. This paper describes the basic constructs of the language and the language is used to specify several access control policies such as role based access control, static and dynamic separation of duty, delegation as well as joint action based access policies. The language is flexible and is able to capture meta-level operations and it is often these features which are significant when it comes to the applicability of an access control system to practical real situations.
|
||||||||||
1999 |
Nguyen KQ, Bao F, Mu Y, Varadharajan V, 'Zero-knowledge proofs of possession of digital signatures and its applications', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (1999) © Springer-Verlag Berlin Heidelberg 1999. Demonstrating in zero-knowledge the possession of digital signatures has many cryptographic applications such as anonymous authentication... [more] © Springer-Verlag Berlin Heidelberg 1999. Demonstrating in zero-knowledge the possession of digital signatures has many cryptographic applications such as anonymous authentication, identity escrow, publicly verifiable secret sharing and group signature. This paper presents a general construction of zero-knowledge proof of possession of digital signatures. An implementation is shown for discrete logarithm settings. It includes protocols of proving exponentiation and modulo operators, which are the most interesting operators in digital signatures. The proposed construction is applicable for ElGamal signature scheme and its variations. The construction also works for the RSA signature scheme. In discrete logarithm settings, our technique is O(l) times more efficient than previously known methods.
|
||||||||||
1999 |
Nguyen K, Mu Y, Varadharajan V, 'Undeniable confirmer signature', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (1999) © Springer-Verlag Berlin Heidelberg 1999. In undeniable signature, a signature can only be verified with cooperation of the signer. If the signer refuses to cooperate, it is infea... [more] © Springer-Verlag Berlin Heidelberg 1999. In undeniable signature, a signature can only be verified with cooperation of the signer. If the signer refuses to cooperate, it is infea-sible to check the validity of a signature. This problem is eliminated in confirmer signature schemes where the verification capacity is given to a confirmer rather than the signer. In this paper, we present a variation of confirmer signature, called undeniable confirmer signature in that both the signer and a confirmer can verify the validity of a signature. The scheme provides a better flexibility for the signer and the user as well as reduces the involvement of designated confirmers, who are usually trusted in practice. Furthermore, we show that our scheme is divertible, i.e., our signature can be blindly issued. This is essential in some applications such as subscription payment system, which is also shown.
|
||||||||||
1999 |
Mu Y, Varadharajan V, Nguyen KQ, 'Delegated decryption', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (1999) © Springer-Verlag Berlin Heidelberg 1999. This paper proposes a new public key based system that enables us to have a single public key with one or more decryption keys and a uniq... [more] © Springer-Verlag Berlin Heidelberg 1999. This paper proposes a new public key based system that enables us to have a single public key with one or more decryption keys and a unique signing key. One straightforward application for our system is in delegated or proxy based decryption. The proxy based decryption requires that the decryption authority can be delegated to another party (proxy) without revealing the signing key information. This suggests that the proxy who has the legitimate right for decryption cannot sign on behalf of the public key owner; only the legitimate signer can be the owner of the public key.
|
||||||||||
1999 |
Shankaran R, Varadharajan V, Hitchens M, 'Secure multicast extensions for mobile networks', Conference on Local Computer Networks (1999) There has been a considerable interest shown in the area of mobility. With the advent of powerful portable devices such as laptop and palmtop there is a growing trend amongst user... [more] There has been a considerable interest shown in the area of mobility. With the advent of powerful portable devices such as laptop and palmtop there is a growing trend amongst users to go the nomadic way. This implies that a user can get access to any service at any time without any interruption. Such nomadic computing poses several challenges in multicasting and security. We first consider a framework that has been proposed by [1] for multicasting in mobile IP networks. In this paper, we extend this framework to support a secure multicasting service. We describe secure schemes for a mobile host to initiate, join and leave a multicast group. We also discuss the secure movement of mobile hosts in intra and inter campus environments.
