2022 |
Tupakula U, Karmakar KK, Varadharajan V, Collins B, 'Implementation of Techniques for Enhancing Security of Southbound Infrastructure in SDN', Proceedings of the 2022 13th International Conference on the Network of the Future, NoF 2022, Ghent, Belgium (2022) [E1]
|
|
Nova |
2022 |
Paardekooper C, Noman N, Chiong R, Varadharajan V, 'Designing Deep Convolutional Neural Networks using a Genetic Algorithm for Image-based Malware Classification', 2022 IEEE CONGRESS ON EVOLUTIONARY COMPUTATION (CEC), Padua, ITALY (2022) [C1]
|
|
Nova |
2021 |
Tupakula U, Varadharajan V, Karmakar KK, 'Techniques for Securing Control Systems from Attacks', Proceedings - 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2021, Shenyang, China (2021) [E1]
|
|
Nova |
2021 |
Thapa C, Karmakar KK, Celdran AH, Camtepe S, Varadharajan V, Nepal S, 'FedDICE: A Ransomware Spread Detection in a Distributed Integrated Clinical Environment Using Federated Learning and SDN Based Mitigation', Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST, Virtual (2021) [E1]
|
|
Nova |
2021 |
Varadharajan V, Tupakula U, Karmakar KK, 'Software Enabled Security Architecture and Mechanisms for Securing 5G Network Services', Proceedings of the 2021 IEEE Conference on Network Softwarization: Accelerating Network Softwarization in the Cognitive Age, NetSoft 2021, Tokyo, Japan (2021) [E1]
|
|
Nova |
2021 |
Varadharajan V, Tupakula U, Karmakar KK, 'Techniques for Securing 5G Network Services from attacks', Proceedings - 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2021, Shenyang, China (2021) [E1]
|
|
Nova |
2021 |
Sultan NH, Varadharajan V, Kumar C, Camtepe S, Nepal S, 'A Secure Access and Accountability Framework for Provisioning Services in Named Data Networks', Proceedings of the IEEE Symposium on Reliable Distributed Systems, Chicago, IL (2021) [E1]
|
|
Nova |
2020 |
Tupakula U, Varadharajan V, Karmakar K, 'Access Control Based Dynamic Path Establishment for Securing Flows from the User Devices with Different Security Clearance', Advanced Information Networking and Applications. Proceedings of the 33rd International Conference on Advanced Information Networking and Applications (AINA-2019), Matsue, Japan (2020) [E1]
|
|
Nova |
2020 |
Asadi B, Varadharajan V, 'Towards a Robust Classifier: An MDL-Based Method for Generating Adversarial Examples', 2020 IEEE 19TH INTERNATIONAL CONFERENCE ON TRUST, SECURITY AND PRIVACY IN COMPUTING AND COMMUNICATIONS (TRUSTCOM 2020), PEOPLES R CHINA, Guangzhou (2020) [E1]
|
|
|
2020 |
Karmakar KK, Varadharajan V, Tupakula U, Nepal S, Thapa C, 'Towards a security enhanced virtualised network infrastructure for internet of medical things (IoMT)', Proceedings of the 2020 IEEE Conference on Network Softwarization: Bridging the Gap Between AI and Network Softwarization, NetSoft 2020, Virtual (2020) [E1]
|
|
Nova |
2020 |
Tupakula U, Varadharajan V, Karmakar KK, 'Attack detection on the software defined networking switches', Proceedings of the 2020 IEEE Conference on Network Softwarization: Bridging the Gap Between AI and Network Softwarization, NetSoft 2020, Virtual (2020) [E1]
|
|
Nova |
2020 |
Sultan NH, Varadharajan V, Camtepe S, Nepal S, 'An accountable access control scheme for hierarchical content in named data networks with revocation', Computer Security ESORICS 2020 25th European Symposium on Research in Computer Security, Guildford, UK (2020) [E1]
|
|
Nova |
2020 |
Karmakar KK, Varadharajan V, Tupakula U, Hitchens M, 'Towards a Dynamic Policy Enhanced Integrated Security Architecture for SDN Infrastructure', Proceedings of IEEE/IFIP Network Operations and Management Symposium 2020: Management in the Age of Softwarization and Artificial Intelligence, NOMS 2020, Budapest, Hungary (2020) [E1]
|
|
Nova |
2019 |
Karmakar KK, Varadharajan V, Nepal S, Tupakula U, 'SDN enabled secure IoT architecture', 2019 IFIP/IEEE Symposium on Integrated Network and Service Management, IM 2019, Washington, DC (2019) [E1]
|
|
Nova |
2019 |
Li N, Varadharajan V, Nepal S, 'Context-aware trust management system for IoT applications with multiple domains', Proceedings - 2019 39th IEEE International Conference on Distributed Computing Systems, Richardson, Texas (2019) [E1]
|
|
Nova |
2019 |
Pal S, Hitchens M, Varadharajan V, 'Towards the design of a trust management framework for the internet of things', Proceedings of the International Conference on Sensing Technology, ICST, Sydney, Australia (2019) [E1]
|
|
Nova |
2018 |
Yousefi-Azar M, Hamey L, Varadharajan V, Chen S, 'Learning latent byte-level feature representation for malware detection', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Siem Reap, Cambodia (2018) [E1]
|
|
Nova |
2018 |
Pal S, Hitchens M, Varadharajan V, Rabehaja T, 'Policy-Based Access Control for Constrained Healthcare Resources', 19th IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks, WoWMoM 2018, Chania, Greece (2018) [E1]
|
|
Nova |
2018 |
Pal S, Hitchens M, Varadharajan V, 'Modeling Identity for the Internet of Things: Survey, Classification and Trends', 2018 12TH INTERNATIONAL CONFERENCE ON SENSING TECHNOLOGY (ICST), Univ Limerick, Limerick, IRELAND (2018) [E1]
|
|
Nova |
2018 |
Sood K, Karmakar K, Varadharajan V, Tupakula U, Yu S, 'Towards QoS and Security in Software-Driven Heterogeneous Autonomous Networks', 2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings, Abu Dhabi, UAE (2018) [E1]
|
|
Nova |
2017 |
Hitchens M, Varadharajan V, 'Elements of a language for role-based access control', IFIP Advances in Information and Communication Technology (2017)
A language for specifying role-based access control (RBAC) policies is presented. The language is designed to support the range of access control policies of commercial object sys... [more]
A language for specifying role-based access control (RBAC) policies is presented. The language is designed to support the range of access control policies of commercial object systems. The basic structures ofRBAC, such as role, users and permission, are present in the language as basic constructs. The language is flexible and is able to capture meta-level operations. The language also provides a mechanism for tracking actions and basing access control decisions on past events.
|
|
|
2017 |
Kitakami M, Varadharajan V, 'Welcome Message from the Program Chairs', Proceedings of IEEE Pacific Rim International Symposium on Dependable Computing, PRDC (2017)
|
|
|
2017 |
Karmakar KK, Varadharajan V, Tupakula U, 'Mitigating Attacks in Software Defined Network(SDN)', 2017 FOURTH INTERNATIONAL CONFERENCE ON SOFTWARE DEFINED SYSTEMS (SDS), Valencia, SPAIN (2017) [E1]
|
|
|
2017 |
Yousefi-Azar M, Varadharajan V, Hamey L, Tupakula U, 'Autoencoder-based Feature Learning for Cyber Security Applications', 2017 INTERNATIONAL JOINT CONFERENCE ON NEURAL NETWORKS (IJCNN), Anchorage, AK (2017) [E1]
|
|
|
2017 |
Yousefi-Azar M, Hamey L, Varadharajan V, McDonnell MD, 'Fast, Automatic and Scalable Learning to Detect Android Malware', NEURAL INFORMATION PROCESSING, ICONIP 2017, PT V, Guangzhou, PEOPLES R CHINA (2017) [E1]
|
|
|
2017 |
Jin F, Varadharajan V, Tupakula U, 'An Eclat Algorithm Based Energy Detection for Cognitive Radio Networks', 2017 16TH IEEE INTERNATIONAL CONFERENCE ON TRUST, SECURITY AND PRIVACY IN COMPUTING AND COMMUNICATIONS / 11TH IEEE INTERNATIONAL CONFERENCE ON BIG DATA SCIENCE AND ENGINEERING / 14TH IEEE INTERNATIONAL CONFERENCE ON EMBEDDED SOFTWARE AND SYSTEMS, Sydney, AUSTRALIA (2017) [E1]
|
|
|
2017 |
Pal S, Hitchens M, Varadharajan V, 'Towards a Secure Access Control Architecture for the Internet of Things', Proceedings: 2017 IEEE 42nd Conference on Local Computer Networks, Singapore (2017) [E1]
|
|
Nova |
2017 |
Tupakula U, Varadharajan V, Karmakar K, 'SDN-based dynamic policy specification and enforcement for provisioning SECaaS in cloud', Web Information Systems Engineering WISE 2017: 18th International Conference: Proceedings, Puschino, Russia (2017) [E1]
|
|
Nova |
2017 |
Pal S, Hitchens M, Varadharajan V, 'On the design of security mechanisms for the Internet of Things', Proceedings of the Eleventh International Conference on Sensing Technology, ICST 2017, Sydney, NSW (2017) [E1]
|
|
Nova |
2017 |
Tupakula U, Varadharajan V, Karmakar K, 'Secure monitoring of the patients with wandering behaviour', BodyNets '16: Proceedings of the 11th EAI International Conference on Body Area Networks, Turin, Italy (2017) [E1]
|
|
|
2017 |
Jin F, Varadharajan V, Tupakula U, 'A trust model based energy detection for cognitive radio networks', ACM International Conference Proceeding Series, Geelong, Australia (2017) [E1]
|
|
|
2017 |
Cheng S, Varadharajan V, Mu Y, Susilo W, 'An efficient and provably secure RFID grouping proof protocol', ACSW '17: Proceedings of the Australasian Computer Science Week Multiconference, Geelong, Australia (2017) [E1]
|
|
|
2017 |
Mishra P, Pilli ES, Varadharajan V, Tupakula U, 'Out-VM monitoring for Malicious Network Packet Detection in cloud', ISEA Asia Security and Privacy Conference 2017, ISEASP 2017, Surat, India (2017) [E1]
|
|
|
2017 |
Varadharajan V, Karmakar KK, Tupakula U, 'Securing communication in multiple Autonomous System domains with Software Defined Networking', Proceedings of the IM 2017 - 2017 IFIP/IEEE International Symposium on Integrated Network and Service Management, Lisbon, Portugal (2017) [E1]
|
|
|
2017 |
Pal S, Hitchens M, Varadharajan V, Rabehaja T, 'On Design of A Fine-Grained Access Control Architecture for Securing IoT-Enabled Smart Healthcare Systems', PROCEEDINGS OF THE 14TH EAI INTERNATIONAL CONFERENCE ON MOBILE AND UBIQUITOUS SYSTEMS: COMPUTING, NETWORKING AND SERVICES (MOBIQUITOUS 2017), Melbourne, AUSTRALIA (2017) [E1]
|
|
Nova |
2016 |
Varadharajan V, 'Trust enhanced secure role-based access control on encrypted data in cloud (Abstract of keynote talk)', IFIP Advances in Information and Communication Technology (2016)
In this talk I will begin with a brief look at current trends in the technology scenery and some of the key security challenges that are impacting on business and society. In part... [more]
In this talk I will begin with a brief look at current trends in the technology scenery and some of the key security challenges that are impacting on business and society. In particular, on the one hand there have been tremendous developments in cyber technologies such as cloud, Big Data and Internet of Technologies. Then we will consider security and trust issues in cloud services and cloud data. In this talk, we will focus on policy based access to encrypted data in the cloud. We will present a new technique, Role based Encryption (RBE), which integrates cryptographic techniques with role based access control. The RBE scheme allows policies defined by data owners to be enforced on the encrypted data stored in public clouds. The cloud provider will not be able to see the data content if the provider is not given the appropriate role by the data owner. We will present a practical secure RBE based hybrid cloud storage architecture, which allows an organisation to store data securely in a public cloud, while maintaining the sensitive information related to the organisation¿s structure in a private cloud. Then we will consider trust issues in RBE based secure cloud data systems. We will discuss two types of trust models that assist (i) the data owners/users to evaluate the trust on the roles/role managers in the system as well as (ii) the role managers to evaluate the trust on the data owners/users for when deciding on role memberships. These models will take into account the impact of role hierarchy and inheritance on the trustworthiness of the roles and users. We will also consider practical application of the trust models and illustrate how the trust evaluations can help to reduce the risks and enhance the quality of decision making by data owners and role managers of the cloud storage services.
|
|
|
2016 |
Karmakar KK, Varadharajan V, Tupakula U, Hitchens M, 'Policy based security architecture for software defined networks', Proceedings of the ACM Symposium on Applied Computing, Pisa, Italy (2016) [E1]
|
|
|
2016 |
Karmakar KK, Varadharajan V, Tupakula U, 'On the Design and Implementation of a Security Architecture for Software Defined Networks', Proceedings of the 2016 IEEE 18th International Conference on High Performance Computing and Communications; 14th IEEE International Conference on Smart City; and 2nd IEEE International Conference on Data Science and Systems (HPCC/SmartCity/DSS), Sydney, NSW (2016) [E1]
|
|
|
2016 |
Mishra P, Pilli ES, Varadharajan V, Tupakula U, 'NvCloudIDS: A Security Architecture to Detect Intrusions at Network and Virtualization Layer in Cloud Environment', 2016 International Conference on Advances in Computing, Communications and Informatics (ICACCI), Jaipur, India (2016) [E1]
|
|
|
2016 |
Min B, Varadharajan V, 'Cascading attacks against smart grid using control command disaggregation and services', SAC '16 Proceedings of the 31st Annual ACM Symposium on Applied Computing, Pisa, Italy (2016) [E1]
|
|
|
2016 |
Min B, Varadharajan V, 'Design and Evaluation of Feature Distributed Malware Attacks against the Internet of Things (IoT)', Proceedings of the IEEE International Conference on Engineering of Complex Computer Systems, ICECCS, Gold Coast, QLD (2016) [E1]
|
|
Nova |
2016 |
Mishra P, Pilli ES, Varadharajan V, Tupakula U, 'Efficient approaches for intrusion detection in cloud environment', Proceedings of the 2016 IEEE International Conference on Computing, Communication and Automation (ICCCA), Noida, India (2016) [E1]
|
|
|
2016 |
Karmakar KK, Varadharajan V, Tupakula U, 'On the Design and Implementation of a Security Architecture for End to End Services in Software Defined Networks', Proceedings - Conference on Local Computer Networks, LCN, Dubai, United Arab Emirates (2016) [E1]
|
|
Nova |
2016 |
Tupakula U, Varadharajan V, 'Securing Big Data Environments from Attacks', Proceedings - 2nd IEEE International Conference on Big Data Security on Cloud, IEEE BigDataSecurity 2016, 2nd IEEE International Conference on High Performance and Smart Computing, IEEE HPSC 2016 and IEEE International Conference on Intelligent Data and Security, IEEE IDS 2016, New York, NY (2016) [E1]
|
|
|
2016 |
Jayarathna D, Varadharajan V, Tupakula U, 'Integrated security for services hosted in virtual environments', Proceedings - 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 10th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Symposium on Parallel and Distributed Processing with Applications, IEEE TrustCom/BigDataSE/ISPA 2016, Tianjin, China (2016) [E1]
|
|
Nova |
2016 |
Mishra P, Pilli ES, Varadharajan V, Tupakula U, 'Securing virtual machines from anomalies using program-behavior analysis in cloud environment', Proceedings of the 2016 18th IEEE International Conference on High Performance Computing and Communications; 14th IEEE International Conference on Smart City; and 2nd IEEE International Conference on Data Science and Systems (HPCC/SmartCity/DSS), Sydney, Australia (2016) [E1]
|
|
|
2015 |
Fan X, Varadharajan V, Hitchens M, 'Provenance Based Classification Access Policy System Based on Encrypted Search for Cloud Data Storage', INFORMATION SECURITY, ISC 2015, Trondheim, NORWAY (2015) [E1]
|
|
|
2015 |
Min B, Varadharajan V, 'A Simple and Novel Technique for Counteracting Exploit Kits', INTERNATIONAL CONFERENCE ON SECURITY AND PRIVACY IN COMMUNICATION NETWORKS, SECURECOMM 2014, PT I, Beijing, PEOPLES R CHINA (2015) [E1]
|
|
Nova |
2015 |
Min B, Varadharajan V, 'Design and Analysis of a Sophisticated Malware Attack Against Smart Grid', INFORMATION SECURITY (ISC 2013), Dallas, TX (2015) [E1]
|
|
Nova |
2015 |
Wijesinghe U, Tupakula U, Varadharajan V, 'An enhanced model for network flow based botnet detection', Conferences in Research and Practice in Information Technology Series (2015) [E1]
The botnet is a group of hijacked computers, which are employed under command and control mechanism administered by a botmaster. Botnet evolved from IRC based centralized botnet t... [more]
The botnet is a group of hijacked computers, which are employed under command and control mechanism administered by a botmaster. Botnet evolved from IRC based centralized botnet to employing common protocols such as HTTP with decentralized architectures and then peer-to-peer designs. As Botnets have become more sophisticated, the need for advanced techniques and research against botnets has grown. In this paper, we propose techniques to detect botnets by analysing network traffic flows. We developed templates for capturing traffic flows with more relevant attributes for botnet detection. Also we make use of the IPFIX standard for the specification of the templates. Hence our techniques can be used to detect different bot families with lesser overheads and are vendor neutral.
|
|
|
2015 |
Damavandinejadmonfared S, Varadharajan V, 'A new extension of kernel principal component analysis for finger vein authentication', Conferences in Research and Practice in Information Technology Series (2015)
In this paper, we introduce a new method of data transformation for finger vein recognition system. Our proposed method uses kernel mapping functions to map the data before perfor... [more]
In this paper, we introduce a new method of data transformation for finger vein recognition system. Our proposed method uses kernel mapping functions to map the data before performing Principal Component Analysis. Kernel Principal Component Analysis (KPCA) is a well-known extension of PCA which is suitable for finding nonlinear patterns as it maps the data nonlinearly. In this work we develop an extension of KPCA which is both faster and more appropriate than KPCA for finger vein recognition system. The proposed method is called Feature Dependent Kernel Principal Component Analysis (FDKPCA). In FDKPCA the data is mapped differently from KPCA resulting in lower-dimension feature space where more important and valuable features are selected and extracted. Furthermore, extensive experiments reveal the significance of the proposed method for finger vein recognition systems.
|
|
|
2015 |
Jayarathna D, Tupakula U, Varadharajan V, 'Hypervisor-based security architecture to protect web applications', Conferences in Research and Practice in Information Technology Series (2015) [E1]
Web based applications are very common nowadays where almost every software can be accessible through a web browser in one form or the other. This paper proposes techniques to det... [more]
Web based applications are very common nowadays where almost every software can be accessible through a web browser in one form or the other. This paper proposes techniques to detect diffierent threats related to web applications by using a hypervisorbased security architecture. The proposed architecture leverages the hypervisor's visibility of the virtual machines' runtime state and traffic ows for securing the web application. The unique feature of the proposed architecture is that it is capable of doing fine granular detection of web application attacks, i.e. to the specific web page level, and protecting the application against zero-day attacks. © 2015, Australian Computer Society, Inc.
|
|
|
2015 |
Wijesinghe U, Tupakula U, Varadharajan V, 'Botnet Detection using Software Defined Networking', 2015 22ND INTERNATIONAL CONFERENCE ON TELECOMMUNICATIONS (ICT), Sydney, AUSTRALIA (2015) [E1]
|
|
Nova |
2015 |
Min B, Varadharajan V, 'Secure Dynamic Software Loading and Execution using Cross Component Verification', 2015 45TH ANNUAL IEEE/IFIP INTERNATIONAL CONFERENCE ON DEPENDABLE SYSTEMS AND NETWORKS, Univ Estadual Campinas, Rio de Janeiro, BRAZIL (2015) [E1]
|
|
Nova |
2015 |
Jin F, Varadharajan V, Tupakula U, 'Improved Detection of Primary User Emulation Attacks in Cognitive Radio Networks', 25TH INTERNATIONAL TELECOMMUNICATION NETWORKS AND APPLICATIONS CONFERENCE (ITNAC 2015), Sydney, AUSTRALIA (2015) [E1]
|
|
|
2015 |
Min B, Varadharajan V, 'Design, Implementation and Evaluation of a Novel Anti-Virus Parasitic Malware', 30TH ANNUAL ACM SYMPOSIUM ON APPLIED COMPUTING, VOLS I AND II, Salamanca, SPAIN (2015) [E1]
|
|
|
2015 |
Li N, Mu Y, Susilo W, Varadharajan V, 'Anonymous yoking-group proofs', ASIACCS 2015 - Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security (2015) [E1]
Yoking-proofs show an interesting application in Radio Frequency Identification (RFID) that a verifier can check whether two tags are simultaneously scanned by a reader. We consid... [more]
Yoking-proofs show an interesting application in Radio Frequency Identification (RFID) that a verifier can check whether two tags are simultaneously scanned by a reader. We consider a scenario that multi-group of tags can be proved to be scanned simultaneously. Grouping-proof, which is an extension of yoking-proofs, allows multiple tags to be proved together, while existing protocols cannot support multiple groups. In this paper, we introduce a novel concept called "yoking-group proofs". Additionally, we propose an anonymous yoking-proof protocol and an anonymous yoking-group proof protocol and prove their security in Universal Composability framework.
|
|
|
2014 |
Damavandinejadmonfared S, Varadharajan V, 'Finger vein recognition in row and column directions using two dimensional kernel principal component analysis', Proceedings of the 2014 International Conference on Image Processing, Computer Vision, and Pattern Recognition, IPCV 2014 (2014)
In this paper, a whole identification system is introduced for finger vein recognition. The proposed algorithm first maps the input data into kernel space, then; Two Dimensional P... [more]
In this paper, a whole identification system is introduced for finger vein recognition. The proposed algorithm first maps the input data into kernel space, then; Two Dimensional Principal Component Analysis is applied to extract the most valuable features from the mapped data. Finally, Euclidian distance classifies the features and the final decision is made. Because of the natural shape of human fingers, the image matrixes are not square, which makes it possible to use kernel mappings in two different ways-along row or column directions. Although, some research has been done on the row and column direction through 2DPCA, our argument is how to map the input data in different directions and get a square matrix out of it to be analyzed by Two Dimensional Principal Component Analysis. In this research, we have explored this area in details and obtained the most significant way of mapping finger vein data which results in consuming the least time and achieving the highest accuracy for finger vein identification system. The authenticity of the results and the relationship between the finger vein data and our contribution are also discussed and explained. Furthermore, extensive experiments were conducted to prove the merit of the proposed system.
|
|
|
2014 |
Damavandinejadmonfared S, Varadharajan V, 'Effective kernel mapping for one-dimensional principal component analysis in finger vein recognition', Proceedings of the 2014 International Conference on Image Processing, Computer Vision, and Pattern Recognition, IPCV 2014 (2014)
Kernel functions have been very useful in data classification for the purpose of identification and verification so far. Applying such mappings first and using some methods on the... [more]
Kernel functions have been very useful in data classification for the purpose of identification and verification so far. Applying such mappings first and using some methods on the mapped data such as Principal Component Analysis has been proven novel in many different areas. A lot of improvements have been proposed on PCA such as Kernel Principal Component Analysis, and Kernel Entropy Component Analysis which are known as very novel and reliable methods in face recognition and data classification. In this paper, we implemented four different Kernel mapping functions on finger database to determine the most appropriate one in terms of analyzing finger vein data using 1D-PCA. Extensive experiments have been conducted for this purpose using Polynomial, Gaussian, Exponential and Laplacian Principal Component Analysis (PCA) in 4 different examinations to determine the most significant one.
|
|
|
2014 |
Min B, Varadharajan V, 'Feature-Distributed Malware Attack: Risk and Defence', COMPUTER SECURITY - ESORICS 2014, PT II, Wroclaw Univ Technol, Wroclaw, POLAND (2014) [E1]
|
|
Nova |
2014 |
Min G, Varadharajan V, Ko RKL, Xiang Y, Marmol FG, Ruj S, et al., 'TSP 2013: Message from workshop chairs', Proceedings - 2013 IEEE International Conference on High Performance Computing and Communications, HPCC 2013 and 2013 IEEE International Conference on Embedded and Ubiquitous Computing, EUC 2013 (2014)
|
|
|
2014 |
Tupakula U, Varadharajan V, 'Secure monitoring for dementia patients', Proceedings of the ACM Symposium on Applied Computing (2014) [E1]
There are several challenges for monitoring the patients with specific requirements such as people with dementia. For example, vascular dementia which is caused generally after st... [more]
There are several challenges for monitoring the patients with specific requirements such as people with dementia. For example, vascular dementia which is caused generally after stroke could result in serious conditions and change of behaviour such as wandering, loss of vision and speech. Although the nursing staff make sincere effort for taking care and monitoring of the patients, it is rare that a nursing staff is allocated to each patient. Hence even a minor lack of attention can lead to havoc situation if any of the patient is found to be missing. This results in high stress for the nursing staff and the hospital management. The aim of this work is to develop techniques for secure monitoring of dementia patients in hospital environments. Our model tracks the patients in real time and can generate alarms if the location of the patients is found to be suspicious. Furthermore, our model makes use of the existing infrastructures to minimize the cost of deployment. Copyright 2014 ACM.
|
|
|
2014 |
Jayarathna D, Tupakula U, Varadharajan V, 'Hypervisor-based security architecture for validating DNS services (Poster)', Conferences in Research and Practice in Information Technology Series (2014) [E3]
Domain Name System (DNS) is one of the critical services in the current Internet infrastructure. However DNS is vulnerable to a range of attacks. One of the fundamental weaknesses... [more]
Domain Name System (DNS) is one of the critical services in the current Internet infrastructure. However DNS is vulnerable to a range of attacks. One of the fundamental weaknesses with the existing DNS protocols is that the request and response messages are transmitted on the network as plain text. This paper addresses important threats related to Doman Name System (DNS) using a hypervisor based security architecture. The proposed architecture leverages the hypervisor visibility of the virtual machines' traffic flows to monitor and utilise Virtual Machine Introspection (VMI) techniques to inspect and restore data. It also uses inbuilt snapshot/restore capabilities of the hypervisor to completely restore virtual machines if required. Objective of the proposed architecture is not to actively prevent attacks, but provide a means of identifying different attacks by passively monitoring DNS related conversations coming in and out of virtualised system hosting the DNS. Our model can alert the external monitoring agent(s) or security administrator and actively restore the system if the attack has already compromised the DNS. © 2014, Australian Computer Society, Inc.
|
|
|
2014 |
Yi X, Paulet R, Bertino E, Varadharajan V, 'Practical k Nearest Neighbor Queries with Location Privacy', 2014 IEEE 30TH INTERNATIONAL CONFERENCE ON DATA ENGINEERING (ICDE), Chicago, IL (2014) [E1]
|
|
Nova |
2014 |
Tupakula U, Varadharajan V, 'Trust Enhanced Cloud Security for Healthcare Services', 2014 IEEE 13TH INTERNATIONAL CONFERENCE ON TRUST, SECURITY AND PRIVACY IN COMPUTING AND COMMUNICATIONS (TRUSTCOM), Beijing, PEOPLES R CHINA (2014) [E1]
|
|
|
2014 |
Min B, Varadharajan V, 'Design and Analysis of a New Feature-Distributed Malware', 2014 IEEE 13TH INTERNATIONAL CONFERENCE ON TRUST, SECURITY AND PRIVACY IN COMPUTING AND COMMUNICATIONS (TRUSTCOM), Beijing, PEOPLES R CHINA (2014) [E1]
|
|
|
2014 |
Tupakula U, Varadharajan V, 'Techniques for Detecting Attacks on Critical Infrastructure', 2014 INTERNATIONAL CONFERENCE ON COMPUTING, NETWORKING AND COMMUNICATIONS (ICNC), Honolulu, HI (2014) [E1]
|
|
Nova |
2014 |
Min B, Varadharajan V, 'Design and Analysis of Security Attacks against Critical Smart Grid Infrastructures', 2014 19TH INTERNATIONAL CONFERENCE ON ENGINEERING OF COMPLEX COMPUTER SYSTEMS (ICECCS 2014), PEOPLES R CHINA, Tianjin (2014) [E1]
|
|
|
2014 |
Koeberl P, Schulz S, Sadeghi AR, Varadharajan V, 'TrustLite: A security architecture for tiny embedded devices', Proceedings of the 9th European Conference on Computer Systems, EuroSys 2014 (2014) [E1]
Embedded systems are increasingly pervasive, interdependent and in many cases critical to our every day life and safety. Tiny devices that cannot afford sophisticated hardware sec... [more]
Embedded systems are increasingly pervasive, interdependent and in many cases critical to our every day life and safety. Tiny devices that cannot afford sophisticated hardware security mechanisms are embedded in complex control infrastructures, medical support systems and entertainment products [51]. As such devices are increasingly subject to attacks, new hardware protection mechanisms are needed to provide the required resilience and dependency at low cost. In this work, we present the TrustLite security architecture for flexible, hardware-enforced isolation of software modules. We describe mechanisms for secure exception handling and communication between protected modules, enabling seamless interoperability with untrusted operating systems and tasks. TrustLite scales from providing a simple protected firmware runtime to advanced functionality such as attestation and trusted execution of userspace tasks. Our FPGA prototype shows that these capabilities are achievable even on low-cost embedded systems. Copyright © 2007 by the Association for Computing Machinery, Inc.
|
|
Nova |
2014 |
Hou X, Kumar ATK, Thomas JP, Varadharajan V, 'Dynamic workload balancing for hadoop MapReduce', Proceedings - 4th IEEE International Conference on Big Data and Cloud Computing, BDCloud 2014 with the 7th IEEE International Conference on Social Computing and Networking, SocialCom 2014 and the 4th International Conference on Sustainable Computing and Communications, SustainCom 2014 (2014)
Hadoop has two components which are HDFS and MapReduce. HDFS is a distributed file system for storing data for users of Hadoop and MapReduce is the framework that executes jobs fr... [more]
Hadoop has two components which are HDFS and MapReduce. HDFS is a distributed file system for storing data for users of Hadoop and MapReduce is the framework that executes jobs from users. Hadoop stores user data based on space utilization of data nodes on the cluster rather than the processing capability of the data nodes. Furthermore Hadoop runs in a heterogeneous environment as all data nodes may not be homogeneous. For these reasons, workload imbalances will occur when Hadoop runs resulting in poor performance. In this paper, we propose a dynamic algorithm to balance the workload between different racks on a Hadoop cluster based on information obtained from analyzing the log files of Hadoop. Moving tasks from the busiest rack to another rack improves the performance of Hadoop MapReduce by reducing the running time of jobs. Our simulations indicate that using our algorithm, we can decrease by more than 50% the remaining time of the tasks belonged to a job running on the busiest rack.
|
|
|
2014 |
Li N, Mu Y, Susilo W, Guo F, Varadharajan V, 'Privacy-Preserving Authorized RFID Authentication Protocols', RADIO FREQUENCY IDENTIFICATION: SECURITY AND PRIVACY ISSUES, RFIDSEC 2014, St Annes Coll, Oxford, ENGLAND (2014) [E1]
|
|
|
2013 |
Li N, Mu Y, Susilo W, Varadharajan V, 'Secure RFID ownership transfer protocols', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2013) [E1]
An RFID tag could change hands many times during its lifetime. In a retail chain, the ownership of the tag is instituted by the supplier who initially owns the tag. In the view of... [more]
An RFID tag could change hands many times during its lifetime. In a retail chain, the ownership of the tag is instituted by the supplier who initially owns the tag. In the view of a buyer, the validity of the current tag ownership and the originality of supplier are most important. In typical RFID ownership transfer protocols, the knowledge of the tag's authentication key proves the ownership. However, it is insufficient against an active attacker, since tags are usually lack of tamper-proof protections. Ownership transfer relies on a successful verification of tag's supplier and current ownership. In this paper, we formally define the security model of ownership transfer protocols and propose a secure ownership transfer protocol. In our scheme, current owner provides a new owner with the evidence of transfer and a proof of tag origin. Key management becomes easy in our system, since the one asymmetric verification key of the owner can be used to verify multiple tags that belong to the owner. © 2013 Springer-Verlag.
|
|
|
2013 |
Varadharajan V, Tupakula U, 'Integrated Security Architecture for Virtual Machines', SECURITY AND PRIVACY IN COMMUNICATION NETWORKS, SECURECOMM 2013, Sydney, AUSTRALIA (2013) [E1]
|
|
Nova |
2013 |
Habib SM, Varadharajan V, Mühlhäuser M, 'A framework for evaluating trust of service providers in cloud marketplaces', Proceedings of the ACM Symposium on Applied Computing (2013) [E1]
The Cloud Security Alliance (CSA) provides a framework for cloud platform providers that manages standardized self assessments regarding security controls. The framework as it sta... [more]
The Cloud Security Alliance (CSA) provides a framework for cloud platform providers that manages standardized self assessments regarding security controls. The framework as it stands does not allow consumers to specify and check their own requirements, nor does it contain any means for verifying the capabilities claimed by the providers. From a customer perspective, both these aspects are essential for evaluating the trustworthiness of cloud providers and for making an informed decision. We propose a novel concept for verifying the capabilities captured in the CSA's framework, plus a decision model that checks consumer requirements against the verification results. Our capability verification combines hard trust based on rigid validation with soft trust based on evidence about past behaviour. Elaborate formal methods are applied in both fields and combined into a single concept. Copyright 2013 ACM.
|
|
|
2013 |
Guo F, Mu Y, Susilo W, Varadharajan V, 'Membership encryption and its applications', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2013) [E1]
We propose a new encryption primitive called Membership Encryption. Let P(G) be a privacy-preserving token on a group attribute/identity G, such that given P(G) it is hard to know... [more]
We propose a new encryption primitive called Membership Encryption. Let P(G) be a privacy-preserving token on a group attribute/identity G, such that given P(G) it is hard to know the attributes in G. In this membership encryption, if an encryption takes as input an attribute A and the token P(G), the decryption requires holding the membership A ¿ G, i.e., A belongs to this group attribute. Membership encryption is applicable in constructing membership proof A ¿ P(G) with privacy preserving on group attribute and the membership. Membership encryption can be also utilized to construct an efficient two-round K-out-of-N oblivious transfer protocol. In this paper, we construct a provably secure membership encryption where the group token P(G) is constant-size with maximum number accountability on attributes. Using our scheme, the proposed oblivious transfer protocol exhibits the nice feature of O(1) communication cost for any K from receiver to sender, and O(N) communication cost from sender to receiver. © 2013 Springer-Verlag.
|
|
|
2013 |
Min B, Varadharajan V, 'A New Technique for Counteracting Web Browser Exploits', 2014 23RD AUSTRALASIAN SOFTWARE ENGINEERING CONFERENCE (ASWEC), Sydney, AUSTRALIA (2013) [E1]
|
|
|
2013 |
Tupakula U, Varadharajan V, 'Security Techniques for Counteracting Attacks in Mobile Healthcare Services', 4TH INTERNATIONAL CONFERENCE ON EMERGING UBIQUITOUS SYSTEMS AND PERVASIVE NETWORKS (EUSPN-2013) AND THE 3RD INTERNATIONAL CONFERENCE ON CURRENT AND FUTURE TRENDS OF INFORMATION AND COMMUNICATION TECHNOLOGIES IN HEALTHCARE (ICTH), Niagara Falls, CANADA (2013) [E1]
|
|
|
2013 |
Tupakula U, Varadharajan V, 'Securing Mobile Devices from DoS Attacks', 2013 IEEE 16TH INTERNATIONAL CONFERENCE ON COMPUTATIONAL SCIENCE AND ENGINEERING (CSE 2013), Sydney, AUSTRALIA (2013) [E1]
|
|
|
2013 |
Habib SM, Varadharajan V, Muehlhaeuser M, 'A Trust-aware Framework for Evaluating Security Controls of Service Providers in Cloud Marketplaces', 2013 12TH IEEE INTERNATIONAL CONFERENCE ON TRUST, SECURITY AND PRIVACY IN COMPUTING AND COMMUNICATIONS (TRUSTCOM 2013), Melbourne, AUSTRALIA (2013) [E1]
|
|
|
2013 |
Krishna A, Varadharajan V, Tarr N, 'On the Design of a Trust Enhanced Distributed Authorisation Architecture for Service Oriented Architectures', 2013 12TH IEEE INTERNATIONAL CONFERENCE ON TRUST, SECURITY AND PRIVACY IN COMPUTING AND COMMUNICATIONS (TRUSTCOM 2013), Melbourne, AUSTRALIA (2013) [E1]
|
|
|
2013 |
Tupakula U, Varadharajan V, 'Trust Enhanced Security Architecture for Detecting Insider Threats', 2013 12TH IEEE INTERNATIONAL CONFERENCE ON TRUST, SECURITY AND PRIVACY IN COMPUTING AND COMMUNICATIONS (TRUSTCOM 2013), Melbourne, AUSTRALIA (2013) [E1]
|
|
Nova |
2013 |
Zhou L, Varadharajan V, Hitchens M, 'Integrating Trust with Cryptographic Role-based Access Control for Secure Cloud Data Storage', 2013 12TH IEEE INTERNATIONAL CONFERENCE ON TRUST, SECURITY AND PRIVACY IN COMPUTING AND COMMUNICATIONS (TRUSTCOM 2013), Melbourne, AUSTRALIA (2013) [E1]
|
|
Nova |
2013 |
Varadharajan V, Tupakula U, 'On the Security of Tenant Transactions in the Cloud', 2013 IEEE FIFTH INTERNATIONAL CONFERENCE ON CLOUD COMPUTING TECHNOLOGY AND SCIENCE (CLOUDCOM), VOL 1, Bristol, ENGLAND (2013) [E1]
|
|
|
2013 |
Zhou L, Varadharajan V, Hitchens M, 'Trust-based Secure Cloud Data Storage with Cryptographic Role-based Access Control', PROCEEDINGS OF THE 10TH INTERNATIONAL CONFERENCE ON SECURITY AND CRYPTOGRAPHY (SECRYPT 2013), Reykjavik, ICELAND (2013) [E1]
|
|
|
2013 |
Lee A, Varadharajan V, Tupakula UK, 'On Malware Characterization and Attack Classification.', AWC, Adelaide, Australia (2013) [E1]
|
|
|
2012 |
Zhao H, Hu J, Qin J, Varadharajan V, Wan H, 'Hashed random key pre-distribution scheme for large heterogeneous sensor networks', Proc. of the 11th IEEE Int. Conference on Trust, Security and Privacy in Computing and Communications, TrustCom-2012 - 11th IEEE Int. Conference on Ubiquitous Computing and Communications, IUCC-2012 (2012) [E1]
Many wireless sensor networks (WSNs) consist of a large number of distributed sensor nodes that are batteries powered, vulnerable to tampering, and equipped with limited computati... [more]
Many wireless sensor networks (WSNs) consist of a large number of distributed sensor nodes that are batteries powered, vulnerable to tampering, and equipped with limited computational capabilities and memory. These characteristics render WSNs facing many security threats, which require cryptographic security mechanisms for secure communication, key revocation and management of security issues arising from the addition of new nodes. In this paper, we propose a key management scheme to meet the security requirements of wireless sensor networks. The scheme relies on the theory of random graph to build a fully secure connectivity for distributed sensor nodes. It uses heterogeneous structure to limit ranges of attacks, and utilizes hash chains to realize authentication of pool keys and broadcast messages of auxiliary nodes. The security and network connectivity characteristics supported by the key management scheme are discussed and simulation experiments are presented. © 2012 IEEE.
|
|
|
2012 |
Varadharajan V, Tupakula U, 'TREASURE: Trust enhanced security for cloud environments', Proc. of the 11th IEEE Int. Conference on Trust, Security and Privacy in Computing and Communications, TrustCom-2012 - 11th IEEE Int. Conference on Ubiquitous Computing and Communications, IUCC-2012 (2012) [E1]
Today, cloud computing is one of the popular technologies. In addition to this, most of the hardware that is being shipped today is equipped with the TPM which can be used for rea... [more]
Today, cloud computing is one of the popular technologies. In addition to this, most of the hardware that is being shipped today is equipped with the TPM which can be used for realization of trusted platforms. Recently several TPM attestation techniques such as binary attestation and property based attestation techniques have been proposed but there are some fundamental issues that need to be addressed for using these techniques in practice. In this paper we consider an architecture where different services are hosted on the cloud infrastructure by multiple cloud customers (tenants). Then we consider an attacker model that is specific to the cloud and some of the challenges with the current TPM based attestation techniques. We will also propose a novel trust enhanced security model for cloud which overcomes the challenges with the current TPM based attestation techniques and efficiently deals with the attacks in the cloud. In our model, the cloud service provider is used as the Certification Authority (CA) for the tenant virtual machines. The CA only certifies the basic security properties which are the assurance on the traffic originating from the tenant virtual machine and validation of the tenant virtual machine transactions. The components of the CA monitor the interactions of the tenant virtual machine for the certified properties. Since the tenant virtual machines are running on the cloud service provider infrastructure, it is aware of the dynamic changes to the tenant virtual machine. The CA can terminate the ongoing transactions and/or dynamically isolate the tenant virtual machine if there is a variation in the behaviour of the tenant virtual machine from the certified properties. Hence our model can be used to address the challenges with the current TPM based attestation techniques and efficiently deal with the attacks in the cloud. We will present implementation of our model on Xen and how it deals with the attacks in different attack case scenarios. We will also show that our model is beneficial for the cloud service providers, tenants and tenant customers. © 2012 IEEE.