|
||||||||||
1999 |
Wang H, Varadharajan V, Slaney J, 'Towards perfect objects', "Technology of Object-Oriented Languages and Systems (1999) We present in this paper an extended object model for software system modelling and design. The extended object model was developed from ontological research into the nature and t... [more] We present in this paper an extended object model for software system modelling and design. The extended object model was developed from ontological research into the nature and the generality of intelligent systems. The extension was made by attaching domains, states and categories to variables, and adding three types of constraints into the ordinary object model: identity constraints are for maintaining the identity and integrity of objects; trigger constraints are for enabling agents to act in objects autonomously; and goal constraints are for guiding agents to act in desired direction. We first introduce the theoretical background of the object model in brief. We then present the models in detail. We also discuss the advantages of our extended object model in software system modelling and design. In conclusion we summarise the main results we have achieved, and discuss some ongoing works that are relevant. |
||||||||||
1998 |
Varadharajan V, Crall C, Pato J, 'Issues in the design of secure authorization service for distributed applications', GLOBECOM 98: IEEE GLOBECOM 1998 - CONFERENCE RECORD, VOLS 1-6, SYDNEY, AUSTRALIA (1998)
|
||||||||||
1998 |
Varadharajan V, Crall C, Pato J, 'Authorization in enterprise-wide distributed system - A practical design and application', 14TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE, PROCEEDINGS, PHOENIX, AZ (1998)
|
||||||||||
1998 |
Shankaran R, Varadharajan V, 'Secure signaling and access control for ATM networks', 14TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE, PROCEEDINGS, PHOENIX, AZ (1998)
|
||||||||||
1998 |
Yi M, Varadharajan V, 'Anonymous secure E-voting over a network', 14TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE, PROCEEDINGS, PHOENIX, AZ (1998)
|
||||||||||
1998 |
Mu Y, Varadharajan V, 'A new scheme of credit based payment for electronic commerce', 23RD ANNUAL CONFERENCE ON LOCAL COMPUTER NETWORKS - PROCEEDINGS, LOWELL, MA (1998)
|
||||||||||
1998 |
Nguyen KQ, Mu Y, Varadharajan V, 'A new digital cash scheme based on blind Nyberg-Rueppel digital signature', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (1998) © Springer-Verlag Berlin Heidelberg 1998. We propose a new untraceable digital cash scheme using blind Nyberg-Rueppel digital signature. The scheme provides security features such... [more] © Springer-Verlag Berlin Heidelberg 1998. We propose a new untraceable digital cash scheme using blind Nyberg-Rueppel digital signature. The scheme provides security features such as client anonymity, coin forgery prevention and double spending detection. The proposed scheme is also more efficient than previously proposed schemes by Chaum and Brands.
|
||||||||||
1998 |
Bai Y, Varadharajan V, 'A high level language for conventional access control models', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (1998) © Springer-Verlag Berlin Heidelberg 1998. A formal language to specify general access control policies and their sequences of transformations has been proposed in [1]. The access ... [more] © Springer-Verlag Berlin Heidelberg 1998. A formal language to specify general access control policies and their sequences of transformations has been proposed in [1]. The access control policy was specified by a domain description which consisted of a finite set of initial policy propositions, policy transformation propositions and default propositions. Usually, access control models are falls into two conventional categories: discretionary access control(DAC) and mandatory access control(MAC). Traditional DAC models basically enumerate all the subjects and objects in a system and regulate the access to the object based on the identity of the subject. It can be best represented by the HRU's access control matrix [4]. While on the other hand, MAC models are lattice based models, in the sense that each subject and object is associated with a sensitivity level which forms a lattice [3]. In this paper, we intend to demonstrate that both a DAC-like model and a MAC-like model can be realized by an approach using our formal language. We also discuss some other related works.
|
||||||||||
1998 | Varadharajan V, Shankaran R, Hitchens M, 'Secure authentication and access control in ATM networks', LONG-HAUL, ATM AND MULTI-MEDIA NETWORKS - NOC '98, MANCHESTER, ENGLAND (1998) | ||||||||||
1998 | Varadharajan V, Mu Y, Hitchens M, 'Design choices for public key based Kerberos authentication system', PROCEEDINGS OF THE 21ST AUSTRALASIAN COMPUTER SCIENCE CONFERENCE, ACSC'98, PERTH, AUSTRALIA (1998) | ||||||||||
1997 | Bai Y, Varadharajan V, 'Updating policy base: An application of knowledge base in authorizations', 1997 IEEE INTERNATIONAL CONFERENCE ON INTELLIGENT PROCESSING SYSTEMS, VOLS 1 & 2, BEIJING, PEOPLES R CHINA (1997) | ||||||||||
Show 303 more conferences |
Grants and Funding
Summary
Number of grants | 17 |
---|---|
Total funding | $25,284,775 |
Click on a grant title below to expand the full details for that specific grant.