|
|
|
2012 |
Zhou L, Varadharajan V, Hitchens M, 'Trusted administration of large-scale cryptographic role-based access control systems', Proc. of the 11th IEEE Int. Conference on Trust, Security and Privacy in Computing and Communications, TrustCom-2012 - 11th IEEE Int. Conference on Ubiquitous Computing and Communications, IUCC-2012 (2012) [E1]
There has been an increasing trend towards outsourcing data to the cloud to cope with the massive increase in the amount of data. Hence trusted enforcement of access control polic... [more]
There has been an increasing trend towards outsourcing data to the cloud to cope with the massive increase in the amount of data. Hence trusted enforcement of access control policies on outsourced data in the cloud has become a significant issue. In this paper we address trusted administration and enforcement of role-based access control policies on data stored in the cloud. Role-based access control (RBAC) simplifies the management of access control policies by creating two mappings; roles to permissions and users to roles. Recently crypto-based RBAC (C-RBAC) schemes have been developed which combine cryptographic techniques and access control to secured data in an outsourced environment. In such schemes, data is encrypted before outsourcing it and the ciphertext data is stored in the untrusted cloud. This ciphertext can only be decrypted by those users who satisfy the role-based access control policies. However such schemes assume the existence of a trusted administrator managing all the users and roles in the system. Such an assumption is not realistic in large-scale systems as it is impractical for a single administrator to manage the entire system. Though administrative models for RBAC systems have been proposed decentralize the administration tasks associated with the roles, these administrative models cannot be used in the C-RBAC schemes, as the administrative policies cannot be enforced in an untrusted distributed cloud environment. In this paper, we propose a trusted administrative model AdC-RBAC to manage and enforce role-based access policies for C-RBAC schemes in large-scale cloud systems. The AdC-RBAC model uses cryptographic techniques to ensure that the administrative tasks such as user, permission and role management are performed only by authorized administrative roles. Our proposed model uses role-based encryption techniques to ensure that only administrators who have the permissions to manage a role can add/revoke users to/from the role and owners can verify that a role is created by qualified administrators before giving out their data. We show how the proposed model can be used in an untrusted cloud while guaranteeing its security using cryptographic and trusted access control enforcement techniques. © 2012 IEEE.
|
|
|
2012 |
Liu C, Ranjan R, Chen J, Yu PS, Thuraisingham B, Varadharajan V, 'Message from the PriSecCSN2012 workshop chairs', Proceedings - 2nd International Conference on Cloud and Green Computing and 2nd International Conference on Social Computing and Its Applications, CGC/SCA 2012 (2012)
The First International Symposium on Privacy and Security in Cloud and Social Networks (PriSecCSN2012) is co-located with the Second International Conference on Cloud and Green Co... [more]
The First International Symposium on Privacy and Security in Cloud and Social Networks (PriSecCSN2012) is co-located with the Second International Conference on Cloud and Green Computing (CGC2012) held on November 1-3, 2012, Xiangtan, Hunan, China. Social network analysis and cloud computing are two of the most exciting new trends in the recent developments of information technology. As the new generation computing paradigm, cloud enables computing resources to be provided as IT services in a pay-as-you-go fashion with high efficiency and effectiveness. With the popularity of social software as well as the fast development of cloud and other high-performance computing infrastructures, the outcome of social network analysis is becoming more and more attractive. However, information privacy and security issues are major challenges in both these areas. This symposium aims at providing a forum for researchers, practitioners and developers from different background areas such as distributed computing, social computing, information security and privacy protection areas to exchange the latest experience, research ideas and synergic research and development on fundamental issues and applications about security and privacy issues in cloud environments and social networks. The symposium solicits high quality research results in all related areas. PriSecCSN2012 contains 3 papers. Each of them was peer reviewed by at least three program committee members. The symposium covers a broad range of topics in the field of Privacy and Security in Cloud and Social Networks such as Security and privacy in Big Data management, Application of modern cryptography in cloud and social networks, Emerging threats in cloud-based services, Multi-tenancy related security/privacy issues, Vulnerabilities in cloud infrastructure, Security modelling and threats in cloud computing, Security/privacy in hybrid cloud, User authentication in cloud services, Information hiding, Trust and policy management in cloud, Remote data integrity protection, Securing distributed data storage in the cloud, Security and privacy in mobile cloud, Malware propagation in social networks, Information leakage via social networks, Trust and reputation in social networks, Security configuration based on social contexts groups, Online social footprints, Multi-faceted privacy preservation. © 2012 IEEE.
|
|
|
2012 |
Schulz S, Sadeghi AR, Zhdanova M, Mustafa HA, Xu W, Varadharajan V, 'Tetherway: A framework for tethering camouflage', WiSec'12 - Proceedings of the 5th ACM Conference on Security and Privacy in Wireless and Mobile Networks (2012) [E1]
The rapidly increasing data usage and overload in mobile broadband networks has driven mobile network providers to actively detect and bill customers who tether tablets and laptop... [more]
The rapidly increasing data usage and overload in mobile broadband networks has driven mobile network providers to actively detect and bill customers who tether tablets and laptops to their mobile phone for mobile Internet access. However, users may not be willing to pay additional fees only because they use their bandwidth differently, and may consider tethering detection as violation of their privacy. Furthermore, accurate tethering detection is becoming harder for providers as many modern smartphones are under full control of the user, running customized, complex software and applications similar to desktop systems. In this work, we analyze the network characteristics available to network providers to detect tethering customers. We present and categorize possible detection mechanisms and derive cost factors based on how well the approach scales with large customer bases. For those characteristics that appear most reasonable and practical to deploy by large providers, we present elimination or obfuscation mechanisms and substantiate our design with a prototype Android App.
|
|
Nova |
2012 |
Guo F, Mu Y, Susilo W, Varadharajan V, 'A pre-computable signature scheme with efficient verification for RFID', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2012) [E1]
Passive RFID tags have limited rewritable memory for data storage and limited computation power, which pose difficulties to implement security protection on RFID tags. It has been... [more]
Passive RFID tags have limited rewritable memory for data storage and limited computation power, which pose difficulties to implement security protection on RFID tags. It has been shown that strong security and privacy protections for RFID require utilizing public-key cryptography. Unfortunately, the implementation of public key cryptography is infeasible in low-cost passive tags. With this issue in mind, in this work, we propose a pre-computable signature scheme with a very efficient signature verification algorithm for RFID applications. Our signature scheme is provably secure under the DDH assumption and a variant of q-SDH assumption. With pre-computations, no exponentiation is required in our signature verification. Our research shows that it is feasible for low-cost RFID tags to verify signatures with the basic modular multiplication only (if they have a small amount of writable memory). © 2012 Springer-Verlag.
|
|
Nova |
2012 |
Zhang J, Shankaran R, Orgun MA, Sattar A, Varadharajan V, 'A dynamic authentication scheme for hierarchical wireless sensor networks', Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST (2012) [E1]
Sensor networks offer economically viable solutions for a wide variety of monitoring applications. In surveillance of critical infrastructure such as airports by sensor networks, ... [more]
Sensor networks offer economically viable solutions for a wide variety of monitoring applications. In surveillance of critical infrastructure such as airports by sensor networks, security becomes a major concern. To resist against malicious attacks, secure communication between severely resource-constrained sensor nodes is necessary while maintaining scalability and flexibility to topology changes. A robust security solution for such networks must facilitate authentication of sensor nodes and the establishment of secret keys among nodes In this paper, we propose a decentralized authentication and key management framework for hierarchical ad hoc sensor networks. This scheme is light weight and energy aware and reduces the communication overhead. © 2012 Springer-Verlag Berlin Heidelberg.
|
|
|
2012 |
Varadharajan V, 'Security and trust in the web', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2012)
Security and trust issues have been catapulted to the forefront with the dramatic developments in technologies such as web applications, cloud computing, mobile devices and social... [more]
Security and trust issues have been catapulted to the forefront with the dramatic developments in technologies such as web applications, cloud computing, mobile devices and social networking. Though trust has always been a foundational stone of security, the greater dependency of society and economy on information technology have increased the need to consider trust issues more explicitly and systematically. This talk will address some of the key challenges in security and trust in the distributed information infrastructures. The talk will start with a brief look at some of the recent developments in the threat scenery. Then I will consider the notion of trust in the security world and see how trust issues arise in current ubiquitous computing systems context. Then we will consider a hybrid approach which combines the "hard" attestation based trust with the "soft" social and reputation based trust. Such a hybrid approach can help to improve the detection of malicious entities which in turn can enhance the quality of secure decision making. I will conclude the talk by demonstrating such a trust enhanced security approach using some examples from systems that we have been developing during recent years. © 2012 Springer-Verlag Berlin Heidelberg.
|
|
|
2012 |
Sadeghi AR, Schulz S, Varadharajan V, 'The silence of the LANs: Efficient leakage resilience for IPsec VPNs', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2012)
Virtual Private Networks (VPNs) are increasingly used to build logically isolated networks. However, existing VPN designs and deployments neglect the problem of traffic analysis a... [more]
Virtual Private Networks (VPNs) are increasingly used to build logically isolated networks. However, existing VPN designs and deployments neglect the problem of traffic analysis and covert channels. Hence, there are many ways to infer information from VPN traffic without decrypting it. Many proposals were made to mitigate network covert channels, but previous works remained largely theoretical or resulted in prohibitively high padding overhead and performance penalties. In this work, we (1) analyse the impact of covert channels in IPsec, (2) present several improved and novel approaches for covert channel mitigation in IPsec, (3) propose and implement a system for dynamic performance trade-offs, and (4) implement our design in the Linux IPsec stack and evaluate its performance for different types of traffic and mitigation policies. At only 24% overhead, our prototype enforces tight information-theoretic bounds on all information leakage. © 2012 Springer-Verlag.
|
|
|
2012 |
Tupakula U, Varadharajan V, Dutta D, 'Intrusion Detection Techniques for Virtual Domains', 2012 19TH INTERNATIONAL CONFERENCE ON HIGH PERFORMANCE COMPUTING (HIPC), Pune, INDIA (2012) [E1]
|
|
|
2012 |
Tupakula U, Varadharajan V, 'Distributed Service Control Technique for Detecting Security Attacks', 2012 IEEE NETWORK OPERATIONS AND MANAGEMENT SYMPOSIUM (NOMS), Maui, HI (2012) [E1]
|
|
|
2011 |
Ulucenk C, Varadharajan V, Balakrishnan V, Tupakula U, 'Techniques for Analysing PDF Malware', 2011 18TH ASIA-PACIFIC SOFTWARE ENGINEERING CONFERENCE (APSEC 2011), Univ Sci, Ho Chi Minh, VIETNAM (2011) [E1]
|
|
|
2011 |
Tupakula U, Varadharajan V, Bichhawat A, 'Security Architecture for Virtual Machines', ALGORITHMS AND ARCHITECTURES FOR PARALLEL PROCESSING, PT I, Melbourne, AUSTRALIA (2011) [E1]
|
|
Nova |
2011 |
Tupakula U, Varadharajan V, Vuppala SK, 'Security techniques for beyond 3G wireless mobile networks', Proceedings - 2011 IFIP 9th International Conference on Embedded and Ubiquitous Computing, EUC 2011 (2011) [E1]
Significant developments in the recent times have led to an increasing use of mobile devices such as smart phones in accessing Internet services and applications over wireless net... [more]
Significant developments in the recent times have led to an increasing use of mobile devices such as smart phones in accessing Internet services and applications over wireless networks. In this paper, we propose a security architecture for counteracting denial of service attacks in Beyond 3G (B3G) network architecture with mobile nodes. We describe the system architecture and discuss the different cases of attack scenarios involving the mobility of the attacking and victim nodes. Our proposed solution takes into account practical issues such as limited resources of the mobile nodes. It has distinct advantages such as monitoring of the traffic to the victim node and the attack traffic being dropped before reaching the victim; the ability to traceback the attacking node and prevent the attack at the home agent or foreign agent that is closer to the attacking node; and the ability to deal with dynamic changes in attack traffic patterns. We also present an analysis of our proposed architecture as well as simulation results. © 2011 IEEE.
|
|
|
2011 |
Tupakula U, Varadharajan V, 'TVDSEC: Trusted virtual domain security', Proceedings - 2011 4th IEEE International Conference on Utility and Cloud Computing, UCC 2011 (2011) [E1]
Virtualisation is one of the important technologies for the realisation of cloud computing. A Virtual Machine Monitor (VMM) is an additional software layer which has complete cont... [more]
Virtualisation is one of the important technologies for the realisation of cloud computing. A Virtual Machine Monitor (VMM) is an additional software layer which has complete control on the physical resources and enables to run multiple operating systems on a scalable computer. Recently some of the techniques have been proposed to develop Trusted Virtual domains. A trusted virtual domain (TVD) enables grouping of related virtual machines running on separate physical machine into a single network domain with a unified security policy. In this paper we analyze the security issues related to TVD and propose security techniques to deal with the attacks in TVD. © 2011 IEEE.
|
|
|
2011 |
Tupakula U, Varadharajan V, Akku N, 'Intrusion detection techniques for infrastructure as a service cloud', Proceedings - IEEE 9th International Conference on Dependable, Autonomic and Secure Computing, DASC 2011 (2011) [E1]
Today, cloud computing is one of the increasingly popular technology where the customer can use the resources of the cloud services providers to perform their tasks and only pay f... [more]
Today, cloud computing is one of the increasingly popular technology where the customer can use the resources of the cloud services providers to perform their tasks and only pay for the resources they use. The customer virtual machines in the cloud are vulnerable to different types of attacks. In this paper we propose techniques for securing customer virtual machines from different types of attacks in the Infrastructure as a Service cloud and describe how this can be achieved in practice. Our model enables to differentiate attack traffic originating from each virtual machine even if multiple virtual machines on a VMM are sharing a single IP address. © 2011 IEEE.
|
|
|
2011 |
Seberry J, Varadharajan V, Chen J, Wang H, Yang LT, Ma J, 'DASC 2011: Message from the chairs', Proceedings - IEEE 9th International Conference on Dependable, Autonomic and Secure Computing, DASC 2011 (2011)
|
|
|
2011 |
Tupakula U, Varadharajan V, 'On the design of virtual machine intrusion detection system', Proceedings of the 12th IFIP/IEEE International Symposium on Integrated Network Management, IM 2011 (2011) [E1]
In this paper we propose comprehensive security architecture called VICTOR to deal with different types of attacks on virtual machines. Our model takes into account the specific c... [more]
In this paper we propose comprehensive security architecture called VICTOR to deal with different types of attacks on virtual machines. Our model takes into account the specific characteristics of operating system and applications running in each virtual machine (VM) at a fine granular level to deal with the attacks. Our architecture has several components such as entity validation, intrusion detection engine and dynamic analyzer. The entity validation component is used in the detection of attack traffic with spoofed source address, secure logging, and capturing information of the operating system and applications running in the virtual machines. The intrusion detection engine component is used for detection of known attacks and suspicious behaviour by monitoring the incoming and outgoing traffic of virtual machines. The dynamic analyzer is used for detection and validation of suspicious processes, detection of zero day attacks and fine granular isolation of malicious process or application that is generating the attack traffic. © 2011 IEEE.
|
|
Nova |
2011 |
Tupakula U, Varadharajan V, Vuppala SK, 'Counteracting DDoS attacks in WLAN', ACM International Conference Proceeding Series (2011) [E1]
The security protocols for WLAN such as WEP have fundamental weakness which can be exploited by the attacker to obtain unauthorized access to the wireless networks and generate at... [more]
The security protocols for WLAN such as WEP have fundamental weakness which can be exploited by the attacker to obtain unauthorized access to the wireless networks and generate attacks. In this paper, we propose a security architecture for counteracting denial of service attacks in wireless based network architecture with mobile nodes. We describe the system model and discuss the different cases of attack scenarios involving the mobility of the attacking and victim nodes. We describe how mobile IP protocol in conjunction with our model can be used to deal efficiently with the attacks on mobile nodes. © 2011 ACM.
|
|
|
2011 |
Ruan C, Varadharajan V, 'Reasoning about dynamic delegation in role based access control systems', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2011) [E1]
This paper proposes a logic based framework that supports dynamic delegation for role based access control systems in a decentralised environment. It allows delegation of administ... [more]
This paper proposes a logic based framework that supports dynamic delegation for role based access control systems in a decentralised environment. It allows delegation of administrative privileges for both roles and access rights between roles. We have introduced the notion of trust in delegation and have shown how extended logic programs can be used to express and reason about roles and their delegations with trust degrees, roles' privileges and their propagations, delegation depth as well as conflict resolution. Furthermore, our framework is able to enforce various role constraints such as separation of duties, role composition and cardinality constraints. The proposed framework is flexible and provides a sound basis for specifying and evaluating sophisticated role based access control policies in decentralised environments. © 2011 Springer-Verlag.
|
|
Nova |
2011 |
Ries S, Habib SM, Muehlhaeuser M, Varadharajan V, 'CertainLogic: A Logic for Modeling Trust and Uncertainty', TRUST AND TRUSTWORTHY COMPUTING, TRUST 2011, Carnegie Mellon Univ, Pittsburgh, PA (2011) [E1]
|
|
Nova |
2011 |
Haghighi MS, Mohamed-pour K, Varadharajan V, 'Analysis of Packet Loss for Batch Traffic Arrivals in IEEE 802.15.4-based Networks', 2011 IEEE 36TH CONFERENCE ON LOCAL COMPUTER NETWORKS (LCN), Bonn, GERMANY (2011) [E1]
|
|
|
2011 |
Krishna A, Varadharajan V, 'A Hybrid Trust Model for Authorisation Using Trusted Platforms', TRUSTCOM 2011: 2011 INTERNATIONAL JOINT CONFERENCE OF IEEE TRUSTCOM-11/IEEE ICESS-11/FCST-11, Changsha, PEOPLES R CHINA (2011) [E1]
|
|
|
2011 |
Tupakula U, Varadharajan V, 'TVLAN: Trusted and Virtualised Local Area Networks', TRUSTCOM 2011: 2011 INTERNATIONAL JOINT CONFERENCE OF IEEE TRUSTCOM-11/IEEE ICESS-11/FCST-11, Changsha, PEOPLES R CHINA (2011) [E1]
|
|
|
2011 |
Tupakula U, Varadharajan V, 'Security Techniques for Zero Day Attacks', 2011 7TH INTERNATIONAL WIRELESS COMMUNICATIONS AND MOBILE COMPUTING CONFERENCE (IWCMC), Istanbul, TURKEY (2011)
|
|
|
2011 |
Indrakanti S, Varadharajan V, 'Coordination based Distributed Authorization for Business Processes in Service Oriented Architectures', PROCEEDINGS OF THE SIXTH INTERNATIONAL CONFERENCE ON INTERNET AND WEB APPLICATIONS AND SERVICES (ICIW 2011), St Maarten, NETHERLANDS (2011) [E1] |
|
|
2011 |
Ries S, Habib SM, Mühlhäuser M, Varadharajan V, 'CertainLogic: A logic for modeling trust and uncertainty (Short paper)', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2011)
The evaluation of the trustworthiness of complex systems is a challenge in current IT research. We contribute to this field by providing a novel model for the evaluation of propos... [more]
The evaluation of the trustworthiness of complex systems is a challenge in current IT research. We contribute to this field by providing a novel model for the evaluation of propositional logic terms under uncertainty that is compliant with the standard probabilistic approach and subjective logic. Furthermore, we present a use case to demonstrate how this approach can be applied to the evaluation of the trustworthiness of a system based on the knowledge about its components and subsystems. © 2011 Springer-Verlag.