20195 grants / $489,643
Secure data centric architecture and its applications$225,000
Funding body: CSIRO - Commonwealth Scientific and Industrial Research Organisation
Funding body | CSIRO - Commonwealth Scientific and Industrial Research Organisation |
---|---|
Project Team | Professor Vijay Varadharajan, Seyit Camtepe, Dr Surya Nepal |
Scheme | Research Grant |
Role | Lead |
Funding Start | 2019 |
Funding Finish | 2021 |
GNo | G1900931 |
Type Of Funding | C2120 - Aust Commonwealth - Other |
Category | 2120 |
UON | Y |
Security Techniques and Architecture for SDN Data Plane and Software Defined Clouds$165,654
Funding body: CSIRO - Commonwealth Scientific and Industrial Research Organisation
Funding body | CSIRO - Commonwealth Scientific and Industrial Research Organisation |
---|---|
Project Team | Professor Vijay Varadharajan, Doctor Uday Tupakula, Dr Peter Dickinson, Dr Surya Nepal |
Scheme | Research Grant |
Role | Lead |
Funding Start | 2019 |
Funding Finish | 2020 |
GNo | G1900379 |
Type Of Funding | C2120 - Aust Commonwealth - Other |
Category | 2120 |
UON | Y |
Cyber secure control for smart electricity grid$73,739
Funding body: NSW Department of Industry
Funding body | NSW Department of Industry |
---|---|
Project Team | Professor Vijay Varadharajan, Professor Zhiyong Chen, Associate Professor Jahangir Hossain, Professor Graham Town |
Scheme | NSW Cyber Security Innovation Node |
Role | Lead |
Funding Start | 2019 |
Funding Finish | 2019 |
GNo | G1801354 |
Type Of Funding | C2220 - Aust StateTerritoryLocal - Other |
Category | 2220 |
UON | Y |
To research, develop and validate a unique integrated public cloud based cybersecure solution for its key Business Management System.$20,250
Funding body: Landos Pty Ltd
Funding body | Landos Pty Ltd |
---|---|
Project Team | Professor Vijay Varadharajan, Doctor Kallol Krishna Karmakar |
Scheme | Entrepreneurs' Programme: Innovation Connections |
Role | Lead |
Funding Start | 2019 |
Funding Finish | 2019 |
GNo | G1901107 |
Type Of Funding | C3111 - Aust For profit |
Category | 3111 |
UON | Y |
Visualising intrusion detection and behavioural analytics data in real-time for combatting cyber-attacks and creating awareness$5,000
Funding body: NUW Alliance
Funding body | NUW Alliance |
---|---|
Project Team | Professor Vijay Varadharajan |
Scheme | 2019 Projects |
Role | Lead |
Funding Start | 2019 |
Funding Finish | 2020 |
GNo | G1901323 |
Type Of Funding | C3112 - Aust Not for profit |
Category | 3112 |
UON | Y |
20183 grants / $194,076
Security for 5G/loT Network Infrastructures using SDN/NFV Technologies$152,346
Funding body: NSW Department of Industry
Funding body | NSW Department of Industry |
---|---|
Project Team | Professor Vijay Varadharajan, Doctor Uday Tupakula, Professor Doan Hoang |
Scheme | NSW Cyber Security Network |
Role | Lead |
Funding Start | 2018 |
Funding Finish | 2018 |
GNo | G1801214 |
Type Of Funding | C2210 - Aust StateTerritoryLocal - Own Purpose |
Category | 2210 |
UON | Y |
Software Defined Networks based Security Architecture for IoT Infrastructures$28,736
Funding body: ISIF Asia
Funding body | ISIF Asia |
---|---|
Project Team | Prof Vijay Varadharajan and Dr Uday Tupakula |
Scheme | APNIC |
Role | Lead |
Funding Start | 2018 |
Funding Finish | 2019 |
GNo | |
Type Of Funding | International - Competitive |
Category | 3IFA |
UON | N |
Design and program a communication protocol between ResTrackWeb (RTWeb) and ResTrack Controller$12,994
Funding body: Banlaw Pty Ltd
Funding body | Banlaw Pty Ltd |
---|---|
Project Team | Professor Vijay Varadharajan, Doctor Uday Tupakula, Doctor Rukshan Athauda, Doctor Nasimul Noman |
Scheme | Entrepreneurs' Programme: Innovation Connections |
Role | Lead |
Funding Start | 2018 |
Funding Finish | 2018 |
GNo | G1701620 |
Type Of Funding | C3111 - Aust For profit |
Category | 3111 |
UON | Y |
20177 grants / $601,056
Cloud Security: Techniques for Securing Cloud Data and Services$230,845
Funding body: ARC (Australian Research Council)
Funding body | ARC (Australian Research Council) |
---|---|
Project Team | Professor Vijay Varadharajan |
Scheme | Discovery Projects |
Role | Lead |
Funding Start | 2017 |
Funding Finish | 2017 |
GNo | G1700620 |
Type Of Funding | Aust Competitive - Commonwealth |
Category | 1CS |
UON | Y |
Advanced Authorisation Infrastructures for Distributed Autonomic Systems$133,620
Funding body: Defence Science and Technology Group
Funding body | Defence Science and Technology Group |
---|---|
Project Team | Professor Vijay Varadharajan, Dr Anton Uzunov |