|
|
|
2010 |
Rannenberg K, Varadharajan V, Weber C, 'Security and Privacy - Silver linings in the Cloud: 25th IFIP TC 11 International Information Security Conference, SEC 2010 Held as Part of WCC 2010 Brisbane, Australia, September 20-23, 2010 Proceedings', IFIP Advances in Information and Communication Technology (2010) |
|
|
2010 |
Nagarajan A, Varadharajan V, 'Modelling Dynamic Trust with Property Based Attestation in Trusted Platforms', DATA AND APPLICATIONS SECURITY AND PRIVACY XXIV, PROCEEDINGS, Rome, ITALY (2010)
|
|
|
2010 |
Wang H, Sun L, Varadharajan V, 'Purpose-Based Access Control Policies and Conflicting Analysis', SECURITY AND PRIVACY - SILVER LININGS IN THE CLOUD, Australian Comp Soc (ACS), Brisbane, AUSTRALIA (2010)
|
|
|
2010 |
Sayad Haghighi M, Mohamedpour K, Varadharajan V, Mohammadi-Nodooshan A, 'Overhearing gain analysis in low-traffic CDMA wireless sensor networks', SUTC 2010 - 2010 IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing, UMC 2010 - 2010 IEEE International Workshop on Ubiquitous and Mobile Computing (2010)
There have been trends in using spread spectrum channel accessing techniques in wireless sensor networks to mitigate the effect of potential collisions in concurrent transmissions... [more]
There have been trends in using spread spectrum channel accessing techniques in wireless sensor networks to mitigate the effect of potential collisions in concurrent transmissions and to increase the throughput as well as countering jamming-like noises. Overhearing of the data has been previously analyzed in cellular CDMA networks as this technique was first introduced for mobile communications with multiple transmitting users sending their data to a single base station which controls their transmission power. But sensor (and ad hoc) networks are usually devoid of any coordinating devices and the transmission is usually done toward different local destinations using distributed power controlling methods. This paper provides a systematic analysis of overhearing performance in low-traffic sensor networks especially when the sensing point is located somewhere at the middle of the network which is not necessarily near the sink. The distributed code assignment which is a key issue in infrastructureless CDMA networks has been taken into account in the development of a theoretical model. The result of this analysis shows that the higher the number of used codes, the higher is the gain of overhearing. Thus using this parameter, the network designer has statistical control over the amount of potential overheard data. We have also developed simulations of the proposed model and the results support the predictions of the theoretical model. © 2010 IEEE.
|
|
|
2010 |
Zhang J, Shankaran R, Orgun MA, Varadharajan V, Sattar A, 'A dynamic trust establishment and management framework for wireless sensor networks', Proceedings - IEEE/IFIP International Conference on Embedded and Ubiquitous Computing, EUC 2010 (2010)
In this paper, we present a trust establishment and management framework for hierarchical wireless sensor networks. The wireless sensor network architecture we consider consists o... [more]
In this paper, we present a trust establishment and management framework for hierarchical wireless sensor networks. The wireless sensor network architecture we consider consists of a collection of sensor nodes, cluster heads and a base station arranged hierarchically. The framework encompasses schemes for establishing and managing trust between these different entities. We demonstrate that the proposed framework helps to minimize the memory, computation and communication overheads involved in trust management in wireless sensor networks. Our framework takes into account direct and indirect (group) trust in trust evaluation as well as the energy associated with sensor nodes in service selection. It also considers the dynamic aspect of trust by introducing a trust varying function which could be adjusted to give greater weight to the most recently obtained trust values in the trust calculation. The architecture also has the ability to deal with the inter-cluster movement of sensor nodes using a combination of certificate based trust and behaviour based trust. © 2010 IEEE.
|
|
|
2010 |
Nagarajan A, Varadharajan V, Hitchens M, 'Analysis of property based attestation in trusted platforms', Proceedings - IEEE/IFIP International Conference on Embedded and Ubiquitous Computing, EUC 2010 (2010)
Binary attestation in trusted computing platforms provide the ability to reason about the state of a system using hash measurements. Property based attestation on the other hand e... [more]
Binary attestation in trusted computing platforms provide the ability to reason about the state of a system using hash measurements. Property based attestation on the other hand enables more meaningful attestation by abstracting low level binary values to high level security properties or functions of systems. In this paper, we try to understand the kind of security properties that trusted platforms can attest. We propose that security properties can have different levels of granularity and provide a pyramid model that classifies properties at four different levels. We leverage the Common Criteria framework for security requirements to provide examples of such properties. The model is then implemented in the context of authorisation for Web services. © 2010 IEEE.
|
|
|
2010 |
Babenko LK, Chefranov AG, Varadharajan V, 'SIN'10 - Proceedings of the 3rd International Conference of Security of Information and Networks: Program chairs' welcome message', SIN'10 - Proceedings of the 3rd International Conference of Security of Information and Networks (2010) |
|
|
2010 |
Zhang J, Shankaran R, Orgun MA, Varadharajan V, Sattar A, 'A Trust Management Architecture for Hierarchical Wireless Sensor Networks', IEEE LOCAL COMPUTER NETWORK CONFERENCE, Denver, CO (2010)
|
|
|
2010 |
Tupakula UK, Varadharajan V, 'Detecting security attacks in trusted virtual domains', Proceedings - IEEE/IFIP International Conference on Embedded and Ubiquitous Computing, EUC 2010 (2010)
A trusted virtual domain (TVD) enables grouping of related virtual machines running on separate physical machine into a single network domain with a unified security policy. Since... [more]
A trusted virtual domain (TVD) enables grouping of related virtual machines running on separate physical machine into a single network domain with a unified security policy. Since the virtual machines can be running different operating systems and applications, the attacker can generate attacks in the TVD by exploiting a single vulnerability in any of the operating systems or applications. Our aim in this paper is to consider the design choices and develop an intrusion detection architecture that would enable efficient detection and prevention of different types of attacks in such a TVD based distributed environments. The proposed architecture can capture the knowledge of the operating systems and applications at fine granular level and isolate the malicious entities that are generating the attack traffic. Our model takes into account the security policies that are specific to the virtual machine as well as security policies of the trusted virtual domains to deal with the attacks efficiently. © 2010 IEEE.
|
|
|
2009 |
Ruan C, Varadharajan V, 'Reasoning on weighted delegatable authorizations', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2009)
This paper studies logic based methods for representing and evaluating complex access control policies needed by modern database applications. In our framework, authorization and ... [more]
This paper studies logic based methods for representing and evaluating complex access control policies needed by modern database applications. In our framework, authorization and delegation rules are specified in a Weighted Delegatable Authorization Program (WDAP) which is an extended logic program. We show how extended logic programs can be used to specify complex security policies which support weighted administrative privilege delegation, weighted positive and negative authorizations, and weighted authorization propagations. We also propose a conflict resolution method that enables flexible delegation control by considering priorities of authorization grantors and weights of authorizations. A number of rules are provided to achieve delegation depth control, conflict resolution, and authorization and delegation propagations. © 2009 Springer Berlin Heidelberg.
|
|
|
2009 |
Ruan C, Varadharajan V, 'Trust enhanced authorization for mobile agents', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2009)
Trust has been recognized as an important aspect for mobile agent security. In this paper, we develop a logic based trust model which enables the capturing of a comprehensive set ... [more]
Trust has been recognized as an important aspect for mobile agent security. In this paper, we develop a logic based trust model which enables the capturing of a comprehensive set of trust relationships to enhance the security of conventional access control mechanisms in a mobile based applications. We first discuss the notion of trust and its relevance to mobile agent security. Next we define a logic program based language to facilitate the modelling process. To enforce the security related trustworthy behaviours, we then define a set of general rules to capture the semantics. Finally, the language is applied in a mobile agent context to demonstrate how the trust can be explicitly modelled and reasoned about to support better security decisions for the mobile agent based systems. © 2009 Springer Berlin Heidelberg.
|
|
|
2009 |
Lu J, Li R, Varadharajan V, Lu Z, Ma X, 'Secure interoperation in multidomain environments employing UCON policies', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2009)
Ensuring secure interoperation in multidomain environments based on role based access control (RBAC) has drawn considerable research works in the past. However, RBAC primarily con... [more]
Ensuring secure interoperation in multidomain environments based on role based access control (RBAC) has drawn considerable research works in the past. However, RBAC primarily consider static authorization decisions based on subjects' permissions on target objects, and there is no further enforcement during the access. Recently proposed usage control (UCON) can address these requirements of access policy representation for temporal and time-consuming problems. In this paper, we propose a framework to facilitate the establishment of secure interoperability in multidomain environments employing Usage Control (UCON) policies. In particular, we propose an attribute mapping technique to establish secure context in multidomain environments. A key challenge in the establishment of secure interoperability is to guarantee security of individual domains in presence of interoperation. We study how conflicts arise and show that it is efficient to resolve the security violations of cyclic inheritance and separation of duty. © 2009 Springer Berlin Heidelberg.
|
|
|
2009 |
Gan Z, Ding Q, Varadharajan V, 'Reputation-Based Trust Network Modelling and Simplification in Multiagent-Based E-Commerce Systems', PROCEEDINGS OF THE 2009 FIFTH INTERNATIONAL CONFERENCE ON NEXT GENERATION WEB SERVICES PRACTICES, NWESP 2009, Charles Univ, Fac Math & Phys, Prague, CZECH REPUBLIC (2009)
|
|
|
2009 |
Shankaran R, Varadharajan V, Orgun MA, Hitchens M, 'Context-Aware Trust Management for Peer-to-Peer Mobile Ad-Hoc Networks', 2009 IEEE 33RD INTERNATIONAL COMPUTER SOFTWARE AND APPLICATIONS CONFERENCE, VOLS 1 AND 2, Seattle, WA (2009) |
|
|
2009 |
Nagarajan A, Varadharajan V, Hitchens M, Gallery E, 'Property Based Attestation and Trusted Computing: Analysis and Challenges', NSS: 2009 3RD INTERNATIONAL CONFERENCE ON NETWORK AND SYSTEM SECURITY, Surfers Paradise, AUSTRALIA (2009)
|
|
|
2009 |
Gallery E, Nagarajan A, Varadharajan V, 'A Property-Dependent Agent Transfer Protocol', TRUSTED COMPUTING, PROCEEDINGS, ENGLAND, St Hughs Coll, Oxford (2009)
|
|
|
2009 |
Nagarajan A, Varadharajan V, Hitchens M, 'ALOPA: Authorization Logic for Property Attestation in Trusted Platforms', AUTONOMIC AND TRUSTED COMPUTING, PROCEEDINGS, Brisbane, AUSTRALIA (2009)
|
|
|
2009 |
Li L, Wang Y, Varadharajan V, 'Fuzzy Regression Based Trust Prediction in Service-Oriented Applications', AUTONOMIC AND TRUSTED COMPUTING, PROCEEDINGS, Brisbane, AUSTRALIA (2009)
|
|
|
2009 |
Lu J, Li R, Varadharajan V, Lu Z, Ma X, 'Secure Interoperation in Multidomain Environments Employing UCON Policies', INFORMATION SECURITY, PROCEEDINGS, ITALY, Pisa (2009)
|
|
|
2009 |
Shankaran R, Varadharajan V, Orgun MA, Hitchens M, 'Context-aware trust management for peer-to-peer mobile Ad-Hoc networks', Proceedings - International Computer Software and Applications Conference (2009)
Mobile Ad hoc Networks (MANETs) are self-organizing and adaptive, and securing such networks is non-trivial. Most security schemes suggested for MANETs tend to build upon some fun... [more]
Mobile Ad hoc Networks (MANETs) are self-organizing and adaptive, and securing such networks is non-trivial. Most security schemes suggested for MANETs tend to build upon some fundamental assumptions regarding the trustworthiness of the participating hosts and the underlying networking systems without presenting any definite scheme for trust establishment. If MANET is to achieve the same level of acceptance as traditional wired and wireless network, then a formal specification of trust and a framework for trust management must become an intrinsic part of its infrastructure. The goal of this paper is to highlight issues relating to trust in MANETs and describe a context-aware, reputation-based approach for establishing trust that assesses the trustworthiness of the participating nodes in a dynamic and uncertain MANET environment. © 2009 IEEE.
|
|
|
2009 |
Li X, Wang G, Varadharajan V, Yang P, Baiardi F, Yu Z, 'Message from the UbiSafe-09 chairs', 8th IEEE International Symposium on Dependable, Autonomic and Secure Computing, DASC 2009 (2009)
|
|
|
2009 |
Gan Z, He J, Ding Q, Varadharajan V, 'Trust relationship modelling in E-commerce-based social network', CIS 2009 - 2009 International Conference on Computational Intelligence and Security (2009)
In multi-agent-based e-commerce environments, like a social network, it is critical for buying agents to build trust with the selling agents in the virtual E-marketplaces so as to... [more]
In multi-agent-based e-commerce environments, like a social network, it is critical for buying agents to build trust with the selling agents in the virtual E-marketplaces so as to mitigate the possible harm inflicted by any dishonest sellers. However, traditional approaches for establishing trust in the physical world can no longer be used. This paper introduces a graphical representation approach to uncover the existing social trust network in the virtual E-marketplaces. Firstly, it presents some notations of the graphical description approach. Secondly it discusses how to reconstruct the trust network in terms of the trust commonsense in people's daily life. © 2009 IEEE.
|
|
|
2009 |
Safavi-Naini R, Varadharajan V, 'Proceedings of the 4th International Symposium on ACM Symposium on Information, Computer and Communications Security, ASIACCS'09: Message from the program chairs', Proceedings of the 4th International Symposium on ACM Symposium on Information, Computer and Communications Security, ASIACCS'09 (2009)
|
|
|
2009 |
Varadharajan V, 'Evolution and challenges in trust and security in information system infrastructures', SIN'09 - Proceedings of the 2nd International Conference on Security of Information and Networks (2009)
In these uncertain economic times, two key ingredients which are in short supply are trust and confidence. The concept of trust has been around for many decades (if not for centur... [more]
In these uncertain economic times, two key ingredients which are in short supply are trust and confidence. The concept of trust has been around for many decades (if not for centuries) in different disciplines such as business, psychology, philosophy as well as in security technology. The current financial climate gives a particularly prescient example. As financial journalist Walter Bagehot wrote some 135 years ago, "after a great calamity, everybody is suspicious of everybody" and "credit, the disposition of one man to trust another, is singularly varying." The problem, as Bagehot observed it, was trust, or rather the lack of it, and it's as true today as it was in his time. Financial mechanisms aren't the only entities that must deal with trust-today's social networking communities such as Facebook, Wikipedia, and other online communities have to constantly reconcile trust issues, from searching and locating credible information, to conveying and protecting personal information. Furthermore with ever increasing reliance on digital economy, most business and government activities today depend on networked information systems for their operations. In this talk, we'll take a short journey through the concept and evolution of trust in the secure computing technology world, and examine some of the challenges involved in trusted computing today.
|
|
|
2009 |
Tupakula UK, Varadharajan V, Vuppala SK, 'SBAC: Service Based Access Control', 2009 14TH IEEE INTERNATIONAL CONFERENCE ON ENGINEERING OF COMPLEX COMPUTER SYSTEMS (ICECCS), Potsdam, GERMANY (2009)
|
|
|
2009 |
Tupakula UK, Varadharajan V, Pandalaneni SR, 'DoSTRACK: A system for defending against DoS attacks', Proceedings of the ACM Symposium on Applied Computing (2009)
Denial of service (DoS) attacks are one of the complex problems in the current Internet. In this paper, we propose a system, DoSTRACK, that can efficiently deal with the TCP SYN a... [more]
Denial of service (DoS) attacks are one of the complex problems in the current Internet. In this paper, we propose a system, DoSTRACK, that can efficiently deal with the TCP SYN and reflection Distributed Denial of Service (DDoS) attacks. We also describe a prototype implementation of our model with HP OpenView Network Node Manager (NNM) and discuss how our model can be beneficial to the DDoS victim and the ISP. Copyright 2009 ACM.
|
|
|
2008 |
Shankaran R, Varadharajan V, Orgun MA, Hitchens M, 'Critical Issues in Trust Management for Mobile Ad-Hoc Networks', PROCEEDINGS OF THE 2009 IEEE INTERNATIONAL CONFERENCE ON INFORMATION REUSE AND INTEGRATION, Las Vegas, NE (2008)
|
|
|
2008 |
Zhao W, Varadharajan V, 'A Novel Approach of Web Search Based on Community Wisdom', 2008 3RD INTERNATIONAL CONFERENCE ON INTERNET AND WEB APPLICATIONS AND SERVICES (ICIW 2008), Athens, GREECE (2008)
|
|
|
2008 |
Nagarajan A, Varadharajan V, Hitchens M, Arora S, 'On the applicability of trusted computing in distributed authorization using Web services', DATA AND APPLICATIONS SECURITY XXII, London, ENGLAND (2008)
|
|
|
2008 |
Zhao W, Varadharajan V, 'Trust management for web services', Proceedings of the IEEE International Conference on Web Services, ICWS 2008 (2008)
In this paper, we propose a comprehensive trust management approach for web services that covers the analysis/modelling of trust relationships and the development of trust managem... [more]
In this paper, we propose a comprehensive trust management approach for web services that covers the analysis/modelling of trust relationships and the development of trust management layer in a consistent manner. The specific characteristics of trust relationships in web services are discussed. We introduce a separated trust management layer for web services that can hold computing components for trust management tasks. A trust management architecture for web services is proposed for building up the trust management layer. The proposed trust management architecture for web services deals with trust requirements, trust evaluation, and trust consumption in web services under a unified umbrella and it provides a solid foundation upon which may evolve the trust management layer for web services. © 2008 Crown Copyright.
|
|
|
2008 |
Balakrishnan V, Varadharajan V, Tupakula U, 'Subjective logic based trust model for mobile ad hoc networks', Proceedings of the 4th International Conference on Security and Privacy in Communication Networks, SecureComm'08 (2008)
In last five years, several trust models have been proposed to enhance the security of Mobile Ad hoc Networks (MANET). Nevertheless, these trust models fail to express the notion ... [more]
In last five years, several trust models have been proposed to enhance the security of Mobile Ad hoc Networks (MANET). Nevertheless, these trust models fail to express the notion of ignorance during the establishment of trust relationships between mobile nodes. Furthermore, they lack a well-defined approach to defend against the issues resulting from recommendations. In this paper, we propose a novel subjective logic based trust model that enables mobile nodes to explicitly represent and manage ignorance as uncertainty during the establishment of trust relationships with other nodes. Our model defines additional operators to subjective logic in order to address the ignorance introduced between mobile nodes (which have already established trust relationships) as a result of mobility-induced separation. Second, we demonstrate on how mobile nodes formulate their opinions for other nodes based on the evidence collected from the benign and malicious behaviors of those nodes. We then describe on how mobile nodes establish trust relationships with other nodes using the opinions held for those nodes. Depending on the policies defined, these relationships are then used by our model to enhance the security of mobile communications. Third, we propose a novel approach to communicate recommendations by which no explicit packets or additional headers are disseminated as recommendations. This allows our model to defend against recommendation related issues such as free-riding, honest-elicitation, and recommender's bias. Finally, we demonstrate the performance of our model through NS2 simulations. Copyright © 2008 ACM.
|
|
|
2008 |
Zhang J, Varadharajan V, 'A New Security Scheme for Wireless Sensor Networks', GLOBECOM 2008 - 2008 IEEE GLOBAL TELECOMMUNICATIONS CONFERENCE, New Orleans, LA (2008)
|
|
|
2007 |
Balakrishnan V, Varadharajan V, Tupakula U, Moe MEG, 'Mitigating flooding attacks in mobile ad-hoc networks supporting anonymous communications', The 2nd International Conference on Wireless Broadband and Ultra Wideband Communications, AusWireless 2007 (2007)
Recently several techniques that provide different degree of anonymity have been proposed for wired and wireless communication. Although, the recently proposed techniques are succ... [more]
Recently several techniques that provide different degree of anonymity have been proposed for wired and wireless communication. Although, the recently proposed techniques are successful in achieving high degree of anonymity, there are some disadvantages associated with the proposed techniques. In this paper we analyze the flooding and packet drop attacks in mobile ad hoc networks that support anonymous communication. Then we propose a novel technique to deal with the flooding attacks. Our approach can efficiently identify and isolate the malicious node that floods the network. In addition, our technique provides a mechanism to identify the benign behavior of an expelled node and rejoins the expelled node back into the network. Furthermore, our approach does not require any additional packets to communicate the behavior of the flooding node and hence does not incur any additional overhead. Finally we validate the performance analysis of our technique through NS2 simulations. © 2007 IEEE.
|
|
|
2007 |
Zhang J, Wang Y, Varadharajan V, 'A new security scheme for integration of mobile agents and Web services', Second International Conference on Internet and Web Applications and Services, ICIW'07 (2007)
Web services specification provides an open standard for the distributed service oriented architecture. It is widely used in Internet and pervasive networks supporting wireless mo... [more]
Web services specification provides an open standard for the distributed service oriented architecture. It is widely used in Internet and pervasive networks supporting wireless mobile devices. A mobile agent is a composition of computer software and data which is able to migrate from one host to another autonomously and continue its execution on the destination host. Mobile agent technology can reduce the bandwidth requirement and tolerate the network faults - able to operate without an active connection between clients and server. Hence, the applications of the combination of mobile agents and web service have been widely investigated in recent years. However, the security issue is still of a major concern. In this paper, we propose a novel agent-based web service security scheme. This scheme provides a new authentication protocol without using the username/password pair, which is infeasible for mobile agent, and gives an alternative method to current security mechanism without using Certification Authorities (CA) based public key infrastructure. With this scheme, we can simplify the key management and reduce the computation particularly for group-oriented web services. © 2007 IEEE.
|
|
|
2007 |
Balakrishnan V, Varadharajan V, Tupakula U, Lucs P, 'Trust integrated cooperation architecture for mobile ad-hoc networks', Proceedings of 4th IEEE Internatilonal Symposium on Wireless Communication Systems 2007, ISWCS (2007)
In recent years, several secure routing protocols have been proposed to secure communications among nodes in mobile ad hoc networks. However, they are not tailored to defend again... [more]
In recent years, several secure routing protocols have been proposed to secure communications among nodes in mobile ad hoc networks. However, they are not tailored to defend against Denial of Service (DoS) attacks such as flooding and packet drop attacks. This has led to the development of models that target cooperation among nodes. These models either fail to protect against flooding attacks or only defend against greedy nodes that drop packets to save battery resources. The main shortcoming of cooperation models is that they fail to evaluate the trustworthiness for other nodes. In this paper, we propose a Trust Integrated Cooperation Architecture which consists of an obligation-based cooperation model known as fellowship to defend against both flooding and packet drop attacks. In our architecture, fellowship enhances its security decisions through a trust model known as Secure MANET Routing with Trust Intrigue (SMRTI). In comparison with related models, SMRTI deploys a novel approach to communicate recommendations such that the deployed approach is free from well-known issues such as honest elicitation, free riding, bias of a recommender, and additional overhead. © 2007 IEEE.
|
|
|
2007 |
Balakrishnan V, Varadharajan V, Tupakula U, Lucs P, 'TEAM: Trust enhanced security architecture for mobile ad-hoc networks', ICON 2007 - Proceedings of the 2007 15th IEEE International Conference on Networks (2007)
Security is paramount in Mobile Ad-hoc Networks (MANET) as they are not conducive to centralized trusted authorities. Several solutions have been proposed for MANET in the areas o... [more]
Security is paramount in Mobile Ad-hoc Networks (MANET) as they are not conducive to centralized trusted authorities. Several solutions have been proposed for MANET in the areas of key management, secure routing, nodal cooperation, and trust management. Nevertheless, MANET lacks a unified architecture to take advantage of the deployed security models. In this paper, we propose Trust Enhanced security Architecture for MANET (TEAM), in which a trust model is overlaid on the following security models - key management mechanism, secure routing protocol, and cooperation model. We briefly present the operation of our architecture and then we detail the system operation of our novel trust and cooperation model, which we call as Secure MANET Routing with Trust Intrigue (SMRTI) and fellowship respectively. SMRTI captures the evidence of trustworthiness for other nodes from the security models, and in return assists them to make better security decisions. Unlike related trust models, SMRTI captures recommendations in such a way that it eliminates both freeriding and honest-elicitation problems. In comparison with related cooperation models, fellowship model defends against both flooding and packet drop attacks. It can efficiently identify and isolate both malicious and selfish nodes that fail to share the communication channel or forward packets for other nodes. Furthermore, our models do not rely on any centralized authority or tamper-proof hardware. Simulation results confirm that our models enhance the performance of TEAM. © 2007 IEEE.
|
|
|
2007 |
Lin C, Varadharajan V, 'A hybrid trust model for enhancing security in distributed systems', ARES 2007: SECOND INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY AND SECURITY, PROCEEDINGS, Vienna, AUSTRIA (2007)
|
|
|
2007 |
Zhang J, Wang Y, Varadharajan V, 'Mobile agent and web service integration security architecture', IEEE INTERNATIONAL CONFERENCE ON SERVICE-ORIENTED COMPUTING AND APPLICATIONS, PROCEEDINGS, Newport Beach, CA (2007)
|
|
|
2007 |
Wang Y, Varadharajan V, 'Role-based recommendation and trust evaluation', 9TH IEEE INTERNATIONAL CONFERENCE ON E-COMMERCE TECHNOLOGY/4TH IEEE INTERNATIONAL CONFERENCE ON ENTERPRISE COMPUTING, E-COMMERCE AND E-SERVICES, Tokyo, JAPAN (2007)
|
|
|
2007 |
Wang Y, Lin K-J, Wong DS, Varadharajan V, 'The design of a rule-based and event-driven trust management framework', ICEBE 2007: IEEE INTERNATIONAL CONFERENCE ON E-BUSINESS ENGINEERING, PROCEEDINGS, Hong Kong, PEOPLES R CHINA (2007)
|
|
|
2007 |
Gan Z, Tang J, Wu P, Varadharajan V, 'A novel security risk evaluation for information systems', 2007 JAPAN-CHINA JOINT WORKSHOP ON FRONTIER OF COMPUTER SCIENCE AND TECHNOLOGY, PROCEEDINGS, Wuhan, PEOPLES R CHINA (2007)
|
|
|
2007 |
Nagarajan A, Varadharajan V, Hitchens M, 'Trust management and negotiation for attestation in trusted platforms using web services', EIGHTH INTERNATIONAL CONFERENCE ON PARALLEL AND DISTRIBUTED COMPUTING, APPLICATIONS AND TECHNOLOGIES, PROCEEDINGS, Adelaide, AUSTRALIA (2007)
|
|
|
2007 |
Balakrishnan V, Varadharajan V, Tupakula U, Lucs P, 'Trust Integrated Cooperation Architecture for mobile ad-hoc networks', 2007 FOURTH INTERNATIONAL SYMPOSIUM ON WIRELESS COMMUNICATION SYSTEMS, VOLS 1 AND 2, Trondheim, NORWAY (2007)
|
|
|
2007 |
Balakrishnan V, Varadharajan V, Tupakula U, Lucs P, 'TEAM: Trust Enhanced Security Architecture for Mobile Ad-hoc Networks', 2007 15TH IEEE INTERNATIONAL CONFERENCE ON NETWORKS, Adelaide, AUSTRALIA (2007) |
|
|
2007 |
Nagarajan A, Varadharajan V, Hitchens M, 'Trust Management for Trusted Computing Platforms in Web Services', STC'07: PROCEEDINGS OF THE 2007 ACM WORKSHOP ON SCALABLE TRUSTED COMPUTING, Alexandria, VA (2007)
|
|
|
2007 |
Balakrishnan V, Varadharajan V, Lucs P, Tupakula UK, 'Trust enhanced secure mobile ad-hoc network routing', 21ST INTERNATIONAL CONFERENCE ON ADVANCED NETWORKING AND APPLICATIONS WORKSHOPS/SYMPOSIA, VOL 2, PROCEEDINGS, Niagara Falls, CANADA (2007)
|
|
|
2007 |
Balakrishnan V, Varadharajan V, Tupakula UK, Lucs P, 'Trust and recommendations in mobile ad hoc networks', 3rd International Conference on Networking and Services,ICNS 2007 (2007)
Recently several trust and reputation models have been proposed to enhance the security of mobile ad hoc networks. In these models, recommendations are circulated by forwarding ex... [more]
Recently several trust and reputation models have been proposed to enhance the security of mobile ad hoc networks. In these models, recommendations are circulated by forwarding explicit messages or introducing extra message headers. Apart from incurring additional overhead, the recommendations are prone to issues such as recommender's bias, honest-elicitation, and free-riding. In this paper, we propose a trust model to enhance the security of mobile ad hoc networks and to address the issues related to recommendations. The model uses only trusted routes for communication, and isolates malicious nodes depending on the evidence collected from direct interactions and recommendations. It deploys a novel approach for communicating recommendations such that they are free from recommender's bias, honest-elicitation, and free-riding. Simulation results confirm the effectiveness of our model. © 2007 IEEE.
|
|
|
2006 |
Wang Y, Varadharajan V, 'DynamicTrust: The trust development in peer-to-peer environments', IEEE INTERNATIONAL CONFERENCE ON SENSOR NETWORKS, UBIQUITOUS, AND TRUSTWORTHY COMPUTING, VOL 1, PROCEEDINGS, Tai Chung, TAIWAN (2006)
|
|
|
2006 |
Lin C, Varadharajan V, 'Trust based risk management for distributed system security - A new approach', FIRST INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY AND SECURITY, PROCEEDINGS, Vienna Univ Technol, Vienna, AUSTRIA (2006)
|
|
|
2006 |
Zhang J, Varadharajan V, Mu Y, 'ID-based secure PIM-SM schemes', PROCEEDINGS OF THE SIXTH IASTED INTERNATIONAL MULTI-CONFERENCE ON WIRELESS AND OPTICAL COMMUNICATIONS, Banff, CANADA (2006) |
|
|
2006 |
Zhang J, Varadharajan V, Mu Y, 'A scalable multi-service group key management scheme', Proceedings of the Advanced International Conference on Telecommunications and International Conference on Internet and Web Applications and Services, AICT/ICIW'06 (2006)
Scalable multi-service oriented group key management addresses issues relating to situations where dynamic group users have different privileges for accessing different sets of se... [more]
Scalable multi-service oriented group key management addresses issues relating to situations where dynamic group users have different privileges for accessing different sets of services. In this paper, we propose a new flexible group key management scheme based on an ID-based distribution encryption algorithm. This scheme has several advantages over existing multi-service oriented schemes. We show that the proposed scheme has some unique scalability properties, less storage, less communication overhead and inherent traitor tracing and stateless properties than previously known schemes. We believe the proposed scheme can be used to provide a secure information distribution method for many multi-service group-oriented applications. © 2006 IEEE.
|
|
|
2006 |
Ruan C, Varadharajan V, 'Implementing authorization delegations using graph', DATABASE AND EXPERT SYSTEMS APPLICATIONS, PROCEEDINGS, Cracow, POLAND (2006)
|
|
|
2006 |
Ruan C, Varadharajan V, 'Integration of graph based authorization policies', FOUNDATIONS OF INTELLIGENT SYSTEMS, PROCEEDINGS, Bari, ITALY (2006)
|
|
|
2006 |
Gan Z, Varadharajan V, 'Design and implementation of a practical secure distributed healthcare application', SECRYPT 2006: PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON SECURITY AND CRYPTOGRAPHY, Setubal Coll Business Adm, Setubal, PORTUGAL (2006) |
|
|
2006 |
Gan Z, Wei D, Varadharajan V, 'Improving software security through an integrated approach', SECRYPT 2006: PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON SECURITY AND CRYPTOGRAPHY, Setubal Coll Business Adm, Setubal, PORTUGAL (2006) |
|
|
2006 |
Zhao W, Varadharajan V, Bryan G, 'A unified framework for trust management', 2006 SECURECOMM AND WORKSHOPS, Baltimore, MD (2006)
|
|
|
2006 |
Lin C, Varadharajan V, 'Trust enhanced security - A new philosophy for secure collaboration of mobile agents', 2006 INTERNATIONAL CONFERENCE ON COLLABORATIVE COMPUTING: NETWORKING, APPLICATIONS AND WORKSHARING, Athens, GA (2006)
|
|
|
2006 |
Shankaran R, Varadharajan V, Hitchens M, 'Securing the ad hoc Dynamic Source Routing Protocol', 2006 IEEE INTERNATIONAL CONFERENCE ON WIRELESS COMMUNICATIONS, NETWORKING AND MOBILE COMPUTING, VOLS 1-4, PEOPLES R CHINA, Wuhan (2006) |
|
|
2006 |
Lin C, Varadharajan V, 'Trust enhanced security - A new philosophy for secure collaboration of mobile agents', 2006 International Conference on Collaborative Computing: Networking, Applications and Worksharing, CollaborateCom (2006)
The mobile agent computing model violates some of the fundamental assumptions of conventional security techniques. Consequently, this has rendered many of the existing conventiona... [more]
The mobile agent computing model violates some of the fundamental assumptions of conventional security techniques. Consequently, this has rendered many of the existing conventional security countermeasures less effective for mobile agents. In this paper, we propose a new philosophy of trust enhanced security, which advocates a paradigm shift for mobile agent security solutions: from security-centric to trust-centric with the aim of providing improved security and performance of mobile agents. We first examine the problem of uncertainty in behavior induced by the security assumption violations by mobile agents; we then propose a trust enhanced security approach and argue for the need for a paradigm shift to trust-centric solutions. Next we identify a list of general design requirements for the trust-centric solutions and outline the new architectural design which supports the new trust enhanced security philosophy in practice. Finally we discuss the emergent properties of the new architecture and introduce the experimental results for validating the properties. ©2006 IEEE.
|
|
|
2006 |
Tupakula UK, Varadharajan V, 'Analysis of Traceback Techniques', Conferences in Research and Practice in Information Technology Series (2006)
Today's Internet is extremely vulnerable to Distributed Denial of service (DDoS) attacks. There is tremendous pressure on the sites performing online business and ISP's ... [more]
Today's Internet is extremely vulnerable to Distributed Denial of service (DDoS) attacks. There is tremendous pressure on the sites performing online business and ISP's to protect their networks from DDoS attacks. Recently, several novel traceback techniques have been proposed to trace the approximate spoofed source of attack. Each proposed traceback technique has some unique advantages and disadvantages over the others. In this paper we will consider some of the novel traceback techniques and focus our discussion i) to raise some of the real time issues that can be addressed in the further research and ii) from the attackers perspective on how to generate DDoS attacks and remain untraced even if any of the traceback technique is deployed in the Internet. We will also demonstrate how attacks can be further amplified if ICMP traceback technique is deployed in the Internet and discuss techniques to minimise the additional attack traffic. We believe that the networks tend to become complex and more vulnerable to DDoS attacks if some of the proposed traceback techniques are deployed in the Internet. © 2006, Australian Computer Society, Inc.
|
|
|
2006 |
Balakrishnan V, Varadharajan V, Tupakula UK, 'Fellowship: Defense against Flooding and Packet Drop Attacks in MANET', 2006 IEEE/IFIP NETWORK OPERATIONS AND MANAGEMENT SYMPOSIUM, VOLS 1 AND 2, Vancouver, CANADA (2006)
|
|
|
2005 |
Balakrishnan V, Varadharajan V, 'Designing secure wireless mobile ad hoc networks', AINA 2005: 19TH INTERNATIONAL CONFERENCE ON ADVANCED INFORMATION NETWORKING AND APPLICATIONS, VOL 2, Taipei, TAIWAN (2005)
|
|
|
2005 |
Wang Y, Varadharajan V, 'Two-phase peer evaluation in P2P e-commerce environments', 2005 IEEE INTERNATIONAL CONFERENCE ON E-TECHNOLOGY, E-COMMERCE AND E-SERVICE, PROCEEDINGS, Hong Kong Baptist Univ, Hong Kong, PEOPLES R CHINA (2005)
|
|
|
2005 |
Lin C, Varadharajan V, Wang Y, Pruthi V, 'Trust enhanced security for mobile agents', CEC 2005: Seventh IEEE International Conference on E-Commerce Technology, Proceedings, Munich, GERMANY (2005)
|
|
|
2005 |
Gan ZB, Wei DW, Varadharajan V, 'Evaluating the performance and scalability of Web Application Systems', THIRD INTERNATIONAL CONFERENCE ON INFORMATION TECHNOLOGY AND APPLICATIONS, VOL 1, PROCEEDINGS, Sydney, AUSTRALIA (2005)
|
|
|
2005 |
Foster D, Varadharajan V, 'Security and trust enhanced mobile agent based system design', Third International Conference on Information Technology and Applications, Vol 1, Proceedings, Sydney, AUSTRALIA (2005)
|
|
|
2005 |
Balakrishnan V, Varadharajan V, 'Short paper: Fellowship in mobile ad hoc networks', FIRST INTERNATIONAL CONFERENCE ON SECURITY AND PRIVACY FOR EMERGING AREAS IN COMMUNICATIONS NETWORKS, PROCEEDINGS, Athens, GREECE (2005)
|
|
|
2005 |
Wang Y, Varadharajan V, 'Trust(2) : Developing trust in peer-to-peer environments', 2005 IEEE INTERNATIONAL CONFERENCE ON SERVICES COMPUTING, VOL 1, PROCEEDINGS, Orlando, FL (2005)
|
|
|
2005 |
Wang Y, Varadharajan V, 'A mobile autonomous agent-based secure payment protocol supporting multiple payments', 2005 IEEE/WIC/ACM INTERNATIONAL CONFERENCE ON INTELLIGENT AGENT TECHNOLOGY, PROCEEDINGS, Compiegne Univ Technol, Compiegne, FRANCE (2005)
|
|
|
2005 |
Tran H, Watters P, Hitchens M, Varadharajan V, 'Trust and authorization in the Grid: A recommendation model', International Conference on Pervasive Services 2005, Proceedings, Santorini, GREECE (2005)
|
|
|
2005 |
Zhao W, Varadharajan V, 'Efficient TTP-free mental poker protocols', International Conference on Information Technology: Coding and Computing, ITCC (2005)
Zhao et al proposed an efficient mental poker protocol which did not require using a Trusted Third Party(TTP). The protocol is efficient and suitable for any number of players but... [more]
Zhao et al proposed an efficient mental poker protocol which did not require using a Trusted Third Party(TTP). The protocol is efficient and suitable for any number of players but it introduces a security flaw. In this paper, we propose two mental poker protocols based on Zhao's previous work. The security flaw has been removed and the additional computing cost is small. © 2005 IEEE.
|
|
|
2005 |
Gan ZB, Wei DW, Zhang JL, Varadharajan V, 'Business-process-oriented software requirements automatic generator', Proceedings - 3rd International Conference on Information Technology and Applications, ICITA 2005 (2005)
Requirements analysis is not only the most important stage of information systems development but also a complex and time-consuming process. Tools play an important role in suppor... [more]
Requirements analysis is not only the most important stage of information systems development but also a complex and time-consuming process. Tools play an important role in supporting and automating software requirements analysis. They become indispensable in dealing with large and complex systems. This paper first introduces a business-processes-oriented requirements analysis model. And a business-process-oriented Software Requirements Automatic Generator (SRAG) is herein presented, alongside the design of a prototype. © 2005 IEEE.
|
|
|
2005 |
Gan ZB, Lin C, Vijay V, 'A middleware-based script language', 4th Annual International Conference on Mobile Business, ICMB 2005 (2005)
Middleware has greatly promoted the 3-tie mode of application systems. But as application software requirements become more complex and more frequently changing, the development c... [more]
Middleware has greatly promoted the 3-tie mode of application systems. But as application software requirements become more complex and more frequently changing, the development cycle of middleware is demanded shorter and shorter. Within a middleware, once a component is amended, the middleware must be compiled and integrated into an application in a reliable, controlled manner. However, can the middleware directly be integrated and operated into an application without being recompiled after it is amended? To address this issue, this paper proposes a middleware-based script language (M-script) that can be used directly to update the middleware in order to adapt the new business requirements. An application example of the M-script is presented, and the result demonstrates that it simplifies the middleware redevelopment process, as well as enables rapid implementation of new business requirements.
|
|
|
2005 |
Ejiri M, Lewis L, Milham D, Nakjima I, Varadharajan V, Birch F, 'Service-level agreement - How to reach the practical agreement, not the announcement', 2005 9th IFIP/IEEE International Symposium on Integrated Network Management, IM 2005 (2005)
SLA is becoming crucial in competitive ICT environment as one of key differentiations and in future demand where customer participated/centric operations are essential. SLA should... [more]
SLA is becoming crucial in competitive ICT environment as one of key differentiations and in future demand where customer participated/centric operations are essential. SLA should be reached through the negotiation between customers and service providers. However current discussion of SLA is too much focused on QoS related features, most of them are not familiar with end users and also customers are forced to accept/select SLAs which are defined /announced by service providers. In the panel, the following issues will be discussed: (1) What is "Services"? Operations services are becoming more important. (2) "Level" should be defined by qualitative/quantitative way? (3) SLA features should be customer perceptible/visible features and QoS should be translated by customer language. (4) Mechanism to reach "Agreement" by customers/service providers negotiation. (5) SLA negotiation process in service providers business processes.
|
|
|
2005 |
Indrakanti S, Varadharajan V, Hitchens M, 'Principles for the design of authorization framework for the Service Oriented Architecture', Proceedings of the 1st International Conference on Internet Technologies and Applications, ITA 05 (2005)
While there are several efforts underway to provide security for the Service Oriented Architecture (SOA), there is no specification or standard defined to provide authorization se... [more]
While there are several efforts underway to provide security for the Service Oriented Architecture (SOA), there is no specification or standard defined to provide authorization services for the SOA. The SOA comprises of Web services and business process workflows built using Web services. Based on our analysis of existing authorization frameworks and policy specification models for the SOA, we envisage an authorization framework for the SOA to provide extensions to both the security layers of Web services and business processes separately. Also the Web services Description and Messaging layers must be extended to support authorization services designed for the SOA. In this paper, we lay out the core design principles for authorization services in each of these layers to achieve a comprehensive design of an authorization framework for the SOA.