Scheme | Research Scholarship |
Role | Lead |
Funding Start | 2017 |
Funding Finish | 2020 |
GNo | G1700915 |
Type Of Funding | C2110 - Aust Commonwealth - Own Purpose |
Category | 2110 |
UON | Y |
Policy Driven Secure End to End Services in Distributed Software Defined Networks based Autonomous Systems$99,607
Funding body: Defence Science and Technology Group
Funding body | Defence Science and Technology Group |
---|---|
Project Team | Professor Vijay Varadharajan |
Scheme | Competitive Evaluation Research Agreement (CERA) Program |
Role | Lead |
Funding Start | 2017 |
Funding Finish | 2017 |
GNo | G1700594 |
Type Of Funding | C2110 - Aust Commonwealth - Own Purpose |
Category | 2110 |
UON | Y |
Security and Trust in IoT Infrastructures$93,875
Funding body: CSIRO - Commonwealth Scientific and Industrial Research Organisation
Funding body | CSIRO - Commonwealth Scientific and Industrial Research Organisation |
---|---|
Project Team | Professor Vijay Varadharajan, Doctor Nan Li |
Scheme | Research Grant |
Role | Lead |
Funding Start | 2017 |
Funding Finish | 2020 |
GNo | G1701323 |
Type Of Funding | C2110 - Aust Commonwealth - Own Purpose |
Category | 2110 |
UON | Y |
Security and Trust in Peer to Peer Computing Services$34,036
Funding body: Microsoft Australia
Funding body | Microsoft Australia |
---|---|
Project Team | Professor Vijay Varadharajan |
Scheme | Research Grant |
Role | Lead |
Funding Start | 2017 |
Funding Finish | 2017 |
GNo | G1701022 |
Type Of Funding | C3111 - Aust For profit |
Category | 3111 |
UON | Y |
Health technology evaluation$4,545
Funding body: CSIRO - Commonwealth Scientific and Industrial Research Organisation
Funding body | CSIRO - Commonwealth Scientific and Industrial Research Organisation |
---|---|
Project Team | Professor John Attia, Professor Luke Wolfenden, Professor Vijay Varadharajan, Dr Craig Dalton, Conjoint Professor Andrew Searles, Ms Jane Gray |
Scheme | ON Prime |
Role | Investigator |
Funding Start | 2017 |
Funding Finish | 2017 |
GNo | G1701038 |
Type Of Funding | C2110 - Aust Commonwealth - Own Purpose |
Category | 2110 |
UON | Y |
Postgrad Scholarship for Kallol Karmakar$4,528
Funding body: CSIRO - Commonwealth Scientific and Industrial Research Organisation
Funding body | CSIRO - Commonwealth Scientific and Industrial Research Organisation |
---|---|
Project Team | Professor Vijay Varadharajan |
Scheme | Postgraduate Scholarship |
Role | Lead |
Funding Start | 2017 |
Funding Finish | 2017 |
GNo | G1701619 |
Type Of Funding | C2110 - Aust Commonwealth - Own Purpose |
Category | 2110 |
UON | Y |
19972 grants / $24,000,000
19 ARC Grants in Cyber Security between 1997 to 2017 - ARC Large, ARC Small, ARC Discovery, ARC Linkage, ARC Research Networks, ARC LIEF$15,000,000
Funding body: ARC (Australian Research Council)
Funding body | ARC (Australian Research Council) |
---|---|
Project Team | 19 Australian Research Council (ARC) (Large/Small, Discovery, Linkage, Networks) - Continuously funded by the ARC in one form or another since 1997-2019 (Over $15M) |
Scheme | Unknown |
Role | Lead |
Funding Start | 1997 |
Funding Finish | 2016 |
GNo | |
Type Of Funding | C1200 - Aust Competitive - ARC |
Category | 1200 |
UON | N |
Several Industry Grants in Cyber Security between 1997 and 2017$9,000,000
Funding body: Industry
Funding body | Industry |
---|---|
Scheme | Research |
Role | Lead |
Funding Start | 1997 |
Funding Finish | 2016 |
GNo | |
Type Of Funding | External |
Category | EXTE |
UON | N |
Research Collaborations
The map is a representation of a researchers co-authorship with collaborators across the globe. The map displays the number of publications against a country, where there is at least one co-author based in that country. Data is sourced from the University of Newcastle research publication management system (NURO) and may not fully represent the authors complete body of work.
Country | Count of Publications | |
---|---|---|
Australia | 393 | |
United Kingdom | 47 | |
United States | 27 | |
China | 23 | |
India | 20 | |
More... |
News
COVIDSafe
May 14, 2020
Cyber Security in the Aerospace and Defence Industry
March 11, 2020
On the Role of CISO in the Digital World
December 9, 2019
Professor Vijay Varadharajan
Position
Global Innovation Chair in Cybersecurity
Faculty of Engineering and Built Environment
Contact Details
vijay.varadharajan@newcastle.edu.au | |
Phone | (02) 4921 8687 |
Mobile | 0417023089 |
Office
Room | EAG03d |
---|---|
Building | Engineering A Building |