|
|
|
2005 |
Indrakanti S, Varadharajan V, Hitchens M, 'Analysis of existing authorization models and requirements for design of authorization framework for the Service Oriented Architecture', ISWS '05: Proceedings of the 2005 International Symposium on Web Services and Applications, Las Vegas, NV (2005)
|
|
|
2005 |
Ruani C, Varadharajan V, 'Data protection in distributed database systems', FOUNDATIONS OF INTELLIGENT SYSTEMS, PROCEEDINGS, Saratoga Springs, NY (2005) |
|
|
2005 |
Indrakanti S, Varadharajan V, 'An authorization architecture for Web services', DATA AND APPLICATIONS SECURITY XIX, PROCEEDINGS, Storrs, CT (2005)
|
|
|
2005 |
Lin C, Varadharajan V, Wang Y, 'Maximizing utility of mobile agent based E-commerce applications with trust enhanced security', TRUST, PRIVACY, AND SECURITY IN DIGITAL BUSINESS, Copenhagen, DENMARK (2005)
|
|
|
2005 |
Varadharajan V, 'Authorization and trust enhanced security for distributed applications', INFORMATION SYSTEMS SECURITY, PROCEEDINGS, Jadavpur Univ, Calcutta, INDIA (2005)
|
|
|
2005 |
Zhao WL, Varadharajan V, Bryan G, 'Analysis and modelling of trust in distributed information systems', INFORMATION SYSTEMS SECURITY, PROCEEDINGS, Jadavpur Univ, Calcutta, INDIA (2005)
|
|
|
2005 |
Zhao W, Varadharajan V, Bryan G, 'Type and scope of trust relationships in collaborative interactions in distributed environments', ICEIS 2005 - Proceedings of the 7th International Conference on Enterprise Information Systems (2005)
In this paper, we consider the modelling of trust relationships in distributed systems based on a formal mathematical structure. We discuss different forms of trust. In particular... [more]
In this paper, we consider the modelling of trust relationships in distributed systems based on a formal mathematical structure. We discuss different forms of trust. In particular, we address the base level authentication trust at the lower layer with a hierarchy of trust relationships at a higher level. Then we define and discuss trust direction and symmetric characteristics of trust for collaborative interactions in distributed environments. We define the trust scope label in order to describe the scope and diversity of trust relationship under our taxonomy framework. We illustrate the proposed definitions and properties of the trust relationships using example scenarios. The discussed trust types and properties will form part of an overall trust taxonomy framework and they can be used in the overall methodology of life cycle of trust relationships in distributed information systems that is currently in the process of development.
|
|
|
2005 |
Indrakanti S, Varadharajan V, Hitchens M, 'Architectural framework for web services authorization', Proceedings of the Joint Workshop on Web Services and Model-Driven Enterprise Information Services, WSMDEIS 2005, in Conjunction with ICEIS 2005 (2005)
This paper proposes an authorization architecture for Web services. It describes the architectural framework, the administration and runtime aspects of our architecture and its co... [more]
This paper proposes an authorization architecture for Web services. It describes the architectural framework, the administration and runtime aspects of our architecture and its components for secure authorization of Web services as well as the support for the management of authorization information. The paper also describes authorization algorithms required to authorize a Web service client. The architecture is currently being implemented within the .NET framework.
|
|
|
2005 |
Ching L, Varadharajan V, Yan W, Pruthi V, 'Security and trust management in mobile agents: A new perspective', IET Conference Publications (2005)
This paper presents a new perspective for mobile agent security - trust enhanced security and develops MobileTrust - a novel trust management architecture to support the trust enh... [more]
This paper presents a new perspective for mobile agent security - trust enhanced security and develops MobileTrust - a novel trust management architecture to support the trust enhanced security solutions for mobile agents. Based on this new perspective we go beyond traditional security mechanism based architectural design by incorporating a trust model into the underlying security architecture. Such an approach enables explicit management of security related trust relationships and it integrates trust into security decision making process to achieve trust enhanced security, which is impossible with the traditional security models. The proposed architecture provides several desirable emergent properties: increased level of security for mobile agent and host, improved flexibility, and scalability of the underlying security system, which are only made possible by this new trust management based approach.
|
|
|
2005 |
Indrakanti S, Varadharajan V, 'An authorization architecture for Web services', Lecture Notes in Computer Science (2005)
This paper considers the authorization service requirements for the service oriented architecture and proposes an authorization architecture for Web services. It describes the arc... [more]
This paper considers the authorization service requirements for the service oriented architecture and proposes an authorization architecture for Web services. It describes the architectural framework, the administration and runtime aspects of our architecture and its components for secure authorization of Web services as well as the support for the management of authorization information. The proposed architecture has several benefits. It is able to support legacy applications exposed as Web services as well as new Web service based applications built to leverage the benefits offered by the service oriented architecture; it can support multiple access control models and mechanisms and is decentralized and distributed and provides flexible management and administration of Web services and related authorization information. The proposed architecture can be integrated into existing middleware platforms to provide enhanced security to exposed Web services. The architecture is currently being implemented within the .NET framework. © IFIP International Federation for Information Processing 2005.
|
|
|
2005 |
Tran H, Hitchens M, Varadharajan V, Watters P, 'A trust based access control framework for P2P file-sharing systems', Proceedings of the Annual Hawaii International Conference on System Sciences (2005)
Peer-to-peer (P2P) file sharing systems have become popular as a new paradigm for information exchange. However, the decentralized and anonymous characteristics of P2P environment... [more]
Peer-to-peer (P2P) file sharing systems have become popular as a new paradigm for information exchange. However, the decentralized and anonymous characteristics of P2P environments make the task of controlling access to sharing information more difficult, which cannot be done by traditional access control methods. In this paper, we identify access control requirements in such environments and propose a trust based access control framework for P2P file-sharing systems. The framework integrates aspects of trust and recommendation models, fairness based participation schemes and access control schemes, and applies them to P2P file-sharing systems. We believe that the proposed scheme is realistic and argue that our approach preserves P2P decentralized structure and peers' autonomy property whist enabling collaboration between peers.
|
|
|
2004 |
Zhang JQ, Varadharajan V, Mu Y, 'Securing XML document sources and their distribution', 18TH INTERNATIONAL CONFERENCE ON ADVANCED INFORMATION NETWORKING AND APPLICATIONS, VOL 1 (LONG PAPERS), PROCEEDINGS, Fukuoka, JAPAN (2004)
|
|
|
2004 |
Indrakanti S, Varadharajan V, Hitchens M, 'Authorization service for web services and its implementation', IEEE INTERNATIONAL CONFERENCE ON WEB SERVICES, PROCEEDINGS, San Diego, CA (2004)
|
|
|
2004 |
Lin C, Varadharajan V, Wang Y, Pruthi V, 'Enhancing grid security with trust management', 2004 IEEE INTERNATIONAL CONFERENCE ON SERVICES COMPUTING, PROCEEDINGS, Shanghai, PEOPLES R CHINA (2004)
|
|
|
2004 |
Lin C, Varadharajan V, Wang Y, Pruthi V, 'Enhancing grid security with trust management', Proceedings - 2004 IEEE International Conference on Services Computing, SCC 2004 (2004)
Recently, trust has been recognized as an important factor for Grid computing security. In this paper, we develop a trust management architecture for trust enhanced Grid security ... [more]
Recently, trust has been recognized as an important factor for Grid computing security. In this paper, we develop a trust management architecture for trust enhanced Grid security incorporating a novel trust model which is capable of capturing various types of trust relationships that exist in a Grid system and providing mechanisms for trust evaluation, recommendations and update for trust decisions. The outcomes of the trust decisions can then be employed by the Grid security system to formulate trust enhanced security solutions. We design several algorithms to demonstrate how one can derive the trust enhanced security solutions for both user and resource provider protection with the proposed trust management architecture. Leveraging on trust knowledge and forming it as part of the security decisions, the proposed architecture possesses several desirable emerging properties that enable it to provide an improved level of security for Grid computing systems.
|
|
|
2004 |
Indrakanti S, Varadharajan V, Hitchens M, Kumar A, 'Secure authorisation for web services', DATA AND APPLICATIONS SECURITY XVII: STATUS AND PROSPECTS, Estes Pk, CO (2004)
|
|
|
2004 |
Hitchens M, Shankaran R, Varadharajan V, 'Securing the ad-hoc on-demand distance vector protocol', PARALLEL AND DISTRIBUTED COMPUTING SYSTEMS, CA, San Francisco (2004) |
|
|
2004 |
Ruan C, Varadharajan V, 'A weighted graph approach to authorization delegation and conflict resolution', INFORMATION SECURITY AND PRIVACY, PROCEEDINGS, Sydney, AUSTRALIA (2004)
|
|
|
2004 |
Wang Y, Varadharajan V, 'Interaction trust evaluation in decentralized environments', E-COMMERCE AND WEB TECHNOLOGIES, Zaragoza, SPAIN (2004)
|
|
|
2004 |
Zhao WL, Varadharajan V, Bryan G, 'Modelling trust relationship in distributed environments', TRUST AND PRIVACY IN DIGITAL BUSINESS, PROCEEDINGS, Zaragoza, SPAIN (2004)
|
|
|
2004 |
Lin C, Varadharajan V, Wang Y, Mu Y, 'On the design of a new trust model for mobile agent security', TRUST AND PRIVACY IN DIGITAL BUSINESS, PROCEEDINGS, Zaragoza, SPAIN (2004)
|
|
|
2004 |
Wang Y, Varadharajan V, 'A time-based peer trust evaluation in P2P e-commerce environments', WEB INFORMATION SYSTEMS - WISE 2004, PROCEEDINGS, Brisbane, AUSTRALIA (2004)
|
|
|
2004 |
Zhang JQ, Varadharajan V, Mu Y, 'A secure PIM-SM multicast routing protocol', DISTRIBUTED COMPUTING - IWDC 2004, PROCEEDINGS, Indian Statist Inst, Calcutta, INDIA (2004) |
|
|
2004 |
Wang Y, Varadharajan V, 'Interaction trust evaluation in decentralized environments', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2004)
In decentralized environments, such as P2P, as lack of central management, the trust issue is prominently important for interactions between unfamiliar peers. This paper first pre... [more]
In decentralized environments, such as P2P, as lack of central management, the trust issue is prominently important for interactions between unfamiliar peers. This paper first presents a probabilistic approach for evaluating the interaction trust of unfamiliar peers according to their interaction history. In addition, after an interaction, peers can evaluate each other and modify the trust status. Based on it, this paper presents an approach for trust value modification after interactions.
|
|
|
2004 |
Chaddoud G, Varadharajan V, 'Efficient secure group management for SSM', IEEE International Conference on Communications (2004)
We propose in this paper a new approach to channel key management in the architecture S -SSM, we designed to secure SSM communication. S -SSM defines two mechanisms for access con... [more]
We propose in this paper a new approach to channel key management in the architecture S -SSM, we designed to secure SSM communication. S -SSM defines two mechanisms for access control and content protection. The first one is carried out through subscriber authentication and access permission. The second is realized through the management of a unique key, called the channel key, k ch, shared among the sender and subscribers. The management k ch is based on a novel distributed encryption scheme that enables an entity to efficiently add and remove a subscriber without affecting other subscribers.
|
|
|
2004 |
Tupakula UK, Varadharajan V, Gajam AK, 'Counteracting TCP SYN DDoS attacks using automated model', GLOBECOM '04: IEEE GLOBAL TELECOMMUNICATIONS CONFERENCE, VOLS 1-6, Dallas, TX (2004)
|
|
|
2003 |
Shankaran R, Varadharajan V, Hitchens M, 'A secure mulficast support framework for mobile IP', WCNC 2003: IEEE WIRELESS COMMUNICATIONS AND NETWORKING CONFERENCE RECORD, VOLS 1-3, NEW ORLEANS, LA (2003)
|
|
|
2003 |
Zhang JQ, Varadharajan V, Mu Y, 'A novel dynamic key management scheme for secure multicasting', ICON 2003: 11TH IEEE INTERNATIONAL CONFERENCE ON NETWORKS, Sydney, AUSTRALIA (2003)
|
|
|
2003 |
Ruan C, Varadharajan V, Zhang Y, 'Delegatable authorization program and its application', Proceedings of the International Conference on Security and Management (2003)
Data protection is a significant issue in any secure information system. In this paper, we develop a decentralized authorization delegation model in which users can be delegated, ... [more]
Data protection is a significant issue in any secure information system. In this paper, we develop a decentralized authorization delegation model in which users can be delegated, granted or forbidden some access rights. This security model is formulated as an extended logic program which allows both negation as failure and classical negation. The stable model semantics is used to decide the users' access rights on data items. Under the proposed framework, conflicting problem is addressed and a promising resolution method is presented based on the underlying delegation relations and hierarchical structures of subjects, objects and access rights. The authorization inheritance are also supported in our model. Finally, as an application, we show how this framework can support different electronic consent models within the context of health care.
|
|
|
2003 |
Saunders G, Hitchens M, Varadharajan V, 'Role-based access control and the access control matrix', INFORMATION AND COMMUNICATIONS SECURITY, PROCEEDINGS, HUEHAOTE CITY, PEOPLES R CHINA (2003)
|
|
|
2003 |
Ruan C, Varadharajan V, Zhang Y, 'A logic model for temporal authorization delegation with negation', INFORMATION SECURITY, PROCEEDINGS, BRISTOL, ENGLAND (2003)
|
|
|
2003 |
Lin C, Varadharajan V, 'Modelling and evaluating trust relationships in mobile agents based systems', APPLIED CRYPTOGRAPHY AND NETWORK SECURITY, PROCEEDINGS, KUNMING, PEOPLES R CHINA (2003)
|
|
|
2003 |
Ruan C, Varadharajan V, 'An authorization model for e-consent requirement in a health care application', APPLIED CRYPTOGRAPHY AND NETWORK SECURITY, PROCEEDINGS, KUNMING, PEOPLES R CHINA (2003)
|
|
|
2003 |
Ruan C, Varadharajan V, 'Supporting e-consent on health data by logic', FOUNDATIONS OF INTELLIGENT SYSTEMS, MAEBASHI CITY, JAPAN (2003)
|
|
|
2003 |
Ruan C, Varadharajan V, 'Decentralized temporal authorization administration', DATABASE AND EXPERT SYSTEMS APPLICATIONS, PROCEEDINGS, TECH UNIV PRAGUE, PRAGUE, CZECH REPUBLIC (2003)
|
|
|
2003 |
Indrakanti S, Varadharajan V, Todi RK, 'Authorisation Service in .Net My Services.', ICWI (2003) |
|
|
2003 |
Islam M, Thomas J, Varadharajan V, 'Reducing the Scope of Denial of Service Attacks in QoS Routing', Conference Record / IEEE Global Telecommunications Conference (2003)
Existing routing algorithms treat Quality of Service (QoS) parameters and secure routing as completely separate entities requiring separate algorithms. In this paper we propose se... [more]
Existing routing algorithms treat Quality of Service (QoS) parameters and secure routing as completely separate entities requiring separate algorithms. In this paper we propose secure QoS Distance Vector and secure Bellman-Ford-Moore routing algorithms that meet QoS requirements and satisfy security concerns. Security is achieved by placing filters in the network. The routing algorithms generate routes through these filters to meet the specified QoS requirements. Simulation results indicate that secure QoS Distance Vector algorithm performs the better of the two algorithms. Moreover, the density of filters and the placement strategy of filters affect the length of the route generated.
|
|
|
2003 |
Tupakula UK, Varadharajan V, 'Counteracting DDoS attacks in multiple ISP domains using routing arbiter architecture', ICON 2003: 11TH IEEE INTERNATIONAL CONFERENCE ON NETWORKS, Sydney, AUSTRALIA (2003)
|
|
|
2003 |
Tupakula UK, Varadharajan V, 'A Practical Method to Counteract Denial of Service Attacks.', ACSC (2003)
|
|
|
2003 |
Tupakula UK, Varadharajan V, 'A controller agent model to counteract DoS attacks in multiple domains', INTEGRATED NETWORK MANAGEMENT VIII, COLORADO SPRINGS, CO (2003)
|
|
|
2003 |
Tupakula UK, Varadharajan V, 'A controller agent model to counteract DoS attacks in multiple domains', IFIP Advances in Information and Communication Technology (2003)
In this paper we discuss techniques to prevent Distributed Denial of Service (DDoS) attacks within the ISP domain and extend the scheme to prevent the attack in multiple ISP domai... [more]
In this paper we discuss techniques to prevent Distributed Denial of Service (DDoS) attacks within the ISP domain and extend the scheme to prevent the attack in multiple ISP domains. With a new packet marking technique and agent design, our model is able to identify the approximate source of attack with a single packet and has many features to minimise DDoS attacks. © 2003 by Springer Science+Business Media Dordrecht.
|
|
|
2002 |
Mu Y, Varadharajan V, 'An efficient Internet credit card scheme from the weil pairing', THIRD INTERNATIONAL SYMPOSIUM ON ELECTRONIC COMMERCE, PROCEEDINGS, RES TRIANGLE PK, NC (2002)
|
|
|
2002 |
Zhang JQ, Varadharajan V, Mu Y, 'A secure object sharing scheme for Java Card', INFORMATION AND COMMUNICATIONS SECURITY, PROCEEDINGS, SINGAPORE, SINGAPORE (2002) |
|
|
2002 |
Hitchens M, Varadharajan V, Saunders G, 'Policy administration domains', INFORMATION SECURITY AND PRIVACY, MELBOURNE, AUSTRALIA (2002) |
|
|
2002 |
Mu Y, Zhang JQ, Varadharajan V, 'm out of n Oblivious Transfer', INFORMATION SECURITY AND PRIVACY, MELBOURNE, AUSTRALIA (2002)
|
|
|
2002 |
Ruan C, Varadharajan V, Zhang Y, 'Logic-based reasoning on delegatable authorizations', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2002)
In this paper, we propose a logic program based formulation that supports delegatable authorizations, where negation as failure, classical negation and rules inheritance are allow... [more]
In this paper, we propose a logic program based formulation that supports delegatable authorizations, where negation as failure, classical negation and rules inheritance are allowable. A conflict resolution policy has been developed in our approach that can be used to support the controlled delegation and exception. In our framework, authorization rules are specified in a Delegatable Authorization Program (DAP) which is an extended logic program associated with different types of partial orderings on the domain, and these orderings specify various inheritance relationships among subjects, objects and access rights in the domain. The semantics of a DAP is defined based on the well-known stable model and the conflict resolution is achieved in the process of model generation for the underlying DAP. Our framework provides users a feasible way to express complex security policies. © Springer-Verlag Berlin Heidelberg 2002.
|
|
|
2001 |
Wietrzyk VI, Takizawa M, Orgun MA, Varadharajan V, 'A secure transaction environment for workflows in distributed systems', PROCEEDINGS OF THE EIGHTH INTERNATIONAL CONFERENCE ON PARALLEL AND DISTRIBUTED SYSTEMS, KYONGJU CITY, SOUTH KOREA (2001)
|
|
|
2001 |
Shankaran R, Varadharajan V, Hitchens M, 'Secure distributed location management scheme for mobile hosts', LCN 2001: 26TH ANNUAL IEEE CONFERENCE ON LOCAL COMPUTER NETWORKS, PROCEEDINGS, TAMPA, FL (2001)
|
|
|
2001 |
Zhang Y, Varadharajan V, 'A logic for modeling the dynamics of beliefs in cryptographic protocols', Proceedings - 24th Australasian Computer Science Conference, ACSC 2001 (2001)
We present a logic of modeling the dynamics of beliefs in cryptographic protocols. Differently from previous proposals, our logic is situation based, in which a protocol is viewed... [more]
We present a logic of modeling the dynamics of beliefs in cryptographic protocols. Differently from previous proposals, our logic is situation based, in which a protocol is viewed as a finite sequence of actions performed by various principals at different situations, and each action is a primitive term in the language. Therefore, it becomes possible to model the dynamic change of each principal's beliefs at each step of the protocol within the logic system. Our logic has a precise semantics and is sound with respect to the underlying automatic system.
|
|
|
2001 |
Mu Y, Nguyen KQ, Varadharajan V, 'A fair electronic cash scheme', ELECTRONIC COMMERCE TECHNOLOGIES, PROCEEDINGS, HONG KONG, PEOPLES R CHINA (2001)
|
|
|
2001 |
Varadharajan V, 'Secure networked computing', INFORMATION ASSURANCE IN COMPUTER NETWORKS: METHODS, MODELS AND ARCHITECTURES FOR NETWORK SECURITY, PROCEEDINGS, ST PETERSBURG, RUSSIA (2001) |
|
|
2001 |
Wietrzyk VI, Takizawa M, Varadharajan V, 'A strategy for MLS workflow', INFORMATION SECURITY AND PRIVACY, PROCEEDINGS, SYDNEY, AUSTRALIA (2001)
|
|
|
2001 |
Hitchens M, Varadharajan V, 'Tower: A language for role based access control', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2001)
A language for specifying role-based access control (RBAC) policies is presented. The language is designed to support the range of access control policies of commercial object sys... [more]
A language for specifying role-based access control (RBAC) policies is presented. The language is designed to support the range of access control policies of commercial object systems. The basic structures of RBAC, such as role, users and permission, are present in the language as basic constructs. Examples are given in the language of access control situations, such as static and dynamic separation of duty, delegation and joint action based access policies. The language is flexible and is able to capture meta-level operations. The language also provides a mechanism for tracking actions and basing access control decisions on past events.
|
|
|
2001 |
Mu Y, Varadharajan V, 'An internet anonymous auction scheme', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2001)
This paper proposes a new Internet bidding system that offers anonymity of bidders and fairness to both bidders and the auction server. Our scheme satisfies all the basic security... [more]
This paper proposes a new Internet bidding system that offers anonymity of bidders and fairness to both bidders and the auction server. Our scheme satisfies all the basic security requirements for a sealed-bid auction system, without requiring multiple servers.
|
|
|
2001 |
Wu CK, Varadharajan V, 'Fair exchange of digital signatures with offline trusted third party', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2001)
In this paper we show how fair exchange of digital signatures can be made possible without a separate verifiable encryption. This means that the fair exchange protocol can be esta... [more]
In this paper we show how fair exchange of digital signatures can be made possible without a separate verifiable encryption. This means that the fair exchange protocol can be established based on an existing signature algorithm without modification, except that the users need to get a ticket from an off-line trusted third party to enable the fair exchange. The trusted third party is needed to make a judgment only when there is a dispute. Explicit protocols based on different digital signature algorithms are proposed.
|
|
|
2001 |
Hitchens M, Varadharajan V, 'RBAC for XML document stores', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2001)
Web based services and applications have increased the availability and accessibility of information. XML (eXtensible Markup Language) has recently emerged as an important standar... [more]
Web based services and applications have increased the availability and accessibility of information. XML (eXtensible Markup Language) has recently emerged as an important standard in the area of information representation. XML documents can represent information at different levels of sensitivity. Access control for XML document stores must recognise the fine-grained nature of the document structure. In this paper we present an approach to access control for XML document stores. This framework is based on RBAC and includes a syntax for specifying access control policies for the store.
|
|
|
2001 |
Molli P, Skaf-Molli H, Godart C, Ray P, Shankaran R, Varadharajan V, 'Integrating network services for virtual teams', ICEIS 2001 - Proceedings of the 3rd International Conference on Enterprise Information Systems (2001)
Virtual team provider is an emerging business on the Internet. It allows people to work together distributed across space, time and organization. Tools like BSCW or SourceForge al... [more]
Virtual team provider is an emerging business on the Internet. It allows people to work together distributed across space, time and organization. Tools like BSCW or SourceForge allow an organization to host virtual teams. Although, these tools deliver functionalities, they lack required features (e.g. security, dependability and quality of service) to make them commercially acceptable. In this paper, we describe underlying effort needed at the network services level to make virtual team software commercially viable.
|
|
|
2001 |
Mu Y, Varadharajan V, 'Robust and secure broadcasting', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2001)
This paper describes a secure Pay TV protocol based on a public-key distributed encryption scheme that enables the Pay TV broadcaster to robustly add or remove any subscriber with... [more]
This paper describes a secure Pay TV protocol based on a public-key distributed encryption scheme that enables the Pay TV broadcaster to robustly add or remove any subscriber without changing private decryption keys of other subscribers. In other words, the updating process is transparent to the subscribers. This feature exhibits a distinct advantage over a symmetric key based system where all subscribers share a single key and therefore it is impossible to dynamically remove a subscriber from the system.
|
|
|
2001 |
Shankaran R, Varadharajan V, Hitchens M, 'A distributed location management scheme for mobile hosts', Proceedings of the Internatoinal Conference on Parallel and Distributed Systems - ICPADS (2001)
With the increasing growth in mobile computing devices and wireless networks, users are able to access information from anywhere and at anytime. In such situations, the issues of ... [more]
With the increasing growth in mobile computing devices and wireless networks, users are able to access information from anywhere and at anytime. In such situations, the issues of location management for mobile hosts are becoming increasingly significant. Different location management schemes such as Columbia University's mobile IP scheme and IETF mobile IP have been proposed. In this paper, we propose a new distributed location management scheme and discuss the advantages of the proposed scheme over the others. The paper then considers the issues of multicasting in the proposed architecture.
|
|
|
2000 |
Varadharajan V, 'Security enhanced mobile agents', Proceedings of the ACM Conference on Computer and Communications Security (2000)
This paper describes a security model for mobile agent based systems. The model defines the notion of a security-enhanced agent and outlines security management components in agen... [more]
This paper describes a security model for mobile agent based systems. The model defines the notion of a security-enhanced agent and outlines security management components in agent platform bases and considers secure migration of agents from one base to another. The security enhanced agent carries a passport that contains its security credentials and some related security code. Then we describe how authentication, integrity and confidentiality, and access control are achieved using the agent's passport and the security infrastructure in the agent bases. We also consider the types of access control policies that can be specified using the security enhanced agents and the policy base in the agent platforms. We discuss the application of the security model in roaming mobile agents and consider a simple scenario involving security auditing in networks.
|
|
|
2000 |
Bai Y, Varadharajan V, 'A logical formalization for specifying authorizations in object-oriented databases', RESEARCH ADVANCES IN DATABASE AND INFORMATION SYSTEMS SECURITY, SEATTLE, WA (2000) |
|
|
2000 |
Hitchens M, Varadharajan V, 'Elements of a language for role-based access control', INFORMATION SECURITY FOR GLOBAL INFORMATION INFRASTRUCTURES, BEIJING, PEOPLES R CHINA (2000) |
|
|
2000 |
Mu Y, Varadharajan V, 'Towards a protection model for supporting multiple access control policies', Proceedings - 11th Australasian Database Conference, ADC 2000 (2000)
The Schematic Protection Model (SPM) allows us to specify the protection structure of an object-oriented database and provides an algorithm to reason about the transmission of pri... [more]
The Schematic Protection Model (SPM) allows us to specify the protection structure of an object-oriented database and provides an algorithm to reason about the transmission of privileges. In this paper, we extend the SPM model to support multiple access policies, by introducing the concept of groups and the negation of authorisation.
|
|
|
2000 |
Zhao W, Varadharajan V, Mu Y, 'Fair on-line gambling', Proceedings - Annual Computer Security Applications Conference, ACSAC (2000)
This paper proposes a fair electronic gambling scheme for the Internet. The proposed scheme provides a unique link between payment and gambling outcome so that the winner can be e... [more]
This paper proposes a fair electronic gambling scheme for the Internet. The proposed scheme provides a unique link between payment and gambling outcome so that the winner can be ensured to get the payment. Since an optimal fair exchange method is used in gambling message exchange the proposed system guarantees that no one can successfully cheat during a gambling process. Our system requires an off-line Trusted Third Party (TTP). If a cheating occurs, the TTP can resolve the problem and make the gambling process fair.
|
|
|
2000 |
Mu Y, Varadharajan V, 'Distributed signcryption', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2000)
This paper proposes a distributed encryption scheme, where any party can ¿signcrypt¿ a message and distribute it to a designated group and any member in the receiving group can ¿d... [more]
This paper proposes a distributed encryption scheme, where any party can ¿signcrypt¿ a message and distribute it to a designated group and any member in the receiving group can ¿de-signcrypt¿ the message. We also propose a group signcryption, where, given a designated group, any member in the group can signcrypt a message on the group¿s behalf. A group signcrypted message can be distributed to another group. The proposed schemes have potential applicability in electronic commerce.
|
|
|
2000 |
Mu Y, Varadharajan V, 'Fail-stop confirmer signatures', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2000)
A designated confirmer signature allows the signer to prove to the signature's recipient that the designated confirmer can confirm the signature without the signer. In this p... [more]
A designated confirmer signature allows the signer to prove to the signature's recipient that the designated confirmer can confirm the signature without the signer. In this paper we propose a fail-stop confirmer signature scheme based on the concept of fail-stop knowledge proofs and signature knowledge proofs on discrete logarithms. We also develop a blinded version of the confirmer scheme. The new confirmer signatures have enhanced security against forgery from powerful adversaries.
|
|
|
2000 |
Wietrzyk VIS, Orgun MA, Varadharajan V, 'On the analysis of on-line database reorganization', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2000)
We consider the problem of on-line database reorganization. The types of reorganization that we discuss are restoration of clustering, purging of old data, creation of a backup co... [more]
We consider the problem of on-line database reorganization. The types of reorganization that we discuss are restoration of clustering, purging of old data, creation of a backup copy, compaction, and construction of indexes. The contributions of this paper are both of theoretical and of experimental nature.
|
|
|
2000 |
Wang H, Varadharajan V, Zhang Y, 'Towards a Generic Logic for Analysing Network Protocols.', ICDCS Workshop on Internet (2000) |
|
|
1999 |
Wu CK, Varadharajan V, 'Modified Chinese remainder theorem and its application to proxy signatures', Proceedings of the International Conference on Parallel Processing (1999)
Chinese Remainder Theorem has been used for hundreds of years and has been applied to many domains such as integers and polynomials. An assumption made is that the component modul... [more]
Chinese Remainder Theorem has been used for hundreds of years and has been applied to many domains such as integers and polynomials. An assumption made is that the component moduli are pairwise co-prime. In this paper, first we remove this assumption; then we give an algorithm to find whether a given system of congruent equations has a solution, and if so, how to find the solution in an efficient manner. Further we apply the modified Chinese Remainder Theorem to design proxy signatures.
|
|
|
1999 |
Murayama Y, Varadharajan V, 'Message from the IWSEC Workshop Co-Chairs.', ICPP Workshops (1999)
|
|
|
1999 |
Saunders G, Hitchens M, Varadharajan V, 'An analysis of access control models', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (1999)
Access control in real systems is implemented using one or more abstractions based on the access control matrix (ACM). The most common abstractions are access control lists (ACLs)... [more]
Access control in real systems is implemented using one or more abstractions based on the access control matrix (ACM). The most common abstractions are access control lists (ACLs) and capabilities. In this paper, we consider an extended Harrison-Ruzzo-Ullman (HRU) model to make some formal observations about capability systems versus access control list based systems. This analysis makes the characteristics of these types of access control mechanisms more explicit and is intended to provide a better understanding of their use. A combined model providing the flexibility of capabilities with the simplicity of the ACL and its relation to other models proposed earlier (e.g.[10,6]) are discussed.
|
|
|
1999 |
Nguyen KQ, Mu Y, Varadharajan V, 'Divertible zero-knowledge proof of polynomial relations and blind group signature', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (1999)
A divertible protocol is a protocol between three parties in which one party is able to divert another party¿s proof of some facts to prove some other facts to the other party. Th... [more]
A divertible protocol is a protocol between three parties in which one party is able to divert another party¿s proof of some facts to prove some other facts to the other party. This paper presents a divertible protocol to prove multi-variant polynomial relations. Its direct application to blind group signature is also shown.
|
|
|
1999 |
Bai Y, Varadharajan V, 'Authorization in object oriented databases', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (1999)
Formal specification on authorization in object oriented databases is becoming increasingly significant. However most of the work in this field suffers a lack of formal logic sema... [more]
Formal specification on authorization in object oriented databases is becoming increasingly significant. However most of the work in this field suffers a lack of formal logic semantics to characterize different types of inheritance properties of authorization policies among complex data objects. In this paper, we propose a logic formalization specify object oriented databases together with authorization policies. Our formalization has a high level language structure to specify object oriented databases and allows various types of authorizations to be associated with.
|
|
|
1999 |
Wang H, Varadharajan V, Zhang Y, 'A secure communication scheme for multiagent systems', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (1999)
In this paper we present a secure communication scheme for multiagent systems. First, we briefly introduce an architecture for multiagent systems, and discuss security problems wi... [more]
In this paper we present a secure communication scheme for multiagent systems. First, we briefly introduce an architecture for multiagent systems, and discuss security problems with such systems. We then present the communication scheme in detail, including the mathematical principle and the cryptographic protocol. To further demonstrate how our communication scheme works, we present an example with which we show how a piece of plaintext message is encrypted and decrypted between two agents within a multiagent system in accordance with our communication scheme. In evaluation we show that, compared with other encryption systems such as RSA, our scheme is more simple and suitable for implementation on computers used in multiagent systems. Importantly, it remains as secure as other systems as long as the plaintext is not too short. In conclusion, we discuss issues about the management of secret keys and the suitability of the communication scheme.
|
|
|
1999 |
Bai Y, Varadharajan V, 'On formal languages for sequences of authorization transformations', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (1999)
In a multi-user, information-sharing computer systems, authorization policy is needed to ensure that the information flows in the desired way and to prevent illegal access to the ... [more]
In a multi-user, information-sharing computer systems, authorization policy is needed to ensure that the information flows in the desired way and to prevent illegal access to the system resource. Usually such policy has a temporal property. That is, it needs to be updated to capture the changing requirements of applications, systems and users. These updates are implemented via transformation of authorization policies. In this paper, we propose two high-level formal languages L and L d to specify the transformation of authorizations in secure computer systems. L is a simple language that can be used to specify a sequence of authorization transformations. Though it has a simple syntax and semantics, we show that L is expressive enough to specify some well-known examples of authorization transformations. Language L d is an augmentation ofL which includes default propositions within the domain description of authorization policies. However, the semantics of L d is not just a simple extension of the semantics of L. We show that L d is more expressive than L in that constraints, causal and inherited authorizations, and general default authorizations can be specified.
|
|
|
1999 |
Van Le T, Nguyen KQ, Varadharajan V, 'how to prove that a committed number is prime', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (1999)
The problem of proving a number is of a given arithmetic format with some prime elements, is raised in RSA undeniable signature, group signature and many other cryptographic proto... [more]
The problem of proving a number is of a given arithmetic format with some prime elements, is raised in RSA undeniable signature, group signature and many other cryptographic protocols. So far, there have been several studies in literature on this topic. However, except the scheme of Camenisch and Michels, other works are only limited to some special forms of arithmetic format with prime elements. In Camenisch and Michels's scheme, the main building block is a protocol to prove a committed number to be prime based on algebraic primality testing algorithms. In this paper, we propose a new protocol to prove a committed number to be prime. Our protocol is O(t) times more efficient than Camenisch and Michels's protocol, where t is the security parameter. This results in O(t) time improvement for the overall scheme.
|
|
|
1999 |
Hitchens M, Varadharajan V, 'Issues in the design of a language for role based access control', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (1999)
In this paper, we describe a language based approach to the specification of authorisation policies that can be used to support the range of access control policies in commercial ... [more]
In this paper, we describe a language based approach to the specification of authorisation policies that can be used to support the range of access control policies in commercial object systems. We discuss the issues involved in the design of a language for role based access control systems. The notion of roles is used as a primitive construct within the language. This paper describes the basic constructs of the language and the language is used to specify several access control policies such as role based access control, static and dynamic separation of duty, delegation as well as joint action based access policies. The language is flexible and is able to capture meta-level operations and it is often these features which are significant when it comes to the applicability of an access control system to practical real situations.
|
|
|
1999 |
Nguyen KQ, Bao F, Mu Y, Varadharajan V, 'Zero-knowledge proofs of possession of digital signatures and its applications', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (1999)
Demonstrating in zero-knowledge the possession of digital signatures has many cryptographic applications such as anonymous authentication, identity escrow, publicly verifiable sec... [more]
Demonstrating in zero-knowledge the possession of digital signatures has many cryptographic applications such as anonymous authentication, identity escrow, publicly verifiable secret sharing and group signature. This paper presents a general construction of zero-knowledge proof of possession of digital signatures. An implementation is shown for discrete logarithm settings. It includes protocols of proving exponentiation and modulo operators, which are the most interesting operators in digital signatures. The proposed construction is applicable for ElGamal signature scheme and its variations. The construction also works for the RSA signature scheme. In discrete logarithm settings, our technique is O(l) times more efficient than previously known methods.
|
|
|
1999 |
Nguyen K, Mu Y, Varadharajan V, 'Undeniable confirmer signature', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (1999)
In undeniable signature, a signature can only be verified with cooperation of the signer. If the signer refuses to cooperate, it is infea-sible to check the validity of a signatur... [more]
In undeniable signature, a signature can only be verified with cooperation of the signer. If the signer refuses to cooperate, it is infea-sible to check the validity of a signature. This problem is eliminated in confirmer signature schemes where the verification capacity is given to a confirmer rather than the signer. In this paper, we present a variation of confirmer signature, called undeniable confirmer signature in that both the signer and a confirmer can verify the validity of a signature. The scheme provides a better flexibility for the signer and the user as well as reduces the involvement of designated confirmers, who are usually trusted in practice. Furthermore, we show that our scheme is divertible, i.e., our signature can be blindly issued. This is essential in some applications such as subscription payment system, which is also shown.
|
|
|
1999 |
Mu Y, Varadharajan V, Nguyen KQ, 'Delegated decryption', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (1999)
This paper proposes a new public key based system that enables us to have a single public key with one or more decryption keys and a unique signing key. One straightforward applic... [more]
This paper proposes a new public key based system that enables us to have a single public key with one or more decryption keys and a unique signing key. One straightforward application for our system is in delegated or proxy based decryption. The proxy based decryption requires that the decryption authority can be delegated to another party (proxy) without revealing the signing key information. This suggests that the proxy who has the legitimate right for decryption cannot sign on behalf of the public key owner; only the legitimate signer can be the owner of the public key.
|
|
|
1999 |
Shankaran R, Varadharajan V, Hitchens M, 'Secure multicast extensions for mobile networks', Conference on Local Computer Networks (1999)
There has been a considerable interest shown in the area of mobility. With the advent of powerful portable devices such as laptop and palmtop there is a growing trend amongst user... [more]
There has been a considerable interest shown in the area of mobility. With the advent of powerful portable devices such as laptop and palmtop there is a growing trend amongst users to go the nomadic way. This implies that a user can get access to any service at any time without any interruption. Such nomadic computing poses several challenges in multicasting and security. We first consider a framework that has been proposed by [1] for multicasting in mobile IP networks. In this paper, we extend this framework to support a secure multicasting service. We describe secure schemes for a mobile host to initiate, join and leave a multicast group. We also discuss the secure movement of mobile hosts in intra and inter campus environments.
|
|
|
1999 |
Wang H, Varadharajan V, Slaney J, 'Towards perfect objects', "Technology of Object-Oriented Languages and Systems (1999)
We present in this paper an extended object model for software system modelling and design. The extended object model was developed from ontological research into the nature and t... [more]
We present in this paper an extended object model for software system modelling and design. The extended object model was developed from ontological research into the nature and the generality of intelligent systems. The extension was made by attaching domains, states and categories to variables, and adding three types of constraints into the ordinary object model: identity constraints are for maintaining the identity and integrity of objects; trigger constraints are for enabling agents to act in objects autonomously; and goal constraints are for guiding agents to act in desired direction. We first introduce the theoretical background of the object model in brief. We then present the models in detail. We also discuss the advantages of our extended object model in software system modelling and design. In conclusion we summarise the main results we have achieved, and discuss some ongoing works that are relevant.
|
|
|
1998 |
Varadharajan V, Crall C, Pato J, 'Issues in the design of secure authorization service for distributed applications', GLOBECOM 98: IEEE GLOBECOM 1998 - CONFERENCE RECORD, VOLS 1-6, SYDNEY, AUSTRALIA (1998)
|
|
|
1998 |
Varadharajan V, Crall C, Pato J, 'Authorization in enterprise-wide distributed system - A practical design and application', 14TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE, PROCEEDINGS, PHOENIX, AZ (1998)
|
|
|
1998 |
Shankaran R, Varadharajan V, 'Secure signaling and access control for ATM networks', 14TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE, PROCEEDINGS, PHOENIX, AZ (1998)
|
|
|
1998 |
Yi M, Varadharajan V, 'Anonymous secure E-voting over a network', 14TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE, PROCEEDINGS, PHOENIX, AZ (1998)
|
|
|
1998 |
Mu Y, Varadharajan V, 'A new scheme of credit based payment for electronic commerce', 23RD ANNUAL CONFERENCE ON LOCAL COMPUTER NETWORKS - PROCEEDINGS, LOWELL, MA (1998)
|
|
|
1998 |
Nguyen KQ, Mu Y, Varadharajan V, 'A new digital cash scheme based on blind Nyberg-Rueppel digital signature', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (1998)
We propose a new untraceable digital cash scheme using blind Nyberg-Rueppel digital signature. The scheme provides security features such as client anonymity, coin forgery prevent... [more]
We propose a new untraceable digital cash scheme using blind Nyberg-Rueppel digital signature. The scheme provides security features such as client anonymity, coin forgery prevention and double spending detection. The proposed scheme is also more efficient than previously proposed schemes by Chaum and Brands.
|
|
|
1998 |
Bai Y, Varadharajan V, 'A high level language for conventional access control models', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (1998)
A formal language to specify general access control policies and their sequences of transformations has been proposed in [1]. The access control policy was specified by a domain d... [more]
A formal language to specify general access control policies and their sequences of transformations has been proposed in [1]. The access control policy was specified by a domain description which consisted of a finite set of initial policy propositions, policy transformation propositions and default propositions. Usually, access control models are falls into two conventional categories: discretionary access control(DAC) and mandatory access control(MAC). Traditional DAC models basically enumerate all the subjects and objects in a system and regulate the access to the object based on the identity of the subject. It can be best represented by the HRU's access control matrix [4]. While on the other hand, MAC models are lattice based models, in the sense that each subject and object is associated with a sensitivity level which forms a lattice [3]. In this paper, we intend to demonstrate that both a DAC-like model and a MAC-like model can be realized by an approach using our formal language. We also discuss some other related works.
|
|
|
1998 |
Varadharajan V, Shankaran R, Hitchens M, 'Secure authentication and access control in ATM networks', LONG-HAUL, ATM AND MULTI-MEDIA NETWORKS - NOC '98, MANCHESTER, ENGLAND (1998) |
|
|
1998 |
Varadharajan V, Mu Y, Hitchens M, 'Design choices for public key based Kerberos authentication system', PROCEEDINGS OF THE 21ST AUSTRALASIAN COMPUTER SCIENCE CONFERENCE, ACSC'98, PERTH, AUSTRALIA (1998) |
|
|
1997 |
Bai Y, Varadharajan V, 'Updating policy base: An application of knowledge base in authorizations', 1997 IEEE INTERNATIONAL CONFERENCE ON INTELLIGENT PROCESSING SYSTEMS, VOLS 1 & 2, BEIJING, PEOPLES R CHINA (1997) |
|
|
1997 |
Bai Y, Varadharajan V, 'A logic for state transformations in authorization policies', 10TH COMPUTER SECURITY FOUNDATIONS WORKSHOP, PROCEEDINGS, ROCKPORT, MA (1997)
|
|
|
1997 |
Varadharajan V, Shankaran R, Hitchens M, 'Security services and public key infrastructure for ATM networks', LCN'97 - 22ND ANNUAL CONFERENCE ON LOCAL COMPUTER NETWORKS, PROCEEDINGS, MINNEAPOLIS, MN (1997)
|
|
|
1997 |
Varadharajan V, Shankaran R, Hitchens M, 'Security issues in asynchronous transfer mode', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (1997)
This paper addresses the design and management of security services for ATM networks. Various options for the positioning of security services within the ATM protocol stack are di... [more]
This paper addresses the design and management of security services for ATM networks. Various options for the positioning of security services within the ATM protocol stack are discussed. After considering these possibilities, it is proposed to place the security layer between the AAL and ATM layers. The proposed security layer provides confidentiality, integrity and data origin authentication in the user plane. The developed security design can be transparently integrated into the B-ISDN Protocol Reference Model without in any way violating the existing standards.
|
|
|
1997 |
Mu Y, Varadharajan V, Lin YX, 'New micropayment schemes based on paywords', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (1997)
This paper proposes three new micropayment schemes based on hashing and salting techniques. These schemes add significant features to the PayWord scheme proposed earlier by Rivest... [more]
This paper proposes three new micropayment schemes based on hashing and salting techniques. These schemes add significant features to the PayWord scheme proposed earlier by Rivest and Shamir. The scheme SPayWord introduces a salt into the payment process which makes the scheme more secure with smaller PayWords. The scheme UPayWord removes the constraint of the original PayWord scheme which requires a client to set the maximum number of PayWords in advance. The scheme PPayWord provides mechanisms for dealing with the loss of PayWords in communication thereby enabling successful verification of subsequent PayWords after the loss in a secure manner. The schemes presented in tiffs paper seem to be significant for use in practical off-line micropayment systems.
|
|
|
1997 |
Bai Y, Varadharajan V, 'Analysis and implementation of a formal authorization policy design approach', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (1997)
In [1], we proposed a formal approach to specify authorization policies and their transformations. In this paper, we discuss the implementation issues of this approach and analyse... [more]
In [1], we proposed a formal approach to specify authorization policies and their transformations. In this paper, we discuss the implementation issues of this approach and analyse the complexities of the algorithms introduced.
|
|
|
1997 |
Nguyen KQ, Varadharajan V, Mu Y, 'A new efficient off-line anonymous cash scheme', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (1997)
Current off-fine electronic cash systems require at least one interaction between the client and the vendor for each coin. We propose a new electronic cash scheme that requires on... [more]
Current off-fine electronic cash systems require at least one interaction between the client and the vendor for each coin. We propose a new electronic cash scheme that requires only one interaction between the client and the vendor for a complete electronic transaction. Our new protocol provides unconditional client anonymity, double-spending detection and forgery-prevention.
|
|
|
1997 |
Nguyen KQ, Mu Y, Varadharajan V, 'Secure and efficient digital coins', Annual Computer Security Applications Conference (1997)
Current off-line electronic cash systems require a great number of complex online computations by clients during the payment phase. In this paper, we propose a new off-line anonym... [more]
Current off-line electronic cash systems require a great number of complex online computations by clients during the payment phase. In this paper, we propose a new off-line anonymous cash scheme that greatly reduces the number of online computations that need to be done by the clients for each payment transaction. In particular, except for the first coin in a transaction, the client only needs to perform minimal computations for the remaining coins in the transaction. Our scheme also provides unconditional client anonymity and is able to detect double-spending and is resistant to coin forgery and framing attacks.
|
|
|
1997 |
Nguyen KQ, Mu Y, Varadharajan V, 'Micro-digital money for electronic commerce', Annual Computer Security Applications Conference (1997)
This paper proposes two novel cash-based micropayment schemes based on a new technique referred to as the double-locked hash chain technique. Both schemes support divisibility and... [more]
This paper proposes two novel cash-based micropayment schemes based on a new technique referred to as the double-locked hash chain technique. Both schemes support divisibility and transferability of digital coins in a simpler way compared to the existing solutions. The basic scheme allows full or partial use of a coin chain in a transaction; if only part of a coin chain has been used with one vendor, the rest of the chain can be used for instance in a subsequent transaction with another vendor. The modified scheme extends this to multiple chains making the scheme particularly suitable for a large number of micropayment transactions.
|
|
|
1997 |
Varadharajan V, Shankaran R, 'Security for ATM networks', Conference Record / IEEE Global Telecommunications Conference (1997)
This paper addresses the design and management of security services for ATM networks. Various options for the positioning of security services within the ATM protocol stack are di... [more]
This paper addresses the design and management of security services for ATM networks. Various options for the positioning of security services within the ATM protocol stack are discussed. After considering these possibilities, it is proposed to place the security layer between the AAL and ATM layers. The proposed security layer provides confidentiality, integrity and data origin authentication in the user plane. The paper then presents an authentication scheme and a key establishment protocol. This protocol is integrated with the existing ATM signaling protocol, as part of the call setup procedures. The developed security design can be transparently integrated into the B-ISDN Protocol, Reference Model without violating the existing standards.
|
|
|
1997 |
Varadharajan V, Mu Y, 'Preserving privacy in mobile communications: a hybrid method', IEEE International Conference on Personal Wireless Communications (1997)
In this paper, we propose three security protocols for mobile communications, which enable mutual authentication and establish a shared secret key between mobile users. They also ... [more]
In this paper, we propose three security protocols for mobile communications, which enable mutual authentication and establish a shared secret key between mobile users. They also provide a certain degree of anonymity of the communicating users to other system users. Our protocols are based on a hybrid scheme involving a combination of public key and symmetric key based systems.
|
|
|
1997 |
Bai Y, Varadharajan V, 'A Formal Security Design Approach for Transformation of Authorizations in Information Systems.', PACIS (1997) |
|
|
1996 |
Varadharajan V, 'Design of enterprise-wide secure networked system', PROCEEDINGS OF THE 5TH WORKSHOPS ON ENABLING TECHNOLOGIES: INFRASTRUCTURE FOR COLLABORATIVE ENTERPRISES (WET ICE '96), STANFORD, CA (1996)
|
|
|
1996 |
Varadharajan V, 'Security in high speed networks', 21ST IEEE CONFERENCE ON LOCAL COMPUTER NETWORKS, PROCEEDINGS, MINNEAPOLIS, MN (1996)
|
|
|
1996 |
Varadharajan V, Allen P, 'Support for joint action based security policies', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (1996)
Authorization policy requirements in commercial applications are often richer compared to military applications in terms of the types of privileges required, and more complex in t... [more]
Authorization policy requirements in commercial applications are often richer compared to military applications in terms of the types of privileges required, and more complex in terms of both the nature and degree of interactions between participating objects. Delegation and joint action mechanisms allow a more flexible and dynamic form of access control, thereby enabling the representation of sophisticated authorization policies. This paper explores some issues that need to be addressed when designing joint actions based authorization policies, and their ramifications for trust of various components in the architecture. We consider an example from the medical field, and define attributes relevant to the design of joint action schemes and present three schemes for supporting joint action based authorization policies.
|
|
|
1996 |
Mu Y, Varadharajan V, 'On the design of security protocols for mobile communications', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (1996)
Use of mobile personal computers in open networked environment is revolutionalising the way we use computer. Mobile networked computing is raising important information security a... [more]
Use of mobile personal computers in open networked environment is revolutionalising the way we use computer. Mobile networked computing is raising important information security and privacy issues. This paper is concerned with the design of authentication protocols for a mobile computing environment. The paper first analyses the authentication initiator protocols proposed by Belier, Chang and Yacobi (BCY) and the modifications considered by Carlsen and points out some weaknesses. The paper then suggests improvements to these protocols. The paper proposes secure end-to-end protocols between mobile users using both symmetric and public key based systems. These protocols enable mutual authentication and establish a shared secret key between mobile users. Furthermore, these protocols provide a certain degree of anonymity of the communicating users to be achieved vis-a-vis other system users.
|
|
|
1996 |
Varadharajan V, Mu Y, 'Design of Secure End-toEnd Protocols for Mobile Systems.', IFIP World Conference on Mobile Communications (1996) |
|
|
1996 |
Varadharajan V, Mu Y, 'On the design of secure electronic payment schemes for Internet', Proceedings - Annual Computer Security Applications Conference, ACSAC (1996)
Considers the design of secure electronic credit card based payment schemes for the Internet, and reveals some of the issues that have not been adequately addressed in the propose... [more]
Considers the design of secure electronic credit card based payment schemes for the Internet, and reveals some of the issues that have not been adequately addressed in the proposed protocols to date. This paper proposes additional mechanisms that need to be incorporated as part of the design phase of the scheme to deal efficiently with the disputes that can arise. The design methods described in this paper are applicable to a range of protocols, including iKP (Internet Kaufmannisch Protokoll), STT (Secure Transaction Technology) and SEPP (Secure Electronic Payment Protocol). Based on this discussion, the paper goes on to propose an improved payment scheme and protocol. The new protocol, referred to as the permission-based payment (PBP) protocol, provides a fair treatment of both the client and the merchant involved in the transaction. It separates the purchase request phase from the payment phase, thereby increasing the ability to handle certain class of disputes more efficiently. It removes the need to store the secret private key at the client's machine or the need for a smart card device. This is important as one cannot assume that all the clients connected to the Internet have smart card readers attached to them. The new protocol makes simpler assumptions about the environment, thereby making the scheme practical for securing commercial electronic credit card transactions.
|
|
|
1996 |
Hitchens M, Varadharajan V, 'Design choices for symmetric key based inter-domain authentication protocols in distributed systems', Proceedings - Annual Computer Security Applications Conference, ACSAC (1996)
Authentication is a key requirement in the establishment of secure interactions between network entities. Several authentication and key establishment protocols have been proposed... [more]
Authentication is a key requirement in the establishment of secure interactions between network entities. Several authentication and key establishment protocols have been proposed in recent years. Most of these protocols were designed for an intra-domain environment (i.e. one where the communicating parties reside in a single domain) and then extrapolated to the inter-domain environment. In this paper, the design of inter-domain protocols is investigated. We present the different design choices that need to be carefully considered when designing inter-domain protocols in large distributed systems. We propose three different inter-domain protocols with varying degrees of responsibility placed on the client and the trusted servers. In each case, the assumptions made in the design are explicitly stated. This helps to illustrate the rationale behind the choices made. The proposed protocols use symmetric key systems and are based on Kerberos. The arguments, rationales and designs presented in this paper are also applicable to OSF's Distributed Computing Environment (DCE).
|
|
|
1995 |
Varadharajan V, 'Security for local area and wide area networked computes communications', INFORMATION HIGHWAYS FOR A SMALLER WORLD AND BETTER LIVING, SEOUL, SOUTH KOREA (1995) |
|
|
1994 |
VARADHARAJAN V, CALVELLI C, 'EXTENDING THE SCHEMATIC PROTECTION MODEL .1. CONDITIONAL TICKETS AND AUTHENTICATION', 1994 IEEE COMPUTER SOCIETY SYMPOSIUM ON RESEARCH IN SECURITY AND PRIVACY, PROCEEDINGS, OAKLAND, CA (1994)
|
|
|
1993 |
Varadharajan V, 'Authentication in mobile distributed environment', IEE Conference Publication (1993)
Information and communication technology is on the threshold of a new style of computing. First, the telecommunications industry is witnessing the development of Personal Communic... [more]
Information and communication technology is on the threshold of a new style of computing. First, the telecommunications industry is witnessing the development of Personal Communication Systems that are 'person-specific' with person to person logical connections. Second, the computer industry is in the phase of practical implementation of distributed systems concepts. In particular, the notion of open systems is a major driving force. Use of mobile personal systems in a open distributed environment raises several issues with regard to information security and system dependability. This paper addresses one key aspect of information security in such a mobile distributed environment namely that of authentication. We consider the nature of the security threat, and how it may arise in practical situations. then we describe the characteristics of the required authentication security service to counteract this threat. In particular, we outline some of the common mechanisms that can be used to provide authentication. We illustrate these issues by considering some scenarios in the areas of mobile personal information systems and client server based distributed systems, and show how the authentication mechanisms can be used to counteract the masquerading threat.
|
|
|
1993 |
Calvelli C, Varadharajan V, 'Representation of mental health application access policy in a monotonic model', Proceedings - Annual Computer Security Applications Conference, ACSAC (1993)
The access policy to patients' records in a mental health hospital has only a verbal specification, and many formal systems fail to represent all the aspects of this problem.... [more]
The access policy to patients' records in a mental health hospital has only a verbal specification, and many formal systems fail to represent all the aspects of this problem. This paper uses an extension of SPM, which can represent revocation and conditional tickets, to model part of this access policy. Even with our extension, SPM still remains a monotonic model, where rights can be removed only in very special cases, and this makes it impossible to represent all the aspects of the problem. Other than to serve as an example for the extensions previously proposed by the authors (1993), this paper also helps to separate aspects of this access control policy which are inherently monotonic from parts which are defined in a non-monotonic way, but can still be represented in a monotonic model.
|
|
|
1992 |
Calvelli C, Varadharajan V, 'An analysis of some delegation protocols for distributed systems', Proceedings of the Computer Security Foundations Workshop (1992)
The aim of this paper is to give a precise analysis of some of the delegation protocols described in [VAB91]. [VAB91] analyses the problem of delegation in distributed systems and... [more]
The aim of this paper is to give a precise analysis of some of the delegation protocols described in [VAB91]. [VAB91] analyses the problem of delegation in distributed systems and proposes three delegation protocols - chained, nested and linked - based on different inter-object trust assumptions in the system. [VAB91] also considers some delegation protocols for the Kerberos authentication system [SJN+88]. In this paper, we give an analysis of the chained, nested, and linked delegation protocols using the Calculus for Access Control by Abadi et at. [ABLP91], and analyse the delegation protocols for Kerberos using the belief logic of Kaislar and Gligor [KG91].
|
|
|
1991 |
VARADHARAJAN V, ALLEN P, BLACK S, 'AN ANALYSIS OF THE PROXY PROBLEM IN DISTRIBUTED SYSTEMS', 1991 IEEE COMPUTER SOCIETY SYMPOSIUM ON RESEARCH IN SECURITY AND PRIVACY, OAKLAND, CA (1991)
|
|
|
1991 |
VARADHARAJAN V, 'NOTIFICATION - A PRACTICAL SECURITY PROBLEM IN DISTRIBUTED SYSTEMS', 14TH NATIONAL COMPUTER SECURITY CONFERENCE - INFORMATION SYSTEMS SECURITY: REQUIREMENTS & PRACTICES, PROCEEDINGS, VOLS 1 AND 2, WASHINGTON, DC (1991) |
|
|
1991 |
Varadharajan V, 'Hook-up property for information flow secure nets', Proceedings of the Computer Security Foundations Workshop (1991)
The paper addresses some of the issues related to the problem of composing secure systems to form a composite secure system. The author uses the Petri net based on information flo... [more]
The paper addresses some of the issues related to the problem of composing secure systems to form a composite secure system. The author uses the Petri net based on information flow security model and develops several hook-up schemes for connecting secure information flow nets. He shows that it is possible to produce security composite nets from two component secure information flow nets.
|
|
|
1990 |
VARADHARAJAN V, 'A MULTILEVEL SECURITY POLICY MODEL FOR NETWORKS', IEEE INFOCOM 90, VOLS 1-3, SAN FRANCISCO, CA (1990)
|
|
|
1990 |
Varadharajan V, 'A formal approach to system design and refinement' (1990)
The Petri net formalism is used in the synthesis of system designs. A methodology is used that makes it possible to synthesize arbitrary size well-behaved Petri nets, using a step... [more]
The Petri net formalism is used in the synthesis of system designs. A methodology is used that makes it possible to synthesize arbitrary size well-behaved Petri nets, using a stepwise refinement technique. This technique provides a method for constructing large systems that are well-behaved by design. The steps that are required in developing a synthesis procedure are outlined and brief mention is made of some of the work that has been done in this area. A subclass of nets called information flow nets (IFNs) is proposed, and the notion of a well-behaved IFN is defined. A refinement procedure for IFNs is presented, and the conditions required for the refinement procedure to preserve well-behavedness are derived. The theorem of refinement of IFNs is given. The author formulates appropriate interpretations for the properties of the nets, enabling him to synthesize systems in different applications.
|
|
|
1990 |
Varadharajan V, 'Petri net based modelling of information flow security requirements', Proceedings. The Computer Security Foundations Workshop III (1990)
An extended Petri net formalism which can be used to model information flow security requirements is described. The proposed framework can be used to specify a range of security p... [more]
An extended Petri net formalism which can be used to model information flow security requirements is described. The proposed framework can be used to specify a range of security policies by making specific choices for the components of the model. It is believed that Petri nets provide an elegant way of modeling security policies in a distributed system. The ability to model concurrency, the structural generality of Petri nets, and the existence of powerful analytical techniques make the Petri-net modeling approach even more useful. Two examples are given to illustrate the use of such a model.
|
|
|
1990 |
Varadharajan V, 'Design of a network security policy model', IEE Conference Publication (1990)
The aim of this paper is to consider the development of multilevel network security policy models by drawing as many parallels as possible from the computer security models. We fi... [more]
The aim of this paper is to consider the development of multilevel network security policy models by drawing as many parallels as possible from the computer security models. We first consider how access control and information flow security issues arise in the design of multilevel secure network systems. We develop an outline of a simple abstract network security model which considers the access control and information flow security aspects in a multilevel network environment. We give a formal definition of such a model and the associated security requirements and then derive suitable conditions for the system to meet the security requirements. By definition, the system model is said to be 'secure' if these conditions are satisfied.
|
|
|
1990 |
Varadharajan V, Black S, 'A multilevel security model for a distributed object-oriented system', Proceedings - Annual Computer Security Applications Conference, ACSAC (1990)
Distributed systems are vulnerable to a number of security attacks. The authors look at the security problems of object-based distributed systems, and propose a model based on lab... [more]
Distributed systems are vulnerable to a number of security attacks. The authors look at the security problems of object-based distributed systems, and propose a model based on labelling for multilevel security. The purpose of this model is to preserve the information flow security in a distributed object-oriented system. The authors consider the basic concepts of the object paradigm, and also the security threats to such systems. They postulate various modelling possibilities, and produce a specific set of security properties which describe a multilevel secure object model. This particular model should not be considered as a panacea, but rather should demonstrate how the various modelling decisions are reflected in an actual model.
|
|
|
1989 |
Black S, Calvelli C, Varadharajan V, 'Modelling security aspects of a message handling system in LOTOS', IEE Conference Publication (1989)
This paper describes the formal specification of the security aspects of a Message Handling System (MHS). We chose the International Standard formal description technique LOTOS to... [more]
This paper describes the formal specification of the security aspects of a Message Handling System (MHS). We chose the International Standard formal description technique LOTOS to describe this system. The actual system being modelled, called LOCATOR, is a secure mobile MHS, and was developed within the U.K.'s Alvey programme. Here we outline the MHS, the security services, and describe the modelling of these services in LOTOS.
|
|
|
1986 |
VARADHARAJAN V, 'TRAPDOOR RINGS AND THEIR USE IN CRYPTOGRAPHY', LECTURE NOTES IN COMPUTER SCIENCE (1986)
|
|
|